EBA Travel Rule Guidelines

EBA Travel Rule Guidelines

Regulation Name: Travel Rule Guidelines
Publishing Date: 4 July 2024
Region:  European Union
Agency: European Banking Authority

The financial landscape is evolving rapidly, especially with the rise of cryptocurrencies. In response, regulatory bodies are implementing stringent measures to prevent money laundering (ML) and terrorist financing (TF). One such significant regulation is the Travel Rule under Regulation (EU) 2023/1113, which outlines the information requirements for transfers of funds and certain crypto-assets. This article delves into the intricacies of this regulation and its implications for Payment Service Providers (PSPs), Intermediary Payment Service Providers (IPSPs), Crypto-Asset Service Providers (CASPs), and Intermediary Crypto-Asset Service Providers (ICASPs).

The Genesis of the Travel Rule

The Travel Rule aims to enhance the transparency of financial transactions, ensuring that sufficient information accompanies transfers to mitigate ML and TF risks. It is an extension of existing regulations, emphasizing the need for detailed information to travel with the funds or crypto-assets from the originator to the beneficiary.

Key Provisions and Requirements

1. General Provisions

To comply with Regulation (EU) 2023/1113, PSPs, IPSPs, CASPs, and ICASPs must establish clear policies and procedures. These entities need to determine their role in each transaction—whether they act as the payer’s PSP, the payee’s PSP, an IPSP, the originator’s CASP, the beneficiary’s CASP, or as an ICASP.

Testing and Updating Policies

It is imperative that these policies and procedures are tested regularly for effectiveness and updated as necessary. Random sampling of processed transfers can help ensure ongoing compliance.

2. Transmitting and Receiving Information

Technical Infrastructure

Entities must use robust infrastructures capable of transmitting and receiving information without gaps or errors. This includes maintaining data integrity during format conversions and ensuring the security of systems used for data transfer. CASPs, in particular, should adhere to the EBA Guidelines on ICT and security risk management and outsourcing arrangements.

Special Provisions for Crypto-Assets

CASPs and ICASPs may use infrastructures with technical limitations until July 31, 2025, provided they implement additional procedures to compensate for any data transmission shortcomings.

Messaging Systems

The choice of messaging or payment and settlement systems must be proportionate and risk-sensitive. CASPs and ICASPs should assess their systems’ compatibility, data integration capabilities, and security features to ensure seamless communication and compliance.

3. Information Transmission and Integrity

Unaltered Submission

PSPs and CASPs should not alter the initial information submitted unless requested to correct missing or erroneous data. Any changes must be communicated to the next entity in the transfer chain, which must then re-evaluate the information.

Identification Details

Transfers must include specific identification details of the payer, payee, originator, and beneficiary. For natural persons, full names as per official identity documents are required. For legal entities, the registered name should be provided.

Address and Alternative Information

The usual place of residence or postal address of natural persons, and the registered office address for legal entities, must be included. Alternatives to postal addresses, such as virtual addresses, are generally not acceptable.

Equivalent Identifiers

PSPs and CASPs must use official identifiers equivalent to Legal Entity Identifiers (LEIs) that are unique, publicly registered, and issued by a public authority.

4. Detecting and Handling Missing Information

Procedures for Detection

Entities must have procedures to detect missing, incomplete, or meaningless information during and after transfers. These procedures should include monitoring practices aligned with the risk level of the transactions.

Admissible Characters and Inputs

PSPs and IPSPs should ensure their systems validate the information fields according to system conventions. Transfers with inadmissible characters or inputs should be flagged for manual review.

Monitoring and Risk Factors

Transfers should be monitored based on predefined risk factors, including transaction value thresholds, geographical risks, and the involvement of entities with poor AML/CFT compliance records. Special attention should be given to transfers from or to self-hosted addresses or involving anonymity-enhancing techniques.

The Travel Rule under Regulation (EU) 2023/1113 represents a significant step towards enhancing financial transparency and combating ML/TF. By mandating detailed information requirements and robust transmission protocols, it ensures that PSPs, IPSPs, CASPs, and ICASPs can effectively manage risks and maintain the integrity of financial transactions. Compliance with these regulations not only fosters a secure financial environment but also strengthens the global fight against illicit financial activities.

Read the full guideline here.