Country requirements

Discover Travel Rule requirements by country.

On this page, you can find the information on Travel Rule requirements applied in different countries.

Subject

Details

Status

In force..

Regulation

Commencement date

March 26, 2024

Threshold

The resolution establishes that the obligated subjects must comply with the identification of the originator and the beneficiary of the transactions covered by the Travel Rule, in the terms established by the International Standards of the FATF and in the modality that the FIU establishes for the exchange and validation of said information. Information will be updated when FIU publishes clarifications.

VASP Due Diligence

Data to be shared

Domestic vs cross-border transfers

Self-hosted wallet verification

Time and way to share the Information

The main actions required

Identification of Originator and Beneficiary.

Record retention

Ten years.

Subject

Details

Status

In force.

Regulation

Commencement date

February 23, 2022

Threshold

EUR 1,000

VASP Due Diligence

No requirement.

Data to be shared

Originator:

  • a) Full name;
  • b) Account number (or unique transaction identifier);
  • c) Address, official personal document number, customer identification number or date and place of birth.

Beneficiary:

  • d) Full name;
  • e) Account number (or unique transaction identifier).

Domestic vs cross-border transfers

Domestic. The following data should be transferred: b) and e). However, within three working days of receiving a request for information from the beneficiary's CASP or ICASP, the following data should be made available:

  • <EUR 1,000: a), b), d), e);
  • >EUR 1,000: a), b), c), d), e).

Cross-border. The following data should be transferred:

  • <EUR 1,000: a), b), d), e);
  • >EUR 1,000: a), b), c), d), e).

Self-hosted wallet verification

No requirement.

Subject

Details

Time and way to share the Information

Regulation (EU) 2015/847 and the FMA Circular do not explicitly specify the time frame for information sharing. In turn, according to the interpretive note to FATF Recommendation 15, originating CASPs should submit the information on the originator and beneficiary to the beneficiary CASP immediately and securely.

The main actions required

CASP of the Originator


Information Accompanying Transfers:


It shall ensure that all transfers of funds are accompanied by the information on the originator and beneficiary.


Verification of Information:


It shall verify the accuracy of the originator's information before the transfer. This can be done by using documents, data, or information from a reliable and independent source. If the originator's identity has been verified according to Directive (EU) 2015/849, no additional verification is required.


Transfers within the EU:


For transfers within the EU where all CASPs involved are in the EU, the CASP of the originator needs only to provide the payment account numbers of the originator and beneficiary (or a unique transaction identifier), unless otherwise requested.


Transfers to outside the EU:


In the case of a batch file transfer from a single originator where the CASPs of the beneficiaries are established outside the EU, the obligation to provide information on the originator shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information on the originator and beneficiary, that that information has been verified, and that the individual transfers carry the payment account number of the originator or, where applicable, the unique transaction identifier.


By way of derogation from the obligation to provide information on the originator, and, where applicable, without prejudice to the information required in accordance with Regulation (EU) No 260/2012, where the CASP of the originator is established outside the EU, transfers of funds not exceeding EUR 1,000 that do not appear to be linked to other transfers of funds which, together with the transfer in question, exceed EUR 1,000, shall be accompanied by at least:

  • (a) the names of the originator and of the beneficiary; and
  • (b) the payment account numbers of the originator and of the beneficiary or, where applicable, the unique transaction identifier.

By way of derogation, the CASP of the originator need not verify the information on the originator unless the CASP of the originator:

  • (a) has received the funds to be transferred in cash or in anonymous electronic money; or
  • (b) has reasonable grounds for suspecting money laundering or terrorist financing.

CASP of the Beneficiary


Detection of Missing or Incomplete Information:


The beneficiary's CASP must implement effective procedures to ensure that information fields related to the originator and beneficiary in payment systems are correctly filled using admissible characters according to system conventions. They should detect missing information through appropriate procedures, including ex-post or real-time monitoring where necessary.


Verification of Information:


For transfers exceeding EUR 1,000, whether in single or linked transactions, the beneficiary's CASP must verify the accuracy of the beneficiary's information using reliable and independent sources before crediting the account or making funds available, in compliance with Articles 69 and 70 of Directive 2007/64/EC.


For transfers not exceeding EUR 1,000 that are not linked to others surpassing that amount, the CASP is not required to verify the beneficiary's information unless:

  • (a) The funds are paid out in cash or anonymous electronic money; or
  • (b) There are reasonable grounds to suspect money laundering or terrorist financing.

Transfers with Missing Information:


The beneficiary's CASP must implement risk-based procedures to decide whether to execute, reject, or suspend transfers that lack complete originator and beneficiary information, and take appropriate follow-up actions.


If the beneficiary's CASP detects missing, incomplete, or improperly formatted originator or beneficiary information upon receiving a transfer, it should, on a risk-sensitive basis, either reject the transfer or request the necessary information before or after crediting the beneficiary's account.


If a CASP repeatedly fails to provide the required information, the beneficiary's CASP should issue warnings and set deadlines, and may ultimately reject future transfers or terminate the business relationship with that CASP.


The beneficiary's CASP must report such failures and the actions taken to the competent authority responsible for monitoring AML/CTF compliance.


Handling Suspicious Transactions:


Missing or incomplete information on the originator or beneficiary must be factored into the CASP's risk assessment for suspicious transactions and whether such transfers should be reported to the Financial Intelligence Unit.

Obligations of the Intermediary CASP


ICASPs shall ensure that all originator and beneficiary information accompanying a transfer of funds is retained. Effective procedures shall be in place to detect whether the information fields have been correctly completed in accordance with the messaging system's conventions. Monitoring, either real-time or ex-post, should be implemented to identify missing information.


ICASPs shall also establish risk-based procedures to determine whether to execute, reject, or suspend transfers with incomplete information. If a CASP repeatedly fails to provide the required information, the ICASP must take appropriate actions, such as issuing warnings or terminating the business relationship, and report the failure to the relevant authority. Missing information should be factored into the ICASP's assessment of whether a transaction is suspicious and whether it should be reported to the FIU, as per Directive (EU) 2015/849.

Batch file transfer

In the case of a batch file transfer from a single originator where the CASPs of the beneficiaries are established outside the EU, the obligation on the CASP of the originator to ensure that information on the originator accompanies transfers of funds shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information on the originator and the beneficiary, that the information has been properly verified, and that the individual transfers carry the account number of the originator or, where the exception is applied, the unique transaction identifier.

Record retention

10 years.

Notes

Austrian regulation of the Travel Rule is based on Regulation (EU) 2015/847, which also applies to the transfer of virtual currencies.

Subject

Details

Status

In force.

Regulation

Commencement date

June 6, 2018

Threshold

BSD 1,000

VASP Due Diligence

No requirement.

Data to be shared

Originator:

  • a) Full name;
  • b) Account number (or a unique transaction identifier); and
  • c) Address or date and place of birth or the payer's national identity number or customer identification number.

Beneficiary:

  • d) Full name;
  • e) Account number (or a unique transaction identifier).

Domestic vs cross-border transfers

Domestic. The following data needs to be transferred: b), but other data should be provided within three business days after request.


Cross-border. The following data should be transferred:

  • <BSD 1,000: a), b), d), e);
  • >BSD 1,000: a), b), c), d), e).

Self-hosted wallet verification

No requirement.

Subject

Details

Time and way to share the Information

No difference.

The main actions required

Obligations of Originating Financial Institutions

  1. An originating financial institution shall, before conducting a wire transfer/VA transfer, verify the payer's (originator's) identity.
  2. Where the payer (originator) is a facility holder of the originating financial institution and the originating financial institution has already verified his identity, the originating financial institution is not required to verify the payer's identity.
  3. Originating financial institutions shall ensure that each wire transfer (VA transfer) of one thousand dollars or more is accompanied by the information specified in Section "Data to be shared".
  4. Refusal to execute wire transfers.

Where an originating financial institution -

  • (a) is unable to comply with the requirements specified; or
  • (b) has any suspicion of money laundering or terrorism financing, the originating financial institution shall not execute the wire transfer (VA transfer).

Obligations of Beneficiary Financial Institutions

  1. Every beneficiary financial institution shall take reasonable measures, which may include post-event monitoring or real-time monitoring where feasible, to identify cross-border wire transfers that lack required payer (originator) and payee (beneficiary) information.
  2. A beneficiary financial institution shall, before paying out funds in cash or cash equivalent/VA to a payee (beneficiary) in The Bahamas with respect to a cross-border wire transfer (VA transfer) of one thousand dollars or more, verify the payee's identity.
  3. Where the payee (beneficiary) is a facility holder of the beneficiary financial institution and the beneficiary financial institution has already verified his identity, the beneficiary financial institution is not required to verify the payee's (beneficiary's) identity.

Suspicious transaction reporting


Every financial institution that controls both the originating and the beneficiary side of a wire transfer shall -

  • (a) take into account all the information from both the originating financial institution and the beneficiary financial institution in order to determine whether a suspicious transaction report has to be filed; and
  • (b) where applicable, file a suspicious transaction report in any country affected by the suspicious wire transfer and make relevant transaction information available to the appropriate authorities.

Obligations of intermediary financial institutions

  1. Intermediary financial institutions shall ensure that payer (originator) and payee (beneficiary) information received with a wire transfer (VA transfer) remains with the transfer unless technical limitations of the payment systems prevent this.
  2. Where technical limitations prevent the required payer (originator) and payee (beneficiary), or payer (originator) or payee (beneficiary), information accompanying a cross-border wire transfer (VA transfer) from remaining with a related domestic wire transfer (VA transfer), the intermediary financial institution shall keep a record, for at least five years, of all the payer (originator) and payee (beneficiary), or payer (originator) or payee (beneficiary), information received from the originating financial institution or another intermediary financial institution.
  3. Where an intermediary financial institution receives a wire transfer (VA transfer) that does not have complete payer (originator) and payee (beneficiary), or payer (originator) or payee (beneficiary), information as required under these Regulations, it shall use a payment system with technical limitations only if-
    • (a) it informs the beneficiary financial institution or the other intermediary financial institution that it does not have complete payer (originator) and payee (beneficiary), or payer (originator) or payee (beneficiary), information as required;
    • (b) it informs the beneficiary financial institution or the other intermediary financial institution that it intends to use a payment system with technical limitations; and
    • (c) it conveys the information in sub-paragraphs (a) and (b) using a form of communication accepted by, or agreed between, itself and the beneficiary financial institution or the other intermediary financial institution.
  4. Where the intermediary financial institution uses a payment system with technical limitations, it shall, upon request from the beneficiary financial institution or another intermediary financial institution, provide all the payer (originator) or payee (beneficiary) information it has received, whether complete or not, within three business days of receiving the request.

Intermediary financial institutions shall take reasonable measures, which are consistent with straight-through processing, to identify cross-border wire transfers (VA transfer) that Jack the required payer (originator) and payee (beneficiary) information.


Intermediary financial institutions shall adopt risk-based policies and procedures that enable them to determine

  • (a) when to execute, reject or suspend wire transfers that are not accompanied by the complete payer (originator) and payee (beneficiary) information as required; and
  • (b) the appropriate follow-up action.

Batch file transfer

Where a batch file transfer comprises individual wire transfers (VA transfers) of one thousand dollars or more from a single payer (originator) to payees (beneficiary) outside The Bahamas, the originating financial institution shall be exempted from the requirements of paragraph 3 of the Section "The main actions required" in respect of the inclusion of the payer's information with each individual transfer, provided that

  • (a) the batch file contains the information required under paragraph 3 specified in Section "The main actions required" on
    • (i) the payer;
    • (ii) the payees; and
  • (b) the individual wire transfers include the payer's account number or, if no account is used , a unique transaction identifier.

Record retention

Five years

Subject

Details

Status

In force.

Regulation

Commencement date

  • January 1, 2020 — for crypto-asset licensees.
  • January 1, 2024 — for investment firm licensees.

Threshold

No threshold.

VASP Due Diligence

No requirement.

Data to be shared

Originator:

  • a) Full name;
  • b) Account number (e.g. IBAN or crypto-asset wallet) where such an account is used to process the transaction;
  • c) Address, or national identity number, or customer identification number, or date and place of birth.

Beneficiary:

  • d) Full name; and
  • e) Account number (e.g. IBAN or crypto-asset wallet) where such an account is used to process the transaction.

Domestic vs cross-border transfers

No difference. VASPs must consider all transfers of crypto-assets as cross-border wire transfers rather than domestic transfers.

Self-hosted wallet verification

No requirement.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner

The main actions required

Obligations of the originator's VASP


Information Accompaniment: VASPs must include all required originator and beneficiary information with the transfer of crypto-assets conducted on behalf of their customers.


VASPs must ensure that crypto-asset transfers contain the required and accurate originator and beneficiary information.


Verification: Before transferring, VASPs must verify the originator's information.


VASPs must not execute a crypto-asset transfer if it lacks the required and accurate originator information and required beneficiary information, or if the information has been collected improperly.


Transfers to Self-Hosted Addresses: In instances where a crypto-asset transfer involves only one VASP on either end of the transfer (e.g., when an ordering VASP sends crypto-assets on behalf of its customer, the originator, to a beneficiary who is not a customer of a beneficiary VASP but rather an individual user receiving the crypto-asset transfer via their own distributed ledger technology (DLT) software, such as an unhosted wallet), the VASP must still ensure compliance by providing the required information accompanying all crypto-asset transfers for its customer.


VASPs, when initiating a crypto-asset transfer, are not required to submit the mandated information to individual users who are not VASPs (e.g., if the beneficiary is using an unhosted wallet).


Obligations of the beneficiary's VASP


VASPs receiving a crypto-asset transfer from an entity that is not a VASP (e.g., from an individual crypto-asset user using their own DLT software, such as an unhosted wallet) must obtain the necessary originator information from their customer.


Detection of Missing or Incomplete Information: A beneficiary VASP must take reasonable measures to identify crypto-asset transfers that lack the required originator or the required beneficiary information. Such measures may include post-event monitoring or real-time monitoring where feasible.


Verification: A beneficiary VASP must verify the identity of the beneficiary, if the identity has not been previously verified, and maintain this information.


Obligations of the Intermediary VASP

Detection of Missing or Incomplete Information: Intermediary VASPs must ensure that all originator and beneficiary information that accompanies a crypto-asset transfer is retained with it. An intermediary VASP must take reasonable measures to identify crypto-asset transfers that lack the required originator information or required beneficiary information.


Common Measures Applicable to VASPs


Sanctions Screening: Establish internal policies to ensure compliance with applicable restrictive measures during transfers.


Transaction Monitoring and Reporting: Assess and monitor risks related to clients, products, delivery channels, and transactions.

Batch file transfer

No difference.

Record retention

Five years.

Subject

Details

Status

Not in force.

Regulation

Commencement date

December 30, 2024

Threshold

No threshold.

VASP Due Diligence

When establishing a correspondent relationship with a CASP registered outside the EU.

Data to be shared

  • a) Full Official Name: As documented on an official government-issued document. For legal persons, use the registered name.
  • b) Distributed Ledger Address or Crypto-Asset Account Number:
  • If the transfer is registered on a DLT network, include the distributed ledger address and the crypto-asset account number if it exists and is used. If not registered on a DLT network, provide the crypto-asset account number.

  • c) Address and Identification (Originator Only): For natural persons: habitual residence, including country name, official personal document number, customer identification number, or date and place of birth. For legal persons: registered office address.
  • d) Legal Entity Identifier (LEI) or Equivalent Identifier: Include the current LEI or another official identifier if available in the message format and provided by the originator to the crypto-asset service provider. The alternative identifier must: i) be a unique identification code for the legal entity; ii) be published in public registries; iii) be automatically issued upon entity formation by a public authority; iv) allow identification of name and address elements; v) be accompanied by a description of the identifier type in the messaging system.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

Required for transactions exceeding EUR 1,000.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner, and no later than the initiation of the blockchain transaction

The main actions required

Obligations of the Originator's CASP


Information Accompaniment: Ensure crypto-asset transfers include information on both the originator and the beneficiary.


Verification: Before transferring, verify the originator's information using reliable, independent sources.


Wallet Attribution: Determine if the transfer is to another CASP or a self-hosted address, and identify the counterparty CASP.


Transfers to Self-Hosted Addresses: In the case of a transfer of crypto-assets made from a self-hosted address, the CASP of the originator shall obtain and hold the information on the originator and the beneficiary and shall ensure that the transfer of crypto-assets can be individually identified. For transfers exceeding EUR 1,000 to a self-hosted address, assess whether the address is owned or controlled by the beneficiary.


Batch Transfers: Permitted if all required information for each individual transfer is included.


Obligations of the Beneficiary's CASP


Detection of Missing Information: Implement procedures to detect if originator and beneficiary information is included in transfers.


Verification: Before making assets available to the beneficiary, verify their information using reliable, independent sources.


Incomplete Transfers: Use risk-based procedures to decide whether to execute, reject, return, or suspend transfers lacking complete information, and take appropriate follow-up actions. Report such failures to the competent authority.


Assessment and Reporting: Consider missing or incomplete information when assessing if a transfer is suspicious and report to the Financial Intelligence Unit (FIU) if necessary.


Transfers from Self-Hosted Addresses: For transfers exceeding EUR 1,000 from a self-hosted address, assess whether the address is owned or controlled by the originator.


Obligations of the Intermediary CASP


ICASPs must ensure the transfer and retention of information on the originator and beneficiary of crypto-assets, detect missing information, establish risk-based procedures for handling transfers with missing or incomplete information, take action against non-compliant CASPs, and report suspicious activities to the FIU.


Common Measures Applicable to CASPs


Sanctions Screening: Establish internal policies to ensure compliance with EU and national restrictive measures during transfers.


Transaction Monitoring and Reporting: Assess and monitor risks related to clients, products, delivery channels, and transactions-including those involving self-hosted addresses. Implement Enhanced Due Diligence (EDD) for suspicious or high-risk activities and report unusual transactions to the FIU.


Enhanced Due Diligence: I) Correspondent Relationships: Apply specific EDD measures when dealing with CASPs outside the EU; 2) Self-Hosted Addresses: Assess risks associated with transfers to or from self-hosted addresses and implement measures to mitigate those risks.

Batch file transfer

In the case of a batch file transfer of crypto-assets from a single originator, the obligation on the CASP of the originator to ensure that information on the originator accompanies transfers of funds shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information on the originator and beneficiary, that that information has been verified, and, where applicable, that the individual transfers carry the distributed ledger address of the originator, the crypto-asset account number of the originator, or the unique transaction identifier, where applicable.

Record retention

10 years.

Subject

Details

Status

In force.

Regulation

Commencement date

January 1, 2018

Threshold

BMD 1,000

VASP Due Diligence

When establishing a correspondent relationship with a VASP registered outside Bermuda.

Data to be shared

Originator:


Natural Person:

  • a) Full name;
  • b) Address (or date and place of birth, customer identification number or national identity number);
  • c) Account number (or unique identifier).

Legal Entity:

  • a) Full name;
  • b) Address;
  • c) Account number (or unique identifier).

Beneficiary:

  • d) Full name;
  • e) Account number (or unique identifier).

Domestic vs cross-border transfers

Domestic.

The following data needs to be transferred irrespective of the threshold: c), but other data should be provided within three business days after request.


Cross-border.

>USD 1,000: a), b), c), d), e).

Self-hosted wallet verification

No requirement.

Subject

Details

Time and way to share the Information

The essential information of each transfer should be accurate, complete and immediately available

The main actions required

  1. 1. Regulated Financial Institutions (RFIs) conducting wire transfers must ensure that complete information on both the originator and beneficiary accompanies each cross- border transfer of funds over $1,000, and each cross-border transaction that is carried out in several operations that appear to be linked and together exceed $1,000.
  2. 2. Where the originator is an account holder at the originating PSP, the originating PSP must ensure, before transferring funds, that the complete information on the originator conveyed in the payment is accurate and has been verified.
  3. 3. Requirement of each RFI that is a Payment Service Provider (PSP) to apply appropriate enhanced due diligence measures to transfers of funds presenting higher risks of ML/TF.
  4. 4. Prior to transferring funds, a beneficiary PSP must ensure that the identity of the beneficiary is accurate and verified for any transfer of funds over $1,000 and for any transfer of funds that is carried out in several operations that appear to be linked and together exceed $1,000.
  5. 5.Where the originator is not an account holder and the transfer exceeds $1,000, the originator PSP must satisfactorily obtain and verify the identity and address of the originator prior to executing the transaction. Where the address is substituted with a originator's date
  6. and place of birth, customer identification number or national identity number, that information must also be verified. In addition, PSPs must verify the complete information where a transaction is carried out in several operations that appear to be linked and together exceed $1,000.
  7. 6. Where the originator is not an account holder and the transfer is $1,000 or less, the originating PSP must obtain information establishing the originator's identity and address. Where the address is substituted with a payer's date and place of birth, customer identification number or national identity number, that customer information must be obtained. PSPs are not required to verify the information obtained for such transactions; nonetheless, it is advisable to do so in all cases. Where a transaction is carried out in several operations that appear to be linked and together exceed $1,000, the verification requirements described in point 5 apply.
  8. 7. Where the beneficiary is not an account holder and the transfer exceeds $1,000, the beneficiary PSP must satisfactorily obtain and verify the identity of the beneficiary prior to the disbursement of any funds to the beneficiary. In addition, PSPs must verify the beneficiary's identity where a transaction is carried out in several operations that appear to be linked and together exceed $1,000.
  9. 8. Where the beneficiary is not an account holder and the transfer is $1,000 or less, the beneficiary PSP must obtain information establishing the originator's identity. PSPs are not required to verify the information obtained for such transactions; nonetheless, it is advisable to do so in all cases. Where a transaction is carried out in several operations that appear to be linked and together exceed $1,000, the verification requirements described in point 7 apply.
  10. 9. Beneficiary PSPs must have effective policies, procedures and controls, including post- event monitoring or real-time monitoring where feasible, to detect whether incoming transfers of funds include all required information.

Intermediary PSPs

Intermediary PSPs must ensure that, for each cross-border transfer of funds, all information received on the originator and beneficiary is kept with the transfer.

Intermediary PSPs should forward transfers through a messaging system capable of carrying all of the complete information. Where technical limitations associated with a messaging system prevent all information received on the payer and payee from accompanying the transfer, an intermediary PSP may nonetheless use the messaging system with technical limitations under certain conditions (see section 8.39 0f the GN)

Where an intermediary PSP becomes aware, when receiving a transfer of funds, that information on the payer or payee is incomplete or missing, the intermediary PSP must either:

  • a) Reject the transfer;
  • b) Request the complete information on the payer and payee; or
  • c) Make an internal SAR to the reporting officer.

Where a payer PSP or intermediary PSP regularly fails to supply complete information, the intermediary PSP must report that fact to the BMA and must take steps to attempt to ensure that the payer PSP or intermediary PSP provides complete information.

The intermediary PSP should maintain records of all information received from the originating PSP, beneficiary PSP and any other intermediary PSPs.

Batch file transfer

Where there is a batch file transfer from a single payer and the payee PSP is situated outside Bermuda, complete information will be considered to have been transferred, provided that:

  • a) The batch file transfer contains complete information on the payer and on each of the payees for each individual transfer;
  • b) The individual transfers of funds carry the account number of the payer or a unique identifier where an account number is not available; and
  • c) The complete information provided on all payees is fully traceable within the beneficiary country.

Record retention

Five years.

Subject

Details

Status

In force.

Regulation

Commencement date

December 1, 2022

Threshold

No threshold.

VASP Due Diligence

When establishing a correspondent relationship with a VASP registered outside the BVI.

Data to be shared

Originator:

  • a) Full name (registered or trading names where the originator is a legal structure);
  • b) Address;
  • c) Account number where the account is used to process a transaction (or other unique transaction identifiers)
  • d) One of the following: date and place of birth; or the customer identification number or national identity number.

Beneficiary:

  • e) Full name (registered or trading names where the beneficiary is a legal structure);
  • f) Account number where the account is used to process a transaction (or other unique transaction identifiers).

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

Requirement applicable in cases of heightened risk.

Subject

Details

Time and way to share the Information

The required information shall be transmitted simultaneously and in a secure manner

The main actions required

Obligations of the Originator's VASP


Information Accompaniment: Ensure crypto-asset transfers include information on both the originator and the beneficiary.


Verification: Before transferring, verify the originator's information using reliable, independent sources.


Wallet Attribution: Determine if the transfer is to another VASP or a self-hosted address, and identify the counterparty VASP.


Transfers to Self-Hosted Addresses: In the case of a transfer of crypto-assets made to a self-hosted address, the VASP of the originator shall obtain and hold the information on the originator and the beneficiary. In cases where a heightened risk is identified, an assessment should be conducted to determine whether the beneficiary owns or controls the address.


Obligations of the Beneficiary's VASP


Detection of Missing Information: Implement procedures to detect if originator and beneficiary information is included in transfers.


Verification: Before making assets available to the beneficiary, verify their information using reliable, independent sources.


Incomplete Transfers: Use risk-based procedures to decide whether to execute, reject, return, or suspend transfers lacking complete information, and take appropriate follow-up actions. Report such failures to the competent authority.


Assessment and Reporting: Consider missing or incomplete information when assessing if a transfer is suspicious and report to the Financial Intelligence Unit (FIU) if necessary.


Obligations on Intermediary VASPs


Intermediary VASPs must ensure the transfer and retention of information on the originator and beneficiary of virtual assets, detect missing information, establish risk-based procedures for handling transfers with missing or incomplete information, take action against non-compliant VASPs, and report suspicious activities to the FIU.


Common Measures Applicable to VASPs

Sanctions Screening: Establish internal policies to ensure compliance with appropriate restrictive measures during transfers.


Transaction Monitoring and Reporting: Assess and monitor risks related to clients, products, delivery channels, and transactions. Implement Enhanced Due Diligence (EDD) for suspicious or high-risk activities and report unusual transactions to the FIU.

Batch file transfer

In cases of batch file transfers of virtual assets from a single originator, the obligation of the originator's VASP to ensure that information on the originator accompanies each transfer shall not apply to the individual transfers bundled within the batch file, provided that the batch file contains comprehensive information on both the originator and beneficiary. This information must be fully traceable within the beneficiary's jurisdiction, and each individual transfer within the batch file must include the originator's account number or a unique identifier.

Record retention

Five years.

Subject

Details

Status

Not in force.

Regulation

Commencement date

December 30, 2024

Threshold

No threshold.

VASP Due Diligence

When establishing a correspondent relationship with a CASP registered outside the EU.

Data to be shared

  • a) Full Official Name: As documented on an official government-issued document. For legal persons, use the registered name.
  • b) Distributed Ledger Address or Crypto-Asset Account Number:
  • If the transfer is registered on a DLT network, include the distributed ledger address and the crypto-asset account number if it exists and is used. If not registered on a DLT network, provide the crypto-asset account number.

  • c) Address and Identification (Originator Only): For natural persons: habitual residence, including country name, official personal document number, customer identification number, or date and place of birth. For legal persons: registered office address.
  • d) Legal Entity Identifier (LEI) or Equivalent Identifier: Include the current LEI or another official identifier if available in the message format and provided by the originator to the crypto-asset service provider. The alternative identifier must: i) be a unique identification code for the legal entity; ii) be published in public registries; iii) be automatically issued upon entity formation by a public authority; iv) allow identification of name and address elements; v) be accompanied by a description of the identifier type in the messaging system.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

Required for transactions exceeding EUR 1,000.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner, and no later than the initiation of the blockchain transaction

The main actions required

Obligations of the Originator's CASP


Information Accompaniment: Ensure crypto-asset transfers include information on both the originator and the beneficiary.


Verification: Before transferring, verify the originator's information using reliable, independent sources.


Wallet Attribution: Determine if the transfer is to another CASP or a self-hosted address, and identify the counterparty CASP.


Transfers to Self-Hosted Addresses: In the case of a transfer of crypto-assets made from a self-hosted address, the CASP of the originator shall obtain and hold the information on the originator and the beneficiary and shall ensure that the transfer of crypto-assets can be individually identified. For transfers exceeding EUR 1,000 to a self-hosted address, assess whether the address is owned or controlled by the beneficiary.


Batch Transfers: Permitted if all required information for each individual transfer is included.


Obligations of the Beneficiary's CASP


Detection of Missing Information: Implement procedures to detect if originator and beneficiary information is included in transfers.


Verification: Before making assets available to the beneficiary, verify their information using reliable, independent sources.


Incomplete Transfers: Use risk-based procedures to decide whether to execute, reject, return, or suspend transfers lacking complete information, and take appropriate follow-up actions. Report such failures to the competent authority.


Assessment and Reporting: Consider missing or incomplete information when assessing if a transfer is suspicious and report to the Financial Intelligence Unit (FIU) if necessary.


Transfers from Self-Hosted Addresses: For transfers exceeding EUR 1,000 from a self-hosted address, assess whether the address is owned or controlled by the originator.


Obligations of the Intermediary CASP


ICASPs must ensure the transfer and retention of information on the originator and beneficiary of crypto-assets, detect missing information, establish risk-based procedures for handling transfers with missing or incomplete information, take action against non-compliant CASPs, and report suspicious activities to the FIU.


Common Measures Applicable to CASPs


Sanctions Screening: Establish internal policies to ensure compliance with EU and national restrictive measures during transfers.


Transaction Monitoring and Reporting: Assess and monitor risks related to clients, products, delivery channels, and transactions-including those involving self-hosted addresses. Implement Enhanced Due Diligence (EDD) for suspicious or high-risk activities and report unusual transactions to the FIU.


Enhanced Due Diligence: I) Correspondent Relationships: Apply specific EDD measures when dealing with CASPs outside the EU; 2) Self-Hosted Addresses: Assess risks associated with transfers to or from self-hosted addresses and implement measures to mitigate those risks.

Batch file transfer

In the case of a batch file transfer of crypto-assets from a single originator, the obligation on the CASP of the originator to ensure that information on the originator accompanies transfers of funds shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information on the originator and beneficiary, that that information has been verified, and, where applicable, that the individual transfers carry the distributed ledger address of the originator, the crypto-asset account number of the originator, or the unique transaction identifier, where applicable.

Record retention

Five years.

Subject

Details

Status

In force.

Regulation

Commencement date

June 1, 2021

Threshold

CAD 1,000

VASP Due Diligence

No requirement.

Data to be shared

Originator:

  • a) Full name;
  • b) Address;
  • c) Account number or other reference number (if any) of the person or entity who requested the transfer (originator information).

Beneficiary:

  • d) Full name;
  • e) Address;
  • f) Account number or other reference number (if any) of the beneficiary.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Subject

Details

Time and way to share the Information

No difference.

The main actions required

  1. Financial Entities (FEs), Money Services Businesses (MSBs) and Foreign Money Services Businesses (FMSBs) must include the travel rule information when they send virtual currency (VC) transfers, and must take reasonable measures to ensure that this information is included when they receive VC transfers which require a VC record to be kept.
  2. If the entity receives a VC transfer that should include the travel rule information but does not, it must take reasonable measures to obtain that information. These reasonable measures should be outlined in policies and procedures.
  3. Each entity must also develop in writing and apply risk-based policies and procedures for determining what to do when, after taking reasonable measures, it was unable to obtain the travel rule information. Its policies and procedures must address under which circumstances it allows, suspend or reject the transaction, and outline any follow-up measures it will take.

Obligations of Intermediary VASP


Reasonable measures must be taken to ensure that the travel rule information is included when they receive a transaction, either as an intermediary or as the final recipient.

Batch file transfer

No difference.

Record retention

Five years.

Subject

Details

Status

In force.

Regulation

Commencement date

July 1, 2022

Threshold

No threshold.

VASP Due Diligence

Enhanced Customer Due Diligence is required for correspondent banking relationships. Considering the analogous nature of correspondent relationships between VASPs, Sumsub assumes that this requirement similarly applies to VASPs.

Data to be shared

Originator:

  • a) Full name;
  • b) Account number (or unique transaction reference number that permits traceability of the transaction); or
  • c) One of the following: address, or number of a government-issued document evidencing the originator's identity; or customer identification number or date and place of birth.

Beneficiary:

  • d) Full name;
  • e) Account number (or unique transaction reference number that permits traceability of the transaction).

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement. It depends on the identified risk.

Subject

Details

Time and way to share the Information

The required information shall be submitted simultaneously or concurrently with the transfer

The main actions required

Obligations of the Originator's VASP


Information Accompaniment: Ensure virtual asset transfers include information on both the originator and the beneficiary.


Verification: Before transferring, verify the originator's information using reliable, independent sources.


Wallet Attribution: Determine if the transfer is to another VASP or a self-hosted address, and identify the counterparty VASP.


Transfers to Self-Hosted Addresses: In the case of a transfer of virtual assets made from a self-hosted address, the VASP of the originator shall obtain and hold the information on the originator and the beneficiary and shall ensure that the transfer of crypto-assets can be individually identified.


Batch Transfers: Permitted if all required information for each individual transfer is included.


Obligations of the Beneficiary's VASP


Detection of Missing Information: Implement procedures to detect if originator and beneficiary information is included in transfers.


Verification: Before making virtual assets available to the beneficiary, verify their information using reliable, independent sources.


Incomplete Transfers: Use risk-based procedures to decide whether to execute, reject, return, or suspend transfers lacking complete information, and take appropriate follow-up actions. Report such failures to the competent authority.


Assessment and Reporting: Consider missing or incomplete information when assessing if a transfer is suspicious and report to the Financial Intelligence Unit (FIU) if necessary.


Common Measures Applicable to VASPs


Sanctions Screening: Establish internal policies to ensure compliance with applicable restrictive measures during transfers.


Transaction Monitoring and Reporting: Assess and monitor risks related to clients, products, delivery channels, and transactions. Implement Enhanced Due Diligence (EDD) for suspicious or high-risk activities and report unusual transactions to the FIU.

Batch file transfer

For batch file transfers of virtual assets from a single originator, the obligation on the VASP of the originator to ensure that information on the originator accompanies transfers of virtual assets shall not apply to the individual transfers of virtual assets bundled together if

  • (a) the batch file contains -
    • (i) the name of the originator;
    • (ii) where an account is used to process the transfer of virtual assets by the originator, the account number of the originator;
    • (iii) the address of the originator, the number of a Government-issued document evidencing the originator's identity or the originator's customer identification number or date and place of birth; and
  • (b) the individual transfers of virtual assets carry the account number of the originator or a unique identifier. A batch file shall contain the name, account number or unique identifier of the beneficiary that is traceable in the beneficiary country.

Record retention

Five years.

Subject

Details

Status

Not in force.

Regulation

Commencement date

December 30, 2024

Threshold

No threshold.

VASP Due Diligence

When establishing a correspondent relationship with a VASP registered outside the EU.

Data to be shared

  • a) Full Official Name: As documented on an official government-issued document. For legal persons, use the registered name.
  • b) Distributed Ledger Address or Crypto-Asset Account Number:
    If the transfer is registered on a DLT network, include the distributed ledger address and the crypto-asset account number if it exists and is used. If not registered on a DLT network, provide the crypto-asset account number.
  • c) Address and Identification (Originator Only): For natural persons: habitual residence, including country name, official personal document number, customer identification number, or date and place of birth. For legal persons: registered office address.
  • d) Legal Entity Identifier (LEI) or Equivalent Identifier: Include the current LEI or another official identifier if available in the message format and provided by the originator to the crypto-asset service provider. The alternative identifier must:
    • i) be a unique identification code for the legal entity;
    • ii) be published in public registries;
    • iii) be automatically issued upon entity formation by a public authority;
    • iv) allow identification of name and address elements;
    • v) be accompanied by a description of the identifier type in the messaging system.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

Required for transactions exceeding EUR 1,000.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner, and no later than the initiation of the blockchain transaction.

The main actions required

Obligations of the Originator's VASP


Information Accompaniment: Ensure crypto-asset transfers include information on both the originator and the beneficiary.


Verification: Before transferring, verify the originator's information using reliable, independent sources.


Wallet Attribution: Determine if the transfer is to another CASP or a self-hosted address, and identify the counterparty CASP.


Transfers to Self-Hosted Addresses: In the case of a transfer of crypto-assets made from a self-hosted address, the CASP of the originator shall obtain and hold the information on the originator and the beneficiary and shall ensure that the transfer of crypto-assets can be individually identified. For transfers exceeding EUR 1,000 to a self-hosted address, assess whether the address is owned or controlled by the beneficiary.


Batch Transfers: Permitted if all required information for each individual transfer is included.


Obligations of the Beneficiary's CASP


Detection of Missing Information: Implement procedures to detect if originator and beneficiary information is included in transfers.


Verification: Before making assets available to the beneficiary, verify their information using reliable, independent sources.


Incomplete Transfers: Use risk-based procedures to decide whether to execute, reject, return, or suspend transfers lacking complete information, and take appropriate follow-up actions. Report such failures to the competent authority.


Assessment and Reporting: Consider missing or incomplete information when assessing if a transfer is suspicious and report to the Financial Intelligence Unit (FIU) if necessary.


Transfers from Self-Hosted Addresses: For transfers exceeding EUR 1,000 from a self-hosted address, assess whether the address is owned or controlled by the originator.


Obligations of the Intermediary CASP


ICASPs must ensure the transfer and retention of information on the originator and beneficiary of crypto-assets, detect missing information, establish risk-based procedures for handling transfers with missing or incomplete information, take action against non-compliant CASPs, and report suspicious activities to the FIU.


Common Measures Applicable to CASPs


Sanctions Screening: Establish internal policies to ensure compliance with EU and national restrictive measures during transfers.


Transaction Monitoring and Reporting: Assess and monitor risks related to clients, products, delivery channels, and transactions-including those involving self-hosted addresses. Implement Enhanced Due Diligence (EDD) for suspicious or high-risk activities and report unusual transactions to the FIU.


Enhanced Due Diligence: I) Correspondent Relationships: Apply specific EDD measures when dealing with CASPs outside the EU; 2) Self-Hosted Addresses: Assess risks associated with transfers to or from self-hosted addresses and implement measures to mitigate those risks.

Batch file transfer

In the case of a batch file transfer of crypto-assets from a single originator, the obligation on the CASP of the originator to ensure that information on the originator accompanies transfers of funds shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information on the originator and beneficiary, that that information has been verified, and, where applicable, that the individual transfers carry the distributed ledger address of the originator, the crypto-asset account number of the originator, or the unique transaction identifier, where applicable.

Record retention

10 years.

Subject

Details

Status

In force.

Regulation

Commencement date

January 1, 2023

Threshold

USD 1,000

VASP Due Diligence

No requirement.

Data to be shared

If >USD 1,000


Originator:

  • a) Full name;
  • b) Account number;
  • c) Physical or geographical address of the originator, or the national identity number, or the customer identification number that uniquely identifies the originator of the ordering institution, or the date and place of birth.

Beneficiary:

  • d) Full name;
  • e) Account number.

If <USD 1,000


a), b), d), e).

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner

The main actions required

VASPs must comply with the following obligations:

  • a) Adopt freezing measures;
  • b) Refrain from intervening in transactions with designated persons and entities by the UN Security Council Resolutions;
  • c) Online information is available about due diligence requirements regarding their clients: originator and beneficiary;
  • d) Inform the "Dirección General de Investigaciones de Operaciones Financieras" the reports of suspicious operations that they detect, with the information of interest required for this purpose.

VASPs and other obligated subjects must store their control actions to facilitate effective supervision.


Obligations of Intermediary VASP


Virtual asset transfers that involve intermediary virtual asset service providers (VASPs), or other intermediary obligated entities or financial institutions, must comply with all the provisions of the AML/CFT regulations. Consequently, all parties involved have the general obligation to identify suspicious transactions, implement freezing measures, and prohibit transactions with persons and entities designated by the United Nations Security Council resolutions.

Batch file transfer

No difference.

Record retention

Five years.

Subject

Details

Status

Not in force.

Regulation

Commencement date

December 30, 2024

Threshold

No threshold.

VASP Due Diligence

When establishing a correspondent relationship with a CASP registered outside the EU.

Data to be shared

  • a) Full Official Name: As documented on an official government-issued document. For legal persons, use the registered name.
  • b) Distributed Ledger Address or Crypto-Asset Account Number:
  • If the transfer is registered on a DLT network, include the distributed ledger address and the crypto-asset account number if it exists and is used. If not registered on a DLT network, provide the crypto-asset account number.

  • c) Address and Identification (Originator Only): For natural persons: habitual residence, including country name, official personal document number, customer identification number, or date and place of birth. For legal persons: registered office address.
  • d) Legal Entity Identifier (LEI) or Equivalent Identifier: Include the current LEI or another official identifier if available in the message format and provided by the originator to the crypto-asset service provider. The alternative identifier must:
    • i) be a unique identification code for the legal entity;
    • ii) be published in public registries;
    • iii) be automatically issued upon entity formation by a public authority;
    • iv) allow identification of name and address elements;
    • v) be accompanied by a description of the identifier type in the messaging system.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

Required for transactions exceeding EUR 1,000.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner, and no later than the initiation of the blockchain transaction

The main actions required

Obligations of the Originator's CASP


Information Accompaniment: Ensure crypto-asset transfers include information on both the originator and the beneficiary.


Verification: Before transferring, verify the originator's information using reliable, independent sources.


Wallet Attribution: Determine if the transfer is to another CASP or a self-hosted address, and identify the counterparty CASP.


Transfers to Self-Hosted Addresses: In the case of a transfer of crypto-assets made from a self-hosted address, the CASP of the originator shall obtain and hold the information on the originator and the beneficiary and shall ensure that the transfer of crypto-assets can be individually identified. For transfers exceeding EUR 1,000 to a self-hosted address, assess whether the address is owned or controlled by the beneficiary.


Batch Transfers: Permitted if all required information for each individual transfer is included.


Obligations of the Beneficiary's CASP


Detection of Missing Information: Implement procedures to detect if originator and beneficiary information is included in transfers.


Verification: Before making assets available to the beneficiary, verify their information using reliable, independent sources.


Incomplete Transfers: Use risk-based procedures to decide whether to execute, reject, return, or suspend transfers lacking complete information, and take appropriate follow-up actions. Report such failures to the competent authority.


Assessment and Reporting: Consider missing or incomplete information when assessing if a transfer is suspicious and report to the Financial Intelligence Unit (FIU) if necessary.


Transfers from Self-Hosted Addresses: For transfers exceeding EUR 1,000 from a self-hosted address, assess whether the address is owned or controlled by the originator.


Obligations of the Intermediary CASP


ICASPs must ensure the transfer and retention of information on the originator and beneficiary of crypto-assets, detect missing information, establish risk-based procedures for handling transfers with missing or incomplete information, take action against non-compliant CASPs, and report suspicious activities to the FIU.


Common Measures Applicable to CASPs


Sanctions Screening: Establish internal policies to ensure compliance with EU and national restrictive measures during transfers.


Transaction Monitoring and Reporting: Assess and monitor risks related to clients, products, delivery channels, and transactions-including those involving self-hosted addresses. Implement Enhanced Due Diligence (EDD) for suspicious or high-risk activities and report unusual transactions to the FIU.


Enhanced Due Diligence: I) Correspondent Relationships: Apply specific EDD measures when dealing with CASPs outside the EU; 2) Self-Hosted Addresses: Assess risks associated with transfers to or from self-hosted addresses and implement measures to mitigate those risks.

Batch file transfer

In the case of a batch file transfer of crypto-assets from a single originator, the obligation on the CASP of the originator to ensure that information on the originator accompanies transfers of funds shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information on the originator and beneficiary, that that information has been verified, and, where applicable, that the individual transfers carry the distributed ledger address of the originator, the crypto-asset account number of the originator, or the unique transaction identifier, where applicable.

Record retention

Five years.

Subject

Details

Status

Not in force.

Regulation

Commencement date

December 30, 2024

Threshold

No threshold.

VASP Due Diligence

When establishing a correspondent relationship with a CASP registered outside the EU.

Data to be shared

  • a) Full Official Name: As documented on an official government-issued document. For legal persons, use the registered name.
  • b) Distributed Ledger Address or Crypto-Asset Account Number:
  • If the transfer is registered on a DLT network, include the distributed ledger address and the crypto-asset account number if it exists and is used. If not registered on a DLT network, provide the crypto-asset account number.

  • c) Address and Identification (Originator Only): For natural persons: habitual residence, including country name, official personal document number, customer identification number, or date and place of birth. For legal persons: registered office address.
  • d) Legal Entity Identifier (LEI) or Equivalent Identifier: Include the current LEI or another official identifier if available in the message format and provided by the originator to the crypto-asset service provider. The alternative identifier must: i) be a unique identification code for the legal entity; ii) be published in public registries; iii) be automatically issued upon entity formation by a public authority; iv) allow identification of name and address elements; v) be accompanied by a description of the identifier type in the messaging system.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

Required for transactions exceeding EUR 1,000.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner, and no later than the initiation of the blockchain transaction.

The main actions required

Obligations of the Originator's CASP


Information Accompaniment: Ensure crypto-asset transfers include information on both the originator and the beneficiary.


Verification: Before transferring, verify the originator's information using reliable, independent sources.


Wallet Attribution: Determine if the transfer is to another CASP or a self-hosted address, and identify the counterparty CASP.


Transfers to Self-Hosted Addresses: In the case of a transfer of crypto-assets made from a self-hosted address, the CASP of the originator shall obtain and hold the information on the originator and the beneficiary and shall ensure that the transfer of crypto-assets can be individually identified. For transfers exceeding EUR 1,000 to a self-hosted address, assess whether the address is owned or controlled by the beneficiary.


Batch Transfers: Permitted if all required information for each individual transfer is included.


Obligations of the Beneficiary's CASP


Detection of Missing Information: Implement procedures to detect if originator and beneficiary information is included in transfers.


Verification: Before making assets available to the beneficiary, verify their information using reliable, independent sources.


Incomplete Transfers: Use risk-based procedures to decide whether to execute, reject, return, or suspend transfers lacking complete information, and take appropriate follow-up actions. Report such failures to the competent authority.


Assessment and Reporting: Consider missing or incomplete information when assessing if a transfer is suspicious and report to the Financial Intelligence Unit (FIU) if necessary.


Transfers from Self-Hosted Addresses: For transfers exceeding EUR 1,000 from a self-hosted address, assess whether the address is owned or controlled by the originator.


Obligations of the Intermediary CASP


ICASPs must ensure the transfer and retention of information on the originator and beneficiary of crypto-assets, detect missing information, establish risk-based procedures for handling transfers with missing or incomplete information, take action against non-compliant CASPs, and report suspicious activities to the FIU.


Common Measures Applicable to CASPs


Sanctions Screening: Establish internal policies to ensure compliance with EU and national restrictive measures during transfers.


Transaction Monitoring and Reporting: Assess and monitor risks related to clients, products, delivery channels, and transactions-including those involving self-hosted addresses. Implement Enhanced Due Diligence (EDD) for suspicious or high-risk activities and report unusual transactions to the FIU.


Enhanced Due Diligence: I) Correspondent Relationships: Apply specific EDD measures when dealing with CASPs outside the EU; 2) Self-Hosted Addresses: Assess risks associated with transfers to or from self-hosted addresses and implement measures to mitigate those risks.

Batch file transfer

In the case of a batch file transfer of crypto-assets from a single originator, the obligation on the CASP of the originator to ensure that information on the originator accompanies transfers of funds shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information on the originator and beneficiary, that that information has been verified, and, where applicable, that the individual transfers carry the distributed ledger address of the originator, the crypto-asset account number of the originator, or the unique transaction identifier, where applicable.

Record retention

10 years.

Subject

Details

Status

Not in force.

Regulation

Commencement date

December 30, 2024

Threshold

No threshold.

VASP Due Diligence

When establishing a correspondent relationship with a CASP registered outside the EU.

Data to be shared

  • a) Full Official Name: As documented on an official government-issued document. For legal persons, use the registered name.
  • b) Distributed Ledger Address or Crypto-Asset Account Number:
  • If the transfer is registered on a DLT network, include the distributed ledger address and the crypto-asset account number if it exists and is used. If not registered on a DLT network, provide the crypto-asset account number.

  • c) Address and Identification (Originator Only): For natural persons: habitual residence, including country name, official personal document number, customer identification number, or date and place of birth. For legal persons: registered office address.
  • d) Legal Entity Identifier (LEI) or Equivalent Identifier: Include the current LEI or another official identifier if available in the message format and provided by the originator to the crypto-asset service provider. The alternative identifier must:
    • i) be a unique identification code for the legal entity;
    • ii) be published in public registries;
    • iii) be automatically issued upon entity formation by a public authority;
    • iv) allow identification of name and address elements;
    • v) be accompanied by a description of the identifier type in the messaging system.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

Required for transactions exceeding EUR 1,000.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner, and no later than the initiation of the blockchain transaction.

The main actions required

Obligations of the Originator's CASP


Information Accompaniment: Ensure crypto-asset transfers include information on both the originator and the beneficiary.


Verification: Before transferring, verify the originator's information using reliable, independent sources.


Wallet Attribution: Determine if the transfer is to another CASP or a self-hosted address, and identify the counterparty CASP.


Transfers to Self-Hosted Addresses: In the case of a transfer of crypto-assets made from a self-hosted address, the CASP of the originator shall obtain and hold the information on the originator and the beneficiary and shall ensure that the transfer of crypto-assets can be individually identified. For transfers exceeding EUR 1,000 to a self-hosted address, assess whether the address is owned or controlled by the beneficiary.


Batch Transfers: Permitted if all required information for each individual transfer is included.


Obligations of the Beneficiary's CASP


Detection of Missing Information: Implement procedures to detect if originator and beneficiary information is included in transfers.


Verification: Before making assets available to the beneficiary, verify their information using reliable, independent sources.


Incomplete Transfers: Use risk-based procedures to decide whether to execute, reject, return, or suspend transfers lacking complete information, and take appropriate follow-up actions. Report such failures to the competent authority.


Assessment and Reporting: Consider missing or incomplete information when assessing if a transfer is suspicious and report to the Financial Intelligence Unit (FIU) if necessary.


Transfers from Self-Hosted Addresses: For transfers exceeding EUR 1,000 from a self-hosted address, assess whether the address is owned or controlled by the originator.


Obligations of the Intermediary CASP


ICASPs must ensure the transfer and retention of information on the originator and beneficiary of crypto-assets, detect missing information, establish risk-based procedures for handling transfers with missing or incomplete information, take action against non-compliant CASPs, and report suspicious activities to the FIU.


Common Measures Applicable to CASPs


Sanctions Screening: Establish internal policies to ensure compliance with EU and national restrictive measures during transfers.


Transaction Monitoring and Reporting: Assess and monitor risks related to clients, products, delivery channels, and transactions-including those involving self-hosted addresses. Implement Enhanced Due Diligence (EDD) for suspicious or high-risk activities and report unusual transactions to the FIU.


Enhanced Due Diligence: I) Correspondent Relationships: Apply specific EDD measures when dealing with CASPs outside the EU; 2) Self-Hosted Addresses: Assess risks associated with transfers to or from self-hosted addresses and implement measures to mitigate those risks.

Batch file transfer

In the case of a batch file transfer of crypto-assets from a single originator, the obligation on the CASP of the originator to ensure that information on the originator accompanies transfers of funds shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information on the originator and beneficiary, that that information has been verified, and, where applicable, that the individual transfers carry the distributed ledger address of the originator, the crypto-asset account number of the originator, or the unique transaction identifier, where applicable.

Record retention

Five years.

Subject

Details

Status

In force.

Regulation

Normas Técnicas para Facilitar la Participación de las Entidades Financieras en el Ecosistema Bitcoin (Technical Rules)

Commencement date

September 7, 2021

Threshold

USD 1,000 or its equivalent in Bitcoin.

VASP Due Diligence

No requirement.

Data to be shared

Originator:

  • a) Full name;
  • b) Account number;
  • c) Address (when available);
  • d) Identification of the financial institution;
  • e) Negotiated amount;
  • f) Execution date.

Beneficiary:

  • g) Full name;
  • h) Address (When available);
  • i) Identification of the financial institution;
  • j) Account number;
  • k) Any other identifying information of the recipient (When available).

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Subject

Details

Time and way to share the Information

No difference.

The main actions required

When dealing with transfers equal or above the threshold, the entity must identify the Originator and Beneficiary, based on "Data to be shared".

Batch file transfer

No difference.

Record retention

15 years.

Notes

The requirements apply when offering bitcoin-based services to its clients, directly or through a Bitcoin Service Provider.

Subject

Details

Status

In force.

Regulation

Commencement date

The national regulation applies from 15 March 2022; the regulation established by Regulation (EU) 2023/1113 will apply from 30 December 2024.

Threshold

No threshold.

VASP Due Diligence

When establishing a correspondent relationship with a CASP registered outside the EU.

Data to be shared

Originator:


Natural person:

  • a) Full name;
  • b) Unique identifier of the transaction;
  • c) Identifier of the payment account or virtual currency wallet;
  • d) Title and number of the identity document and personal identification code or date and place of birth;
  • e) Residential address.

Legal person:

  • f) Registered name;
  • g) Unique identifier of the transaction;
  • h) Identifier of the payment account or virtual currency wallet,
  • i) Registry code or, where it does not have one, the relevant identifier in the country of its seat (a combination of numbers or letters equivalent to a registration number);
  • j) Address of the seat.
  • Beneficiary:
  • k) Transaction's unique identifier; and
  • l) Where the particulars of the identifier of a payment account or virtual currency wallet are used to perform the transaction, also those particulars.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

Required for transactions exceeding EUR 1,000 (It applies from December 30, 2024).

Subject

Details

Time and way to share the Information

The required information shall be transmitted without delay and in a secure manner, and no later than the initiation of the blockchain transaction.

The main actions required

When performing a transaction of exchange or transfer of virtual currency, the transaction initiator's VASP ascertains the identity of each customer, and, with respect to the initiator, collects the required information.


When effecting a transaction of virtual currency exchange or transfer, a VASP collects, with respect to the virtual currency or to the recipient of the transfer, the required information.


A VASP is not allowed to carry out a customer's payment instruction or make funds or virtual currency available if such a VASP is unable to fulfil the obligations of transmitting information on the initiator and recipient. A VASP must, in accordance with internal procedures established following risk analysis, lay down rules that regulate when virtual currency amounts are to be transferred back to transaction initiator and when they are not to be made available to the transaction recipient.


Where the recipient's virtual currency wallet does not have a VASP or the recipient's VASP is unable to receive or process the data, a VASP must, when it recognises the presence of increased risk and considers whether to notify the FIU of a suspicious transaction, take into account the completeness and sufficiency of the particulars concerning the transaction initiator and the recipient.

Batch file transfer

In the case of a batch file transfer of crypto-assets from a single originator, the obligation on the CASP of the originator to ensure that information on the originator accompanies transfers of funds shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information on the originator and beneficiary, that that information has been verified, and, where applicable, that the individual transfers carry the distributed ledger address of the originator, the crypto-asset account number of the originator, or the unique transaction identifier, where applicable.

Record retention

Five years.

Notes

If a person has several first and/or last names, all first and/or last names must be reflected in the data recorded for the transaction. If a person has multiple citizenships, data on all citizenships must be collected.

Subject

Details

Status

In force.

Regulation

Commencement date

December 30, 2024

Threshold

No threshold.

VASP Due Diligence

When establishing a correspondent relationship with a CASP registered outside the EU.

Data to be shared

  • a) Full Official Name: As documented on an official government-issued document. For legal persons, use the registered name.
  • b) Distributed Ledger Address or Crypto-Asset Account Number:
  • If the transfer is registered on a DLT network, include the distributed ledger address and the crypto-asset account number if it exists and is used. If not registered on a DLT network, provide the crypto-asset account number.

  • c) Address and Identification (Originator Only): For natural persons: habitual residence, including country name, official personal document number, customer identification number, or date and place of birth. For legal persons: registered office address.
  • d) Legal Entity Identifier (LEI) or Equivalent Identifier: Include the current LEI or another official identifier if available in the message format and provided by the originator to the crypto-asset service provider. The alternative identifier must: i) be a unique identification code for the legal entity; ii) be published in public registries; iii) be automatically issued upon entity formation by a public authority; iv) allow identification of name and address elements; v) be accompanied by a description of the identifier type in the messaging system.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

Required for transactions exceeding EUR 1,000.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner, and no later than the initiation of the blockchain transaction.

The main actions required

Obligations of the Originator's CASP


Information Accompaniment: Ensure crypto-asset transfers include information on both the originator and the beneficiary.


Verification: Before transferring, verify the originator's information using reliable, independent sources.


Wallet Attribution: Determine if the transfer is to another CASP or a self-hosted address, and identify the counterparty CASP.


Transfers to Self-Hosted Addresses: In the case of a transfer of crypto-assets made from a self-hosted address, the CASP of the originator shall obtain and hold the information on the originator and the beneficiary and shall ensure that the transfer of crypto-assets can be individually identified. For transfers exceeding EUR 1,000 to a self-hosted address, assess whether the address is owned or controlled by the beneficiary.


Batch Transfers: Permitted if all required information for each individual transfer is included.


Obligations of the Beneficiary's CASP


Detection of Missing Information: Implement procedures to detect if originator and beneficiary information is included in transfers.


Verification: Before making assets available to the beneficiary, verify their information using reliable, independent sources.


Incomplete Transfers: Use risk-based procedures to decide whether to execute, reject, return, or suspend transfers lacking complete information, and take appropriate follow-up actions. Report such failures to the competent authority.


Assessment and Reporting: Consider missing or incomplete information when assessing if a transfer is suspicious and report to the Financial Intelligence Unit (FIU) if necessary.


Transfers from Self-Hosted Addresses: For transfers exceeding EUR 1,000 from a self-hosted address, assess whether the address is owned or controlled by the originator.


Obligations of the Intermediary CASP


ICASPs must ensure the transfer and retention of information on the originator and beneficiary of crypto-assets, detect missing information, establish risk-based procedures for handling transfers with missing or incomplete information, take action against non-compliant CASPs, and report suspicious activities to the FIU.


Common Measures Applicable to CASPs


Sanctions Screening: Establish internal policies to ensure compliance with EU and national restrictive measures during transfers.


Transaction Monitoring and Reporting: Assess and monitor risks related to clients, products, delivery channels, and transactions-including those involving self-hosted addresses. Implement Enhanced Due Diligence (EDD) for suspicious or high-risk activities and report unusual transactions to the FIU.


Enhanced Due Diligence: I) Correspondent Relationships: Apply specific EDD measures when dealing with CASPs outside the EU; 2) Self-Hosted Addresses: Assess risks associated with transfers to or from self-hosted addresses and implement measures to mitigate those risks.

Batch file transfer

In the case of a batch file transfer of crypto-assets from a single originator, the obligation on the CASP of the originator to ensure that information on the originator accompanies transfers of funds shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information on the originator and beneficiary, that that information has been verified, and, where applicable, that the individual transfers carry the distributed ledger address of the originator, the crypto-asset account number of the originator, or the unique transaction identifier, where applicable.

Record retention

Five years.

Subject

Details

Status

Not in force.

Regulation

Commencement date

December 30, 2024

Threshold

No threshold.

VASP Due Diligence

When establishing a correspondent relationship with a CASP registered outside the EU.

Data to be shared

  • a) Full Official Name: As documented on an official government-issued document. For legal persons, use the registered name.
  • b) Distributed Ledger Address or Crypto-Asset Account Number:
  • If the transfer is registered on a DLT network, include the distributed ledger address and the crypto-asset account number if it exists and is used. If not registered on a DLT network, provide the crypto-asset account number.

  • c) Address and Identification (Originator Only): For natural persons: habitual residence, including country name, official personal document number, customer identification number, or date and place of birth. For legal persons: registered office address.
  • d) Legal Entity Identifier (LEI) or Equivalent Identifier: Include the current LEI or another official identifier if available in the message format and provided by the originator to the crypto-asset service provider. The alternative identifier must: i) be a unique identification code for the legal entity; ii) be published in public registries; iii) be automatically issued upon entity formation by a public authority; iv) allow identification of name and address elements; v) be accompanied by a description of the identifier type in the messaging system.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

Required for transactions exceeding EUR 1,000.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner, and no later than the initiation of the blockchain transaction

The main actions required

Obligations of the Originator's CASP


Information Accompaniment: Ensure crypto-asset transfers include information on both the originator and the beneficiary.


Verification: Before transferring, verify the originator's information using reliable, independent sources.


Wallet Attribution: Determine if the transfer is to another CASP or a self-hosted address, and identify the counterparty CASP.


Transfers to Self-Hosted Addresses: In the case of a transfer of crypto-assets made from a self-hosted address, the CASP of the originator shall obtain and hold the information on the originator and the beneficiary and shall ensure that the transfer of crypto-assets can be individually identified. For transfers exceeding EUR 1,000 to a self-hosted address, assess whether the address is owned or controlled by the beneficiary.


Batch Transfers: Permitted if all required information for each individual transfer is included.


Obligations of the Beneficiary's CASP


Detection of Missing Information: Implement procedures to detect if originator and beneficiary information is included in transfers.


Verification: Before making assets available to the beneficiary, verify their information using reliable, independent sources.


Incomplete Transfers: Use risk-based procedures to decide whether to execute, reject, return, or suspend transfers lacking complete information, and take appropriate follow-up actions. Report such failures to the competent authority.


Assessment and Reporting: Consider missing or incomplete information when assessing if a transfer is suspicious and report to the Financial Intelligence Unit (FIU) if necessary.


Transfers from Self-Hosted Addresses: For transfers exceeding EUR 1,000 from a self-hosted address, assess whether the address is owned or controlled by the originator.


Obligations of the Intermediary CASP


ICASPs must ensure the transfer and retention of information on the originator and beneficiary of crypto-assets, detect missing information, establish risk-based procedures for handling transfers with missing or incomplete information, take action against non-compliant CASPs, and report suspicious activities to the FIU.


Common Measures Applicable to CASPs


Sanctions Screening: Establish internal policies to ensure compliance with EU and national restrictive measures during transfers.


Transaction Monitoring and Reporting: Assess and monitor risks related to clients, products, delivery channels, and transactions-including those involving self-hosted addresses. Implement Enhanced Due Diligence (EDD) for suspicious or high-risk activities and report unusual transactions to the FIU.


Enhanced Due Diligence: I) Correspondent Relationships: Apply specific EDD measures when dealing with CASPs outside the EU; 2) Self-Hosted Addresses: Assess risks associated with transfers to or from self-hosted addresses and implement measures to mitigate those risks.

Batch file transfer

In the case of a batch file transfer of crypto-assets from a single originator, the obligation on the CASP of the originator to ensure that information on the originator accompanies transfers of funds shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information on the originator and beneficiary, that that information has been verified, and, where applicable, that the individual transfers carry the distributed ledger address of the originator, the crypto-asset account number of the originator, or the unique transaction identifier, where applicable.

Record retention

Five years.

Subject

Details

Status

Not in force.

Regulation

Commencement date

December 30, 2024

Threshold

No threshold.

VASP Due Diligence

When establishing a correspondent relationship with a CASP registered outside the EU.

Data to be shared

  • a) Full Official Name: As documented on an official government-issued document. For legal persons, use the registered name.
  • b) Distributed Ledger Address or Crypto-Asset Account Number:
  • If the transfer is registered on a DLT network, include the distributed ledger address and the crypto-asset account number if it exists and is used. If not registered on a DLT network, provide the crypto-asset account number.

  • c) Address and Identification (Originator Only): For natural persons: habitual residence, including country name, official personal document number, customer identification number, or date and place of birth. For legal persons: registered office address.
  • d) Legal Entity Identifier (LEI) or Equivalent Identifier: Include the current LEI or another official identifier if available in the message format and provided by the originator to the crypto-asset service provider. The alternative identifier must: i) be a unique identification code for the legal entity; ii) be published in public registries; iii) be automatically issued upon entity formation by a public authority; iv) allow identification of name and address elements; v) be accompanied by a description of the identifier type in the messaging system.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

Required for transactions exceeding EUR 1,000.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner, and no later than the initiation of the blockchain transaction.

The main actions required

Obligations of the Originator's CASP


Information Accompaniment: Ensure crypto-asset transfers include information on both the originator and the beneficiary.


Verification: Before transferring, verify the originator's information using reliable, independent sources.


Wallet Attribution: Determine if the transfer is to another CASP or a self-hosted address, and identify the counterparty CASP.


Transfers to Self-Hosted Addresses: In the case of a transfer of crypto-assets made from a self-hosted address, the CASP of the originator shall obtain and hold the information on the originator and the beneficiary and shall ensure that the transfer of crypto-assets can be individually identified. For transfers exceeding EUR 1,000 to a self-hosted address, assess whether the address is owned or controlled by the beneficiary.


Batch Transfers: Permitted if all required information for each individual transfer is included.


Obligations of the Beneficiary's CASP


Detection of Missing Information: Implement procedures to detect if originator and beneficiary information is included in transfers.


Verification: Before making assets available to the beneficiary, verify their information using reliable, independent sources.


Incomplete Transfers: Use risk-based procedures to decide whether to execute, reject, return, or suspend transfers lacking complete information, and take appropriate follow-up actions. Report such failures to the competent authority.


Assessment and Reporting: Consider missing or incomplete information when assessing if a transfer is suspicious and report to the Financial Intelligence Unit (FIU) if necessary.


Transfers from Self-Hosted Addresses: For transfers exceeding EUR 1,000 from a self-hosted address, assess whether the address is owned or controlled by the originator.


Obligations of the Intermediary CASP


ICASPs must ensure the transfer and retention of information on the originator and beneficiary of crypto-assets, detect missing information, establish risk-based procedures for handling transfers with missing or incomplete information, take action against non-compliant CASPs, and report suspicious activities to the FIU.


Common Measures Applicable to CASPs


Sanctions Screening: Establish internal policies to ensure compliance with EU and national restrictive measures during transfers.


Transaction Monitoring and Reporting: Assess and monitor risks related to clients, products, delivery channels, and transactions-including those involving self-hosted addresses. Implement Enhanced Due Diligence (EDD) for suspicious or high-risk activities and report unusual transactions to the FIU.


Enhanced Due Diligence: I) Correspondent Relationships: Apply specific EDD measures when dealing with CASPs outside the EU; 2) Self-Hosted Addresses: Assess risks associated with transfers to or from self-hosted addresses and implement measures to mitigate those risks.

Batch file transfer

In the case of a batch file transfer of crypto-assets from a single originator, the obligation on the CASP of the originator to ensure that information on the originator accompanies transfers of funds shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information on the originator and beneficiary, that that information has been verified, and, where applicable, that the individual transfers carry the distributed ledger address of the originator, the crypto-asset account number of the originator, or the unique transaction identifier, where applicable.

Record retention

Five years

Subject

Details

Status

Not in force.

Regulation

Commencement date

December 31, 2027

Threshold

EUR 1,000 or USD 1,000 or GEL 3,000

VASP Due Diligence

No requirement.

Data to be shared

Originator:

  • a) Full name (in the case of an individual - first and last name);
  • b) Distributed ledger address, if the transfer of the virtual asset is recorded on a network that uses distributed ledger technology (DLT) or similar technology, and the originator's virtual asset account number, if such an account exists and is used for processing the transfer;
  • c) Virtual asset account number, if the transfer of the virtual asset is not recorded on a network that uses distributed ledger technology (DLT) or similar technology;
  • d) Address, including the name of the country, or the originator's identity document/passport number or personal identification number, or the originator's date and place of birth;
  • e) Official identification data of the legal entity (possibly including the LEI), if the relevant field is presented in the transfer message format and provided by the originator to the VASP.

Beneficiary:

  • a) Full name (in the case of an individual - first and last name);
  • b) Distributed ledger address, if the transfer of the virtual asset is recorded on a network that uses distributed ledger technology (DLT) or similar technology, and the beneficiary's virtual asset account number, if such an account exists and is used for processing the transfer;
  • c) Virtual asset account number, if the transfer of the virtual asset is not recorded on a network that uses distributed ledger technology (DLT) or similar technology;
  • d) Official identification data of the legal entity of the beneficiary (possibly including the LEI), if the relevant field is presented in the transfer message format and provided by the beneficiary to the VASP.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

Required if the value of the virtual asset transferred to a self-hosted address exceeds EUR 1,000, USD 1,000, GEL 3,000, or the equivalent in other foreign currencies.

Subject

Details

Time and way to share the Information

The required information must be transmitted prior to or during the transfer of the virtual asset, in a secure manner and in compliance with the Law of Georgia on Personal Data Protection. Furthermore, the VASP is not required to accompany the virtual asset transfer transaction with the information by directly attaching it to, or embedding it within, the virtual asset transfer itself.

The main actions required

Obligations of the Originator's VASP


Information Accompaniment: Ensure crypto-asset transfers include information on both the originator and the beneficiary.


Verification: Before transferring, verify the originator's information using reliable, independent sources.


Wallet Attribution: Determine if the transfer is to another VASP or a self-hosted address, and identify the counterparty VASP.


Batch Transfers: Permitted if all required information for each individual transfer is included.


Obligations of the Beneficiary's VASP


Detection of Missing Information: Implement procedures to detect if originator and beneficiary information is included in transfers.


Verification: Before making assets available to the beneficiary, verify their information using reliable, independent sources.


Incomplete Transfers: Use risk-based procedures to decide whether to execute, reject, return, or suspend transfers lacking complete information, and take appropriate follow-up actions. Report such failures to the competent authority.


Assessment and Reporting: Consider missing or incomplete information when assessing if a transfer is suspicious and report to the Financial Intelligence Unit (FIU) if necessary.


Transfers from Self-Hosted Addresses: In the case of a transfer of crypto-assets made from a self-hosted address, the CASP of the beneficiary shall obtain and hold the information on the originator and the beneficiary and shall ensure that the transfer of crypto-assets can be individually identified. For transfers exceeding the threshold to a self-hosted address, assess whether the address is owned or controlled by the beneficiary.


Common Measures Applicable to VASPs


Sanctions Screening: Establish internal policies to ensure compliance with appropriate restrictive measures during transfers.


Transaction Monitoring and Reporting: Assess and monitor risks related to clients, products, delivery channels, and transactions.

Batch file transfer

In the case of a batch file transfer, the originator's required information need not accompany each individual virtual asset transfer, provided that:

  • a) the batch is accompanied by the remaining required information;
  • b) the information is verified, and the individual transactions comprising the batch file meet one of the following conditions:
    • i) it contains the beneficiary's distributed ledger address, if the virtual asset transfer is registered on a network using DLT or similar technology, as well as the asset beneficiary's virtual asset account number, if such an account exists and is used to process the transfer;
    • ii) the virtual asset account number of the recipient, if the transfer of the virtual asset is not registered on a network that uses DLT or similar technology;
    • iii) if the transfer is not registered on a network using DLT or similar technology, and simultaneously the virtual asset transfer is neither made from nor to a virtual asset account, the VASP is required to ensure that the transfer is accompanied by a unique transaction code.

Record retention

Five years.

Subject

Details

Status

In force.

Regulation

Commencement date

October 1, 2021

Threshold

EUR 1,000

VASP Due Diligence

No requirement.

Data to be shared

Originator:

  • a) Full name;
  • b) Account number (or unique transaction identifier);
  • c) Address, official personal document number, customer identification number or date and place of birth.

Beneficiary:

  • d) Full name;
  • e) Payment account number (or unique transaction identifier).

Domestic vs cross-border transfers

Domestic:


The following data should be transferred: b) and e). However, within three working days of receiving a request for information from the beneficiary's CASP or ICASP, the following data should be made available:

  • <EUR 1,000: a), b), d), e);
  • >EUR 1,000: a), b), c), d), e).

Cross-border:


The following data should be transferred:

  • <EUR 1,000: a), b), d), e);
  • >EUR 1,000: a), b), c), d), e).

Self-hosted wallet verification

No requirement.

Subject

Details

Time and way to share the Information

Regulation (EU) 2015/847 and the national regulation do not explicitly specify the time frame for information sharing. In turn, according to the interpretive note to FATF Recommendation 15, originating CASPs should submit the information on the originator and beneficiary to the beneficiary CASP immediately and securely.

The main actions required

Obligations of the Originator's CASP


Information Accompanying Transfers:


It shall ensure that all transfers of funds are accompanied by the information on the originator and beneficiary.


Verification of Information:


It shall verify the accuracy of the originator's information before the transfer. This can be done by using documents, data, or information from a reliable and independent source. If the originator's identity has been verified according to Directive (EU) 2015/849, no additional verification is required.


Transfers within the EU:


For transfers within the EU where all CASPs involved are in the EU, the CASP of the originator needs only to provide the payment account numbers of the originator and beneficiary (or a unique transaction identifier), unless otherwise requested.


Transfers to outside the EU:


In the case of a batch file transfer from a single originator where the CASPs of the beneficiaries are established outside the EU, the obligation to provide information on the originator shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information on the originator and beneficiary, that that information has been verified, and that the individual transfers carry the payment account number of the originator or, where applicable, the unique transaction identifier.


By way of derogation from the obligation to provide information on the originator, and, where applicable, without prejudice to the information required in accordance with Regulation (EU) No 260/2012, where the CASP of the originator is established outside the EU, transfers of funds not exceeding EUR 1,000 that do not appear to be linked to other transfers of funds which, together with the transfer in question, exceed EUR 1,000, shall be accompanied by at least:

  • (a) the names of the originator and of the beneficiary; and
  • (b) the payment account numbers of the originaotr and of the beneficiary or, where applicable, the unique transaction identifier.

By way of derogation, the CASP of the originator need not verify the information on the originator unless the CASP of the originator:

  • (a) has received the funds to be transferred in cash or in anonymous electronic money; or
  • (b) has reasonable grounds for suspecting money laundering or terrorist financing.

Obligations of the Beneficiary's CASP


Detection of Missing or Incomplete Information:


The beneficiary's CASP must implement effective procedures to ensure that information fields related to the originator and beneficiary in payment systems are correctly filled using admissible characters according to system conventions. They should detect missing information through appropriate procedures, including ex-post or real-time monitoring where necessary.


Verification of Information:


For transfers exceeding EUR 1,000, whether in single or linked transactions, the beneficiary's CASP must verify the accuracy of the beneficiary's information using reliable and independent sources before crediting the account or making funds available, in compliance with Articles 69 and 70 of Directive 2007/64/EC.


For transfers not exceeding EUR 1,000 that are not linked to others surpassing that amount, the CASP is not required to verify the beneficiary's information unless:

  • (a) The funds are paid out in cash or anonymous electronic money; or
  • (b) There are reasonable grounds to suspect money laundering or terrorist financing.

Transfers with Missing Information:


The beneficiary's CASP must implement risk-based procedures to decide whether to execute, reject, or suspend transfers that lack complete originator and beneficiary information, and take appropriate follow-up actions.


If the beneficiary's CASP detects missing, incomplete, or improperly formatted originator or beneficiary information upon receiving a transfer, it should, on a risk-sensitive basis, either reject the transfer or request the necessary information before or after crediting the beneficiary's account.


If a CASP repeatedly fails to provide the required information, the beneficiary's CASP should issue warnings and set deadlines, and may ultimately reject future transfers or terminate the business relationship with that CASP.


The beneficiary's CASP must report such failures and the actions taken to the competent authority responsible for monitoring AML/CTF compliance.


Handling Suspicious Transactions:


Missing or incomplete information on the originator or beneficiary must be factored into the CASP's risk assessment for suspicious transactions and whether such transfers should be reported to the Financial Intelligence Unit.


Obligations of the Intermediary CASP


ICASPs shall ensure that all originator and beneficiary information accompanying a transfer of funds is retained. Effective procedures shall be in place to detect whether the information fields have been correctly completed in accordance with the messaging system's conventions. Monitoring, either real-time or ex-post, should be implemented to identify missing information.


ICASPs shall also establish risk-based procedures to determine whether to execute, reject, or suspend transfers with incomplete information. If a CASP repeatedly fails to provide the required information, the ICASP must take appropriate actions, such as issuing warnings or terminating the business relationship, and report the failure to the relevant authority. Missing information should be factored into the ICASP's assessment of whether a transaction is suspicious and whether it should be reported to the FIU, as per Directive (EU) 2015/849.

Batch file transfer

In the case of a batch file transfer from a single originator where the CASPs of the beneficiaries are established outside the EU, the obligation on the CASP of the originator to ensure that information on the originator accompanies transfers of funds shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information on the originator and the beneficiary, that the information has been properly verified, and that the individual transfers carry the account number of the originator or, where the exception is applied, the unique transaction identifier.

Record retention

Five years.

Notes

Although the Travel Rule is regulated according to Regulation (EU) 2015/847, national regulations have set specific requirements for the obligation to collect and store data for transfers made from or to self-hosted addresses. The regulation shall expire on the date on which Regulation (EU) 2023/1113 applies. The date of expiry will be announced by the Federal Ministry of Finance in the Federal Law Gazette.

Subject

Details

Status

Not in force.

Regulation

Draft Guidelines on Digital Assets

Commencement date

A consultation was held. We will update the details as soon as the final document is released.

Threshold

VASP Due Diligence

Data to be shared

Domestic vs cross-border transfers

Self-hosted wallet verification

Subject

Details

Time and way to share the Information

A consultation was held. We will update the details as soon as the final document is released.

The main actions required

Batch file transfer

Record retention

Notes

The Bank's notice prohibiting banks and payment service providers (PSPs) from facilitating crypto asset transactions remains effective until formal regulatory guidelines are published.

Subject

Details

Status

In force.

Regulation

Commencement date

March 22, 2021

Threshold

EUR 1,000

VASP Due Diligence

No requirement.

Data to be shared

Originator:

  • a) Full name;
  • b) Virtual asset account number (where there is no virtual asset account number, a unique transaction identifier);
  • c) One of the following: address; or national identity number; or customer identification number; or date and place of birth.

Beneficiary:

  • d) Full name;
  • e) Virtual asset account number (where there is no virtual asset account number, a unique transaction identifier).

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner.

The main actions required

Obligations of the Originator's VASP


Information Accompaniment: Ensure crypto-asset transfers include information on both the originator and the beneficiary.


Verification: Before transferring, verify the originator's information using reliable, independent sources.


Wallet Attribution: Determine if the transfer is to another VASP or a self-hosted address, and identify the counterparty VASP.


Transfers to Self-Hosted Addresses: In the case of a transfer of crypto-assets made to a self-hosted address, the VASP of the originator shall obtain and hold the information on the originator and the beneficiary.


Obligations of the Beneficiary's VASP


Detection of Missing Information: Implement procedures to detect if originator and beneficiary information is included in transfers.


Verification: Before making assets available to the beneficiary, verify their information using reliable, independent sources.


Incomplete Transfers: Use risk-based procedures to decide whether to execute, reject, return, or suspend transfers lacking complete information, and take appropriate follow-up actions. Report such failures to the competent authority.


Assessment and Reporting: Consider missing or incomplete information when assessing if a transfer is suspicious and report to the Financial Intelligence Unit (FIU) if necessary.


Common Measures Applicable to VASPs


Sanctions Screening: Establish internal policies to ensure compliance with appropriate restrictive measures during transfers.


Transaction Monitoring and Reporting: Assess and monitor risks related to clients, products, delivery channels, and transactions. Implement Enhanced Due Diligence (EDD) for suspicious or high-risk activities and report unusual transactions to the FIU.

Batch file transfer

No difference.

Record retention

Five years.

Subject

Details

Status

Not in force.

Regulation

Commencement date

December 30, 2024

Threshold

No threshold.

VASP Due Diligence

When establishing a correspondent relationship with a CASP registered outside the EU.

Data to be shared

  • a) Full Official Name: As documented on an official government-issued document. For legal persons, use the registered name.
  • b) Distributed Ledger Address or Crypto-Asset Account Number:
  • If the transfer is registered on a DLT network, include the distributed ledger address and the crypto-asset account number if it exists and is used. If not registered on a DLT network, provide the crypto-asset account number.

  • c) Address and Identification (Originator Only): For natural persons: habitual residence, including country name, official personal document number, customer identification number, or date and place of birth. For legal persons: registered office address.
  • d) Legal Entity Identifier (LEI) or Equivalent Identifier: Include the current LEI or another official identifier if available in the message format and provided by the originator to the crypto-asset service provider. The alternative identifier must: i) be a unique identification code for the legal entity; ii) be published in public registries; iii) be automatically issued upon entity formation by a public authority; iv) allow identification of name and address elements; v) be accompanied by a description of the identifier type in the messaging system.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

Required for transactions exceeding EUR 1,000.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner, and no later than the initiation of the blockchain transaction.

The main actions required

Obligations of the Originator's CASP


Information Accompaniment: Ensure crypto-asset transfers include information on both the originator and the beneficiary.


Verification: Before transferring, verify the originator's information using reliable, independent sources.


Wallet Attribution: Determine if the transfer is to another CASP or a self-hosted address, and identify the counterparty CASP.


Transfers to Self-Hosted Addresses: In the case of a transfer of crypto-assets made from a self-hosted address, the CASP of the originator shall obtain and hold the information on the originator and the beneficiary and shall ensure that the transfer of crypto-assets can be individually identified. For transfers exceeding EUR 1,000 to a self-hosted address, assess whether the address is owned or controlled by the beneficiary.


Batch Transfers: Permitted if all required information for each individual transfer is included.


Obligations of the Beneficiary's CASP


Detection of Missing Information: Implement procedures to detect if originator and beneficiary information is included in transfers.


Verification: Before making assets available to the beneficiary, verify their information using reliable, independent sources.


Incomplete Transfers: Use risk-based procedures to decide whether to execute, reject, return, or suspend transfers lacking complete information, and take appropriate follow-up actions. Report such failures to the competent authority.


Assessment and Reporting: Consider missing or incomplete information when assessing if a transfer is suspicious and report to the Financial Intelligence Unit (FIU) if necessary.


Transfers from Self-Hosted Addresses: For transfers exceeding EUR 1,000 from a self-hosted address, assess whether the address is owned or controlled by the originator.


Obligations of the Intermediary CASP


ICASPs must ensure the transfer and retention of information on the originator and beneficiary of crypto-assets, detect missing information, establish risk-based procedures for handling transfers with missing or incomplete information, take action against non-compliant CASPs, and report suspicious activities to the FIU.


Common Measures Applicable to CASPs


Sanctions Screening: Establish internal policies to ensure compliance with EU and national restrictive measures during transfers.


Transaction Monitoring and Reporting: Assess and monitor risks related to clients, products, delivery channels, and transactions-including those involving self-hosted addresses. Implement Enhanced Due Diligence (EDD) for suspicious or high-risk activities and report unusual transactions to the FIU.


Enhanced Due Diligence: I) Correspondent Relationships: Apply specific EDD measures when dealing with CASPs outside the EU; 2) Self-Hosted Addresses: Assess risks associated with transfers to or from self-hosted addresses and implement measures to mitigate those risks.

Batch file transfer

In the case of a batch file transfer of crypto-assets from a single originator, the obligation on the CASP of the originator to ensure that information on the originator accompanies transfers of funds shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information on the originator and beneficiary, that that information has been verified, and, where applicable, that the individual transfers carry the distributed ledger address of the originator, the crypto-asset account number of the originator, or the unique transaction identifier, where applicable.

Record retention

Five years.

Subject

Details

Status

In force.

Regulation

Commencement date

June 1, 2023

Threshold

No threshold.

VASP Due Diligence

Required.

Data to be shared

The Travel Rule obligations apply to all virtual asset transfers, irrespective of their value. However, for virtual asset transfers equal to or exceeding HKD 8 000, originating VASPs are required to transmit a broader scope of information.


If <HKD 8,000


Originator:

  • a) Full name;
  • b) Account number (or a unique reference number);

Beneficiary:

  • c) Full name;
  • d) Account number (or a unique reference number).

If >HKD 8,000


Originator:

  • e) Full name;
  • f) Account number (or a unique reference number);
  • g) Address, customer identification number or identification document number or date and place of birth.

Beneficiary:

  • h) Full name;
  • i) Account number (or a unique reference number).

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

Required.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner.

The main actions required

Obligations of the originator's VASP


Information Accompaniment: Before carrying out a virtual asset transfer, an ordering VASP must obtain and record the required originator and recipient information.


An ordering VASP must submit the required originator and beneficiary information obtained and held to the beneficiary VASP.


Verification: For a virtual asset transfer involving virtual assets that amount to not less than HKD 8 000, an ordering VASP must ensure that the required originator information submitted with the virtual asset transfer is accurate.


For an occasional virtual asset transfer involving virtual assets that amount to not less than HKD 8 000, an ordering VASP must verify the identity of the originator. For an occasional virtual asset transfer involving virtual assets that amount to less than HKD 8 000, the ordering VASP is in general not required to verify the originator's identity, except when several transactions are carried out which appear to the ordering VASP to be linked and amount to not less than HKD 8 000, or when there is a suspicion of ML/TF.


Wallet Attribution: VASP must determine if the transfer is to another VASP or an unhosted wallet, and identify the counterparty VASP.


Obligations of the beneficiary's VASP


Information Accompaniment: The beneficiary's VASP must obtain and record the required information on the originator and the beneficiary submitted to it by the VASP from which it receives the transfer instruction.


Verification: For a virtual asset transfer involving virtual assets that amount to not less than HKD 8 000, a beneficiary VASP should verify the identity of the recipient if the identity has not been previously verified as part of its CDD process. The beneficiary VASP should also confirm whether the recipient's name and account number obtained from the VASP from which it receives the transfer instruction match with the recipient information verified by it, and take reasonable measures where such information does not match.


Obligations of the intermediary VASP


An intermediary VASP must ensure that all originator and recipient information which the intermediary VASP receives in connection with the virtual asset transfer is retained with the required information submission, and is transmitted to the VASP to which it passes on the transfer instruction.


As with the submission of required information by an ordering VASP, an intermediary VASP should transmit the required information to another intermediary VASP or the beneficiary VASP.


Common Measures Applicable to VASPs


Detection of Missing Information: A beneficiary VASP or an intermediary VASP must establish and maintain effective procedures for identifying and handling incoming virtual asset transfers that do not comply with the relevant requirements on required originator or recipient information.


Sanctions Screening: VASPs should establish and maintain effective procedures to ensure compliance, enabling them to conduct sanctions screening and transaction monitoring on all relevant parties involved in a virtual asset transfer effectively.


Transaction Monitoring: A VASP should implement effective risk based transaction monitoring procedures to detect the origin and destination of the virtual assets transferred from or to its customers or other parties in relation to virtual asset transactions conducted for its customers, particularly those from or to a virtual asset transfer counterparty that presents a higher ML/TF risk or an unhosted wallet, and to identify and report suspicious transactions as well as take appropriate follow-up actions.


Transaction Screening: A VASP should establish and maintain adequate and effective systems and controls to conduct screening of virtual asset transactions and the associated wallet addresses. In particular, the VASP should:

  • (a) track the transaction history of virtual assets to more accurately identify the source and destination of these virtual assets; and
  • (b) identify transactions involving wallet addresses that are directly and/or indirectly associated with illicit or suspicious activities/sources, or designated parties.

The VASP should adopt appropriate technological solutions (e.g. blockchain analytic tools) that enable the tracking of virtual assets and the associated wallet addresses and identification of potentially suspicious transactions.


Unhosted Wallets: Before a VASP sends or receives virtual assets to or from an unhosted wallet on behalf of its customer (i.e. the originator or the beneficiary, as the case may be), the VASP should obtain the required originator and beneficiary information from the customer and record it.


A VASP should also assess the ML/TF risks associated with virtual asset transfers to or from unhosted wallets and take reasonable measures on a risk-sensitive basis to mitigate and manage the ML/TF risks associated with the transfers.

Batch file transfer

No difference.

Record retention

Five years.

Subject

Details

Status

Not in force.

Regulation

Commencement date

December 30, 2024

Threshold

No threshold.

VASP Due Diligence

When establishing a correspondent relationship with a CASP registered outside the EU.

Data to be shared

  • a) Full Official Name: As documented on an official government-issued document. For legal persons, use the registered name.
  • b) Distributed Ledger Address or Crypto-Asset Account Number:
  • If the transfer is registered on a DLT network, include the distributed ledger address and the crypto-asset account number if it exists and is used. If not registered on a DLT network, provide the crypto-asset account number.

  • c) Address and Identification (Originator Only): For natural persons: habitual residence, including country name, official personal document number, customer identification number, or date and place of birth. For legal persons: registered office address.
  • d) Legal Entity Identifier (LEI) or Equivalent Identifier: Include the current LEI or another official identifier if available in the message format and provided by the originator to the crypto-asset service provider. The alternative identifier must: i) be a unique identification code for the legal entity; ii) be published in public registries; iii) be automatically issued upon entity formation by a public authority; iv) allow identification of name and address elements; v) be accompanied by a description of the identifier type in the messaging system.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

Required for transactions exceeding EUR 1,000.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner, and no later than the initiation of the blockchain transaction.

The main actions required

Obligations of the Originator's CASP


Information Accompaniment: Ensure crypto-asset transfers include information on both the originator and the beneficiary.


Verification: Before transferring, verify the originator's information using reliable, independent sources.


Wallet Attribution: Determine if the transfer is to another CASP or a self-hosted address, and identify the counterparty CASP.


Transfers to Self-Hosted Addresses: In the case of a transfer of crypto-assets made from a self-hosted address, the CASP of the originator shall obtain and hold the information on the originator and the beneficiary and shall ensure that the transfer of crypto-assets can be individually identified. For transfers exceeding EUR 1,000 to a self-hosted address, assess whether the address is owned or controlled by the beneficiary.


Batch Transfers: Permitted if all required information for each individual transfer is included.


Obligations of the Beneficiary's CASP


Detection of Missing Information: Implement procedures to detect if originator and beneficiary information is included in transfers.


Verification: Before making assets available to the beneficiary, verify their information using reliable, independent sources.


Incomplete Transfers: Use risk-based procedures to decide whether to execute, reject, return, or suspend transfers lacking complete information, and take appropriate follow-up actions. Report such failures to the competent authority.


Assessment and Reporting: Consider missing or incomplete information when assessing if a transfer is suspicious and report to the Financial Intelligence Unit (FIU) if necessary.


Transfers from Self-Hosted Addresses: For transfers exceeding EUR 1,000 from a self-hosted address, assess whether the address is owned or controlled by the originator.


Obligations of the Intermediary CASP


ICASPs must ensure the transfer and retention of information on the originator and beneficiary of crypto-assets, detect missing information, establish risk-based procedures for handling transfers with missing or incomplete information, take action against non-compliant CASPs, and report suspicious activities to the FIU.


Common Measures Applicable to CASPs


Sanctions Screening: Establish internal policies to ensure compliance with EU and national restrictive measures during transfers.


Transaction Monitoring and Reporting: Assess and monitor risks related to clients, products, delivery channels, and transactions-including those involving self-hosted addresses. Implement Enhanced Due Diligence (EDD) for suspicious or high-risk activities and report unusual transactions to the FIU.


Enhanced Due Diligence: I) Correspondent Relationships: Apply specific EDD measures when dealing with CASPs outside the EU; 2) Self-Hosted Addresses: Assess risks associated with transfers to or from self-hosted addresses and implement measures to mitigate those risks.

Batch file transfer

In the case of a batch file transfer of crypto-assets from a single originator, the obligation on the CASP of the originator to ensure that information on the originator accompanies transfers of funds shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information on the originator and beneficiary, that that information has been verified, and, where applicable, that the individual transfers carry the distributed ledger address of the originator, the crypto-asset account number of the originator, or the unique transaction identifier, where applicable.

Record retention

Eight years.

Subject

Details

Status

Not in force.

Regulation

Commencement date

December 30, 2024

Threshold

No threshold.

VASP Due Diligence

When establishing a correspondent relationship with a CASP registered outside the EU.

Data to be shared

  • a) Full Official Name: As documented on an official government-issued document. For legal persons, use the registered name.
  • b) Distributed Ledger Address or Crypto-Asset Account Number:
  • If the transfer is registered on a DLT network, include the distributed ledger address and the crypto-asset account number if it exists and is used. If not registered on a DLT network, provide the crypto-asset account number.

  • c) Address and Identification (Originator Only): For natural persons: habitual residence, including country name, official personal document number, customer identification number, or date and place of birth. For legal persons: registered office address.
  • d) Legal Entity Identifier (LEI) or Equivalent Identifier: Include the current LEI or another official identifier if available in the message format and provided by the originator to the crypto-asset service provider. The alternative identifier must: i) be a unique identification code for the legal entity; ii) be published in public registries; iii) be automatically issued upon entity formation by a public authority; iv) allow identification of name and address elements; v) be accompanied by a description of the identifier type in the messaging system.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

Required for transactions exceeding EUR 1,000.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner, and no later than the initiation of the blockchain transaction.

The main actions required

Obligations of the Originator's CASP


Information Accompaniment: Ensure crypto-asset transfers include information on both the originator and the beneficiary.


Verification: Before transferring, verify the originator's information using reliable, independent sources.


Wallet Attribution: Determine if the transfer is to another CASP or a self-hosted address, and identify the counterparty CASP.


Transfers to Self-Hosted Addresses: In the case of a transfer of crypto-assets made from a self-hosted address, the CASP of the originator shall obtain and hold the information on the originator and the beneficiary and shall ensure that the transfer of crypto-assets can be individually identified. For transfers exceeding EUR 1,000 to a self-hosted address, assess whether the address is owned or controlled by the beneficiary.


Batch Transfers: Permitted if all required information for each individual transfer is included.


Obligations of the Beneficiary's CASP


Detection of Missing Information: Implement procedures to detect if originator and beneficiary information is included in transfers.


Verification: Before making assets available to the beneficiary, verify their information using reliable, independent sources.


Incomplete Transfers: Use risk-based procedures to decide whether to execute, reject, return, or suspend transfers lacking complete information, and take appropriate follow-up actions. Report such failures to the competent authority.


Assessment and Reporting: Consider missing or incomplete information when assessing if a transfer is suspicious and report to the Financial Intelligence Unit (FIU) if necessary.


Transfers from Self-Hosted Addresses: For transfers exceeding EUR 1,000 from a self-hosted address, assess whether the address is owned or controlled by the originator.


Obligations of the Intermediary CASP


ICASPs must ensure the transfer and retention of information on the originator and beneficiary of crypto-assets, detect missing information, establish risk-based procedures for handling transfers with missing or incomplete information, take action against non-compliant CASPs, and report suspicious activities to the FIU.


Common Measures Applicable to CASPs


Sanctions Screening: Establish internal policies to ensure compliance with EU and national restrictive measures during transfers.


Transaction Monitoring and Reporting: Assess and monitor risks related to clients, products, delivery channels, and transactions-including those involving self-hosted addresses. Implement Enhanced Due Diligence (EDD) for suspicious or high-risk activities and report unusual transactions to the FIU.


Enhanced Due Diligence: I) Correspondent Relationships: Apply specific EDD measures when dealing with CASPs outside the EU; 2) Self-Hosted Addresses: Assess risks associated with transfers to or from self-hosted addresses and implement measures to mitigate those risks.

Batch file transfer

In the case of a batch file transfer of crypto-assets from a single originator, the obligation on the CASP of the originator to ensure that information on the originator accompanies transfers of funds shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information on the originator and beneficiary, that that information has been verified, and, where applicable, that the individual transfers carry the distributed ledger address of the originator, the crypto-asset account number of the originator, or the unique transaction identifier, where applicable.

Record retention

Five years.

Subject

Details

Status

In force.

Regulation

AML & CFT Guidelines For Reporting Entities Providing Services Related To Virtual Digital Assets

Commencement date

March 10, 2023

Threshold

No threshold.

VASP Due Diligence

Required

Data to be shared

Originator:

  • a) Permanent Account Number (PAN) or National Identity Number;
  • b) Full name;
  • c) Account number;
  • d) Physical (geographical) address, or date and place of birth.

Beneficiary:

  • e) Full name;
  • f) Account number.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner.

The main actions required

SPs should ensure to include required and accurate originator information, and required beneficiary information, on wire transfers and related messages.


SPs should also monitor wire transfers to detect those which lack the required originator and/or beneficiary information and screen the transactions to comply with relevant UNSCR resolutions.


The originating SPs must obtain and hold required and accurate originator information and required beneficiary information on VDA transfers.


Beneficiary SPs must obtain and hold required originator information and accurate beneficiary information on VDA transfers and make it available on request to appropriate authorities. This applied regardless of whether the value of the VDA transfer is denominated in fiat currency or another VDA.


For VDA transfer to/ from intermediary SPs or FIs that facilitate VDA transfers as an intermediate element in a chain of VDA transfers, it is suggested that they may be treated as obligated entities and may be required to treat all VDA transfers as crossborder qualifying transfers.


Just as a traditional intermediary FI processing a traditional fiat cross-border wire transfer must ensure that all required originator and beneficiary information that accompanies a wire transfer is retained with it, so too must an intermediary SP or other comparable intermediary institution that facilitates VDA transfers ensure that the required information is transmitted along the chain of VDA transfers, as well as maintaining necessary records and making the information available to appropriate authorities upon request.


Similarly, where technical limitations prevent the required originator or beneficiary information from remaining with a required data submission, a record should be kept, for at least five years, by the receiving intermediary SP of all the information received from the ordering SP or another intermediary SP. Intermediary institutions involved in VDA transfers also have general obligations to identify suspicious transactions, take freezing actions, and prohibit transactions with designated persons and entities-just like ordering and beneficiary SPs (or other ordering or beneficiary obliged entities that facilitate VDA transfers).

Batch file transfer

No difference.

Record retention

Five years.

Subject

Details

Status

In force.

Regulation

Commencement date

October 2021

Threshold

USD 1,000

VASP Due Diligence

No requirement.

Data to be shared

If >USD 1,000


Originator:

  • a) Full name;
  • b) Wallet address;
  • c) Address;
  • d) Identity Cards are mandatory for Indonesian citizens, or passports and identity cards issued by the country of origin of Crypto Asset Customers (KITAP) or Limited Stay Permit Cards (KITAS) for foreign nationals if it is possible to obtain them.

Beneficiary:

  • e) Full name;
  • f) Wallet address;
  • g) Address.

If <USD 1,000


a), b), e), f).

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Subject

Details

Time and way to share the Information

No difference.

The main actions required

  1. The Prospective Crypto Asset Physical Traders or Crypto Asset Physical Traders must obtain the information specified in the Section "Data to be shared";
  2. Prospective Crypto Asset Physical Traders or Crypto Asset Physical Traders are prohibited from facilitating the movement or transfer of Crypto Assets, if they do not apply the Travel Rule principle.

Batch file transfer

No difference.

Record retention

Five years.

Subject

Details

Status

Not in force.

Regulation

Commencement date

December 30, 2024

Threshold

No threshold.

VASP Due Diligence

When establishing a correspondent relationship with a CASP registered outside the EU.

Data to be shared

  • a) Full Official Name: As documented on an official government-issued document. For legal persons, use the registered name.
  • b) Distributed Ledger Address or Crypto-Asset Account Number:
  • If the transfer is registered on a DLT network, include the distributed ledger address and the crypto-asset account number if it exists and is used. If not registered on a DLT network, provide the crypto-asset account number.

  • c) Address and Identification (Originator Only): For natural persons: habitual residence, including country name, official personal document number, customer identification number, or date and place of birth. For legal persons: registered office address.
  • d) Legal Entity Identifier (LEI) or Equivalent Identifier: Include the current LEI or another official identifier if available in the message format and provided by the originator to the crypto-asset service provider. The alternative identifier must: i) be a unique identification code for the legal entity; ii) be published in public registries; iii) be automatically issued upon entity formation by a public authority; iv) allow identification of name and address elements; v) be accompanied by a description of the identifier type in the messaging system.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

Required for transactions exceeding EUR 1,000.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner, and no later than the initiation of the blockchain transaction

The main actions required

Obligations of the Originator's CASP


Information Accompaniment: Ensure crypto-asset transfers include information on both the originator and the beneficiary.


Verification: Before transferring, verify the originator's information using reliable, independent sources.


Wallet Attribution: Determine if the transfer is to another CASP or a self-hosted address, and identify the counterparty CASP.


Transfers to Self-Hosted Addresses: In the case of a transfer of crypto-assets made from a self-hosted address, the CASP of the originator shall obtain and hold the information on the originator and the beneficiary and shall ensure that the transfer of crypto-assets can be individually identified. For transfers exceeding EUR 1,000 to a self-hosted address, assess whether the address is owned or controlled by the beneficiary.


Batch Transfers: Permitted if all required information for each individual transfer is included.


Obligations of the Beneficiary's CASP


Detection of Missing Information: Implement procedures to detect if originator and beneficiary information is included in transfers.


Verification: Before making assets available to the beneficiary, verify their information using reliable, independent sources.


Incomplete Transfers: Use risk-based procedures to decide whether to execute, reject, return, or suspend transfers lacking complete information, and take appropriate follow-up actions. Report such failures to the competent authority.


Assessment and Reporting: Consider missing or incomplete information when assessing if a transfer is suspicious and report to the Financial Intelligence Unit (FIU) if necessary.


Transfers from Self-Hosted Addresses: For transfers exceeding EUR 1,000 from a self-hosted address, assess whether the address is owned or controlled by the originator.


Obligations of the Intermediary CASP


ICASPs must ensure the transfer and retention of information on the originator and beneficiary of crypto-assets, detect missing information, establish risk-based procedures for handling transfers with missing or incomplete information, take action against non-compliant CASPs, and report suspicious activities to the FIU.


Common Measures Applicable to CASPs


Sanctions Screening: Establish internal policies to ensure compliance with EU and national restrictive measures during transfers.


Transaction Monitoring and Reporting: Assess and monitor risks related to clients, products, delivery channels, and transactions-including those involving self-hosted addresses. Implement Enhanced Due Diligence (EDD) for suspicious or high-risk activities and report unusual transactions to the FIU.


Enhanced Due Diligence: I) Correspondent Relationships: Apply specific EDD measures when dealing with CASPs outside the EU; 2) Self-Hosted Addresses: Assess risks associated with transfers to or from self-hosted addresses and implement measures to mitigate those risks.

Batch file transfer

In the case of a batch file transfer of crypto-assets from a single originator, the obligation on the CASP of the originator to ensure that information on the originator accompanies transfers of funds shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information on the originator and beneficiary, that that information has been verified, and, where applicable, that the individual transfers carry the distributed ledger address of the originator, the crypto-asset account number of the originator, or the unique transaction identifier, where applicable.

Record retention

Five years.

Subject

Details

Status

In force.

Regulation

Commencement date

October 28, 2024

Threshold

No threshold.

VASP Due Diligence

No requirement.

Data to be shared

The Travel Rule obligations apply to all virtual asset transfers, irrespective of their value. However, for virtual asset transfers equal to or exceeding EUR 1,000, originating VASPs are required to transmit a broader scope of information.


If <EUR 1,000


Originator:

  • a) Full name;
  • b) Unique account Identifier (unique transaction identifier).

Beneficiary:

  • a) Full name;
  • b) Unique account Identifier (unique transaction identifier).

If >EUR 1,000


Originator:

  • a) Full name;
  • b) Unique account Identifier (unique transaction identifier);
  • c) One of the following: address, a national identity number, or date and place of birth.

Beneficiary:

  • a) Full name;
  • b) Unique account Identifier (unique transaction identifier).

Unhosted Wallets:


When a VASP facilitates a transfer involving an unhosted wallet, it must obtain from its customer (whether as originator or beneficiary) the names of both the originator and beneficiary, along with their unique account or transaction identifiers.


Legal Entity:


Where the originator is a legal entity, a VASP must obtain and hold from the legal entity:

  • a) the registered name, or if there is no registered name, the trading name;
  • b) the unique account identifier, or if there is no unique account identifier, the unique transaction identifier; and
  • c) the registered office address, or if different, or if there is none, the principal place of business.

Domestic vs cross-border transfers

No difference.


All virtual asset transfers under the Travel Rule Code are considered to be cross border transfers regardless of whether the originator and beneficiary are located in the same country or different countries.

Self-hosted wallet verification

No requirement.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner.

The main actions required

Obligations of the Originator's VASP


Information Accompaniment: Ensure crypto-asset transfers include information on both the originator and the beneficiary.


Verification: Before transferring, verify the originator's information using reliable, independent sources.


Wallet Attribution: Determine if the transfer is to another CASP or a self-hosted address, and identify the counterparty CASP.


Transfers to Self-Hosted Addresses: In the case of a transfer of crypto-assets made from a self-hosted address, the CASP of the beneficiary shall obtain and hold the information on the originator and the beneficiary and shall ensure that the transfer of crypto-assets can be individually identified.


Batch Transfers: Permitted if all required information for each individual transfer is included.


Obligations of the Beneficiary's VASP


Detection of Missing Information: Implement procedures to detect if originator and beneficiary information is included in transfers.


Verification: Before making assets available to the beneficiary, verify their information using reliable, independent sources.


Incomplete Transfers: Use risk-based procedures to decide whether to execute, reject, return, or suspend transfers lacking complete information, and take appropriate follow-up actions. Report such failures to the competent authority.


Assessment and Reporting: Consider missing or incomplete information when assessing if a transfer is suspicious and report to the Financial Intelligence Unit (FIU) if necessary.


Common Measures Applicable to VASPs


Sanctions Screening: Establish internal policies to ensure compliance with EU and national restrictive measures during transfers.


Transaction Monitoring and Reporting: Assess and monitor risks related to clients, products, delivery channels, and transactions-including those involving self-hosted addresses. Implement Enhanced Due Diligence (EDD) for suspicious or high-risk activities and report unusual transactions to the FIU.

Batch file transfer

In the case of a batch file transfer, the information required specified does not have to accompany each individual virtual asset transfer provided that:

  • a) each individual virtual asset transfer within the batch is accompanied by the unique account identifier or, if there is no unique account identifier, the unique transaction identifier; and
  • b) the batch is accompanied by the remaining required information.

Record retention

Five years.

Subject

Details

Status

In force.

Regulation

Anti-Money Laundering Order

Commencement date

November 14, 2021

Threshold

No threshold.

VASP Due Diligence

No requirement.

Data to be shared

Originator:

  • a) Full name;
  • b) Identity number (or a unique identity number), or the date of birth or the date of incorporation;
  • c) Address;
  • d) Account number (or another unique identification number).

Beneficiary:

  • a) Full name;
  • b) Account number (or another unique identification number).

With respect to transactions in a virtual currency, the transfer documents will also record the addresses of the virtual currency wallets involved in the transaction.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner.

The main actions required

  1. A Service Provider will not conduct a transaction involving a virtual currency transfer without performing the following:
    1. The Service Provider registered the information details of the originator as stated in a) to d) and g) in Section "Data to be shared" and the information details of the beneficiary as stated in e) to g) in Section "Data to be shared";

  2. A Service Provider will not receive a transfer of virtual currency without performing the following actions:
    1. It registered the information of the originator as stated in a) to d) and g) in Section "Data to be shared";
    2. It registered the information regarding the beneficiary as stated in e) to g) in Section "Data to be shared".
  3. The Service Provider will record the identification details after it verified the identification details according to the identification document; as regards the registration of the identification information of the account number in d) and f) from the Section "Data to be shared" - the Service Provider will record the account number based on a document containing the name and the account number of the Service Recipient.

Batch file transfer

In the event a Service Provider performed a number of cross border electronic wire transfers from Israel, or transfers of virtual currency, for the same originator in one batch file, the said batch file will include the information contained in Section "Data to be shared" with respect to each of the transfers in the batch file.

Record retention

Five years

Subject

Details

Status

Not in force.

Regulation

Commencement date

December 30, 2024

Threshold

No threshold.

VASP Due Diligence

When establishing a correspondent relationship with a CASP registered outside the EU.

Data to be shared

  • a) Full Official Name: As documented on an official government-issued document. For legal persons, use the registered name.
  • b) Distributed Ledger Address or Crypto-Asset Account Number:
  • If the transfer is registered on a DLT network, include the distributed ledger address and the crypto-asset account number if it exists and is used. If not registered on a DLT network, provide the crypto-asset account number.

  • c) Address and Identification (Originator Only): For natural persons: habitual residence, including country name, official personal document number, customer identification number, or date and place of birth. For legal persons: registered office address.
  • d) Legal Entity Identifier (LEI) or Equivalent Identifier: Include the current LEI or another official identifier if available in the message format and provided by the originator to the crypto-asset service provider. The alternative identifier must: i) be a unique identification code for the legal entity; ii) be published in public registries; iii) be automatically issued upon entity formation by a public authority; iv) allow identification of name and address elements; v) be accompanied by a description of the identifier type in the messaging system.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

Required for transactions exceeding EUR 1,000.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner, and no later than the initiation of the blockchain transaction.

The main actions required

Obligations of the Originator's CASP


Information Accompaniment: Ensure crypto-asset transfers include information on both the originator and the beneficiary.


Verification: Before transferring, verify the originator's information using reliable, independent sources.


Wallet Attribution: Determine if the transfer is to another CASP or a self-hosted address, and identify the counterparty CASP.


Transfers to Self-Hosted Addresses: In the case of a transfer of crypto-assets made from a self-hosted address, the CASP of the originator shall obtain and hold the information on the originator and the beneficiary and shall ensure that the transfer of crypto-assets can be individually identified. For transfers exceeding EUR 1,000 to a self-hosted address, assess whether the address is owned or controlled by the beneficiary.


Batch Transfers: Permitted if all required information for each individual transfer is included.


Obligations of the Beneficiary's CASP


Detection of Missing Information: Implement procedures to detect if originator and beneficiary information is included in transfers.


Verification: Before making assets available to the beneficiary, verify their information using reliable, independent sources.


Incomplete Transfers: Use risk-based procedures to decide whether to execute, reject, return, or suspend transfers lacking complete information, and take appropriate follow-up actions. Report such failures to the competent authority.


Assessment and Reporting: Consider missing or incomplete information when assessing if a transfer is suspicious and report to the Financial Intelligence Unit (FIU) if necessary.


Transfers from Self-Hosted Addresses: For transfers exceeding EUR 1,000 from a self-hosted address, assess whether the address is owned or controlled by the originator.


Obligations of the Intermediary CASP


ICASPs must ensure the transfer and retention of information on the originator and beneficiary of crypto-assets, detect missing information, establish risk-based procedures for handling transfers with missing or incomplete information, take action against non-compliant CASPs, and report suspicious activities to the FIU.


Common Measures Applicable to CASPs


Sanctions Screening: Establish internal policies to ensure compliance with EU and national restrictive measures during transfers.


Transaction Monitoring and Reporting: Assess and monitor risks related to clients, products, delivery channels, and transactions-including those involving self-hosted addresses. Implement Enhanced Due Diligence (EDD) for suspicious or high-risk activities and report unusual transactions to the FIU.


Enhanced Due Diligence: I) Correspondent Relationships: Apply specific EDD measures when dealing with CASPs outside the EU; 2) Self-Hosted Addresses: Assess risks associated with transfers to or from self-hosted addresses and implement measures to mitigate those risks.

Batch file transfer

In the case of a batch file transfer of crypto-assets from a single originator, the obligation on the CASP of the originator to ensure that information on the originator accompanies transfers of funds shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information on the originator and beneficiary, that that information has been verified, and, where applicable, that the individual transfers carry the distributed ledger address of the originator, the crypto-asset account number of the originator, or the unique transaction identifier, where applicable.

Record retention

10 years.

Subject

Details

Status

In force.

Regulation

Commencement date

  • JVCEA introduced a travel rule as a self-regulatory rule from April 1, 2022.
  • However, amendments to the AML Act entered into force in June 2023.

Threshold

No threshold.

VASP Due Diligence

No requirement.

Data to be shared

Originator:


Natural person:

  • a) Full name;
  • b) Residence or customer identification number, etc;
  • c) Blockchain address or number that can identify the address.

Legal person:

  • d) Name;
  • e) Location of head office or principal office or customer identification number, etc;
  • f) Blockchain address or number that can identify the address.

Beneficiary:


Natural person:

  • g) Full name;
  • h) Blockchain address or number that can identify the address.

Legal person:

  • i) Name;
  • j) Blockchain address or number that can identify the address.

Domestic vs cross-border transfers

If the transaction is carried out with foreign VASP, Travel Rule apply only to countries and regions specified by the Financial Services Agency. (United States of America, Albania, Israel, Canada, Cayman Islands, Gibraltar, Singapore, Switzerland, Serbia, The Republic of Korea, Germany, Bahamas, Bermuda, The Philippines, Venezuela, Hong Kong, Malaysia, Mauritius, Liechtenstein, Luxembourg).

Self-hosted wallet verification

No requirement.

Subject

Details

Time and way to share the Information

The required information shall be transmitted at the time of the transfer.

The main actions required

  1. Sender's VASP should transfer the information about the sender and recipient at the time of VA transfer to another VASP.
  2. VASPs are obliged to record and preserve matters notified or received.

Batch file transfer

No difference.

Record retention

Seven years.

Subject

Details

Status

In force.

Regulation

Commencement date

September 1, 2023

Threshold

EUR 1,000

VASP Due Diligence

Enhanced Customer Due Diligence is required for correspondent banking relationships. Considering the analogous nature of correspondent relationships between VASPs, Sumsub assumes that this requirement similarly applies to VASPs.

Data to be shared

Natural Person:


Originator:

  • a) Full name;
  • b) Account number (or other unique transaction identifiers);
  • c) One of the following: customer identification number; or address; or birth certificate, passport number, or national ID card number (or individual's date and place of birth).

Beneficiary:

  • d) Full name;
  • e) Account number (or other unique transaction identifiers).

Legal Entity:


Originator:

  • f) Registered or trading names;
  • g) Account number (or other unique transaction identifiers);
  • h) One of the following: customer identification number; or address of registered office (or principal place of business).

Beneficiary:

  • i) Registered or trading names;
  • j) Account number (or other unique transaction identifiers).

Domestic vs cross-border transfers

Sumsub has submitted a request to the Jersey Financial Services Commission for clarification on the application of the rules concerning the minimum threshold amount. This information will be updated upon receipt of the regulator's response.

There is a difference.


Natural Person:


Domestic. The following data should be transferred: b) and e). However, within three working days of receiving a request for information from the beneficiary's CASP or ICASP, the following data should be made available:

  • <EUR 1,000: a), b), d), e);
  • >EUR 1,000: a), b), c), d), e).

Cross-border. The following data should be transferred:

  • <EUR 1,000: a), b), d), e);
  • >EUR 1,000: a), b), c), d), e).

Legal Entity:


Domestic. The following data should be transferred: g) and j). However, within three working days of receiving a request for information from the beneficiary's CASP or ICASP, the following data should be made available:

  • <EUR 1,000: f), g), i), j);
  • >EUR 1,000: f), g), h); i), j).

Cross-border. The following data should be transferred:

  • <EUR 1,000: f), g), i), j);
  • >EUR 1,000: f), g), h); i), j).

Self-hosted wallet verification

Required in cases of higher risk.

Subject

Details

Time and way to share the Information

Regulation (EU) 2015/847 and the national regulation do not explicitly specify the time frame for information sharing. In turn, according to the interpretive note to FATF Recommendation 15, originating CASPs should submit the information on the originator and beneficiary to the beneficiary CASP immediately and securely.

The main actions required

CASP of the Originator


Information Accompanying Transfers: It shall ensure that all transfers of funds are accompanied by the information on the originator and beneficiary.


Verification of Information: It shall verify the accuracy of the originator's information before the transfer. This can be done by using documents, data, or information from a reliable and independent source. If the originator's identity has been verified according to Directive (EU) 2015/849, no additional verification is required.


Transfers within the British Islands: For transfers within the British Islands where all CASPs involved are in the British Islands, the CASP of the originator needs only to provide the payment account numbers of the originator and beneficiary (or a unique transaction identifier), unless otherwise requested.


Transfers to outside the British Islands: In the case of a batch file transfer from a single originator where the CASPs of the beneficiaries are established outside the British Islands, the obligation to provide information on the originator shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information on the originator and beneficiary, that that information has been verified, and that the individual transfers carry the payment account number of the originator or, where applicable, the unique transaction identifier.


By way of derogation from the obligation to provide information on the originator, and, where applicable, without prejudice to the information required in accordance with Regulation (EU) No 260/2012, where the CASP of the originator is established outside the British Islands, transfers of funds not exceeding EUR 1,000 that do not appear to be linked to other transfers of funds which, together with the transfer in question, exceed EUR 1,000, shall be accompanied by at least:

  • a) the names of the originator and of the beneficiary; and
  • b) the payment account numbers of the originator and of the beneficiary or, where applicable, the unique transaction identifier.

By way of derogation, the CASP of the originator need not verify the information on the originator unless the CASP of the originator:

  • a) has received the funds to be transferred in cash or in anonymous electronic money; or
  • b) has reasonable grounds for suspecting money laundering or terrorist financing.

CASP of the Beneficiary


Detection of Missing or Incomplete Information: The beneficiary's CASP must implement effective procedures to ensure that information fields related to the originator and beneficiary in payment systems are correctly filled using admissible characters according to system conventions. They should detect missing information through appropriate procedures, including ex-post or real-time monitoring where necessary.


Verification of Information: For transfers exceeding EUR 1,000, whether in single or linked transactions, the beneficiary's CASP must verify the accuracy of the beneficiary's information using reliable and independent sources before crediting the account or making funds available, in compliance with Articles 69 and 70 of Directive 2007/64/EC.


For transfers not exceeding EUR 1,000 that are not linked to others surpassing that amount, the CASP is not required to verify the beneficiary's information unless:

  • a) The funds are paid out in cash or anonymous electronic money; or
  • b) There are reasonable grounds to suspect money laundering or terrorist financing.

Transfers with Missing Information: The beneficiary's CASP must implement risk-based procedures to decide whether to execute, reject, or suspend transfers that lack complete originator and beneficiary information, and take appropriate follow-up actions.


If the beneficiary's CASP detects missing, incomplete, or improperly formatted originator or beneficiary information upon receiving a transfer, it should, on a risk-sensitive basis, either reject the transfer or request the necessary information before or after crediting the beneficiary's account.


If a CASP repeatedly fails to provide the required information, the beneficiary's CASP should issue warnings and set deadlines, and may ultimately reject future transfers or terminate the business relationship with that CASP.


The beneficiary's CASP must report such failures and the actions taken to the competent authority responsible for monitoring AML/CTF compliance.


Handling Suspicious Transactions: Missing or incomplete information on the originator or beneficiary must be factored into the CASP's risk assessment for suspicious transactions and whether such transfers should be reported to the Financial Intelligence Unit.

Batch file transfer

In the case of a batch file transfer from a single originator where the CASPs of the beneficiaries are established outside the EU, the obligation on the CASP of the originator to ensure that information on the originator accompanies transfers of funds shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information on the originator and the beneficiary, that the information has been properly verified, and that the individual transfers carry the account number of the originator or, where the exception is applied, the unique transaction identifier.

Record retention

Six years.

Subject

Details

Status

Not in force.

Regulation

Commencement date

January 1, 2025

Threshold

USD 1,000

VASP Due Diligence

Required.

Data to be shared

Natural Persons:


Originator:

  • a) Full name;
  • b) Digital asset wallet address or account number or (in the absence of an account) unique transaction reference number;
  • c) Physical address, or national identity number, or customer identification, or date and place of birth.

Beneficiary:

  • d) Full name;
  • e) Digital asset wallet address or account number or (in the absence of an account) unique transaction reference number.

Legal Entities:


Originator:

  • f) The registered corporate name or trading name;
  • g) Digital asset wallet address or account number or (in the absence of an account) unique transaction reference number;
  • h) Either of the following: the customer identification number; or the registered office address or primary place of business.

Beneficiary:

  • i) The name;
  • j) Digital asset wallet address account number or (in the absence of an account) unique transaction reference number.

Domestic vs cross-border transfers

No difference.


Natural Persons:


The following data should be transferred:

  • <USD 1,000: a), b), d), e);
  • ⩾USD 1,000: a), b) c), d), e).

Legal Entities:


The following data should be transferred:

  • <USD 1,000: f), g), i), j);
  • ⩾USD 1,000: f), g), h), i), j).

Self-hosted wallet verification

Required for transactions exceeding USD 1,000, as well as when there is a suspicion of money laundering or terrorist financing involving a transfer to a self-hosted digital wallet.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner.

The main actions required

Obligations of the Originator's VASP


Information Accompaniment: Ensure crypto-asset transfers include information on both the originator and the beneficiary.


Verification: Before transferring, verify the originator's information using reliable, independent sources.


Wallet Attribution: Determine if the transfer is to another VASP or a self-hosted address, and identify the counterparty VASP.


Transfers to Self-Hosted Addresses: In the case of a transfer of crypto-assets made to a self-hosted address, the VASP of the originator shall obtain and hold the information on the originator and the beneficiary and shall ensure that the transfer of crypto-assets can be individually identified.


Batch Transfers: Permitted if all required information for each individual transfer is included.


Obligations of the Beneficiary's VASP


Detection of Missing Information: Implement procedures to detect if originator and beneficiary information is included in transfers.


Verification: Before making assets available to the beneficiary, verify their information using reliable, independent sources.


Incomplete Transfers: Use risk-based procedures to decide whether to execute, reject, return, or suspend transfers lacking complete information, and take appropriate follow-up actions. Report such failures to the competent authority.


Assessment and Reporting: Consider missing or incomplete information when assessing if a transfer is suspicious and report to the Financial Intelligence Unit (FIU) if necessary.


Transfers from Self-Hosted Addresses: For transfers exceeding USD 1,000 from a self-hosted address, assess whether the address is owned or controlled by the beneficiary.


Common Measures Applicable to VASPs


Sanctions Screening: Establish internal policies to ensure compliance with appropriate restrictive measures during transfers.


Transaction Monitoring and Reporting: Assess and monitor risks related to clients, products, delivery channels, and transactions-including those involving self-hosted addresses. Implement Enhanced Due Diligence (EDD) for suspicious or high-risk activities and report unusual transactions to the FIU.

Batch file transfer

If several transfers from a single originator are bundled in a batch file for transmission to beneficiaries, they may be exempted from the requirements in respect of originator information, provided that they include the originator's account number or unique transaction reference number, and the batch file contains required and accurate originator information, and full beneficiary information, that is fully traceable within the beneficiary country.

Record retention

As a general rule, the period is five years; for intermediary VASPs, it is six years.

Subject

Details

Status

Not in force.

Regulation

Commencement date

December 30, 2024

Threshold

No threshold.

VASP Due Diligence

When establishing a correspondent relationship with a CASP registered outside the EU.

Data to be shared

  • a) Full Official Name: As documented on an official government-issued document. For legal persons, use the registered name.
  • b) Distributed Ledger Address or Crypto-Asset Account Number:
    • If the transfer is registered on a DLT network, include the distributed ledger address and the crypto-asset account number if it exists and is used.
    • If not registered on a DLT network, provide the crypto-asset account number.
  • c) Address and Identification (Originator Only): For natural persons: habitual residence, including country name, official personal document number, customer identification number, or date and place of birth. For legal persons: registered office address.
  • d) Legal Entity Identifier (LEI) or Equivalent Identifier: Include the current LEI or another official identifier if available in the message format and provided by the originator to the crypto-asset service provider. The alternative identifier must: i) be a unique identification code for the legal entity; ii) be published in public registries; iii) be automatically issued upon entity formation by a public authority; iv) allow identification of name and address elements; v) be accompanied by a description of the identifier type in the messaging system.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

Required for transactions exceeding EUR 1,000.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner, and no later than the initiation of the blockchain transaction.

The main actions required

Obligations of the Originator's CASP


Information Accompaniment: Ensure crypto-asset transfers include information on both the originator and the beneficiary.


Verification: Before transferring, verify the originator's information using reliable, independent sources.


Wallet Attribution: Determine if the transfer is to another CASP or a self-hosted address, and identify the counterparty CASP.


Transfers to Self-Hosted Addresses: In the case of a transfer of crypto-assets made from a self-hosted address, the CASP of the originator shall obtain and hold the information on the originator and the beneficiary and shall ensure that the transfer of crypto-assets can be individually identified. For transfers exceeding EUR 1,000 to a self-hosted address, assess whether the address is owned or controlled by the beneficiary.


Batch Transfers: Permitted if all required information for each individual transfer is included.


Obligations of the Beneficiary's CASP


Detection of Missing Information: Implement procedures to detect if originator and beneficiary information is included in transfers.


Verification: Before making assets available to the beneficiary, verify their information using reliable, independent sources.


Incomplete Transfers: Use risk-based procedures to decide whether to execute, reject, return, or suspend transfers lacking complete information, and take appropriate follow-up actions. Report such failures to the competent authority.


Assessment and Reporting: Consider missing or incomplete information when assessing if a transfer is suspicious and report to the Financial Intelligence Unit (FIU) if necessary.


Transfers from Self-Hosted Addresses: For transfers exceeding EUR 1,000 from a self-hosted address, assess whether the address is owned or controlled by the originator.


Obligations of the Intermediary CASP


ICASPs must ensure the transfer and retention of information on the originator and beneficiary of crypto-assets, detect missing information, establish risk-based procedures for handling transfers with missing or incomplete information, take action against non-compliant CASPs, and report suspicious activities to the FIU.


Common Measures Applicable to CASPs


Sanctions Screening: Establish internal policies to ensure compliance with EU and national restrictive measures during transfers.


Transaction Monitoring and Reporting: Assess and monitor risks related to clients, products, delivery channels, and transactions-including those involving self-hosted addresses. Implement Enhanced Due Diligence (EDD) for suspicious or high-risk activities and report unusual transactions to the FIU.


Enhanced Due Diligence: I) Correspondent Relationships: Apply specific EDD measures when dealing with CASPs outside the EU; 2) Self-Hosted Addresses: Assess risks associated with transfers to or from self-hosted addresses and implement measures to mitigate those risks.

Batch file transfer

In the case of a batch file transfer of crypto-assets from a single originator, the obligation on the CASP of the originator to ensure that information on the originator accompanies transfers of funds shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information on the originator and beneficiary, that that information has been verified, and, where applicable, that the individual transfers carry the distributed ledger address of the originator, the crypto-asset account number of the originator, or the unique transaction identifier, where applicable.

Record retention

Five years.

Subject

Details

Status

In force.

Regulation

Commencement date

June 1, 2021

Threshold

CHF 1

VASP Due Diligence

No requirement.

Data to be shared

Originator:

  • a) Full Official Name: As documented on an official government-issued document. For legal persons, use the registered name;
  • b) Account number (or unique transaction identifier);
  • c) Address and country (domicile/registered office), the number of a valid official ID, the customer number or the date and place of birth.

Beneficiary:

  • d) Full Official Name: As documented on an official government-issued document. For legal persons, use the registered name;
  • e) Account number (or unique transaction identifier).

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

Required.

Subject

Details

Time and way to share the Information

The required information shall be transmitted in a secure manner before the transfer is completed.

The main actions required

Obligations of the Originator's CASP


Information Accompaniment: Ensure crypto-asset transfers include information on both the originator and the beneficiary.


Verification: Before transferring, verify the originator's information using reliable, independent sources.


Wallet Attribution: Determine if the transfer is to another CASP or a self-hosted address, and identify the counterparty CASP.


Transfers to Self-Hosted Addresses: In the case of a transfer of crypto-assets made from a self-hosted address, the CASP of the originator shall obtain and hold the information on the originator and the beneficiary and shall ensure that the transfer of crypto-assets can be individually identified. For transfers exceeding EUR 1,000 to a self-hosted address, assess whether the address is owned or controlled by the beneficiary.


Batch Transfers: Permitted if all required information for each individual transfer is included.


Obligations of the Beneficiary's CASP


Detection of Missing Information: Implement procedures to detect if originator and beneficiary information is included in transfers.


Verification: Before making assets available to the beneficiary, verify their information using reliable, independent sources.


Incomplete Transfers: Use risk-based procedures to decide whether to execute, reject, return, or suspend transfers lacking complete information, and take appropriate follow-up actions. Report such failures to the competent authority.


Assessment and Reporting: Consider missing or incomplete information when assessing if a transfer is suspicious and report to the Financial Intelligence Unit (FIU) if necessary.


Transfers from Self-Hosted Addresses: For transfers exceeding EUR 1,000 from a self-hosted address, assess whether the address is owned or controlled by the originator.


Obligations of the Intermediary CASP


Intermediate service providers (such as those involved in routing, clearance, or operating a lightning node) are exempt from the obligation to forward the information, provided it is not necessary for the exchange of information between the TT service providers.


Common Measures Applicable to CASPs


Sanctions Screening: Establish internal policies to ensure compliance with EU and national restrictive measures during transfers.


Transaction Monitoring and Reporting: Assess and monitor risks related to clients, products, delivery channels, and transactions-including those involving self-hosted addresses. Implement Enhanced Due Diligence (EDD) for suspicious or high-risk activities and report unusual transactions to the FIU.


Enhanced Due Diligence: I) Correspondent Relationships: Apply specific EDD measures when dealing with CASPs outside the EU; 2) Self-Hosted Addresses: Assess risks associated with transfers to or from self-hosted addresses and implement measures to mitigate those risks.

Batch file transfer

No difference.

Record retention

10 years.

Notes

The Wegleitung 2021/18 Pflichten bei der Durchführung von VT-Transfers is based on Regulation (EU) 2023/1113 and the requirements of FATF Recommendation No. 16.

Subject

Details

Status

Not in force.

Regulation

Commencement date

December 30, 2024

Threshold

No threshold.

VASP Due Diligence

When establishing a correspondent relationship with a CASP registered outside the EU.

Data to be shared

  • a) Full Official Name: As documented on an official government-issued document. For legal persons, use the registered name.
  • b) Distributed Ledger Address or Crypto-Asset Account Number:
    • If the transfer is registered on a DLT network, include the distributed ledger address and the crypto-asset account number if it exists and is used.
    • If not registered on a DLT network, provide the crypto-asset account number.
  • c) Address and Identification (Originator Only): For natural persons: habitual residence, including country name, official personal document number, customer identification number, or date and place of birth. For legal persons: registered office address.
  • d) Legal Entity Identifier (LEI) or Equivalent Identifier: Include the current LEI or another official identifier if available in the message format and provided by the originator to the crypto-asset service provider. The alternative identifier must: i) be a unique identification code for the legal entity; ii) be published in public registries; iii) be automatically issued upon entity formation by a public authority; iv) allow identification of name and address elements; v) be accompanied by a description of the identifier type in the messaging system.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

Required for transactions exceeding EUR 1,000.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner, and no later than the initiation of the blockchain transaction.

The main actions required

Obligations of the Originator's CASP


Information Accompaniment: Ensure crypto-asset transfers include information on both the originator and the beneficiary.


Verification: Before transferring, verify the originator's information using reliable, independent sources.


Wallet Attribution: Determine if the transfer is to another CASP or a self-hosted address, and identify the counterparty CASP.


Transfers to Self-Hosted Addresses: In the case of a transfer of crypto-assets made from a self-hosted address, the CASP of the originator shall obtain and hold the information on the originator and the beneficiary and shall ensure that the transfer of crypto-assets can be individually identified. For transfers exceeding EUR 1,000 to a self-hosted address, assess whether the address is owned or controlled by the beneficiary.


Batch Transfers: Permitted if all required information for each individual transfer is included.


Obligations of the Beneficiary's CASP


Detection of Missing Information: Implement procedures to detect if originator and beneficiary information is included in transfers.


Verification: Before making assets available to the beneficiary, verify their information using reliable, independent sources.


Incomplete Transfers: Use risk-based procedures to decide whether to execute, reject, return, or suspend transfers lacking complete information, and take appropriate follow-up actions. Report such failures to the competent authority.


Assessment and Reporting: Consider missing or incomplete information when assessing if a transfer is suspicious and report to the Financial Intelligence Unit (FIU) if necessary.


Transfers from Self-Hosted Addresses: For transfers exceeding EUR 1,000 from a self-hosted address, assess whether the address is owned or controlled by the originator.


Obligations of the Intermediary CASP


ICASPs must ensure the transfer and retention of information on the originator and beneficiary of crypto-assets, detect missing information, establish risk-based procedures for handling transfers with missing or incomplete information, take action against non-compliant CASPs, and report suspicious activities to the FIU.


Common Measures Applicable to CASPs


Sanctions Screening: Establish internal policies to ensure compliance with EU and national restrictive measures during transfers.


Transaction Monitoring and Reporting: Assess and monitor risks related to clients, products, delivery channels, and transactions-including those involving self-hosted addresses. Implement Enhanced Due Diligence (EDD) for suspicious or high-risk activities and report unusual transactions to the FIU.


Enhanced Due Diligence: I) Correspondent Relationships: Apply specific EDD measures when dealing with CASPs outside the EU; 2) Self-Hosted Addresses: Assess risks associated with transfers to or from self-hosted addresses and implement measures to mitigate those risks.

Batch file transfer

In the case of a batch file transfer of crypto-assets from a single originator, the obligation on the CASP of the originator to ensure that information on the originator accompanies transfers of funds shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information on the originator and beneficiary, that that information has been verified, and, where applicable, that the individual transfers carry the distributed ledger address of the originator, the crypto-asset account number of the originator, or the unique transaction identifier, where applicable.

Record retention

Eight years.

Subject

Details

Status

In force.

Regulation

Commencement date

March 30, 2020

Threshold

EUR 1,000

VASP Due Diligence

No requirement.

Data to be shared

Originator:

  • a) Full name;
  • b) Account number (or unique transaction identifier);
  • c) Address, official personal document number, customer identification number or date and place of birth.

Beneficiary:

  • d) Full name;
  • e) Payment account number (or unique transaction identifier).

Domestic vs cross-border transfers

There is a difference.


Domestic:


The following data should be transferred: b) and e). However, within three working days of receiving a request for information from the beneficiary's CASP or ICASP, the following data should be made available:

  • <EUR 1,000: a), b), d), e);
  • >EUR 1,000: a), b), c), d), e).

Cross-border:


The following data should be transferred:

  • <EUR 1,000: a), b), d), e);
  • >EUR 1,000: a), b), c), d), e).

Self-hosted wallet verification

No requirement.

Subject

Details

Time and way to share the Information

Regulation (EU) 2015/847 and the national regulation do not explicitly specify the time frame for information sharing. In turn, according to the interpretive note to FATF Recommendation 15, originating CASPs should submit the information on the originator and beneficiary to the beneficiary CASP immediately and securely.

The main actions required

Obligations of the Originator's CASP


Information Accompanying Transfers:


It shall ensure that all transfers of funds are accompanied by the information on the originator and beneficiary.


Verification of Information:


It shall verify the accuracy of the originator's information before the transfer. This can be done by using documents, data, or information from a reliable and independent source. If the originator's identity has been verified according to Directive (EU) 2015/849, no additional verification is required.


Transfers within the EU:


For transfers within the EU where all CASPs involved are in the EU, the CASP of the originator needs only to provide the payment account numbers of the originator and beneficiary (or a unique transaction identifier), unless otherwise requested.


Transfers to outside the EU:


In the case of a batch file transfer from a single originator where the CASPs of the beneficiaries are established outside the EU, the obligation to provide information on the originator shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information on the originator and beneficiary, that that information has been verified, and that the individual transfers carry the payment account number of the originator or, where applicable, the unique transaction identifier.


By way of derogation from the obligation to provide information on the originator, and, where applicable, without prejudice to the information required in accordance with Regulation (EU) No 260/2012, where the CASP of the originator is established outside the EU, transfers of funds not exceeding EUR 1,000 that do not appear to be linked to other transfers of funds which, together with the transfer in question, exceed EUR 1,000, shall be accompanied by at least:

  • (a) the names of the originator and of the beneficiary; and
  • (b) the payment account numbers of the originator and of the beneficiary or, where applicable, the unique transaction identifier.

By way of derogation, the CASP of the originator need not verify the information on the originator unless the CASP of the originator:

  • (a) has received the funds to be transferred in cash or in anonymous electronic money; or
  • (b) has reasonable grounds for suspecting money laundering or terrorist financing.

Obligations of the Beneficiary's CASP


Detection of Missing or Incomplete Information:


The beneficiary's CASP must implement effective procedures to ensure that information fields related to the originator and beneficiary in payment systems are correctly filled using admissible characters according to system conventions. They should detect missing information through appropriate procedures, including ex-post or real-time monitoring where necessary.


Verification of Information:


For transfers exceeding EUR 1,000, whether in single or linked transactions, the beneficiary's CASP must verify the accuracy of the beneficiary's information using reliable and independent sources before crediting the account or making funds available, in compliance with Articles 69 and 70 of Directive 2007/64/EC.


For transfers not exceeding EUR 1,000 that are not linked to others surpassing that amount, the CASP is not required to verify the beneficiary's information unless:

  • (a) The funds are paid out in cash or anonymous electronic money; or
  • (b) There are reasonable grounds to suspect money laundering or terrorist financing.

Transfers with Missing Information:


The beneficiary's CASP must implement risk-based procedures to decide whether to execute, reject, or suspend transfers that lack complete originator and beneficiary information, and take appropriate follow-up actions.


If the beneficiary's CASP detects missing, incomplete, or improperly formatted originator or beneficiary information upon receiving a transfer, it should, on a risk-sensitive basis, either reject the transfer or request the necessary information before or after crediting the beneficiary's account.


If a CASP repeatedly fails to provide the required information, the beneficiary's CASP should issue warnings and set deadlines, and may ultimately reject future transfers or terminate the business relationship with that CASP.


The beneficiary's CASP must report such failures and the actions taken to the competent authority responsible for monitoring AML/CTF compliance.


Handling Suspicious Transactions:


Missing or incomplete information on the originator or beneficiary must be factored into the CASP's risk assessment for suspicious transactions and whether such transfers should be reported to the Financial Intelligence Unit.


Obligations of the Intermediary CASP


ICASPs shall ensure that all originator and beneficiary information accompanying a transfer of funds is retained. Effective procedures shall be in place to detect whether the information fields have been correctly completed in accordance with the messaging system's conventions. Monitoring, either real-time or ex-post, should be implemented to identify missing information.


ICASPs shall also establish risk-based procedures to determine whether to execute, reject, or suspend transfers with incomplete information. If a CASP repeatedly fails to provide the required information, the ICASP must take appropriate actions, such as issuing warnings or terminating the business relationship, and report the failure to the relevant authority. Missing information should be factored into the ICASP's assessment of whether a transaction is suspicious and whether it should be reported to the FIU, as per Directive (EU) 2015/849.

Batch file transfer

In the case of a batch file transfer from a single originator where the CASPs of the beneficiaries are established outside the EU, the obligation on the CASP of the originator to ensure that information on the originator accompanies transfers of funds shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information on the originator and the beneficiary, that the information has been properly verified, and that the individual transfers carry the account number of the originator or, where the exception is applied, the unique transaction identifier.

Record retention

Five years.

Notes

VASPs have to comply with the obligations as provided for in Regulation (EU) 2015/847. The national regulation does not impose any additional requirements.

Subject

Details

Status

In force.

Regulation

Guidelines on Prevention of Money Laundering and Terrorism Financing for Reporting Institutions in the Capital Market

Commencement date

April 26, 2021

Threshold

No threshold.

VASP Due Diligence

No requirement.

Data to be shared

Originator:

  • a) Full name;
  • b) National registration identity card number or passport number;
  • c) Account number or digital wallet address or a unique transaction reference number;
  • d) Address or date and place of birth.

Beneficiary:

  • e) Full name;
  • f) Account number or digital wallet address or a unique transaction reference number.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Subject

Details

Time and way to share the Information

No difference.

The main actions required

  1. A reporting institution must not execute wire transfer of digital assets if it does not comply with the requirements.
  2. In providing wire transfer of a digital asset, the reporting institutions must comply with requirements on targeted financial sanctions.
  3. A reporting institution must maintain all originator and beneficiary information collected in accordance with record keeping requirements.
  4. A reporting institution which is an ordering institution must ensure that the message or instruction for cross-border wire transfer are accompanied by the information specified in Section "Data to be shared".
  5. A beneficiary institution is required to take reasonable measures, including post-event or real-time monitoring where feasible, to identify the transfers that lack the required originator information or required beneficiary information.
  6. A beneficiary institution is required to have effective risk-based policies and procedures for determining-
    • (a) when to execute, reject, or suspend a wire transfer lacking the required originator or required beneficiary information; and
    • (b) the appropriate follow-up action.

Batch file transfer

No difference.

Record retention

Seven years.

Subject

Details

Status

Not in force.

Regulation

Commencement date

December 30, 2024

Threshold

No threshold.

VASP Due Diligence

When establishing a correspondent relationship with a CASP registered outside the EU.

Data to be shared

  • a) Full Official Name: As documented on an official government-issued document. For legal persons, use the registered name.
  • b) Distributed Ledger Address or Crypto-Asset Account Number:
    • If the transfer is registered on a DLT network, include the distributed ledger address and the crypto-asset account number if it exists and is used.
    • If not registered on a DLT network, provide the crypto-asset account number.
  • c) Address and Identification (Originator Only): For natural persons: habitual residence, including country name, official personal document number, customer identification number, or date and place of birth. For legal persons: registered office address.
  • d) Legal Entity Identifier (LEI) or Equivalent Identifier: Include the current LEI or another official identifier if available in the message format and provided by the originator to the crypto-asset service provider.
    The alternative identifier must:
    • i) be a unique identification code for the legal entity;
    • ii) be published in public registries;
    • iii) be automatically issued upon entity formation by a public authority;
    • iv) allow identification of name and address elements;
    • v) be accompanied by a description of the identifier type in the messaging system.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

Required for transactions exceeding EUR 1,000.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner, and no later than the initiation of the blockchain transaction

The main actions required

Obligations of the Originator's CASP


Information Accompaniment: Ensure crypto-asset transfers include information on both the originator and the beneficiary.


Verification: Before transferring, verify the originator's information using reliable, independent sources.


Wallet Attribution: Determine if the transfer is to another CASP or a self-hosted address, and identify the counterparty CASP.


Transfers to Self-Hosted Addresses: In the case of a transfer of crypto-assets made from a self-hosted address, the CASP of the originator shall obtain and hold the information on the originator and the beneficiary and shall ensure that the transfer of crypto-assets can be individually identified. For transfers exceeding EUR 1,000 to a self-hosted address, assess whether the address is owned or controlled by the beneficiary.


Batch Transfers: Permitted if all required information for each individual transfer is included.


Obligations of the Beneficiary's CASP


Detection of Missing Information: Implement procedures to detect if originator and beneficiary information is included in transfers.


Verification: Before making assets available to the beneficiary, verify their information using reliable, independent sources.


Incomplete Transfers: Use risk-based procedures to decide whether to execute, reject, return, or suspend transfers lacking complete information, and take appropriate follow-up actions. Report such failures to the competent authority.


Assessment and Reporting: Consider missing or incomplete information when assessing if a transfer is suspicious and report to the Financial Intelligence Unit (FIU) if necessary.


Transfers from Self-Hosted Addresses: For transfers exceeding EUR 1,000 from a self-hosted address, assess whether the address is owned or controlled by the originator.


Obligations of the Intermediary CASP


ICASPs must ensure the transfer and retention of information on the originator and beneficiary of crypto-assets, detect missing information, establish risk-based procedures for handling transfers with missing or incomplete information, take action against non-compliant CASPs, and report suspicious activities to the FIU.


Common Measures Applicable to CASPs


Sanctions Screening: Establish internal policies to ensure compliance with EU and national restrictive measures during transfers.


Transaction Monitoring and Reporting: Assess and monitor risks related to clients, products, delivery channels, and transactions-including those involving self-hosted addresses. Implement Enhanced Due Diligence (EDD) for suspicious or high-risk activities and report unusual transactions to the FIU.


Enhanced Due Diligence: I) Correspondent Relationships: Apply specific EDD measures when dealing with CASPs outside the EU; 2) Self-Hosted Addresses: Assess risks associated with transfers to or from self-hosted addresses and implement measures to mitigate those risks.

Batch file transfer

In the case of a batch file transfer of crypto-assets from a single originator, the obligation on the CASP of the originator to ensure that information on the originator accompanies transfers of funds shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information on the originator and beneficiary, that that information has been verified, and, where applicable, that the individual transfers carry the distributed ledger address of the originator, the crypto-asset account number of the originator, or the unique transaction identifier, where applicable.

Record retention

Five years.

Subject

Details

Status

In force.

Regulation

Commencement date

February 7, 2022

Threshold

No threshold.

VASP Due Diligence

Required.

Data to be shared

Originator:

  • a) Full name;
  • b) Account number (or a unique transaction reference number);
  • c) One of the following information: physical address; or national identity card number or passport number; or customer identification number; or place of birth.

Beneficiary:

  • d) Full name;
  • e) Account number (or a unique transaction reference number).

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner

The main actions required

  1. Where a transfer of virtual asset is made -
    • (a) the originating virtual asset service provider shall -
      • (i) obtain and hold required and accurate originator information and required beneficiary information on the transfer from Section "Data to be shared"; and
      • (ii) immediately and securely submit the information obtained and held pursuant to Section "Data to be shared" to the beneficiary virtual asset service provider or any other financial institution; and
    • (b) the beneficiary virtual asset service provider shall obtain and hold required originator information and required and accurate beneficiary information on the transfer from Section "Data to be shared".
  2. An originating virtual asset service provider shall ensure that all transfers of virtual assets are always accompanied by -
    • (a) required and accurate originator information, as specified in Section "Data to be shared", and
    • (b) required beneficiary information, as specified in Section "Data to be shared".
  3. The originating virtual asset service provider shall not execute a transfer of virtual asset where it does not comply with the requirements specified in Section "Data to be shared".
  4. A beneficiary virtual asset service provider shall -
    • (a) take reasonable measures, which may include post-event monitoring or real-time monitoring where feasible, to identify transfers of virtual assets that lack required originator information or required beneficiary information.
    • (b) have risk-based policies and procedures for determining -
      • (i) when to execute, reject or suspend a transfer of virtual asset lacking required originator or required beneficiary information; and
      • (ii) the appropriate follow-up actions.
  5. According to Guidance Notes, VASPs would be expected to make use of relevant software to:
    • Perform robust due diligence or KYC process on counterpart institutions;
    • Identify counterparty wallet type (pre-transaction);
    • Identify risk-related details about the beneficiary through blockchain analytics and sanctions screening providers;
    • Allow to safely send or receive encrypted customer's personal information through various messaging protocols; and
    • Allow to generate reports to the FSC on a timely basis, upon request.
  6. As far as occasional transactions are concerned, following consequential amendments made in the FIAMLA, a VASP is required to:
    • (i) apply CDD measures in respect to an occasional transaction in an amount equal to or above 1000 US dollars or an equivalent amount in foreign currency where the exchange rate to be used to calculate the US dollar equivalent shall be the selling rate In force. at the time of the transaction, whether conducted as a single transaction or several transactions that appear to be linked; and
    • (ii) record, in respect to an occasional transaction in an amount below 1000 US dollars, the name of the originator and the beneficiary; and the virtual asset wallet address for each or a unique transaction reference number.

The Travel Rule requirements also extend to a financial institution, acting as intermediary, when sending or receiving virtual asset transfers on behalf of a customer as they would have applied to a VASP.

Batch file transfer

No difference.

Record retention

Seven years.

Subject

Details

Status

In force.

Regulation

Commencement date

September 1, 2023

Threshold

No threshold.

VASP Due Diligence

Enhanced Customer Due Diligence is required for correspondent banking relationships. Considering the analogous nature of correspondent relationships between VASPs, Sumsub assumes that this requirement similarly applies to VASPs.

Data to be shared

Originator:

  • a) Full name;
  • b) Virtual asset account number (or unique transaction reference number);
  • c) One of the following: address; or national identity card number or passport number; or customer identification number; or place of birth.

Beneficiary:

  • g) Full name;
  • h) Virtual asset account number (or unique transaction reference number).

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement. It depends on the identified risk.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner.

The main actions required

Obligations of the Originator's VASP


Information Accompaniment: Ensure crypto-asset transfers include information on both the originator and the beneficiary.


Verification: Before transferring, verify the originator's information using reliable, independent sources.


Wallet Attribution: Determine if the transfer is to another VASP or a self-hosted address, and identify the counterparty VASP.


Transfers to Self-Hosted Addresses: In the case of a transfer of crypto-assets made from a self-hosted address, the VASP of the originator shall obtain and hold the information on the originator and the beneficiary and shall ensure that the transfer of crypto-assets can be individually identified.


Batch Transfers: Permitted if all required information for each individual transfer is included.


Obligations of the Beneficiary's VASP


Detection of Missing Information: Implement procedures to detect if originator and beneficiary information is included in transfers.


Verification: Before making assets available to the beneficiary, verify their information using reliable, independent sources.


Incomplete Transfers: Use risk-based procedures to decide whether to execute, reject, return, or suspend transfers lacking complete information, and take appropriate follow-up actions. Report such failures to the competent authority.


Assessment and Reporting: Consider missing or incomplete information when assessing if a transfer is suspicious and report to the Financial Intelligence Unit (FIU) if necessary.


Common Measures Applicable to VASPs


Sanctions Screening: Establish internal policies to ensure compliance with applicable restrictive measures during transfers.


Transaction Monitoring and Reporting: Assess and monitor risks related to clients, products, delivery channels, and transactions. Implement Enhanced Due Diligence (EDD) for suspicious or high-risk activities and report unusual transactions to the FIU.

Batch file transfer

For batch file transfers of virtual assets from a single originator, the individual transfers of virtual assets bundled must contain the following information:


Originator:

  • a) Full name;
  • b) Account number;
  • c) One of the following: address; or national identity card number or passport number; or customer identification number; or date and place of birth;
  • d) Individual transfers of virtual assets must carry the account number or unique identifier;
  • e) Any other information and documents as The Bank of Namibia may require.

Beneficiary:

  • f) Full name;
  • g) Account number (or unique identifier that is traceable in the beneficiary's country).

Record retention

Five years.

Subject

Details

Status

Not in force.

Regulation

Commencement date

December 30, 2024

Threshold

No threshold.

VASP Due Diligence

When establishing a correspondent relationship with a CASP registered outside the EU.

Data to be shared

  • a) Full Official Name: As documented on an official government-issued document. For legal persons, use the registered name.
  • b) Distributed Ledger Address or Crypto-Asset Account Number:
    • If the transfer is registered on a DLT network, include the distributed ledger address and the crypto-asset account number if it exists and is used.
    • If not registered on a DLT network, provide the crypto-asset account number.
  • c) Address and Identification (Originator Only): For natural persons: habitual residence, including country name, official personal document number, customer identification number, or date and place of birth. For legal persons: registered office address.
  • d) Legal Entity Identifier (LEI) or Equivalent Identifier: Include the current LEI or another official identifier if available in the message format and provided by the originator to the crypto-asset service provider. The alternative identifier must:
    • i) be a unique identification code for the legal entity;
    • ii) be published in public registries;
    • iii) be automatically issued upon entity formation by a public authority;
    • iv) allow identification of name and address elements;
    • v) be accompanied by a description of the identifier type in the messaging system.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

Required for transactions exceeding EUR 1,000.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner, and no later than the initiation of the blockchain transaction

The main actions required

Obligations of the Originator's CASP


Information Accompaniment: Ensure crypto-asset transfers include information on both the originator and the beneficiary.


Verification: Before transferring, verify the originator's information using reliable, independent sources.


Wallet Attribution: Determine if the transfer is to another CASP or a self-hosted address, and identify the counterparty CASP.


Transfers to Self-Hosted Addresses: In the case of a transfer of crypto-assets made from a self-hosted address, the CASP of the originator shall obtain and hold the information on the originator and the beneficiary and shall ensure that the transfer of crypto-assets can be individually identified. For transfers exceeding EUR 1,000 to a self-hosted address, assess whether the address is owned or controlled by the beneficiary.


Batch Transfers: Permitted if all required information for each individual transfer is included.


Obligations of the Beneficiary's CASP


Detection of Missing Information: Implement procedures to detect if originator and beneficiary information is included in transfers.


Verification: Before making assets available to the beneficiary, verify their information using reliable, independent sources.


Incomplete Transfers: Use risk-based procedures to decide whether to execute, reject, return, or suspend transfers lacking complete information, and take appropriate follow-up actions. Report such failures to the competent authority.


Assessment and Reporting: Consider missing or incomplete information when assessing if a transfer is suspicious and report to the Financial Intelligence Unit (FIU) if necessary.


Transfers from Self-Hosted Addresses: For transfers exceeding EUR 1,000 from a self-hosted address, assess whether the address is owned or controlled by the originator.


Obligations of the Intermediary CASP


ICASPs must ensure the transfer and retention of information on the originator and beneficiary of crypto-assets, detect missing information, establish risk-based procedures for handling transfers with missing or incomplete information, take action against non-compliant CASPs, and report suspicious activities to the FIU.


Common Measures Applicable to CASPs


Sanctions Screening: Establish internal policies to ensure compliance with EU and national restrictive measures during transfers.


Transaction Monitoring and Reporting: Assess and monitor risks related to clients, products, delivery channels, and transactions-including those involving self-hosted addresses. Implement Enhanced Due Diligence (EDD) for suspicious or high-risk activities and report unusual transactions to the FIU.


Enhanced Due Diligence: I) Correspondent Relationships: Apply specific EDD measures when dealing with CASPs outside the EU; 2) Self-Hosted Addresses: Assess risks associated with transfers to or from self-hosted addresses and implement measures to mitigate those risks.

Batch file transfer

In the case of a batch file transfer of crypto-assets from a single originator, the obligation on the CASP of the originator to ensure that information on the originator accompanies transfers of funds shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information on the originator and beneficiary, that that information has been verified, and, where applicable, that the individual transfers carry the distributed ledger address of the originator, the crypto-asset account number of the originator, or the unique transaction identifier, where applicable.

Record retention

Five years.

Subject

Details

Status

In force.

Regulation

Commencement date

Partially implemented in 2020.


The amendments will be effective from June 1, 2024.

Threshold

NZD 1,000

VASP Due Diligence

No requirement.

Data to be shared

Originator:

  • a) Full name;
  • b) Account number or other identifying information;

One of the following:

  • c) Address;
  • d) National identity number;
  • e) Customer identification number;
  • f) Place and date of birth.

Beneficiary:

  • g) Full name;
  • h) Account number (or a unique transaction reference number).

Domestic vs cross-border transfers

There is a difference.


Domestic. The following data needs to be transferred: b), but a), c), d), e), f), g) or other information should be provided within three working days after the request.


Cross-border: a), b), c), d), e), f), g), h).

Self-hosted wallet verification

No requirement.

Subject

Details

Time and way to share the Information

Any information about the originator obtained by a reporting entity that is an intermediary institution must be provided by that reporting entity to the beneficiary institution as soon as practicable.


The information obtained by the reporting entity must accompany the wire transfer.

The main actions required

A reporting entity that is an ordering institution must identify the originator of a wire transfer that is equal to or above the applicable threshold value by obtaining the information from Section "Data to be shared".


A reporting entity that is a beneficiary institution must-

  • (a) use effective risk-based procedures for handling wire transfers that are not accompanied by all the information specified in Section "Data to be shared"; and
  • (b) consider whether the wire transfers constitute a suspicious activity.

VASPs should, in addition, be aware of the FATF recommendations in relation to wire transfers, which include virtual asset to virtual-asset transactions. VASPs should be aware that other international jurisdictions they deal with (and other VASPs based in those jurisdictions) may require this, and consequently, it would be considered 'best practice' for VASPs to include virtual asset to virtual asset transactions in their wire transfer procedures.


If, for any technological reason, the intermediary institution cannot comply with the requirements, the intermediary institution must keep a record of the information that was received.

Batch file transfer

No difference.

Record retention

Five years.

Subject

Details

Status

In force.

Regulation

Commencement date

May 12, 2022

Threshold

USD 1,000

VASP Due Diligence

No requirement.

Data to be shared

Originator:

  • a) Full name;
  • b) Wallet address;
  • c) Physical address or national identity number or, where the originator is not a natural person, the incorporation number or business registration number.

Beneficiary:

  • d) Full name;
  • e) Wallet address.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner.

The main actions required

A Capital Market Operator (CMO) shall ensure that all cross-border transfers always include full originator information and must verify that the originator information is accurate. Full originator information is described on Section "Data to be shared"


A CMO shall ensure that all cross-border transfers always include full beneficiary information. Full beneficiary information is described on Section "Data to be shared.


Cross-border transfers below $1,000 are exempt from the requirements specified above. For all cross-border transfers below $1,000, a CMO shall:

  • (a) ensure that all such transfers include the name of the originator, the name of the beneficiary, and the wallet address for each; and
  • (b) verify the information pertaining to its customer if there is a suspicion of money laundering or terrorist financing.

Batch file transfer

No difference.

Record retention

Five years.

Subject

Details

Status

Not in force.

Regulation

Commencement date

December 30, 2024

Threshold

No threshold.

VASP Due Diligence

When establishing a correspondent relationship with a CASP registered outside the EU.

Data to be shared

  • a) Full Official Name: As documented on an official government-issued document. For legal persons, use the registered name.
  • b) Distributed Ledger Address or Crypto-Asset Account Number:
    • If the transfer is registered on a DLT network, include the distributed ledger address and the crypto-asset account number if it exists and is used.
    • If not registered on a DLT network, provide the crypto-asset account number.
  • c) Address and Identification (Originator Only): For natural persons: habitual residence, including country name, official personal document number, customer identification number, or date and place of birth. For legal persons: registered office address.
  • d) Legal Entity Identifier (LEI) or Equivalent Identifier: Include the current LEI or another official identifier if available in the message format and provided by the originator to the crypto-asset service provider. The alternative identifier must:
    • i) be a unique identification code for the legal entity;
    • ii) be published in public registries;
    • iii) be automatically issued upon entity formation by a public authority;
    • iv) allow identification of name and address elements;
    • v) be accompanied by a description of the identifier type in the messaging system.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

Required for transactions exceeding EUR 1,000.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner, and no later than the initiation of the blockchain transaction.

The main actions required

Obligations of the Originator's CASP


Information Accompaniment: Ensure crypto-asset transfers include information on both the originator and the beneficiary.


Verification: Before transferring, verify the originator's information using reliable, independent sources.


Wallet Attribution: Determine if the transfer is to another CASP or a self-hosted address, and identify the counterparty CASP.


Transfers to Self-Hosted Addresses: In the case of a transfer of crypto-assets made from a self-hosted address, the CASP of the originator shall obtain and hold the information on the originator and the beneficiary and shall ensure that the transfer of crypto-assets can be individually identified. For transfers exceeding EUR 1,000 to a self-hosted address, assess whether the address is owned or controlled by the beneficiary.


Batch Transfers: Permitted if all required information for each individual transfer is included.


Obligations of the Beneficiary's CASP


Detection of Missing Information: Implement procedures to detect if originator and beneficiary information is included in transfers.


Verification: Before making assets available to the beneficiary, verify their information using reliable, independent sources.


Incomplete Transfers: Use risk-based procedures to decide whether to execute, reject, return, or suspend transfers lacking complete information, and take appropriate follow-up actions. Report such failures to the competent authority.


Assessment and Reporting: Consider missing or incomplete information when assessing if a transfer is suspicious and report to the Financial Intelligence Unit (FIU) if necessary.


Transfers from Self-Hosted Addresses: For transfers exceeding EUR 1,000 from a self-hosted address, assess whether the address is owned or controlled by the originator.


Obligations of the Intermediary CASP


ICASPs must ensure the transfer and retention of information on the originator and beneficiary of crypto-assets, detect missing information, establish risk-based procedures for handling transfers with missing or incomplete information, take action against non-compliant CASPs, and report suspicious activities to the FIU.


Common Measures Applicable to CASPs


Sanctions Screening: Establish internal policies to ensure compliance with applicable restrictive measures during transfers.


Transaction Monitoring and Reporting: Assess and monitor risks related to clients, products, delivery channels, and transactions-including those involving self-hosted addresses. Implement Enhanced Due Diligence (EDD) for suspicious or high-risk activities and report unusual transactions to the FIU.


Enhanced Due Diligence: I) Correspondent Relationships: Apply specific EDD measures when dealing with CASPs outside the EU; 2) Self-Hosted Addresses: Assess risks associated with transfers to or from self-hosted addresses and implement measures to mitigate those risks.

Batch file transfer

In the case of a batch file transfer of crypto-assets from a single originator, the obligation on the CASP of the originator to ensure that information on the originator accompanies transfers of funds shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information on the originator and beneficiary, that that information has been verified, and, where applicable, that the individual transfers carry the distributed ledger address of the originator, the crypto-asset account number of the originator, or the unique transaction identifier, where applicable.

Record retention

Five years.

Subject

Details

Status

In force.

Regulation

Decision No. (E/35/2023) Instructions on Registration of Virtual Asset Services Providers and Implementation of the Requirements for Combating Money Laundering and Terrorism Financing

Commencement date

June 6, 2023

Threshold

No threshold.

VASP Due Diligence

No requirement.

Data to be shared

Originator:

  • a) Full name;
  • b) Wallet address, where such an account is used to process the virtual asset transfer or a unique transaction reference which permits traceability of the transaction;
  • c) Physical address, or national identification or customer identification number, or the date and place of birth.

Beneficiary:

  • d) Full name;
  • e) Wallet address where such an account is used to process the transaction, an account number, or a unique transaction reference which permits traceability of the transaction.

Domestic vs cross-border transfers

No difference. All virtual asset transfers shall be treated as cross-border transactions.

Self-hosted wallet verification

No requirement.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner

The main actions required

Obligations of the originator's VASP


The originator's VASP shall obtain and hold verified originator and beneficiary information on a virtual asset transfer and shall submit the required information to the beneficiary's VASP immediately and securely and in all cases where the beneficiary' VASP exists. Post facto submission of the required information is not permitted. VASPs shall not execute virtual asset transfers that do not comply with the stipulated obligation.


Obligations of the beneficiary's VASP


The beneficiary's VASP shall take reasonable measures to identify virtual asset transfers which lack the required originator and beneficiary information. It shall also have effective procedures for determining when to reject a virtual asset transfer lacking required originator or required beneficiary information and consider reporting to the National Centre for Financial Information.


Common Measures Applicable to CASPs


VASPs shall ensure that the required information is transmitted along the chain of virtual asset transfers and that relevant records are being kept properly.


VASPs shall have effective risk-based procedures that are consistent with straight through processing for:

  • a) Identifying virtual asset transfers that lack required originator and / or beneficiary information;
  • b) Determining when to execute, reject, or suspend a virtual asset transfer lacking required originator or required beneficiary information and considering reporting to the National Centre for Financial Information; and
  • c) Taking appropriate follow-up action which may include restricting or terminating business relationships.

Batch file transfer

No difference.

Record retention

10 years.

Subject

Details

Status

In force.

Regulation

Commencement date

February 5, 2021

Threshold

PHP 50,000

VASP Due Diligence

Required.

Data to be shared

Originator:

  • a) Full name;
  • b) Account number;
  • c) Physical (geographical) address, or national identity number, or customer identification number, or date and place of birth.

Beneficiary:

  • d) Full name;
  • e) Account number.

If <PHP 50,000

  • a), b), d), e).

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

Required.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner.

The main actions required

  • The originating institution in a VA transfer must obtain and hold the required and accurate originator information as well as the required beneficiary information, and transmit said information to the beneficiary institution.
  • Beneficiary institutions must obtain and hold required originator information as well as required and accurate beneficiary information. All the information gathered shall be made available on request to competent authorities.
  • For large value pay-outs of more than P500,000 or its equivalent in foreign currency, in any single transaction with customers or counterparties, enhanced due diligence shall- be conducted and said pay-outs shalI only be made via check payment or direct credit to deposj-t accounts or account to account transfer using electronic fund transfer facilities.
  • Originating and beneficiary VASPs must also establish and adhere a robust sanction screening procedures to ensure compliance with the sanctions list and prevent transactions involving sanctioned individuals, entities, or jurisdictions.
  • All VASPs are required to screen all transaction parties against terrorist financing/ proliferation financing (TF/PF) lists, as well as against adverse media reports.

Batch file transfer

No difference.

Record retention

Five years.

Subject

Details

Status

Not in force.

Regulation

Commencement date

December 30, 2024

Threshold

No threshold.

VASP Due Diligence

When establishing a correspondent relationship with a CASP registered outside the EU.

Data to be shared

  • a) Full Official Name: As documented on an official government-issued document. For legal persons, use the registered name.
  • b) Distributed Ledger Address or Crypto-Asset Account Number:
    • If the transfer is registered on a DLT network, include the distributed ledger address and the crypto-asset account number if it exists and is used.
    • If not registered on a DLT network, provide the crypto-asset account number.
  • c) Address and Identification (Originator Only): For natural persons: habitual residence, including country name, official personal document number, customer identification number, or date and place of birth. For legal persons: registered office address.
  • d) Legal Entity Identifier (LEI) or Equivalent Identifier: Include the current LEI or another official identifier if available in the message format and provided by the originator to the crypto-asset service provider. The alternative identifier must:
    • i) be a unique identification code for the legal entity;
    • ii) be published in public registries;
    • iii) be automatically issued upon entity formation by a public authority;
    • iv) allow identification of name and address elements;
    • v) be accompanied by a description of the identifier type in the messaging system.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

Required for transactions exceeding EUR 1,000.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner, and no later than the initiation of the blockchain transaction.

The main actions required

Obligations of the Originator's CASP


Information Accompaniment: Ensure crypto-asset transfers include information on both the originator and the beneficiary.


Verification: Before transferring, verify the originator's information using reliable, independent sources.


Wallet Attribution: Determine if the transfer is to another CASP or a self-hosted address, and identify the counterparty CASP.


Transfers to Self-Hosted Addresses: In the case of a transfer of crypto-assets made from a self-hosted address, the CASP of the originator shall obtain and hold the information on the originator and the beneficiary and shall ensure that the transfer of crypto-assets can be individually identified. For transfers exceeding EUR 1,000 to a self-hosted address, assess whether the address is owned or controlled by the beneficiary.


Batch Transfers: Permitted if all required information for each individual transfer is included.


Obligations of the Beneficiary's CASP


Detection of Missing Information: Implement procedures to detect if originator and beneficiary information is included in transfers.


Verification: Before making assets available to the beneficiary, verify their information using reliable, independent sources.


Incomplete Transfers: Use risk-based procedures to decide whether to execute, reject, return, or suspend transfers lacking complete information, and take appropriate follow-up actions. Report such failures to the competent authority.


Assessment and Reporting: Consider missing or incomplete information when assessing if a transfer is suspicious and report to the Financial Intelligence Unit (FIU) if necessary.


Transfers from Self-Hosted Addresses: For transfers exceeding EUR 1,000 from a self-hosted address, assess whether the address is owned or controlled by the originator.


Obligations of the Intermediary CASP


ICASPs must ensure the transfer and retention of information on the originator and beneficiary of crypto-assets, detect missing information, establish risk-based procedures for handling transfers with missing or incomplete information, take action against non-compliant CASPs, and report suspicious activities to the FIU.


Common Measures Applicable to CASPs


Sanctions Screening: Establish internal policies to ensure compliance with EU and national restrictive measures during transfers.


Transaction Monitoring and Reporting: Assess and monitor risks related to clients, products, delivery channels, and transactions-including those involving self-hosted addresses. Implement Enhanced Due Diligence (EDD) for suspicious or high-risk activities and report unusual transactions to the FIU.


Enhanced Due Diligence: I) Correspondent Relationships: Apply specific EDD measures when dealing with CASPs outside the EU; 2) Self-Hosted Addresses: Assess risks associated with transfers to or from self-hosted addresses and implement measures to mitigate those risks.

Batch file transfer

In the case of a batch file transfer of crypto-assets from a single originator, the obligation on the CASP of the originator to ensure that information on the originator accompanies transfers of funds shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information on the originator and beneficiary, that that information has been verified, and, where applicable, that the individual transfers carry the distributed ledger address of the originator, the crypto-asset account number of the originator, or the unique transaction identifier, where applicable.

Record retention

Five years.

Subject

Details

Status

In force.

Regulation

Commencement date

July 15, 2023

Threshold

No threshold.

VASP Due Diligence

Required.

Data to be shared

Originator:

  • a) Full name;
  • b) Address or addresses of the distributed ledger and, where it exists and is used to process the transfer, the internal number of customer portfolio identification;
  • c) Portfolio's internal identification number (or the unique transaction identifier);
  • d) Full address of residence, official identification document number and customer identification number or, alternatively, date and place of birth.

Beneficiary:

  • e) Full name;
  • f) Address or addresses of the distributed ledger and, where it exists and is used to process the transfer, the internal number of identification of the portfolio with the entity that carries out activities with virtual assets or the entity of an equivalent nature that receives the transfer on behalf of the beneficiary;
  • g) Internal identification number of the portfolio (or the unique transaction identifier).

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

Required.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner, and no later than the initiation of the blockchain transaction.

The main actions required

Obligations of the Originator's VASP


Entities carrying out activities with VA ensure that the transfers of VA they send are accompanied by the information specified in section "Data to be shared".


Before carrying out the transfer of virtual assets, the entity verifies the accuracy of the information relating to the originator referred to the information of the section "Data to be shared", based on documents or information obtained from sources of information considered reputable, credible and sufficient.


Obligations of the Beneficiary's VASP


Beneficiary VASPs apply effective procedures, including, whenever appropriate, real-time or ex post monitoring of transfers, to detect whether the information on the originator and beneficiary are included in, or accompany, the transfer of virtual assets or the transfer of virtual assets in batches.


Before making the virtual assets available to the beneficiary, the beneficiary VASPs verify the accuracy of the information regarding the beneficiary based on documents or information obtained from sources of information considered suitable, credible and sufficient.


Beneficiary VASPs implement effective risk-based procedures, under the terms of the Law and this Notice, to determine when they execute, reject or suspend a transfer of virtual assets that is not accompanied by the complete information required about the originator and beneficiary and to take appropriate follow-up measures.


Obligations of the Intermediary VASP


Intermediary VASPs shall ensure that all information received on the payer and payee referred on the section "Data do be shared" which are included in, or accompanying, a transfer of virtual assets are:

  • a) Transmitted with the transfer, following the requirements of the section "Time and way to share the Information";
  • b) Kept under conservation duty;
  • c) Made available at the request of Banco de Portugal.

Entities carrying out activities with virtual assets also observe the provisions of general compliance listed on the Notice, with the necessary adaptations, in relation to the transfers of virtual assets.

Batch file transfer

In the case of transfers of virtual assets in batches from a single payer, the standard provisions are not applicable to individual transfers grouped in that batch, provided that, cumulatively:

  • a) The respective file contains the information referred to in Section "Data to be shared";
  • b) The information referred to in the previous paragraph has been verified; and
  • c) Individual transfers contain the information referred to points "c" and "g" in the Section "Data to be shared"

Record retention

Seven years.

Subject

Details

Status

Not in force.

Regulation

Commencement date

December 30, 2024

Threshold

No threshold.

VASP Due Diligence

When establishing a correspondent relationship with a CASP registered outside the EU.

Data to be shared

  • a) Full Official Name: As documented on an official government-issued document. For legal persons, use the registered name.
  • b) Distributed Ledger Address or Crypto-Asset Account Number:
  • If the transfer is registered on a DLT network, include the distributed ledger address and the crypto-asset account number if it exists and is used. If not registered on a DLT network, provide the crypto-asset account number.

  • c) Address and Identification (Originator Only): For natural persons: habitual residence, including country name, official personal document number, customer identification number, or date and place of birth. For legal persons: registered office address.
  • d) Legal Entity Identifier (LEI) or Equivalent Identifier: Include the current LEI or another official identifier if available in the message format and provided by the originator to the crypto-asset service provider. The alternative identifier must:
    • i) be a unique identification code for the legal entity;
    • ii) be published in public registries;
    • iii) be automatically issued upon entity formation by a public authority;
    • iv) allow identification of name and address elements;
    • v) be accompanied by a description of the identifier type in the messaging system.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

Required for transactions exceeding EUR 1,000.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner, and no later than the initiation of the blockchain transaction.

The main actions required

Obligations of the Originator's CASP


Information Accompaniment: Ensure crypto-asset transfers include information on both the originator and the beneficiary.


Verification: Before transferring, verify the originator's information using reliable, independent sources.


Wallet Attribution: Determine if the transfer is to another CASP or a self-hosted address, and identify the counterparty CASP.


Transfers to Self-Hosted Addresses: In the case of a transfer of crypto-assets made from a self-hosted address, the CASP of the originator shall obtain and hold the information on the originator and the beneficiary and shall ensure that the transfer of crypto-assets can be individually identified. For transfers exceeding EUR 1,000 to a self-hosted address, assess whether the address is owned or controlled by the beneficiary.


Batch Transfers: Permitted if all required information for each individual transfer is included.


Obligations of the Beneficiary's CASP


Detection of Missing Information: Implement procedures to detect if originator and beneficiary information is included in transfers.


Verification: Before making assets available to the beneficiary, verify their information using reliable, independent sources.


Incomplete Transfers: Use risk-based procedures to decide whether to execute, reject, return, or suspend transfers lacking complete information, and take appropriate follow-up actions. Report such failures to the competent authority.


Assessment and Reporting: Consider missing or incomplete information when assessing if a transfer is suspicious and report to the Financial Intelligence Unit (FIU) if necessary.


Transfers from Self-Hosted Addresses: For transfers exceeding EUR 1,000 from a self-hosted address, assess whether the address is owned or controlled by the originator.


Obligations of the Intermediary CASP


ICASPs must ensure the transfer and retention of information on the originator and beneficiary of crypto-assets, detect missing information, establish risk-based procedures for handling transfers with missing or incomplete information, take action against non-compliant CASPs, and report suspicious activities to the FIU.


Common Measures Applicable to CASPs


Sanctions Screening: Establish internal policies to ensure compliance with EU and national restrictive measures during transfers.


Transaction Monitoring and Reporting: Assess and monitor risks related to clients, products, delivery channels, and transactions-including those involving self-hosted addresses. Implement Enhanced Due Diligence (EDD) for suspicious or high-risk activities and report unusual transactions to the FIU.


Enhanced Due Diligence: I) Correspondent Relationships: Apply specific EDD measures when dealing with CASPs outside the EU; 2) Self-Hosted Addresses: Assess risks associated with transfers to or from self-hosted addresses and implement measures to mitigate those risks.

Batch file transfer

In the case of a batch file transfer of crypto-assets from a single originator, the obligation on the CASP of the originator to ensure that information on the originator accompanies transfers of funds shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information on the originator and beneficiary, that that information has been verified, and, where applicable, that the individual transfers carry the distributed ledger address of the originator, the crypto-asset account number of the originator, or the unique transaction identifier, where applicable.

Record retention

Five years.

Subject

Details

Status

In force.

Regulation

Virtual Asset Service Providers Act, 2024 - Act 12 of 2024

Commencement date

September 1, 2024

Threshold

No threshold.

VASP Due Diligence

No requirement.

Data to be shared

Originator:

  • a) Full name;
  • b) Wallet address (or unique transaction reference number);
  • c) Address (including the name of the country, government issued identification information inclusive of the national identification number (if applicable) or customer identification number or date and place of birth.

Beneficiary:

  • d) Full name;
  • e) Wallet address (or unique transaction reference number).

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Subject

Details

Time and way to share the Information

An originating virtual asset provider shall provide the information under Section "Data to be shared", without delay to the beneficiary virtual asset service provider, together with transmission of the set of payment instructions to the beneficiary virtual asset service provider or to the beneficiary's financial institution.


An originating virtual asset service provider may provide the information under Section "Data to be shared" to the beneficiary virtual asset service provider or reporting entity directly by attaching the information to the virtual asset transfer or providing the information directly.

The main actions required

Obligations of the Originator's VASP


1) An originating virtual asset service provider shall, when sending a virtual asset transfer to a beneficiary, collect and include within its records the information from Section "Data to be shared";


2) An originating virtual asset service provider shall, before conducting a virtual asset transfer, verify the originator information under Section "Data to be shared" on the basis of documents, data or information.


3) An originating virtual asset service provider shall ensure that virtual asset transfers are conducted using a system which prevents the unauthorised disclosure of the information under Section "Data to be shared" to a person other than the originating virtual asset provider, the beneficiary virtual asset service provider or the reporting entity.


4) An originating virtual asset service provider shall keep records of complete information on the originator and beneficiary under Section "Data to be shared" which accompanies each virtual asset transfer.


5) An originating virtual asset service provider may hold any transfers in order to obtain accurate originator and beneficiary information under Section "Data to be shared".


6) An originating virtual asset service provider shall prohibit any virtual asset transfer being made and ensure that any virtual assets or proceeds received for the purchase of virtual assets are frozen in compliance with the requirements of the Prevention of Terrorism Act.


Obligations of the Beneficiary's VASP


7) A beneficiary virtual asset service provider shall, on receipt of a virtual asset transfer, collect and record the following information from Section "Data to be shared"


8) A beneficiary virtual asset service provider shall verify the accuracy of information about the beneficiary obtained in compliance with Section "Data to be shared" on the basis of documents, data or information.


9) A beneficiary virtual asset service provider shall keep records of complete information on the originator and beneficiary information under Section "Data to be shared" which accompanies each virtual asset transfer.


Obligations of the Intermediary VASP


An intermediary virtual asset service provider shall -


(a) take reasonable measures, which are consistent with straight-through processing, to identify virtual asset transfers that lack required originator or beneficiary information; and


(b) adopt risk-based policies and procedures for determining -


(i) when to execute, reject or suspend a virtual asset transfer; and


(ii) the resulting procedures to be applied;


where the required originator or beneficiary information is incomplete.


Where technical limitations prevent an intermediary virtual asset service provider from sending the required originator or beneficiary information with the virtual asset transfers, the Virtual Asset Service Providers intermediary virtual asset service provider shall keep a record of all the information received from the originating virtual asset service provider, reporting entity or other intermediary.

Batch file transfer

For batch file virtual asset transfers from a single originator, Section "The main actions required" shall not apply to the individual transfers where -

  • (a) the transfers are bundled together as a batch file and the batch file includes -
    • (i) the name of the originator; and
    • (ii) location data concerning the originator as specified under Section "Data to be shared";
  • (b) where a wallet is used, the wallet address(es);
  • (c) where a wallet is not used to process virtual asset transfers, the unique transaction reference number (commonly known as a transaction hash) utilised for the tracing of the transfer.

All information above should be transferred without delay to the beneficiary virtual asset service provider, together with transmission of the set of payment instructions to the beneficiary virtual asset service provider or to the beneficiary's financial institution.

Record retention

Seven years.

Subject

Details

Status

In force.

Regulation

Commencement date

January 28, 2020

Threshold

No threshold.

VASP Due Diligence

No requirement.

Data to be shared

Originator:

  • a) Full name;
  • b) Account number (or unique transaction reference number where no account number exists);
  • c) One of the following:
    • (i) residential address, or registered or business address, and if different, principal place of business, as may be appropriate;
    • (ii) unique identification number (such as an identity card number, birth certificate number or passport number, or where the value transfer originator is not a natural person, the incorporation number or business registration number); or
    • (iii) the date and place of birth, incorporation or registration (as may be appropriate).

Beneficiary:

  • d) Full name;
  • e) Account number (or unique transaction reference number where no account number exists).

Domestic vs cross-border transfers

No difference.


The following data should be transferred:

  • ≤SCG 1,500: a), b), d), e);*
  • >SCG 1,500: a), b) c), d), e).**

* In a value transfer where the amount to be transferred or arranged to be transferred is below or equal to SCG 1,500, every ordering VASP may, in the message or payment instruction that accompanies or relates to the value transfer to an intermediary VASP in Singapore, include only the unique transaction reference number and the beneficiary's name and account number (or unique transaction reference number where no account number exists), provided that:

  • a) the unique transaction reference number will permit the transaction to be traced back to the originator and beneficiary;
  • b) the ordering VASP shall provide the required originator information and beneficiary information within three business days of a request for such information by the intermediary VASP in Singapore, the Monetary Authority of Singapore or other relevant authorities in Singapore;
  • c) the ordering VASP shall provide the required originator information and beneficiary information immediately upon request for such information by law enforcement authorities in Singapore; and
  • d) the ordering VASP shall provide the required originator information and beneficiary information to the beneficiary VASP.

** In a value transfer where the amount to be transferred or arranged to be transferred exceeds SCG 1 500, every an ordering VASP may, in the message or payment instruction that accompanies or relates to the value transfer to an intermediary VASP in Singapore, include only the unique transaction reference number and the beneficiary's name and account number (or unique transaction reference number where no account number exists), provided that:

  • a) the unique transaction reference number will permit the transaction to be traced back to the originator and beneficiary;
  • b) the ordering VASP shall provide the required originator information and beneficiary information within three business days of a request for such information by the intermediary VASP in Singapore, the Monetary Authority of Singapore or other relevant authorities in Singapore;
  • c) the ordering VASP shall provide the required originator information and beneficiary information immediately upon request for such information by law enforcement authorities in Singapore; and
  • d) the ordering VASP shall provide the required originator information and beneficiary information to the beneficiary VASP.

Self-hosted wallet verification

Required.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner.

The main actions required

Obligations of the Originator's VASP


Identification and Verification: Prior to transferring, the originator must be identified, and their information verified using reliable, independent sources.


Information Accompaniment: Ensure crypto-asset transfers include information on both the originator and the beneficiary.


Wallet Attribution: Determine if the transfer is to another VASP or a self-hosted address, and identify the counterparty VASP.


Transfers to Self-Hosted Addresses: In the case of a transfer of crypto-assets made to a self-hosted address, the VASP of the originator shall obtain and hold the information on the originator and the beneficiary.


Obligations of the Beneficiary's VASP


Detection of Missing Information: Implement procedures to detect if originator and beneficiary information is included in transfers.


Incomplete Transfers: Use risk-based procedures to decide whether to execute, reject, return, or suspend transfers lacking complete information, and take appropriate follow-up actions. Report such failures to the competent authority.


Identification and Verification: Prior to making assets available to the beneficiary, the beneficiary must be identified, and their information verified through reliable, independent sources.


Assessment and Reporting: Consider missing or incomplete information when assessing if a transfer is suspicious and report to the National Crime Agency if necessary.


Obligations of the intermediary VASP


Detection of Missing Information: Implement procedures to detect if originator and beneficiary information is included in transfers.


Incomplete Transfers: Use risk-based procedures to decide whether to execute, reject, return, or suspend transfers lacking complete information, and take appropriate follow-up actions. Report such failures to the competent authority.


Assessment and Reporting: Consider missing or incomplete information when assessing if a transfer is suspicious and report to the National Crime Agency if necessary.


Common Measures Applicable to VASPs


Sanctions Screening: Establish internal policies to ensure compliance with appropriate restrictive measures during transfers.


Transaction Monitoring and Reporting: Assess and monitor risks related to clients, products, delivery channels, and transactions. Implement Enhanced Due Diligence (EDD) for suspicious or high-risk activities and report unusual transactions to the FIU.

Batch file transfer

Where multiple individual transfers from a single originator are combined in a batch file for transmission to beneficiaries, a VASP shall ensure that the batch transfer file contains:

  • a) the required originator information, which has been verified; and
  • b) the required beneficiary information, which is fully traceable within the beneficiary country or jurisdiction.

Record retention

Five years.

Subject

Details

Status

Not in force.

Regulation

Commencement date

December 30, 2024

Threshold

No threshold.

VASP Due Diligence

When establishing a correspondent relationship with a CASP registered outside the EU.

Data to be shared

  • a) Full Official Name: As documented on an official government-issued document. For legal persons, use the registered name.
  • b) Distributed Ledger Address or Crypto-Asset Account Number:
    • If the transfer is registered on a DLT network, include the distributed ledger address and the crypto-asset account number if it exists and is used.
    • If not registered on a DLT network, provide the crypto-asset account number.
  • c) Address and Identification (Originator Only): For natural persons: habitual residence, including country name, official personal document number, customer identification number, or date and place of birth. For legal persons: registered office address.
  • d) Legal Entity Identifier (LEI) or Equivalent Identifier: Include the current LEI or another official identifier if available in the message format and provided by the originator to the crypto-asset service provider. The alternative identifier must:
    • i) be a unique identification code for the legal entity;
    • ii) be published in public registries;
    • iii) be automatically issued upon entity formation by a public authority;
    • iv) allow identification of name and address elements;
    • v) be accompanied by a description of the identifier type in the messaging system.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

Required for transactions exceeding EUR 1,000.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner, and no later than the initiation of the blockchain transaction

The main actions required

Obligations of the Originator's CASP


Information Accompaniment: Ensure crypto-asset transfers include information on both the originator and the beneficiary.


Verification: Before transferring, verify the originator's information using reliable, independent sources.


Wallet Attribution: Determine if the transfer is to another CASP or a self-hosted address, and identify the counterparty CASP.


Transfers to Self-Hosted Addresses: In the case of a transfer of crypto-assets made from a self-hosted address, the CASP of the originator shall obtain and hold the information on the originator and the beneficiary and shall ensure that the transfer of crypto-assets can be individually identified. For transfers exceeding EUR 1,000 to a self-hosted address, assess whether the address is owned or controlled by the beneficiary.


Batch Transfers: Permitted if all required information for each individual transfer is included.


Obligations of the Beneficiary's CASP


Detection of Missing Information: Implement procedures to detect if originator and beneficiary information is included in transfers.


Verification: Before making assets available to the beneficiary, verify their information using reliable, independent sources.


Incomplete Transfers: Use risk-based procedures to decide whether to execute, reject, return, or suspend transfers lacking complete information, and take appropriate follow-up actions. Report such failures to the competent authority.


Assessment and Reporting: Consider missing or incomplete information when assessing if a transfer is suspicious and report to the Financial Intelligence Unit (FIU) if necessary.


Transfers from Self-Hosted Addresses: For transfers exceeding EUR 1,000 from a self-hosted address, assess whether the address is owned or controlled by the originator.


Obligations of the Intermediary CASP


ICASPs must ensure the transfer and retention of information on the originator and beneficiary of crypto-assets, detect missing information, establish risk-based procedures for handling transfers with missing or incomplete information, take action against non-compliant CASPs, and report suspicious activities to the FIU.


Common Measures Applicable to CASPs


Sanctions Screening: Establish internal policies to ensure compliance with EU and national restrictive measures during transfers.


Transaction Monitoring and Reporting: Assess and monitor risks related to clients, products, delivery channels, and transactions-including those involving self-hosted addresses. Implement Enhanced Due Diligence (EDD) for suspicious or high-risk activities and report unusual transactions to the FIU.


Enhanced Due Diligence: I) Correspondent Relationships: Apply specific EDD measures when dealing with CASPs outside the EU; 2) Self-Hosted Addresses: Assess risks associated with transfers to or from self-hosted addresses and implement measures to mitigate those risks.

Batch file transfer

In the case of a batch file transfer of crypto-assets from a single originator, the obligation on the CASP of the originator to ensure that information on the originator accompanies transfers of funds shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information on the originator and beneficiary, that that information has been verified, and, where applicable, that the individual transfers carry the distributed ledger address of the originator, the crypto-asset account number of the originator, or the unique transaction identifier, where applicable.

Record retention

Five years.

Subject

Details

Status

Not in force.

Regulation

Commencement date

December 30, 2024

Threshold

No threshold.

VASP Due Diligence

When establishing a correspondent relationship with a CASP registered outside the EU.

Data to be shared

  • a) Full Official Name: As documented on an official government-issued document. For legal persons, use the registered name.
  • b) Distributed Ledger Address or Crypto-Asset Account Number:
    • If the transfer is registered on a DLT network, include the distributed ledger address and the crypto-asset account number if it exists and is used.
    • If not registered on a DLT network, provide the crypto-asset account number.
  • c) Address and Identification (Originator Only): For natural persons: habitual residence, including country name, official personal document number, customer identification number, or date and place of birth. For legal persons: registered office address.
  • d) Legal Entity Identifier (LEI) or Equivalent Identifier: Include the current LEI or another official identifier if available in the message format and provided by the originator to the crypto-asset service provider. The alternative identifier must:
    • i) be a unique identification code for the legal entity;
    • ii) be published in public registries;
    • iii) be automatically issued upon entity formation by a public authority;
    • iv) allow identification of name and address elements;
    • v) be accompanied by a description of the identifier type in the messaging system.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

Required for transactions exceeding EUR 1,000.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner, and no later than the initiation of the blockchain transaction.

The main actions required

Obligations of the Originator's CASP


Information Accompaniment: Ensure crypto-asset transfers include information on both the originator and the beneficiary.


Verification: Before transferring, verify the originator's information using reliable, independent sources.


Wallet Attribution: Determine if the transfer is to another CASP or a self-hosted address, and identify the counterparty CASP.


Transfers to Self-Hosted Addresses: In the case of a transfer of crypto-assets made from a self-hosted address, the CASP of the originator shall obtain and hold the information on the originator and the beneficiary and shall ensure that the transfer of crypto-assets can be individually identified. For transfers exceeding EUR 1,000 to a self-hosted address, assess whether the address is owned or controlled by the beneficiary.


Batch Transfers: Permitted if all required information for each individual transfer is included.


Obligations of the Beneficiary's CASP


Detection of Missing Information: Implement procedures to detect if originator and beneficiary information is included in transfers.


Verification: Before making assets available to the beneficiary, verify their information using reliable, independent sources.


Incomplete Transfers: Use risk-based procedures to decide whether to execute, reject, return, or suspend transfers lacking complete information, and take appropriate follow-up actions. Report such failures to the competent authority.


Assessment and Reporting: Consider missing or incomplete information when assessing if a transfer is suspicious and report to the Financial Intelligence Unit (FIU) if necessary.


Transfers from Self-Hosted Addresses: For transfers exceeding EUR 1,000 from a self-hosted address, assess whether the address is owned or controlled by the originator.


Obligations of the Intermediary CASP


ICASPs must ensure the transfer and retention of information on the originator and beneficiary of crypto-assets, detect missing information, establish risk-based procedures for handling transfers with missing or incomplete information, take action against non-compliant CASPs, and report suspicious activities to the FIU.


Common Measures Applicable to CASPs


Sanctions Screening: Establish internal policies to ensure compliance with EU and national restrictive measures during transfers.


Transaction Monitoring and Reporting: Assess and monitor risks related to clients, products, delivery channels, and transactions-including those involving self-hosted addresses. Implement Enhanced Due Diligence (EDD) for suspicious or high-risk activities and report unusual transactions to the FIU.


Enhanced Due Diligence: I) Correspondent Relationships: Apply specific EDD measures when dealing with CASPs outside the EU; 2) Self-Hosted Addresses: Assess risks associated with transfers to or from self-hosted addresses and implement measures to mitigate those risks.

Batch file transfer

In the case of a batch file transfer of crypto-assets from a single originator, the obligation on the CASP of the originator to ensure that information on the originator accompanies transfers of funds shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information on the originator and beneficiary, that that information has been verified, and, where applicable, that the individual transfers carry the distributed ledger address of the originator, the crypto-asset account number of the originator, or the unique transaction identifier, where applicable.

Record retention

Five years.

Subject

Details

Status

Not in force.

Regulation

Commencement date

TBD

Threshold

A consultation was held. We will update the details as soon as the final document is released.

VASP Due Diligence

Data to be shared

Domestic vs cross-border transfers

Self-hosted wallet verification

Subject

Details

Time and way to share the Information

A consultation was held. We will update the details as soon as the final document is released.

The main actions required

Batch file transfer

Record retention

Notes

Subject

Details

Status

In force.

Regulation

Act on reporting and using specified financial transaction information (1) with enforcement decree (2)

Commencement date

March 25, 2022

Threshold

KRW 1,000,000

VASP Due Diligence

No requirement.

Data to be shared

Originator:

  • a) Full name (or name of the corporation or organisation and the name of the representative);
  • b) Virtual asset addresses.

Beneficiary:

  • c) Full name (or name of the corporation or organisation and the name of the representative);
  • d) Virtual asset addresses.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Subject

Details

Time and way to share the Information

Information from the Section "Data to be shared" shall be provided together when transferring virtual assets.


In case of a request by the head of the Financial Intelligence Unit or the virtual asset business operator receiving the virtual asset, the resident registration number (in the case of a corporation, the corporate registration number) or passport number/alien registration number (only for foreigners) of the customer sending the virtual asset shall be provided within three business days from the date of request for information provision.

The main actions required

The virtual asset business operator transferring virtual assets shall provide the information from Section "Data to be shared" to the virtual asset business operator receiving the virtual assets.

Batch file transfer

No difference.

Record retention

Five years.

Subject

Details

Status

Not in force.

Regulation

Commencement date

December 30, 2024

Threshold

No threshold.

VASP Due Diligence

When establishing a correspondent relationship with a CASP registered outside the EU.

Data to be shared

  • a) Full Official Name: As documented on an official government-issued document. For legal persons, use the registered name.
  • b) Distributed Ledger Address or Crypto-Asset Account Number:
    • If the transfer is registered on a DLT network, include the distributed ledger address and the crypto-asset account number if it exists and is used.
    • If not registered on a DLT network, provide the crypto-asset account number.
  • c) Address and Identification (Originator Only): For natural persons: habitual residence, including country name, official personal document number, customer identification number, or date and place of birth. For legal persons: registered office address.
  • d) Legal Entity Identifier (LEI) or Equivalent Identifier: Include the current LEI or another official identifier if available in the message format and provided by the originator to the crypto-asset service provider. The alternative identifier must:
    • i) be a unique identification code for the legal entity;
    • ii) be published in public registries;
    • iii) be automatically issued upon entity formation by a public authority;
    • iv) allow identification of name and address elements;
    • v) be accompanied by a description of the identifier type in the messaging system.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

Required for transactions exceeding EUR 1,000.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner, and no later than the initiation of the blockchain transaction.

The main actions required

Obligations of the Originator's CASP


Information Accompaniment: Ensure crypto-asset transfers include information on both the originator and the beneficiary.


Verification: Before transferring, verify the originator's information using reliable, independent sources.


Wallet Attribution: Determine if the transfer is to another CASP or a self-hosted address, and identify the counterparty CASP.


Transfers to Self-Hosted Addresses: In the case of a transfer of crypto-assets made from a self-hosted address, the CASP of the originator shall obtain and hold the information on the originator and the beneficiary and shall ensure that the transfer of crypto-assets can be individually identified. For transfers exceeding EUR 1,000 to a self-hosted address, assess whether the address is owned or controlled by the beneficiary.


Batch Transfers: Permitted if all required information for each individual transfer is included.


Obligations of the Beneficiary's CASP


Detection of Missing Information: Implement procedures to detect if originator and beneficiary information is included in transfers.


Verification: Before making assets available to the beneficiary, verify their information using reliable, independent sources.


Incomplete Transfers: Use risk-based procedures to decide whether to execute, reject, return, or suspend transfers lacking complete information, and take appropriate follow-up actions. Report such failures to the competent authority.


Assessment and Reporting: Consider missing or incomplete information when assessing if a transfer is suspicious and report to the Financial Intelligence Unit (FIU) if necessary.


Transfers from Self-Hosted Addresses: For transfers exceeding EUR 1,000 from a self-hosted address, assess whether the address is owned or controlled by the originator.


Common Measures Applicable to CASPs


Sanctions Screening: Establish internal policies to ensure compliance with EU and national restrictive measures during transfers.


Transaction Monitoring and Reporting: Assess and monitor risks related to clients, products, delivery channels, and transactions-including those involving self-hosted addresses. Implement Enhanced Due Diligence (EDD) for suspicious or high-risk activities and report unusual transactions to the FIU.


Enhanced Due Diligence: I) Correspondent Relationships: Apply specific EDD measures when dealing with CASPs outside the EU; 2) Self-Hosted Addresses: Assess risks associated with transfers to or from self-hosted addresses and implement measures to mitigate those risks.

Batch file transfer

In the case of a batch file transfer of crypto-assets from a single originator, the obligation on the CASP of the originator to ensure that information on the originator accompanies transfers of funds shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information on the originator and beneficiary, that that information has been verified, and, where applicable, that the individual transfers carry the distributed ledger address of the originator, the crypto-asset account number of the originator, or the unique transaction identifier, where applicable.

Record retention

Five years.

Subject

Details

Status

Not in force.

Regulation

Commencement date

December 30, 2024

Threshold

No threshold.

VASP Due Diligence

When establishing a correspondent relationship with a CASP registered outside the EU.

Data to be shared

  • a) Full Official Name: As documented on an official government-issued document. For legal persons, use the registered name.
  • b) Distributed Ledger Address or Crypto-Asset Account Number:
    • If the transfer is registered on a DLT network, include the distributed ledger address and the crypto-asset account number if it exists and is used.
    • If not registered on a DLT network, provide the crypto-asset account number.
  • c) Address and Identification (Originator Only): For natural persons: habitual residence, including country name, official personal document number, customer identification number, or date and place of birth. For legal persons: registered office address.
  • d) Legal Entity Identifier (LEI) or Equivalent Identifier: Include the current LEI or another official identifier if available in the message format and provided by the originator to the crypto-asset service provider. The alternative identifier must:
    • i) be a unique identification code for the legal entity;
    • ii) be published in public registries;
    • iii) be automatically issued upon entity formation by a public authority;
    • iv) allow identification of name and address elements;
    • v) be accompanied by a description of the identifier type in the messaging system.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

Required for transactions exceeding EUR 1,000.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner, and no later than the initiation of the blockchain transaction

The main actions required

Obligations of the Originator's CASP


Information Accompaniment: Ensure crypto-asset transfers include information on both the originator and the beneficiary.


Verification: Before transferring, verify the originator's information using reliable, independent sources.


Wallet Attribution: Determine if the transfer is to another CASP or a self-hosted address, and identify the counterparty CASP.


Transfers to Self-Hosted Addresses: In the case of a transfer of crypto-assets made from a self-hosted address, the CASP of the originator shall obtain and hold the information on the originator and the beneficiary and shall ensure that the transfer of crypto-assets can be individually identified. For transfers exceeding EUR 1,000 to a self-hosted address, assess whether the address is owned or controlled by the beneficiary.


Batch Transfers: Permitted if all required information for each individual transfer is included.


Obligations of the Beneficiary's CASP


Detection of Missing Information: Implement procedures to detect if originator and beneficiary information is included in transfers.


Verification: Before making assets available to the beneficiary, verify their information using reliable, independent sources.


Incomplete Transfers: Use risk-based procedures to decide whether to execute, reject, return, or suspend transfers lacking complete information, and take appropriate follow-up actions. Report such failures to the competent authority.


Assessment and Reporting: Consider missing or incomplete information when assessing if a transfer is suspicious and report to the Financial Intelligence Unit (FIU) if necessary.


Transfers from Self-Hosted Addresses: For transfers exceeding EUR 1,000 from a self-hosted address, assess whether the address is owned or controlled by the originator.


Obligations of the Intermediary CASP


ICASPs must ensure the transfer and retention of information on the originator and beneficiary of crypto-assets, detect missing information, establish risk-based procedures for handling transfers with missing or incomplete information, take action against non-compliant CASPs, and report suspicious activities to the FIU.


Common Measures Applicable to CASPs


Sanctions Screening: Establish internal policies to ensure compliance with EU and national restrictive measures during transfers.


Transaction Monitoring and Reporting: Assess and monitor risks related to clients, products, delivery channels, and transactions-including those involving self-hosted addresses. Implement Enhanced Due Diligence (EDD) for suspicious or high-risk activities and report unusual transactions to the FIU.


Enhanced Due Diligence: I) Correspondent Relationships: Apply specific EDD measures when dealing with CASPs outside the EU; 2) Self-Hosted Addresses: Assess risks associated with transfers to or from self-hosted addresses and implement measures to mitigate those risks.

Batch file transfer

In the case of a batch file transfer of crypto-assets from a single originator, the obligation on the CASP of the originator to ensure that information on the originator accompanies transfers of funds shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information on the originator and beneficiary, that that information has been verified, and, where applicable, that the individual transfers carry the distributed ledger address of the originator, the crypto-asset account number of the originator, or the unique transaction identifier, where applicable.

Record retention

Five years.

Subject

Details

Status

In force.

Regulation

Commencement date

January 1, 2020

Threshold

No threshold.

VASP Due Diligence

No requirement.

Data to be shared

Originator:

  • a) Full name;
  • b) Account number (or transaction-related reference number);
  • c) Address (or date and place of birth, the client number or the national identity number of the client).

Beneficiary:

  • d) Full name;
  • e) Account number (or transaction-related reference number).

Domestic vs cross-border transfers

There is a difference.


Domestic. b), e), but other data should be provided within three days after request.


Cross-border. a), b), c), d), e).

Self-hosted wallet verification

Required.


The regulation does not provide for any exceptions for payments involving unregulated wallet providers.


As long as a CASP supervised by FINMA is not able to send and receive the information required in payment transactions, such transactions are only permitted from and to external wallets if these belong to one of the CASP's own customers. Their ownership of the external wallet must be proven using suitable technical means. Transactions between customers of the same CASP are permissible. A transfer from or to an external wallet belonging to a third party is only possible if, as for a client relationship, the supervised CASP has first verified the identity of the third party, established the identity of the beneficial owner and proven the third party's ownership of the external wallet using suitable technical means.


If the customer is conducting an exchange (fiat-to-virtual currency, virtual-to fiat currency, or virtual-to-virtual currency) and an external wallet is involved in the transaction, the customer's ownership of the external wallet must also be proven using suitable technical means. If such proof is not available, the above rules for payment transactions apply.

Subject

Details

Time and way to share the Information

The required information must be transmitted with payment orders.

The main actions required

Obligations of the Originator's CASP


Information Accompaniment: Ensure crypto-asset transfers include information on both the originator and the beneficiary.


Verification: Before transferring, verify the originator's information using reliable, independent sources.


Wallet Attribution: Determine if the transfer is to another CASP or a self-hosted address, and identify the counterparty CASP.


Obligations of the Beneficiary's CASP


Detection of Missing Information: Implement procedures to detect if originator and beneficiary information is included in transfers.


Verification: Before making assets available to the beneficiary, verify their information using reliable, independent sources.


Incomplete Transfers: Use risk-based procedures to decide whether to execute, reject, return, or suspend transfers lacking complete information, and take appropriate follow-up actions. Report such failures to the competent authority.


Assessment and Reporting: Consider missing or incomplete information when assessing if a transfer is suspicious and report to the Financial Intelligence Unit (FIU) if necessary.


Obligations of the Intermediary CASP


ICASPs must ensure the transfer and retention of information on the originator and beneficiary of crypto-assets, detect missing information, establish risk-based procedures for handling transfers with missing or incomplete information, take action against non-compliant CASPs, and report suspicious activities to the FIU.


Common Measures Applicable to CASPs


Sanctions Screening: Establish internal policies to ensure compliance with restrictive measures during transfers.


Transaction Monitoring and Reporting: Assess and monitor risks related to clients, products, delivery channels, and transactions.

Batch file transfer

No difference.

Record retention

10 years.

Subject

Details

Status

Not in force.

Regulation

Commencement date

The effective date of the Travel Rule shall be determined in 2025.

Threshold

No threshold.

VASP Due Diligence

Required.

Data to be shared

Originator:

  • a) Full name;
  • b) Information on the wallet used;
  • c) One of the following information: number of official identity document; or address; or date and place of birth.

Beneficiary:

  • d) Full name;
  • e) Information on the wallet used.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner.

The main actions required

Obligations of the originator's VASP


Information Accompaniment: Ensure crypto-asset transfers include information on both the originator and the beneficiary.


Verification: Before transferring, verify the originator's information using reliable, independent sources.


Obligations of the beneficiary's VASP


Detection of Missing Information: Implement procedures to detect if originator and beneficiary information is included in transfers.


Verification: Before making assets available to the beneficiary, verify their information using reliable, independent sources.


Incomplete Transfers: Use risk-based procedures to decide whether to execute, reject, return, or suspend transfers lacking complete information, and take appropriate follow-up actions. Report such failures to the competent authority.


Assessment and Reporting: Consider missing or incomplete information when assessing if a transfer is suspicious and report to the Financial Intelligence Unit (FIU) if necessary.


Common Measures Applicable to VASPs


Sanctions Screening: Establish internal policies to ensure compliance with EU and national restrictive measures during transfers.


Transaction Monitoring and Reporting: Assess and monitor risks related to clients, products, delivery channels, and transactions-including those involving self-hosted addresses. Implement Enhanced Due Diligence (EDD) for suspicious or high-risk activities and report unusual transactions to the FIU.

Batch file transfer

No difference.

Record retention

Five years.

Subject

Details

Status

Not in force.

Regulation

Suç Gelirlerinin Aklanmasının ve Terörün Finansmanının Önlenmesine Dair Tedbirler Hakkında Yönetmelik

Commencement date

The information will be updated when the bill is officially published.

Threshold

VASP Due Diligence

Data to be shared

Domestic vs cross-border transfers

Self-hosted wallet verification

Subject

Details

Time and way to share the Information

The information will be updated when the bill is officially published.

The main actions required

Batch file transfer

Record retention

Subject

Details

Status

In force.

Regulation

Commencement date

March 31, 2022

Threshold

AED 3,500

VASP Due Diligence

No requirement.

Data to be shared

Originator:

  • a) Full name;
  • b) Account number (or a unique transaction reference number);
  • c) Address, identification number, travel document, date and place of birth, or an originator's identification number with the transferring financial institution, which shall refer to a record containing these data.

Beneficiary:

  • d) Full name;
  • e) Account number (or a unique transaction reference number).

Domestic vs cross-border transfers

There is a difference.


Domestic: a), b), c) unless such data is available to the beneficiary VASPs and the concerned parties by other means. When the data is available through other means, the originator VASP is required to include b). Moreover, the originator VASP must provide such data within three working days of receiving the request from the beneficiary VASPs or the concerned authorities.


Cross-border:

  • >AED 3 500: a), b), c), d), e);
  • <AED 3 500: a), b), c), d), e) without the need to verify the validity of the data unless there are doubts about the commission of the crime.

Self-hosted wallet verification

No requirement.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner.

The main actions required

Obligations of the Originator's VASP


Originator VASPs must transfer the information on the originator and the beneficiary during cross-border virtual asset transfers.


Obligations of the Beneficiary's VASP


Beneficiary VASPs must take reasonable measures to identify cross-border virtual asset transfers that lack originator or beneficiary information. This may include real-time monitoring where feasible or post-event monitoring in cases where real-time monitoring is less feasible.


Beneficiary VASPs must establish risk-based policies and procedures to decide when to execute, reject, or suspend a transfer that lacks the required originator or beneficiary information. These procedures should also determine appropriate follow-up actions, including reporting suspicious transactions.


Obligations of the Intermediary VASP


Receiving and Transmitting Information: An intermediary VASP shall ensure that all originator and beneficiary information that accompanies a transfer is retained with it for cross-border wire transfers.


Record Keeping: Where technical limitations prevent the required originator or beneficiary information accompanying a cross-border transfer from remaining with a related domestic transfer, the Intermediary VASP shall keep a record of all the information received from the originator VASP or another cross-border Intermediary VASP.


Identifying and Managing Transfers Missing Information: Intermediary VASP shall take reasonable measures, which are consistent with straight-through processing, to identify cross-border transfers that lack required originator information or required beneficiary information and shall have risk-based policies and procedures for determining when to execute, reject, or suspend a transfer; and the appropriate follow-up action.


Common Measures Applicable to VASPs


In cases where a VASP controls both the ordering and beneficiary sides of a cross-border virtual asset transfer, the VASP must:

  • a) Consider all available information from both sides of the transaction to determine if a Suspicious Transaction Report (STR) should be filed;
  • b) If an STR is required, submit it to the relevant Financial Intelligence Unit along with all pertinent transaction details.

VASPs are required to ensure compliance with applicable restrictive measures during transfers by conducting sanctions screening.


VASPs must not carry out transfers if they fail to comply with the requirement to accompany the transfer with the information on the originator and the beneficiary.

Batch file transfer

In the event that several individual cross-border wire transfers from a single originator are bundled in a batch file for transmission to beneficiaries, the batch file shall contain required and accurate originator information, and full beneficiary information, that is fully traceable within the beneficiary country; and the financial institution shall be required to include the originator's account number or unique transaction reference number.

Record retention

Five years.

Notes

Cabinet Resolution No. 24 of 2022 applies to VASPs operating within the UAE. They must comply with AML and CFT obligations, including due diligence, reporting, and internal control measures in accordance with Federal Decree-Law No. 20 of 2018 and its amendments.

Subject

Details

Status

In force.

Regulation

Commencement date

December 21, 2023

Threshold

No threshold.

VASP Due Diligence

No requirement.

Data to be shared

Originator:

  • a) Full name;
  • b) Account where such an account is used to process the transaction or a unique transaction reference number if no originator account number exists;
  • c) Address, or national identity number, or travel document number, or customer identification number, or date and place of birth.

Beneficiary:

  • d) Full name;
  • e) Account number where such an account is used to process the transaction or a unique transaction reference number if no beneficiary account number exists.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner.

The main actions required

Common Measures Applicable to VASPs


VASPs must:

  • a) when sending or receiving a transfer on behalf of a customer, ensure that the transfer and any related messages contain accurate originator and beneficiary information;
  • b) ensure that, while the transfer is under their control, the information that should accompany the transfer remains with it and any related messages throughout the payment chain;
  • c) monitor transfers for the purpose of detecting those transfers that do not contain both originator and beneficiary information, and take appropriate measures to identify any money laundering risks; and
  • d) not effect transfers without the required information on the originator and beneficiary.

VASPs should also monitor for, and conduct enhanced scrutiny of, suspicious activities, including incoming wire transfers that do not contain complete originator information. Concealing or removing any of the required information in a transfer would be a breach of the requirement to ensure that the wire transfer contains accurate originator and beneficiary information.


Obligations of the Intermediary VASP


Receiving and Transmitting Information: An intermediary VASP shall ensure that all originator and beneficiary information that accompanies a transfer is retained with it for cross-border wire transfers.


Record Keeping: Where technical limitations prevent the required originator or beneficiary information accompanying a cross-border transfer from remaining with a related domestic transfer, the Intermediary VASP shall keep a record of all the information received from the originator VASP or another cross-border Intermediary VASP.


Identifying and Managing Transfers Missing Information: Intermediary VASP shall take reasonable measures, which are consistent with straight-through processing, to identify cross-border transfers that lack required originator information or required beneficiary information and shall have risk-based policies and procedures for determining when to execute, reject, or suspend a transfer; and the appropriate follow-up action.

Batch file transfer

A VASP must ensure that for batch transfers:

  • a) it has verified the required originator information; and
  • b) the batch file contains the required beneficiary information for each beneficiary and that the information is fully traceable in the beneficiaries jurisdiction.

Record retention

Six years.

Notes

ADGM adopted the general framework of the Travel Rule, aligning with both the UAE's federal laws and FATF Recommendations, but with its own specific nuances.

Subject

Details

Status

In force.

Regulation

Commencement date

June 3, 2024

Threshold

USD 1,000

VASP Due Diligence

Required if the total value of crypto tokens transferred is USD 1,000 or more.

Data to be shared

Originator:

  • a) Full name;
  • b) Account number (or unique transaction reference number if no account number exists).
  • c) Any one of the following: address (it should be the address that was verified as part of the CDD procedure); or national identity number, such as an identity card number or passport number; or customer identification number; or date and place of birth.

Beneficiary:

  • d) Full name;
  • e) Account number (or unique transaction reference number if no account number exists).

Domestic vs cross-border transfers

There is a difference:


Domestic: a), b), c), or only b), provided that: i) those details will permit the transaction to be traced back to the originator and beneficiary; and ii) the ordering VASP must provide full originator information within three business days of a request from the beneficiary VASP or the DFSA, or immediately upon request from a law enforcement agency.


Cross-border:

  • ≤USD 1,000: a), b), d), e);
  • >USD 1,000: a), b), c).

Self-hosted wallet verification

No requirement.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner

The main actions required

Obligations of the Originator's VASP


Before effecting a transfer, an ordering VASP must:

  • a) identify the originator and verify the identity of the beneficiary if the identity has not previously been identified; and
  • b) record adequate details of the transfer that are sufficient to permit its reconstruction, including but not limited to, the date of the transfer, the originator and beneficiary, and the type and amount of currency transferred and the value date.

An ordering VASP must retain a record of the originator and beneficiary information it has collected.


An ordering VASP must not execute a fund transfer if it is unable to comply with the requirements for gathering and transferring the information that accompanies transfers.


Obligations of the Beneficiary's VASP


A beneficiary VASP must take reasonable measures, including post-event monitoring or real-time monitoring where feasible, to identify cross-border fund transfers that lack the required originator or beneficiary information.


For a cross-border fund transfer, a beneficiary VASP must identify and verify the identity of the beneficiary if the identity has not been previously verified.


Obligations of the Intermediary VASP


Receiving and Transmitting Information: An intermediary VASP shall ensure that all originator and beneficiary information that accompanies a transfer is retained with it for cross-border wire transfers.


Record Keeping: Where technical limitations prevent the required originator or beneficiary information accompanying a cross-border transfer from remaining with a related domestic transfer, the Intermediary VASP shall keep a record of all the information received from the originator VASP or another cross-border Intermediary VASP.


Identifying and Managing Transfers Missing Information: Intermediary VASP shall take reasonable measures, which are consistent with straight-through processing, to identify cross-border transfers that lack required originator information or required beneficiary information and shall have risk-based policies and procedures for determining when to execute, reject, or suspend a transfer; and the appropriate follow-up action.


Common Measures Applicable to VASPs


VASPs must have adequate policies and procedures in place to mitigate the money laundering risks arising from the transfer of crypto tokens. Such policies and procedures must without limitation address the situation where a transfer of crypto tokens is received without relevant information and the circumstances in which such transfer should be rejected, reversed (if technically possible), delayed or permitted.


VASPs must have in place adequate transaction monitoring procedures to detect the origin, any intermediate transaction, and the destination of crypto tokens transferred from or to its customer so that it is able to identify and report any suspicious transaction. Such procedures must provide for the:

  • a) tracking of the transaction history of crypto tokens to accurately identify their source and destination; and
  • b) identification of transactions involving digital wallet addresses that are associated with illicit or suspicious activities.

Before transferring crypto tokens with a total value of USD 1,000 or more, VASPs must conduct due diligence on each counterparty involved in the crypto tokens transfer to identify and assess the money laundering risks associated with the transfer and apply appropriate risk-based measures.

Batch file transfer

If several individual cross-border transfers from a single originator are bundled in a batch file for transmission, then, an ordering VASP must ensure that:

  • a) the batch file contains the originator information required;
  • b) it has verified the originator information; and
  • c) the batch file contains the beneficiary information required for each beneficiary and that information is fully traceable in the beneficiary's country.

Record retention

Five years.

Notes

DFSA adopted the general framework of the Travel Rule, aligning with both the UAE's federal laws and FATF Recommendations, but with its own specific nuances.


DFSA's regulations apply to all VASPs operating in DIFC.

Subject

Details

Status

In force.

Regulation

Commencement date

February 7, 2023

Threshold

AED 3,500

VASP Due Diligence

Required.

Data to be shared

Originator:

  • a) Full name;
  • b) Account number or virtual asset wallet address;
  • c) Residential or business address.

Beneficiary:

  • d) Full name;
  • e) Account number or virtual asset wallet address.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner.

The main actions required

Obligations of the Originator's VASP


Prior to initiating any transfer of virtual assets with an equivalent value exceeding AED 3 500, VASPs must obtain and hold required and accurate originator information and required beneficiary information and make it available on request to VARA and/or other appropriate authorities.


Obligations of the Beneficiary's VASP


Prior to permitting any clients access to virtual assets received from a transfer with an equivalent value exceeding AED 3 500, a beneficiary VASP must obtain and hold required originator information and required and accurate beneficiary information and make it available on request to VARA and/or other appropriate authorities.


Obligations of the Intermediary VASP


Receiving and Transmitting Information: An intermediary VASP shall ensure that all originator and beneficiary information that accompanies a transfer is retained with it for cross-border wire transfers.


Record Keeping: Where technical limitations prevent the required originator or beneficiary information accompanying a cross-border transfer from remaining with a related domestic transfer, the Intermediary VASP shall keep a record of all the information received from the originator VASP or another cross-border Intermediary VASP.


Identifying and Managing Transfers Missing Information: Intermediary VASP shall take reasonable measures, which are consistent with straight-through processing, to identify cross-border transfers that lack required originator information or required beneficiary information and shall have risk-based policies and procedures for determining when to execute, reject, or suspend a transfer; and the appropriate follow-up action.


Common Measures Applicable to VASPs


VASPs shall ensure that virtual asset transfers include all required information on both the originator and the beneficiary.


Prior to entering into any transaction with a counterparty VASP or VASP in any other jurisdiction, VASPs must complete risk-based due diligence on such counterparty in order to mitigate AML/CFT risks. This due diligence does not need to be completed for every subsequent transaction with the counterparty unless a heightened counterparty risk is assessed or identified.


In complying with the Travel Rule, VASPs must consider how they will handle the risks associated with:

  • a) deposits or withdrawals (including those which are compliant with the Travel Rule and those which are not);
  • b) non-obliged entities (i.e. unhosted virtual asset wallets); and
  • c) Anonymity-Enhanced Transactions.

VASPs shall be required to demonstrate to VARA how they comply with the Travel Rule during the licensing process and submit to VARA relevant policies and controls. VASPs should also include their plan to comply with the Travel Rule with virtual asset service providers in jurisdictions where the Travel Rule is not a legislative requirement (i.e. the "sunrise issue").


In implementing policies and controls to comply with the Travel Rule and AML/CFT Rules, VASPs shall be guided by FATF Interpretive Note to Recommendation 15 and all applicable laws, regulatory requirements and guidelines as may be In force. from time to time. VASPs must monitor for any transaction or series of transactions that seeks to circumvent any regulatory thresholds to bypass Travel Rule requirements.


VARA may require VASPs to report on their compliance with the Travel Rule and the effectiveness of their implementing policies and controls, at any time.

Batch file transfer

In the event that several individual cross-border wire transfers from a single originator are bundled in a batch file for transmission to beneficiaries, the batch file shall contain required and accurate originator information, and full beneficiary information, that is fully traceable within the beneficiary country; and the financial institution shall be required to include the originator's account number or unique transaction reference number.

Record retention

Eight years.

Notes

VARA adopted the general framework of the Travel Rule, aligning with both the UAE's federal laws and FATF Recommendations, but with its own specific nuances.


VARA's regulations apply to all VASPs operating in Dubai, including those based in free zones, with the exception of the DIFC, which is governed by a separate regulatory framework.

Subject

Details

Status

In force.

Regulation

Commencement date

September 1, 2023

Threshold

No threshold.

VASP Due Diligence

No requirement.

Data to be shared

Natural Persons:


Originator:

  • a) Full name;
  • b) The account number (or unique transaction identifier if there is no account number);
  • c) One of the following: customer identification number; or address; or birth certificate number, passport number or national identity card number (or individual's date and place of birth).

Beneficiary:

  • d) Full name;
  • e) The account number (or unique transaction identifier if there is no account number).

Legal Entities:


Originator:

  • f) The registered name (or trading name if no registered name);
  • g) The account number (or unique transaction identifier if there is no account number);
  • h) One of the following: Customer identification number; or Address of originator's registered office (or principal place of business if none or different).

Beneficiary:

  • i) The registered name (or trading name if no registered name);
  • j) The account number (or unique transaction identifier if there is no account number).

Domestic vs cross-border transfers

There is a difference.


Domestic:


Natural Persons:


The following data should be transferred: a), b) c)*, d), e).


Legal Entities:


The following data should be transferred: f), g), h)*, i), j).


* As a general rule, it is not required. However, the VASP of the beneficiary may also request this information, which the VASP of the originator must provide within three working days.


Cross-border:


Natural Persons:


The following data should be transferred:

  • <EUR 1,000: a), b), d), e);
  • ⩾EUR 1,000: a), b) c), d), e).

Legal Entities:


The following data should be transferred:

  • <EUR 1,000: f), g), i), j);
  • ⩾EUR 1,000: f), g), h), i), j).

Where a UK VASP does not know if the counterparty (including any intermediaries) is a UK VASP, it may treat the transaction as a cross border transaction.

Self-hosted wallet verification

Where a VASP has determined that information should be requested, it should take reasonable steps to obtain the information from its own customer. In higher risk cases, firms should consider taking further steps to ascertain the source of funds in the unhosted wallet and thereafter consider authorising the transfer only if the control over the unhosted wallet can be reasonably established through appropriate solutions (e.g. micro deposit or cryptographic signature).

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner.

The main actions required

Obligations of the Originator's VASP


Information Accompaniment: Ensure crypto-asset transfers include information on both the originator and the beneficiary.


Verification: Before transferring, verify the originator's information using reliable, independent sources.


Wallet Attribution: Determine if the transfer is to another VASP or a self-hosted address, and identify the counterparty VASP.


Transfers to Self-Hosted Addresses: In the case of a transfer of crypto-assets made to a self-hosted address, the VASP of the originator shall obtain and hold the information on the originator and the beneficiary.


Obligations of the Beneficiary's VASP


Detection of Missing Information: Implement procedures to detect if originator and beneficiary information is included in transfers.


Verification: Before making assets available to the beneficiary, verify their information using reliable, independent sources.


Incomplete Transfers: Use risk-based procedures to decide whether to execute, reject, return, or suspend transfers lacking complete information, and take appropriate follow-up actions. Report such failures to the competent authority.


Assessment and Reporting: Consider missing or incomplete information when assessing if a transfer is suspicious and report to the National Crime Agency if necessary.


Common Measures Applicable to VASPs


Sanctions Screening: Establish internal policies to ensure compliance with appropriate restrictive measures during transfers.


Transaction Monitoring and Reporting: Assess and monitor risks related to clients, products, delivery channels, and transactions-including those involving self-hosted addresses. Implement Enhanced Due Diligence (EDD) for suspicious or high-risk activities and report unusual transactions to the FIU.

Batch file transfer

Where the VASP of the beneficiary is carrying on business wholly outside the UK information on the batch must be submitted securely and simultaneously with the transfer. A batch file transfer is a bundle of individual inter-crypto asset business transfers from a single originator. The TR applies to each of the underlying transfers forming the bundle. The information must be verified by the VASP of the originator on the basis of reliability and independence.

Record retention

Five years.

Subject

Details

Status

In force.

Regulation

Commencement date

2013

Threshold

USD 3,000 or its equivalent in CVC.

VASP Due Diligence

No requirement.

Data to be shared

Originator:

  • a) Full name;
  • b) Account number;
  • c) Address;
  • d) Amount of the transmittal order;
  • e) Execution date of the transmittal order.

Beneficiary:

  • f) Identity of the financial institution;
  • g) Full name and address;
  • h) Account number;
  • i) Any other specific identifier.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Subject

Details

Time and way to share the Information

The money transmitter must obtain or provide the required regulatory information either before or at the time of the transmittal of value, regardless of how a money transmitter sets up their system for clearing and settling transactions, including those involving CVC.

The main actions required

1. A transmitter's financial institution shall include in a transmittal order, at the time it is sent to a receiving financial institution, the information from the Section "Data to be shared".


2. A receiving financial institution that acts as an intermediary financial institution, if it accepts a transmittal order, shall include in a corresponding transmittal order at the time it is sent to the next receiving financial institution, the information specified in Section "Data to be shared", if received from the sender.

Batch file transfer

No difference.

Record retention

Five years.

Subject

Details

Status

In force.

Regulation

Normas relativas a la administración y fiscalización de los riesgos relacionados con la legitimación de capitales, el financiamiento del terrorismo y el financiamiento de la proliferación de armas de destrucción masiva, aplicables a los proveedores de servicios de activos virtuales y a las personas y entidades que proporcionen productos y servicios a través de actividades que involucren activos virtuales, en el Sistema Integral de Criptoactivos

Commencement date

July 20, 2021

Threshold

EUR 1,000

VASP Due Diligence

No requirement.

Data to be shared

Originator:

  • a) Full name;
  • b) Account number or virtual wallet (or a unique reference number);
  • c) Address or national identity number or the client's identification number or the date and place of his birth.

Beneficiary:

  • d) Full name;
  • e) Account number or virtual wallet (or a unique reference number).

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Subject

Details

Time and way to share the Information

The required information shall be transmitted immediately and in a secure manner.

The main actions required

1. Both the Regulated Entity ordering the transfer, and the Regulated Entity beneficiary of the same, must keep this required information and both must take the measures to freeze without delay funds and virtual assets that are owned or controlled or that are available, directly or indirectly, or for the benefit of persons and entities designated by the United Nations Security Council Resolutions that urge member states to prevent and suppress the financing of terrorism and the financing of the proliferation of weapons of mass destruction. The UNIF must be informed about the frozen funds and virtual assets, as well as the actions carried out in compliance with said Resolutions.


2. If during the establishment or in the course of the business relationship or when transactions are carried out, the Reporting Entity suspects or has reasonable grounds to suspect that the transactions are related to ML/FT/FPWMD, or there are doubts about the veracity or adequacy of the customer identification data obtained, an attempt should be made to identify and verify the identity of the customer and the final beneficiary, regardless of the threshold designated, and make a Suspicious Activity Report to the UNIF.


Obligations of Intermediary VASP


The intermediary Obligated Subjects that facilitate the transfers of virtual assets as an intermediate element of a chain of transfers, they must accompany the transfer with the information of the originator, the beneficiary and ensure that this required information is transmitted throughout the chain of transfers, and must maintain its record.


This required information from the originator and the beneficiary does not need to be communicated as part (as incorporated) of the transfer in the blockchain or other distributed registry platform, the sending of this required information, to the beneficiary Regulated Entity, can be by a process totally different from the of the chain of blocks and distributed ledger, being that any technology, software solution or tool is acceptable, as long as it allows compliance with this obligation in an effective, immediate and secure manner.


The intermediary Obligated Subjects must identify and report suspicious transactions, take freezing measures and avoid transactions or operations with persons and entities designated by the United Nations Security Council Resolutions that urge Member States to prevent the Financing of Terrorism and of the Proliferation of Weapons of Mass Destruction.

Batch file transfer

No difference.

Record retention

Five years.

Subject

Details

Status

In force.

Regulation

Commencement date

2020

Threshold

  • a) For legal persons: USD 10 000;
  • b) For individuals: USD 5 000.

VASP Due Diligence

No requirement.

Data to be shared

Originator:

  • a) Identity of the originator;
  • b) Account number (or a unique reference number)

Beneficiary:

  • c) Identity of the beneficiary;
  • d) Account number (or a unique reference number)

Domestic vs cross-border transfers

There is a difference.


Domestic: b), d), if this information can be made available by other means, but other data should be provided within three days after request.


Cross border: a), b), c), d).

Self-hosted wallet verification

No requirement.

Subject

Details

Time and way to share the Information

No difference.

The main actions required

  1. A financial service provider undertaking a wire transfer equal to, or above, a prescribed threshold shall-
    • (a) identify and verify the identity of the originator;
    • (b) obtain, maintain and include information from Section "Data to be shared" .
      Despite the requirements above, a financial service provider is not required to verify the identity of a customer with which that financial service provider has an existing business relationship and where the financial service provider is satisfied that it already knows and has verified the true identity of the customer.
  2. A beneficiary financial service provider shall take reasonable measures including, where feasible, post event
  3. monitoring or real time monitoring to identify cross border wire transfers that lack required originator information or required beneficiary information.
  4. A money or value transfer service provider shall, in the case of a money or value transfer service provider that controls both the ordering and the beneficiary side of a wire transfer-
    • (a) take into account all the information from both the ordering and beneficiary sides in order to determine whether the wire transfer has to be reported; and
    • (b) submit a suspicious transaction report in any country affected by the suspicious wire transfer, and make relevant transaction information available to the Centre.
  5. Where a financial service provider receives wire transfers that do not contain the complete originator information required, that financial service provider shall take measures to obtain and verify the missing information from the ordering institution or the beneficiary.
  6. A financial service provider shall, where it fails to obtain any missing information, refuse acceptance of the transfer and report the transfer to the Centre.
  7. Where a financial service provider acts as an intermediary in a chain of payments, it shall retransmit all of the information it received with the wire transfer and any other information that may be necessary to identify the originator and beneficiary.

Batch file transfer

Where several individual cross border wire transfers from a single originator are bundled in a batch file for transmission to beneficiaries, the batch file should contain required and accurate originator information, and full beneficiary information, that is fully traceable within the beneficiary country, and the financial service provider shall include the originator's account number or unique transaction reference number.

Record retention

Ten years.