New EBA Guidelines on the ‘Travel Rule’ for Fund and Crypto Asset Transfers

The European Banking Authority (EBA) has introduced new Guidelines on the ‘travel rule’, detailing the information that must accompany transfers of funds and certain crypto assets. This rule aims to combat the misuse of such transfers for money laundering and terrorist financing.

The Guidelines specify the required information for fund or crypto asset transfers and outline the steps that payment service providers (PSPs), intermediary PSPs (IPSPs), crypto-asset service providers (CASPs), and intermediary CASPs (ICASPs) should take to identify and address missing or incomplete information. They also provide procedures for handling transfers that lack the required details.

The goal is to establish a consistent and effective approach to implementing the travel rule across the EU, enabling authorities to trace these transfers thoroughly to prevent, detect, or investigate money laundering and terrorist financing.

Background

In June 2023, Regulation (EU) 2023/1113 came into effect, updating Regulation (EU) 2015/847. This regulation aligns the EU’s legal framework with the Financial Action Task Force (FATF) standards by extending the requirement to include information about the originator and beneficiary to CASPs, as per the ‘travel rule’. It also amends Directive (EU) 2015/849 to subject CASPs, authorized under Regulation (EU) 2023/1114, to the same AML/CFT requirements and supervision as credit and financial institutions.

Competent authorities have two months from the publication of translations into the official EU languages to report compliance with the Guidelines. The amended Guidelines will take effect on 30 December 2024.

The EBA has also published Guidelines on risk-based AML/CFT supervision of crypto-asset service providers (CASPs) and Guidelines for CASPs to effectively manage their ML/TF risk exposure. Additionally, the EBA is finalizing Guidelines on internal policies, procedures, and controls to comply with restrictive measures applicable to CASPs and other financial institutions.

Legal Basis

Article 36 (first and second subparagraphs) of Regulation (EU) 2023/1113 and Article 19a(2) of Directive (EU) 2015/849 mandate the EBA to issue guidelines to competent authorities, PSPs, and CASPs on: (a) the measures those providers should take to comply with certain articles of Regulation (EU) 2023/1113; (b) the technical aspects of applying this Regulation to direct debits; and (c) the measures, including the criteria and means for identification and verification of the originator or beneficiary of a transfer to or from a self-hosted address.

These Guidelines will replace the ‘Joint Guidelines under Article 25 of Regulation (EU) 2015/847 on the measures payment service providers should take to detect missing or incomplete information on the payer or the payee, and the procedures they should implement to manage a transfer of funds lacking the required information’ (JC/GL/2017/16), effective 30 December 2024.

Read the guideline below: