How Should CASPs Transfer Travel Rule Information According to European Banking Authority Guidelines?

The European Banking Authority (EBA) released the Travel Rule Guidance report on 4, June 2024. It has established comprehensive guidelines on the information requirements for the Transfer of Funds Regulation including detailed procedures and requirements for ensuring compliance with the Travel Act

In June 2023, Regulation (EU) 2023/1113 extended the legal coverage of certain crypto assets in money transfers, to prevent their misuse for terrorist financing and financial crimes. The EBA using a flexible, risk-based approach guides payment service providers (PSPs), intermediary PSPs (IPSPs), crypto-asset service providers (CASPs), and intermediary CASPs (ICASPs) on detecting and managing transfers.

These guidelines aim to increase the transparency and traceability of financial transactions, thereby preventing money laundering and terrorist financing.

Key Requirements for Travel Rule Compliance

The EBA guidelines specify that PSPs and CASPs must collect and transmit the following information with each fund transfer:

• Originator Information: This includes the name, account number, address, and national identity number of the person initiating the transfer.
• Beneficiary Information: This includes the name and account number of the person receiving the transfer.

The guidelines outline the steps that PSPs and CASPs should follow to ensure accurate information filing:

• Gather the necessary originator and beneficiary information before initiating a transfer.
• Verify the accuracy and completeness of the collected information.
• The verified information must be included in the payment message sent through the payment and settlement systems.

Messaging or Payment and Settlement Systems

The EBA guidelines emphasize the importance of using robust and secure systems for the transmission and reception of information:

• PSPs, IPSPs, CASPs, and ICASPs must use infrastructures capable of fully transmitting and receiving information without gaps or errors. This includes using standardized messaging formats like ISO 20022.
• Systems must maintain data integrity, particularly when converting information into different formats. PSPs must upgrade to more reliable systems if current systems cannot ensure error-free transmission.
• PSPs must ensure the security of their information transfer systems. CASPs should also adhere to the EBA Guidelines on ICT and security risk management and outsourcing arrangements.
• When transmitting information according to Article 14 of the regulation: Transmit the information as part of or integrated into the blockchain or another distributed ledger technology (DLT) platform.  Alternatively, transmit independently via various communication channels, including direct communication between CASPs, APIs, code solutions atop the blockchain, and third-party solutions.
• For crypto-asset transfers, CASPs and ICASPs can use alternative mechanisms to compensate for technical limitations until 31 July 2025.

Multi-Intermediation and Cross-Border Transfers

When dealing with cross-border transfers and transactions involving multiple intermediaries, the guidelines highlight additional considerations:

• PSPs and IPSPs must document their policies and procedures to describe how payer and payee information is transmitted throughout the transfer chain.
• For non-batched transfers, the entire transfer chain must be treated as one, ensuring that the original payer and payee information is preserved.
• Transfers from cross-border to domestic channels must maximize the transparency of the cross-border nature and ensure the transmitted information is understandable by all intermediary and beneficiary PSPs.
• In cases of doubt, transfers should be treated as cross-border to ensure appropriate channels that facilitate necessary information transmission are used.
• For batch transfers, if required information is missing, IPSPs or ICASPs must obtain the missing information through alternative channels, such as APIs or third-party solutions, to comply with Regulation (EU) 2023/1113.

How CASPs Should Handle Missing Travel Rule Information?

Under Regulation (EU) 2023/1113, CASPs, PSPs, and ICASPs must:

• Detect missing, incomplete, or erroneous information in transfers using monitoring practices.
• Use systems with validation rules to ensure all required information is included and prevent errors.
• Set clear procedures to request missing information within specified deadlines.
• Assess risks associated with transfers, considering factors like transaction value and parties’ locations.
• Communicate actions taken with prior parties in the transfer chain and comply with data protection regulations.
• Enforce penalties for non-compliance, including rejecting transfers or terminating relationships with non-compliant parties.

By following these guidelines, PSPs, CASPs, and ICASPs can ensure compliance with the Travel Rule, enhancing the transparency and traceability of financial transactions within the European Union and beyond.

For more detailed information, please refer to EBA’s Travel Rule Guidelines.