HMT Financial Crime Consultation Series
HM Treasury (HMT) published two important financial crime regulation consultation documents on 22 July 2021.
The first document invites responses about proposed changes to the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the MLRs). These amendments allow some time-sensitive changes to be made to the MLRs, which are required to ensure that the UK continues to meet international standards set by the Financial Action Task Force (FATF). The changes strengthen and ensuring clarity on how the anti-money laundering regime operates, following feedback from industry and supervisors on the implementation of the Money Laundering and Terrorist Financing (Amendment) (EU Exit) Regulations 2020.
The second document asks for feedback about the systemic effectiveness of the UK’s anti-money laundering and counter terrorist financing regulatory and supervisory regimes and how they contribute to the overarching objective of countering economic crime. The British government is keen to ensure that the UK’s anti-money laundering and counter terrorist financing regime effectively deters money laundering and terrorist financing activity, whilst being proportionate and managing burdens on businesses.
These proposals will be open for feedback until 14 October 2021.
To help regulated firms and other stakeholders understand and consider the issues and changes discussed in the 40 and 56 page consultation documents, we will be running a short series of articles examining some of the key points being raised.
In this article, the first in the series, we consider the implementation in the UK of the commonly named and long awaited 'Travel Rule'.
The 'Travel Rule'
The Travel rule is an update to the FATF Recommendation 16 (R.16) that was officially adopted on 21 June 2019. It concerns cross-border and domestic wire transfer and extends to Virtual Assets Services Providers (VASPs) the requirements for originators and beneficiaries of all transfers of digital funds to exchange identifying information.
HMT's proposed implementation approach is guided by the principle that the application of R.16 should be consistent across the financial services industry, independently of the technology used to facilitate transfers of funds. As a result, cryptoasset exchange providers and custodian wallet providers are brought within the scope of the application of R.16 in the UK.
R.16 was implemented in the UK via the Funds Transfer Regulation (FTR) but, as it is retained EU law, the UK Government does not have the ability to easily amend the FTR. This means that amendments of the kind necessary to apply R.16 to cryptoassets would require primary legislation. Therefore the HMT is proposing to use its powers to amend the MLRs, which will also ensure that anti-money laundering legislation for the cryptoasset sector is consolidated in one place.
In line with this approach new provisions will be introduced in the MLRs to replicate existing provisions in the FTR and to establish the following requirements for cryptoasset service providers:
1. Information accompanying transfers of cryptoassets
The changes suggested will require cryptoasset firms to put in place systems for ensuring that personal information of the originator and beneficiary of a cryptoasset transfer is transmitted and received alongside the transfer, and in an appropriate format. As in the FTR, the information that must accompany the transfer will depend on its value and whether all cryptoasset service providers involved in the transfer are carrying on business in the UK.
The FATF’s Interpretive Note on R.16 (INR.16) permits countries to apply a de minimis value threshold, transfers below which may be accompanied by more limited beneficiary information. The HMT propose that the de minimis threshold for single and linked cryptoasset transfers should be GBP 1,000.
Some cryptoasset firms perform deposit-taking activities for fiat currency. It is proposed that the linked transfers rule should include both cryptoasset and fiat transfers. In practice, this would mean that linked transfers that in total exceed GBP 1,000, whether in cryptoassets alone or a combination of both fiat and crypto, would be treated as one large transfer to the beneficiary institution.
In line with R.16 and the approach taken in the FTR, the government proposes that the following information should be required to be sent with a transfer of cryptoassets:
Information on the originator | Information on the beneficiary | |
Single and linked transactions above GBP 1,000 |
Name Address Account number or unique transaction identifier Personal document number Customer identification number or date and place of birth. |
Name Account number / unique transaction identifier |
Single or linked transactions below GBP 1,000 |
Name Account number / unique transaction identifier |
Name Account number / unique transaction identifier |
If all cryptoasset service providers involved in the transaction are UK-based |
Account number / unique transaction identifier (subject to requirement to provide full information to beneficiary cryptoasset service provider on request) |
Account number / unique transaction identifier |
2. Obligations on intermediary cryptoasset service providers
In line with R.16 and the FTR, it is proposed that intermediary cryptoasset service providers in the scope of the amended regulations should ensure that all information received about the originator and the beneficiary that accompanies a cryptoasset transfer is retained with the transfer.
3. Validation of information and detection of missing information
Cryptoasset service providers will be required to implement effective procedures to detect whether the required beneficiary and originator information is missing from an inbound transfer. This will include monitoring in real time or after the transfer. The following steps are required to validate and detect missing information:
-
Where the transaction is above the de minimis threshold, the beneficiary’s cryptoasset service provider must verify the accuracy of beneficiary information received with the transfer, before making a cryptoasset available to the beneficiary. In practice, this may be done by checking for consistency with information verified as part of the customer due diligence process.
-
Where the required beneficiary or originator information is missing, the cryptoasset service provider receiving the transfer must decide, on a risk-sensitive basis, whether to ask for the required information before or after making the cryptoasset available to the beneficiary.
-
Where a cryptoasset service provider repeatedly fails to provide the required information, the receiving cryptoasset service provider must take appropriate steps. This includes issuing warnings before either rejecting any future cryptoasset transfers from, or restricting or terminating its business relationship with, that cryptoasset service provider.
4. Treatment of unhosted wallets
Unlike the traditional financial services sector, cryptoasset models enable individuals to host their own crypto wallet (unhosted wallets) which can be used to make and receive transfers from wallets hosted by custodian wallet providers.
in line with current FATF Guidance the consultation clarifies that where a beneficiary’s cryptoassets service provider receives a transfer for an unhosted wallet, it should obtain the required originator information from its own customer that receives the cryptoassets transfer. However, where a transfer is being made from a cryptoasset service provider to an unhosted wallet, the originating provider is not expected to send information to an unhosted wallet, though it should still collect information on the intended beneficiary.
5. Record keeping
The receiving cryptoasset service provider will be required to retain the beneficiary and originator information for a period of five years from the date it reasonably believes the transaction is complete. To protect the privacy of the parties to the transaction, this information must be deleted at the end of this five-year period, unless Regulation 40 of the MLRs or a court ruling requires it to be held for longer.
Cryptoasset service providers will be required to make this information available fully and without delay in response to a written request by the Financial Conduct Authority, HM Revenue & Customs, the National Crime Agency or the police, where this information is reasonably required in connection with the authority’s functions.
In terms of the timing for implementation, the importance of introducing the new regulations in a proportionate way is acknowledged, to maintain the balance between mitigating the risk of money laundering and terrorism financing and supporting financial innovation. In this sense a grace period is being proposed as it is expected that the process of implementation by firms may take some time.
Considering the status of the current registration process for cryptoasset services provider under the MLRs, it is essential that the 'grace period' for implementing the 'Travel Rule' is set way beyond 31 March 2022 (the date on which the FCA’s Temporary Registration Regime ends). This is to ensure cryptoasset firms have some breathing space to recover from the long and difficult registration process and to guarantee a proportionate and adequate implementation of the new requirements in the UK’s crypto industry.
Related resources
All resourcesPayment Services Regulatory Compliance Forum 2025
Managing reputational risk
FCA issues guidance on Payment Services Regulations 2024
Operational Resilience: regulatory guidelines for critical third parties aim to avoid systemic disruption