Travel Rule may apply to any bitcoin transaction in the EU

Last week, the European Parliament’s Committee on Economic and Monetary Affairs (ECON) and Committee on Civil Liberties, Justice and Home Affairs (LIBE) adopted the Travel Rule amendment for bitcoin businesses. For bitcoin transactions, this would potentially mean that bitcoin companies have to share personal information about their customers. Also, ‘ unhosted wallets ‘ – in other words: self-custodial wallets – should be verified (again) by bitcoin companies.

Earlier we wrote that a lot was about to happen at European level in the field of anti-money laundering regulations. On 20 July 2021, an ambitious legislative package (AML/CFT) was presented by the European Commission. This package should fully replace the fourth and fifth anti-money laundering directives and consists of four legislative proposals.

What is the Travel Rule?

The so-called Travel Rule is included in the so-called recast of Regulation (EU) 2015/847 extending the information to be added to transfers to crypto-assets (WTR2 recast). This realignment may have major implications for bitcoin transactions in the EU.

The current WTR2 regulation obliges payment service providers to collect, add and keep information from the sender and recipient available to the competent authorities (Financial Intelligence Units) when making transfers. This is called the Travel Rule.

After the WTR2 realignment comes into effect, the idea is that bitcoin companies must also comply with the Travel Rule. This expansion of the Travel Rule stems from the Financial Action Task Force (FATF) Guidance for Virtual Assets Service Providers (VASPs). This is an unelected global intergovernmental watchdog to combat money laundering and terrorist financing.

The guideline cited above dates from October 2021. This means that the idea of also applying the Travel Rule to bitcoin companies seems to be of recent date. However, this is not the case. In 2019, US authorities in Vienna laid the foundations for the rule that has now been adopted in Europe at a meeting of the FATF.

Privacy First and United Bitcoin Companies Netherlands to the breach

Both Bitonic, Privacy First and the United Bitcoin Companies of the Netherlands already warned in 2019 that the privacy of EU citizens was at risk. Bitonic found it alarming from a privacy point of view that such a comprehensive obligation to export private data worldwide was being forced on Europe by the US.

??????This does not only affect companies that trade in virtual currencies. The definitions are so broad that potentially every company or customer that works with a blockchain or distributed ledger can fall under the scope.’

Read Bitonic’s position here.

At the time, the intention to do so was hidden in a subordinate clause in a letter to parliament from the then Minister of Finance. This would oblige companies to send customer data with ??????virtual assets???????, goods to be traded digitally, such as bitcoins, real estate, but also purchases in computer games. The information from all parties involved must remain visible to everyone in the value chain.

Bitonic, Privacy First and the VBNL (United Bitcoin Companies) therefore already jumped into the breach and wrote an urgent letter to the then parliament to prevent the unbridled export of personal data. Unfortunately, it had no effect and now Europe seems to be adopting the rules of the FATF.

What does this potentially mean for bitcoin businesses?

When transferring bitcoin or crypto to another bitcoin company, a bitcoin company may have to ensure that the name, account number (read: wallet address), address, official personal document number and client identification numbers or place and date of birth of the sender are added (art. 14 paragraph 1 sub a to c WTR2 recast). In addition, the bitcoin company will also have to add the name of the recipient and his account number (read again: wallet address) (art. 14 paragraph 2 sub a and b WTR2 recast).

Please note that the information listed above does not have to be added on-chain (art. 14 paragraph 4 WTR2 recast). How the information should be added is still the question. There are already ideas in the bitcoin sector on how to do this. TRUST (Travel Rule Universal Solution Technology) ??? an initiative of several bitcoin companies from the US ??? is an example of this. This looks like a new variant of SWIFT.

At first, lighter requirements seemed to be imposed on transactions under EUR 1,000. For example, the idea was that only the name and account number (read: wallet address) of the sender and recipient should be added to such transactions. The rules for bitcoin companies would thus align with the current rules for payment service providers.

However, in the (for now) final draft of the WTR2 recast, the EUR 1,000 limit has been removed on the basis of well-known arguments; preventing money laundering and terrorist financing. Bitcoin – and crypto in general – would be very suitable for this.

Were it not for the fact that the opposite of this turns out to be true, as we wrote recently. Illegal activity and cybercrime are a shrinking component of bitcoin and crypto transactions, according to research by blockchain analytics firm Chainalysis. The percentage of illegal activity fell to only 0.15% of the total transaction volume in 2021.

The argumentation that can be read in the WTR2 recast therefore shows a lack of substantive knowledge, not to mention the unfamiliarity with the underlying technology. This is also apparent from the – unfortunately unnecessarily polarizing – statements by MEP Paul Tang.

Self-custodial wallets an eyesore?

The WTR2 recast shows that the European Parliament seems to believe that ‘ unhosted wallets ‘ – in other words: self-custodial wallets – are mainly used by criminals, while these are the most traditional and normal bitcoin wallets. An ‘anonymous unhosted wallet’ is therefore a remarkable framing for what is in fact just your own wallet. According to this reasoning, you could also call a normal wallet in your pocket an ‘anonymous unhosted wallet’.

Transactions from or to self-custodial wallets may therefore need to be verified (again) by bitcoin companies. The wallet verification requirement would rise like a phoenix from its ashes. This would be unfortunate for the bitcoin industry, especially for Bitonic. The bitcoin company was ruled in favor by the court last year, with DNB ordered to review the wallet verification requirement.

Furthermore, bitcoin companies may have to report any transaction above EUR 1,000 from or to self-custodial wallets to the Financial Intelligence Unit (FIU) of the relevant member state. This has been labeled by many – including EU watcher Patrick Hansen – as an absolute violation of privacy rights.

Is it really already final?

Although there is still a chance that some refinements will be made in the trilogues – negotiations between delegations from the European Commission, the European Parliament and the Council of Ministers – things are not looking good for now. However, the Commission and the Council of Ministers are generally better technically versed than Parliament, which offers some hope

In conclusion, it appears that the unbridled export of personal data has again not been taken into account. Not to mention the possible (still) rising costs for compliance with anti-money laundering regulations, which appear to be anything but effective. It is therefore to be hoped that the light will be seen in the trilogues and that bitcoin companies will not have to carry out unnecessary checks (with associated data leaks) in the future – as in the banking sector – as well. Financial freedom for bitcoiners must be guaranteed.

Would you like to read more about new anti-money laundering regulations? In this article we have taken a look at the future. Prefer to listen to a podcast? Then listen to episode 213 A of the Cryptocast or to episode #200 of Satoshi Radio.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

© 2024 Cryptocoin