U.K. crypto firms have just days to implement the “travel rule” designed to curb money laundering – but patchy implementation of the rule globally is not making it easier for service providers to comply, CoinDesk has been told by industry experts.
Norms set by international standard setter the Financial Action Task Force (FATF), including a requirement for firms to identify the names of people behind transactions, have proved controversial for many in the crypto industry. There have been particular tussles over how to adapt it to crypto’s unique features, such as self-custodied wallets that aren’t hosted by any regulated provider.
Others see it as essential in the fight against dirty money, and to improve crypto’s reputation. With just a total of 35 jurisdictions passing the required legislation, FATF in June described the failure to implement the rule as a “serious concern.”
The requirement to gather data on who their customers interact with overseas also poses a headache for crypto firms. There’s a transitional problem which Ilya Brovin, chief growth officer from Sumsub, a verification platform, described as a “sunrise issue” for the law.
“The fact that somewhere it’s enforced and in other places it’s not enforced.. [so] how do you get players in your jurisdiction where you want to enforce it to be compliant [when] the counterparties they need to deal with are not compliant?” Brovin said, adding that the travel rule will help institutions know which crypto businesses they can trust.
“It’s such a novel area, industry players had a million questions … and I’d say in most places, regulators were kind of really slow to provide guidance,” Brovin said.
The U.K. laws are set to take effect as of Sept. 1, and lobby groups like UK Finance and Claire Cross, partner at law firm Corker Binning, are calling for a standardized approach to the travel rule across jurisdictions.
“A lack of harmonization will result in cracks in the system which can be exploited by those involved in criminal activity,” Cross told CoinDesk. “The FCA is certainly on the right track in implementing the rule, let’s hope the rest of the world is quick to follow.”
The problem is that, even in some of the 35 places that have passed laws, they still haven’t taken effect – including in near neighbor the European Union, where the legislation only enters into force at the end of 2024.
Even where implemented, there are discrepancies. Canada, for instance, requires operators to jot down beneficiaries’ postal addresses, while the U.K. doesn’t, and firms are caught in a quandary when handling a transfer between the two, Caterina Veloso, co-chair of lobby group CryptoUK’s travel rule working group, told CoinDesk.
Veloso, who’s also a senior associate for regulatory and compliance at Notabene, praised the open approach taken by U.K. regulator the Financial Conduct Authority, which has tested the issue with the industry as part of its “sandbox” exercises. But the FCA’s August guidelines – which ask wallet providers to make a risk-based assessment when receiving funds from foreign non-compliant jurisdictions – “could use a bit more granularity,” she added.
To fix that, she’s turning to the Joint Money Laundering Steering Group (JMLSG) – an industry body whose guidance can be taken into consideration by regulators and courts. CryptoUK will be writing to the group imminently to call for more details on how to handle inbound transfers, and how to work with non-compatible, closed protocols, she said.
But with the rules taking effect in just one week, she also hopes the FCA will go easy while firms tackle these problems.
“I hope that the regulator is empathetic to these issues … I hope there’s some leeway in understanding that these things take time,” Veloso said, highlighting a delicate balance with data privacy. “There will be conflicts and we’ll need to see with experience how they ended up being settled.”
The FCA did not immediately respond to a CoinDesk request on whether it will indeed show that leeway. The regulator’s statements so far indicate it won’t go easy in an area like money laundering where penalties for non-compliance are traditionally tough.
“Little or no effort to comply from September 1 will not do,” the regulator said in an August 17 statement, adding that it will act “swiftly and assertively where crypto asset businesses fail to meet” its travel rule expectations.