The EBA issues ‘travel rule’ guidance to tackle money laundering and terrorist financing in transfers of funds and crypto assets

The European Banking Authority (EBA) issued today new Guidelines on the so-called ‘travel rule’, i.e. the information that should accompany transfers of funds and certain crypto assets. This rule will help tackle the abuse of  such transfers for money laundering and terrorist financing purposes.

The Guidelines specify which information should accompany a transfer of funds or crypto assets and also list the steps that payment service providers (PSPs), intermediary PSPs (IPSPs), crypto-asset service providers (CASPs) and intermediary CASPs (ICASPs) should take to detect missing or incomplete information, and what they should do if a transfer of funds or a transfer of crypto-assets lacks the required information.

The objective is to establish a consistent and effective approach to implementing the travel rule across the EU that allows relevant authorities to fully trace such transfers where this is necessary to prevent, detect or investigate money laundering and terrorist financing.

Background

In June 2023, Regulation (EU) 2023/1113 entered into force. The Regulation recasts Regulation (EU) 2015/847 and brings the EU’s legal framework in line with the Financial Action Task Force (FATF)’s standards by extending the obligation to include information about the originator and beneficiary to CASPs – the so-called ‘travel rule’. It also amends Directive (EU) 2015/849 to subject CASPs, which are authorized in accordance with the Regulation (EU) 2023/1114 to the same AML/CFT requirements and AML/CFT supervision as credit and financial institutions.

The deadline for competent authorities to report whether they comply with the Guidelines will be two months after the publication of the translations into the official EU languages. The amending Guidelines will apply from 30 December 2024.

The EBA also published Guidelines on risk-based AML/CFT supervisors of crypto-asset service providers (CASPs) and Guidelines crypto-asset service providers to effectively manage their exposure to ML/TF risks, and is currently finalising the work on Guidelines on internal policies, procedures and controls to comply with restrictive measures that apply to CASPs as well as other financial institutions.

Legal basis

Article 36 (first and second subparagraphs) of Regulation (EU) 2023/1113 and Article 19a(2) of Directive (EU) 2015/849 mandate the EBA to issue guidelines to competent authorities, PSPs and CASPs on: (a) the measures those providers should take to comply with certain articles of Regulation (EU) 2023/1113; (b) the technical aspects of the application of this Regulation to direct debits; and (c) the measures, including the criteria and means for identification and verification of the identity of the originator or beneficiary of a transfer made to or from a self-hosted address.

These Guidelines repeal with effect from 30 December 2024 the ‘Joint Guidelines under Article 25 of Regulation (EU) 2015/847 on the measures payment service providers should take to detect missing or incomplete information on the payer or the payee, and the procedures they should put in place to manage a transfer of funds lacking the required information’ (JC/GL/2017/16).