Crypto asset service providers (CASPS) will have to collect and share certain information about their clients when facilitating crypto transfers once a planned directive takes effect.
On 18 April, the Financial Intelligence Centre (FIC) published documentation on what is called a “travel rule” that will apply to accountable institutions that engage in crypto asset transfers. The rule will make it compulsory for CASPs and crypto asset FSPs to share prescribed information when they facilitate transactions involving digital assets.
Draft Directive 9 places different obligations on CASPs and on FSPs that act as intermediaries when receiving or transmitting crypto assets.
An entity is a CASP if it engages in the activities defined in Item 22 of Schedule 1 to the Financial Intelligence Centre Act (FICA). An FSP is an accountable institution if its activities conform to the definition in Item 12.
The FIC also issued an accompanying consultation document, which invites stakeholders to comment on certain issues.
Obligations on ‘ordering CASPs’
The draft directive makes the “ordering CASP” responsible for gathering and transmitting the client information. This means an Item 12 (FSP) or an Item 22 (CASP) accountable institution that initiates a transfer and transfers a crypto asset for “an originator” – the person or entity that issues the transfer instruction.
The information must be transmitted to the “recipient CASP”, which means an Item 12 or Item 22 accountable institution that receives a crypto asset from an originator CASP, directly or through an intermediary CASP or financial institution, and makes the crypto asset associated with the transfer available to the beneficiary.
The draft directive sets out the information that must be obtained, which includes the originator’s full name, identity or passport number, date and place of birth, residential address (if “readily available”), and wallet address.
The ordering CASP must verify this information in accordance with its Risk Management and Compliance Programme (RMCP) and FICA.
In the case of a cross-border transfer that is a single transaction of less than R5 000, the ordering CASP must transmit to the following minimum information to the recipient CASP:
- the originator’s full name;
- information about the wallet that the originator uses as the source of the crypto asset to be transferred;
- the name of the beneficiary; and
- information about the destination wallet.
An ordering CASP will not have to verify the accuracy of the abovementioned information in respect of a cross-border transfer that is a single transaction valued at less than R5 000, unless there is a suspicion of money laundering or terrorist financing.
When an ordering CASP transmits information to another CASP, it must, before transferring the information, identify the counterparty CASP to which it will transmit the information and conduct a due diligence on that CASP to:
- determine whether the counterparty can reasonably be expected to protect the confidentiality of information transmitted to it; and
- avoid dealing with a person or an entity that is sanctioned by the United Nations Security Council and is on the FIC’s Targeted Financial Sanctions lists.
The ordering CASP does not have to undertake the due diligence for each crypto asset transfer if it has already conducted due diligence on the counterparty CASP.
But it must update its due diligence on a counterparty CASP “periodically” or when it identifies that a money laundering, terrorist financing, or proliferation financing risk emerges from the relationship with the counterparty CASP.
And the ordering CASP must conduct a due diligence whenever there is a suspicion of money laundering, terrorist financing, or proliferation financing.
Importantly, an ordering CASP may not execute a crypto asset transfer if it cannot comply with all the abovementioned information-collection, verification, and due diligence requirements (where applicable).
Originator and intermediary CASPs must transmit the required information before or simultaneously with the transfer itself to the recipient CASP or intermediary. Post facto transmission of the required information will not be permitted.
Red tape for intermediaries
The proposed directive will add to the administrative burden on intermediaries involved in crypto asset transfers.
An intermediary CASP will have to ensure that all originator and beneficiary information that pertains to a crypto asset transfer (cross-border or domestic) is transmitted to the recipient CASP, or another intermediary CASP.
The intermediary will have to take “reasonable measures” to identify cross-border crypto asset transfers that lack the required information.
Intermediaries will be required to develop, document, maintain, and implement effective risk-based policies and procedures for determining:
- when to execute, reject, or suspend a cross-border crypto asset transfer that lacks the required information; and
- the appropriate follow-up action the intermediary will take in each instance where it executes, rejects, or suspends a cross-border crypto asset transfer.
The abovementioned measures must be included in the intermediary’s RMCP.
Obligations on recipient CASPs
The proposed directive places verification obligations on the recipient CASP.
It must verify the beneficiary’s identity in accordance with its RMCP and FICA.
In addition, a beneficiary CASP must verify the accuracy of the beneficiary information in the case of an inward cross-border transfer that is a single transaction valued at less than R5 000 from an originator in a high risk or other monitored jurisdiction as listed by the Financial Action Task Force.
Recipient CASPs will be required to take “reasonable measures”, which may include post-event or real-time monitoring, to identify cross-border crypto asset transfers that lack the required information.
They must develop, document, maintain, and implement effective risk-based policies and procedures for determining:
- when to execute, reject, or suspend a cross-border crypto asset transfer that lack the required information; and
- the appropriate follow-up action they will take in each instance where they execute, reject, or suspend a cross-border crypto asset transfer that lacks the information.
The abovementioned measures must be included in the recipient CASP’s RMCP.
Deadline to comment
Comments must be submitted to the FIC by close of business on Friday, 31 May 2024. Submission must be sent to consult@fic.gov.za