Jurisdictions

Application of requirements

The Regulation apply to transfers of crypto-assets, including transfers of crypto-assets executed by means of crypto-ATMs, where the crypto-asset service provider, or the intermediary crypto-asset service provider, of either the originator or the beneficiary has its registered office in the Union.

The Regulation is not applied to a transfer of crypto-assets if any of the following conditions is met:

(a) both the originator and the beneficiary are crypto-asset service providers acting on their own behalf;

(b) the transfer constitutes a person-to-person transfer of crypto-assets carried out without the involvement of a crypto-asset service provider.

Crypto-assets that are unique and not fungible are not subject to the requirements of this Regulation unless they are classified as crypto-assets or funds under Regulation (EU) 2023/1114.

Persons that provide only ancillary infrastructure, such as internet network and infrastructure service providers, cloud service providers or software developers, that enables another entity to provide transfer services for crypto-assets, should not fall within the scope of the Regulation unless they perform transfers of crypto-assets.

De minimis threshold* (the amount 1) only above which the transfer of data is required; or 2) below which the transfer of a smaller set of data is required than above it)

No threshold.

Time and way to share the Information

The information referred to in paragraphs 1 and 2 of the Section "Scope of the PII" shall be submitted in advance of, or simultaneously or concurrently with, the transfer of crypto-assets and in a secure manner and in accordance with Regulation (EU) 2016/679 (GDPR).

The information referred to in paragraphs 1 and 2 shall not be required to be attached directly to, or be included in, the transfer of crypto-assets.

Counterparty Due Diligence

The crypto-asset service provider should carry out a due diligence of its counterparty.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) The crypto-asset service provider of the originator shall ensure that transfers of crypto-assets are accompanied by the information on the originator and beneficiary specified in section "Scope of PII".

2) Before transferring crypto-assets, the crypto-asset service provider of the originator shall verify the accuracy of the information about originator on the basis of documents, data or information obtained from a reliable and independent source. Verification shall be deemed to have taken place where one of the following applies:

(a) the identity of the originator has been verified in accordance with Article 13 of Directive (EU) 2015/849 and the information obtained pursuant to that verification has been retained in accordance with Article 40 of that Directive; or

(b) Article 14(5) of Directive (EU) 2015/849 applies to the originator.

3) The crypto-asset service provider of the originator shall not allow for the initiation, or execute any transfer, of crypto-assets before ensuring full compliance with the requirements established in Article 14 of the Regulation.

4) The crypto-asset service provider of the beneficiary shall implement effective procedures, including, where appropriate, monitoring after or during the transfers, in order to detect whether the information on the originator and the beneficiary is included in, or follows, the transfer or batch file transfer of crypto-assets.

5) For procedures in relation to self-hosted address please see section "VA transfer in case unhosted wallets or person other than a VASP"

6) Before making the crypto-assets available to the beneficiary, the crypto-asset service provider of the beneficiary shall verify the accuracy of the information on the beneficiary referred to in paragraph 2 in the Section "Scope of the PII", on the basis of documents, data or information obtained from a reliable and independent source.Verification shall be deemed to have taken place where one of the following applies:

(a) the identity of the beneficiary has been verified in accordance with Article 13 of Directive (EU) 2015/849 and the information obtained pursuant to that verification has been retained in accordance with Article 40 of that Directive; or

(b) Article 14(5) of Directive (EU) 2015/849 applies to the beneficiary.

7) The crypto-asset service provider of the beneficiary shall implement effective risk-based procedures, including procedures based on the risk-sensitive basis, for determining whether to execute or reject a transfer of crypto-assets lacking the required complete originator and beneficiary information and for taking the appropriate follow-up action. The detaild information is specified in Section Procedure for inaccurate, incomplete information.

8) The crypto-asset service provider of the beneficiary shall take into account missing or incomplete information on the originator or the beneficiary when assessing whether a transfer of crypto-assets, or any related transaction, is suspicious and whether it is to be reported to the FIU in accordance with Directive (EU) 2015/849.

9) Crypto-asset service providers shall have in place internal policies, procedures and controls to ensure the implementation of Union and national restrictive measures when performing transfers of funds and crypto-assets under the Regulation. The European Banking Authority (EBA) shall issue particular guidelines [18 months after the date of entry into force of this Regulation] specifying the measures.

10) Personal data shall be processed by crypto-asset service providers on the basis of the Regulation only for the purposes of the prevention of money laundering and terrorist financing and shall not be further processed in a way that is incompatible with those purposes. The processing of personal data on the basis of the Regulation for commercial purposes shall be prohibited. Crypto-asset service providers shall provide new clients with the information required pursuant to Article 13 of Regulation (EU) 2016/679 before establishing a business relationship or carrying out an occasional transaction. That information shall, be provided in a concise, transparent, intelligible and easily accessible form in accordance with Article 12 of Regulation (EU) 2016/679 and shall in particular, include a general notice concerning the legal obligations of payment service providers and crypto-asset service providers under this Regulation when processing personal data for the purposes of the prevention of money laundering and terrorist financing. Crypto-asset service providers shall ensure at all times that the transmission of any personal data on the parties involved in a transfer of funds or a transfer of crypto-assets is conducted in accordance with Regulation (EU) 2016/679.

Scope of the PII

1) Information on the originator:

(a) the name of the originator;

(b) the originator’s distributed ledger address, in cases where a transfer of crypto-assets is registered on a network using DLT or similar technology, and the crypto-asset account number of the originator, where such an account exists and is used to process the transaction; (c) the originator’s crypto-asset account number, in cases where a transfer of crypto-assets is not registered on a network using DLT or similar technology;

(d) the originator’s address, including the name of the country, official personal document number and customer identification number, or, alternatively, the originator's date and place of birth; and

(e) subject to the existence of the necessary field in the relevant message format, and where provided by the originator to its crypto-asset service provider, the current LEI or, in its absence, any other available equivalent official identifier of the originator.

2) Information on the beneficiary:

(a) the name of the beneficiary;

(b) the beneficiary’s distributed ledger address, in cases where a transfer of crypto-assets is registered on a network using DLT or similar technology, and the beneficiary's crypto-asset account number, where such an account exists and is used to process the transaction;

(c) the beneficiary’s crypto-asset account number, in cases where a transfer of crypto-assets is not registered on a network using DLT or similar technology; and

(d) subject to the existence of the necessary field in the relevant message format, and where provided by the originator to its crypto-asset service provider, the current LEI or, in its absence, any other available equivalent official identifier of the beneficiary.

3) By way of derogation from paragraph 1, point (c), and paragraph 2, point (c), in the case of a transfer of crypto-assets not registered on a network using DLT or similar technology and not made to or from a crypto-asset account, the crypto-asset service provider of the originator shall ensure that the transfer of crypto-assets is accompanied by a unique transaction identifier.

Batch file transfer

In the case of a batch file transfer of crypto-assets from a single originator, Article 14(1) (paragraph 1 in the Section "main actions requred") shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information referred to in Article 14(1), (2) and (3) (paragraphs 1,2,3 in the Section "Scope of the PII"), that that information has been verified in accordance with Article 14(6) and (7) (paragraph 2 in the Section "main actions requred"), and that the individual transfers carry the distributed ledger address of the originator, where Article 14(2), point (b), applies, the crypto-asset account number of the originator, where Article 14(2), point (c), applies, or the unique transaction identifier, where Article 14(3) applies.

The presence of differences in domestic and cross-border transfers

Due to the inherent borderless nature and global reach of transfers of crypto- assets and of the provision of crypto-asset services, there are no objective reasons to distinguish the treatment of money laundering and terrorist financing risks of national transfers from that of cross-border transfers. In order to reflect those specific features, no exemption from the scope of this Regulation should be granted to domestic low-value transfers of crypto-assets, in line with the FATF requirement to treat all transfers of crypto-assets as cross-border.

VA transfer in case unhosted wallets or person other than a VASP

‘Self-hosted address’ means a distributed ledger address not linked to either of the following:

(a) a crypto-asset service provider;

(b) an entity not established in the Union and providing services similar to those of a crypto-asset service provider;

In the case of a transfer of crypto-assets made to a self-hosted address, the crypto- asset service provider of the originator shall obtain and hold the information referred to in paragraphs 1 and 2 and shall ensure that the transfer of crypto- assets can be individually identified.

Without prejudice to specific risk mitigating measures taken in accordance with Article 19b of Directive (EU) 2015/849, in the case of a transfer of an amount exceeding EUR 1 000 to a self-hosted address, the crypto-asset service provider of the originator shall take adequate measures to assess whether that address is owned or controlled by the originator.

In the case of a transfer of crypto-assets made from a self-hosted address, the crypto-asset service provider of the beneficiary shall obtain and hold the information referred to in Section "Scope of the PII" and shall ensure that the transfer of crypto-assets can be individually identified.

Without prejudice to specific risk mitigating measures taken in accordance with Article 19b of Directive (EU) 2015/849, in the case of a transfer of an amount exceeding EUR 1 000 from a self-hosted address, the crypto-asset service provider of the beneficiary shall take adequate measures to assess whether that address is owned or controlled by the beneficiary.

Procedure for inaccurate, incomplete information

The crypto-asset service provider of the beneficiary shall implement effective risk- based procedures, including procedures based on the risk-sensitive basis referred to in Article 13 of Directive (EU) 2015/849, for determining whether to execute, reject, return or suspend a transfer of crypto-assets lacking the required complete information on the originator and the beneficiary and for taking the appropriate follow-up action.

Where the crypto-asset service provider of the beneficiary becomes aware that the information about originator or beneficiary is missing or incomplete, that crypto-asset service provider shall, on a risk-sensitive basis and without undue delay:

(a) reject the transfer or return the transferred crypto-assets to the originator’s crypto-asset account; or

(b) request the required information on the originator and the beneficiary before making the crypto-assets available to the beneficiary.

Where a crypto-asset service provider repeatedly fails to provide the required information on the originator or the beneficiary, the crypto-asset service provider of the beneficiary shall:

(a) take steps, which may initially include the issuing of warnings and setting of deadlines, before proceeding to a rejection, restriction or termination in accordance with point (b) if the required information is still not provided ; or

(b) directly reject any future transfers of crypto-assets to or from, or restrict or terminate its business relationship with, that crypto-asset service provider. The crypto-asset service provider of the beneficiary shall report that failure, and the steps taken, to the competent authority responsible for monitoring compliance with anti-money laundering and counter-terrorist financing provisions.

Record retention

Information on the originator and beneficiary shall not be retained for longer than strictly necessary. Crypto-asset service providers of the originator and beneficiary shall retain records of the information on originator and beneficiary, for a period of five years.

Upon expiry of the retention period, crypto-asset service providers shall ensure that the personal data is deleted, unless otherwise provided for by national law which determines under which circumstances crypto-asset service providers may or shall further retain such data.

That further retention period shall not exceed five years.

Notes

‘Transfer of crypto-assets’ means any transaction with the aim of moving crypto- assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same.

Obligations on intermediary crypto-asset service providers

Intermediary crypto-asset service providers shall ensure that all the information received on the originator and the beneficiary that accompanies a transfer of crypto-assets is transmitted with the transfer and that records of such information are retained and made available on request to the competent authorities.

The intermediary crypto-asset service provider shall implement effective procedures, including, where appropriate, monitoring after or during the transfers, in order to detect whether the information on the originator or the beneficiary has been submitted previously, simultaneously or concurrently with the transfer or batch file transfer of crypto- assets, including where the transfer is made to or from a self-hosted address.

The intermediary crypto-asset service provider shall establish effective risk-based procedures, including procedures based on the risk-sensitive basis referred to in Article 13 of Directive (EU) 2015/849, for determining whether to execute, reject, return or suspend a transfer of crypto-assets lacking the required information on the originator and the beneficiary and for taking the appropriate follow up action.

Where the intermediary crypto-asset service provider becomes aware, when receiving transfers of crypto-assets, that the information on the originator or beneficiary is missing or incomplete, that intermediary crypto-asset service provider shall, on a risk-sensitive basis and without undue delay: (a) reject the transfer or return the transferred crypto-assets; or

(b) request the required information on the originator and the beneficiary before making the transmission of the transfer of crypto-assets.

Where the crypto-asset service provider repeatedly fails to provide the required information on the originator or the beneficiary, the intermediary crypto-asset service provider shall:

(a) take steps, which may initially include the issuing of warnings and setting of deadlines, before proceeding to a rejection, restriction or termination in accordance with point (b) if the required information is still not provided; or

(b) directly reject any future transfers of crypto-assets to or from, or restrict or terminate its business relationship with, that crypto-asset service provider. The intermediary crypto-asset service provider shall report that failure, and the steps taken, to the competent authority responsible for monitoring compliance with anti-money laundering and counter-terrorist financing provisions.

The intermediary crypto-asset service provider shall take into account missing information on the originator or the beneficiary as a factor when assessing whether a transfer of crypto- assets, or any related transaction, is suspicious, and whether it is to be reported to the FIU in accordance with Directive (EU) 2015/849.

Application of requirements

The requirement applies in case of performing a transaction of exchange or transfer of virtual currency.

De minimis threshold* (the amount 1) only above which the transfer of data is required; or 2) below which the transfer of a smaller set of data is required than above it)

No threshold.

Time and way to share the Information

The transaction initiator’s VASP transmits the particulars without delay and securely to the recipient’s VASP.

Transmission of the particulars may be arranged together with transmission of the set of payment instructions to the recipient’s virtual currency service provider or to the recipient’s credit or financial institution.

Counterparty Due Diligence

No information

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) Initiator’s VASP ascertains the identity of each customer, and, with respect to the initiator, collects at least the particulars from the Section "Scope of the PII". A provider of virtual currency service also collects, with respect to the virtual currency or to the recipient of the transfer, the particulars specified in Section "Scope of the PII".

2) The transaction initiator’s virtual currency service provider transmits the particulars mentioned in Section "Scope of the PII" of to the recipient’s virtual currency service provider in the way prescribed in particular Section.

3) A provider of virtual currency service must, in accordance with internal procedures established following risk analysis, lay down rules that regulate when virtual currency amounts are to be transferred back to transaction initiator and when they are not to be made available to the transaction recipient.

4) When applying actions from the Section "Scope of the PII" a provider of virtual currency service must, when it recognizes the presence of increased risk and considers whether to notify the FIU of a suspicious transaction following the rules, take into account the completeness and sufficiency of the particulars concerning the transaction initiator and the recipient.

Scope of the PII

About initiator:

1) For a natural person*:

• the person’s name;
• unique identifier of the transaction;
• identifier of the payment account or virtual currency wallet;
• the title and number of the identity document and personal identification code or date and place of birth;
• residential address.

2) For a legal person:

• the person’s name;
• unique identifier of the transaction;
• identifier of the payment account or virtual currency wallet;
• the person’s registry code or, where it does not have one, the relevant identifier in the country of its seat (a combination of numbers or letters equivalent to a registration number);
• the address of the seat.

About recipient:

• transaction’s unique identifier and, where the particulars of the identifier of a payment account or virtual currency wallet are used to perform the transaction, also those particulars.

Batch file transfer

No information.

The presence of differences in domestic and cross-border transfers

Differences not established.

VA transfer in case unhosted wallets or person other than a VASP

Where the recipient’s virtual currency wallet does not have a provider of virtual currency service or the recipient’s provider is unable to receive or process the data, the obligation of data transmition is deemed to be fulfilled if:

• the transaction initiator’s VASP ensures — by using an appropriate technical solution — the monitoring of the transactions in real time and risk analysis in respect of each transaction, and
• provider preserves the particulars by a method that allows them to be produced without delay when a corresponding request is made by a regulatory enforcement, supervisory or oversight or investigative authority.

Procedure for inaccurate, incomplete information

A provider of virtual currency service must, in accordance with internal procedures established following risk analysis, lay down rules that regulate when virtual currency amounts are to be transferred back to transaction initiator and when they are not to be made available to the transaction recipient.

Record retention

A provider of virtual currency service must preserve any documents, copies of documents and particulars related to fulfilment of the Travel rule obligations for five years following termination of the business relationship with the customer.

Notes

*If a person has several first and/or last names, all first and/or last names must be reflected in the data recorded for the transaction. If a person has multiple citizenships, data on all citizenships must be collected.

For more information, refer to this link (Seletuskiri).

Application of requirements

The requirement applies in the case of transfers crypto assets.

Transfer: a transfer of crypto assets or private cryptographic keys within the scope of conducting banking transactions within the meaning of Section 1 (1) sentence 2 of the Banking Act, the provision of financial services within the meaning of Section 1 (1a) sentence 2 of the Banking Act or investment services within the meaning of Section 2 (2) to (4) of the Securities Institutes Act, which is initiated on behalf of a client with the aim of making crypto assets available to a beneficiary, regardless of whether the client and beneficiary are identical and whether the crypto asset service provider of the client and the beneficiary is identical.

De minimis threshold* (the amount 1) only above which the transfer of data is required; or 2) below which the transfer of a smaller set of data is required than above it)

EUR 1,000

When a transaction is below the threshold, a smaller set of data is required.

Time and way to share the Information

The regulation does not express the time to share explicitly.

Counterparty Due Diligence

No information.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) The crypto-asset service provider of the originator shall ensure that transfers of crypto-assets are accompanied by the information on the originator and beneficiary specified in Section "Scope of the PII", taking into account rules for cross-border transfers.

2) Before transferring funds, the CASP of the payer (originator) shall verify the accuracy of the information about the originator on the basis of documents, data or information obtained from a reliable and independent source. Verification shall be deemed to have taken place where:

(a) a payer's identity has been verified in accordance with Article 13 of Directive (EU) 2015/849 and the information obtained pursuant to that verification has been stored in accordance with Article 40 of that Directive; or

(b) Article 14(5) of Directive (EU) 2015/849 applies to the payer. The CASP of the originator shall not execute any transfer of funds before ensuring full compliance with the Article 4 of the EU Regulation 2015/847.

3) The beneficiary’s crypto asset service provider must:

• Implement effective procedures, including, where appropriate, ex-post monitoring or real-time monitoring, in order to detect whether the information on the originator or the beneficiary is missing; (For more details please see Article 7 of the Regulation and the section Procedure for inaccurate, incomplete information)
• establish and implement effective risk-based procedures to assess whether to carry out, reject or suspend a transaction and what follow-up action to take; and
• report suspicious transactions to the competent supervisory authority on certain conditions.

4) In the case of transfers of crypto-assets exceeding EUR 1 000, whether those transfers are carried out in a single transaction or in several transactions which appear to be linked, before making the crypto-assets available to the beneficiary, the crypto-asset service provider of the beneficiary shall verify the accuracy of the information on the beneficiary on the basis of documents, data or information obtained from a reliable and independent source.

- In the case of transfers of crypto-assets not exceeding EUR 1 000 that do not appear to be linked to other transfers of crypto-asset which, together with the transfer in question, exceed EUR 1 000, the crypto-asset service provider of the beneficiary shall only verify the accuracy of the information on the beneficiary in the following cases:

(a) where the crypto-asset service provider of the beneficiary effects the pay-out of the crypto-assets in cash or anonymous electronic money;

(b) where the crypto-asset service provider of the beneficiary has reasonable grounds for suspecting money laundering or terrorist financing. Verification shall also be deemed to have taken place in cases specified in paragraph 2 of this Section.

5) The procedures in relation to unhosted wallets are specified in section "VA transfer in case unhosted wallets or person other than a VASP"

Scope of the PII

1) Information on the payer (originator):

(a) the name;

(b) the account number; and (c) address, official personal document number, customer identification number or date and place of birth.

2) Information on the payee (beneficiary):

(a) the name; and

(b) payment account number.

3) By way of derogation from point (b) of paragraph 1 and point (b) of paragraph 2 above, in the case of a transfer not made from or to a payment account, the CASP of the originator shall ensure that the transfer of funds is accompanied by a unique transaction identifier rather than the payment account number(s).

Batch file transfer

1. In the case of a batch file transfer from a single originator where the CASPs of the beneficiary are established outside the Union, the requirement of the paragraph 1 from the Section "Scope of the PII" (Article 4(1)) shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information referred to in paragraphs (1), (2) and (3) of the Section "Scope of the PII" (Article 4), that that information has been verified in accordance with paragraph 2 of the Section "Actions required" (Article 4(4) and (5)), and that the individual transfers carry the payment account number of the payer (originator) or, where paragraph (3) of the Section "Scope of the PII" applies, the unique transaction identifier.

The presence of differences in domestic and cross-border transfers

By way of derogation from Article 4(1) of the Regulation, and, where applicable, without prejudice to the information required in accordance with Regulation (EU) No 260/2012, where the payment service provider of the payee (beneficiary) is established outside the Union, transfers of funds not exceeding EUR 1,000 that do not appear to be linked to other transfers of funds which, together with the transfer in question, exceed EUR 1 000, shall be accompanied by at least:

(a) the names of the payer and of the payee; and

(b) the payment account numbers of the payer and of the payee or, where Article 4(3) applies (paragraph 3 in the Scope of the PII Section), the unique transaction identifier.

By way of derogation from Article 4(4) of the regulation, the payment service provider of the payer need not verify the information on the payer referred to in this paragraph unless the payment service provider of the payer:

(a) has received the funds to be transferred in cash or in anonymous electronic money; or

(b) has reasonable grounds for suspecting money laundering or terrorist financing.

VA transfer in case unhosted wallets or person other than a VASP

Obligated persons who make a transfer on behalf of the payer without a crypto asset service provider acting on behalf of the beneficiary of that transfer shall identify and assess the risk of misuse for the purposes of money laundering and terrorist financing associated with the transfer and take risk-appropriate measures to manage and mitigate the risks of money laundering and terrorist financing.

Obligated persons who receive a transfer on behalf of the beneficiary without a crypto asset service provider acting on behalf of the party ordering the transfer shall identify and assess the risk of money laundering and terrorist financing abuse associated with the transfer and take risk-appropriate measures to manage and mitigate the risks of money laundering and terrorist financing.

For the purposes of above paragraphs, risk-adequate measures are measures which correspond to the identified money laundering and terrorist financing risk of the transfer and which ensure the traceability of the transfer. In particular, a risk-appropriate measure includes the collection, storage, and verification of the name and address of the beneficiary or the principal for whom no crypto service provider is acting in the transfer and who is not a contractual partner of the obliged party.

Paragraphs 1 to 3 apply accordingly with regard to the beneficial owner, provided that this is not identical to the client (originator) or beneficiary.

Procedure for inaccurate, incomplete information

The crypto-asset service provider of the beneficiary shall implement effective risk-based procedures, including procedures based on the risk-sensitive basis, for determining whether to execute or reject a transfer of crypto-assets lacking the required complete originator and beneficiary information and for taking the appropriate follow-up action.

Where the crypto-asset service provider of the beneficiary becomes aware, when receiving transfers of crypto-assets, that the information is missing or incomplete, the crypto-asset service provider shall reject the transfer or ask for the required information on the originator and the beneficiary before or after making the crypto-assets available to the beneficiary, on a risk-sensitive basis.

Where the crypto-asset service provider repeatedly fails to provide the required information on the payer or the payee, the payment service provider of the payee shall take steps, which may initially include the issuing of warnings and setting of deadlines, before either rejecting any future transfers of funds from that payment service provider, or restricting or terminating its business relationship with that payment service provider.

The crypto-asset service provider of the beneficiary shall report that failure, and the steps taken, to the competent authority responsible for monitoring compliance with anti-money laundering and counter terrorist financing provisions.

Record retention

Information on the originator and the beneficiary shall not be retained for longer than strictly necessary. CASPs of the originator and of the beneficiary shall retain records of the information for a period of five years.

Notes

No additional information.

Application of requirements

In the case of payment orders.

De minimis threshold* (the amount 1) only above which the transfer of data is required; or 2) below which the transfer of a smaller set of data is required than above it)

No threshold.

Time and way to share the Information

AMLO-FINMA does not express the time to share explicitly.

However, FINMA Guidance 02/2019 indicates, that Article 10 AMLO-FINMA requires that information about the client and the beneficiary be transmitted with payment orders*.

Counterparty Due Diligence

No information

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) The originator's financial intermediary shall provide particular data specified in the Section "Scope of the PII", taking into account rules for cross-border and domestic transfers.

2) The financial intermediary shall ensure that the details of the originator are accurate and complete and that the details of the beneficiary are complete as well.

3) The financial intermediary must identify the contracting party (client) if a transaction with a virtual currency or several such transactions that appear to be linked to each other reach or exceed the amount of 1000 francs, provided that these transactions do not constitute transfers of money and value and there is no permanent business relationship associated with these transactions. In the case of cash payments or the acceptance of other anonymous means of payment for the sale or purchase of virtual currencies, it takes technical precautions to avoid exceeding the threshold referred to in paragraph 1 by interconnected transactions within 30 days. It may waive the identification of the contracting party if it has carried out further transactions for the same contracting party and has ensured that the contracting party is the person who has already been identified in the first transaction. It must identify the contracting party in any case if there are suspicions of possible money laundering or terrorist financing.

4) According to FINMA Guidance, the financial intermediary receiving this information then has the opportunity to check the name of the sender against sanction lists.

5) The financial intermediary informs the client in an appropriate manner about the disclosure of his or her details in payment transactions.

6) The financial intermediary of the beneficiary person determines how it proceeds when it receives payment orders that contain incomplete information about the client or the beneficiary. It should be risk-oriented.

7) The procedures in relation to unhosted wallets are specified in section "VA transfer in case unhosted wallets or person other than a VASP"

Scope of the PII

Data about originator:

• Name
• Account number (transaction-related reference number, if no account number is available)
• Address (can be replaced by the date and place of birth, the client number or the national identity number of the client)

Data about beneficiary:

• Name
• Account number (transaction-related reference number, if there is no account number)

Batch file transfer

No information.

The presence of differences in domestic and cross-border transfers

1) In the case of payment orders, the financial intermediary of the client shall provide the name, account number and address of the client as well as the name and account number of the beneficiary. If there is no account number, a transaction-related reference number must be provided. The address of the client can be replaced by the date of birth and place of birth, the customer number or the national identity number of the client.

2) In the case of payment orders within Switzerland, the financial intermediary may limit itself to the indication of the account number or a transaction-related reference number, provided that it can transmit the remaining information about the client to the financial intermediary of the beneficiary and the competent Swiss authorities at its or their request within three working days.

3) In the case of domestic payment orders that serve to pay for goods and services, it may proceed in accordance with paragraph 2 if compliance with paragraph 1 is not possible for technical reasons.

VA transfer in case unhosted wallets or person other than a VASP

Article 10 AMLO-FINMA does not provide for any exception for payments involving unregulated wallet providers.

As long as an institution supervised by FINMA is not able to send and receive the information required in payment transactions, such transactions are only permitted from and to external wallets if these belong to one of the institution’s own customers. Their ownership of the external wallet must be proven using suitable technical means. Transactions between customers of the same institution are permissible. A transfer from or to an external wallet belonging to a third party is only possible if, as for a client relationship, the supervised institution has first verified the identity of the third party, established the identity of the beneficial owner and proven the third party’s ownership of the external wallet using suitable technical means.

If the customer is conducting an exchange (fiat-to-virtual currency, virtual-to- fiat currency, or virtual-to-virtual currency) and an external wallet is involved in the transaction, the customer’s ownership of the external wallet must also be proven using suitable technical means. If such proof is not available, the above rules for payment transactions apply.

Procedure for inaccurate, incomplete information

According to FINMA Guidance, the beneficiary's financial intermediary decide whether it should return the payment in the event of discrepancies.

The beneficiary's financial intermediary shall define how to proceed upon reception of payment orders containing incomplete information of the client (originator) or beneficiary. The financial intermediary shall take a risk-based approach.

Record retention

The retention period is at least 10 years.

Notes

*It is not necessary for the information to be transmitted on the blockchain. Transmission can take place via other communication channels.

Application of requirements

The requirement is applied when performing a virtual currency exchange, transfer or other transactions with virtual currency.

De minimis threshold* (the amount 1) only above which the transfer of data is required; or 2) below which the transfer of a smaller set of data is required than above it)

No information.

It can be assumed, that if the corresponding regulation does not specify the threshold, the rule is applied to all transactions regardless of the amount.

Time and way to share the Information

The instruction to perform the operation should be transmitted together with the information.

Counterparty Due Diligence

No information.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) Initiator's VASP must collect, store and transfer to the operator of the virtual currency exchange of the recipient, the depository virtual currency wallets operator or financial institution the information specified in Section "Scope of the PII".

2) A virtual currency exchange operator or a depository virtual currency wallet operator may not accept a transaction from another virtual currency exchange operator or a depository virtual currency wallet operator, if the latter does not comply with the requirement to transfer the information.

Scope of the PII

1) Information about the initiator of the transaction — a natural person:

• Name(s), surname(s).
• Unique transaction code.
• Payment account or deposit virtual currency wallet identification codes.
• Type of identity document, its number.
• Personal identification number (foreigner's date of birth, if any, personal identification number or other unique sequence of characters assigned to this person to identify the person) and citizenship (if the person is stateless, indicate the country that issued the document confirming the personal identity).
• Residential address.

2) Information about the initiator of the transaction — a legal entity:

• Name.
• Unique transaction code.
• Payment account or deposit virtual currency wallet identification codes.
• The code (if the code is not provided, the registration statement).
• Registered office address.

3) Information about the recipient of the transaction — a natural person:

• Name(s), surname(s).
• Personal code (foreigner's date of birth, if any, personal code or other unique sequence of characters assigned to this person to identify the person).
• Payment account or deposit virtual currency wallet identification codes.

4) Information about the recipient of the transaction — a legal entity:

• Name.
• The code (if the code is provided).
• Identification codes of payment accounts or depository virtual currency wallets.

Batch file transfer

No information.

The presence of differences in domestic and cross-border transfers

Differences not established.

VA transfer in case unhosted wallets or person other than a VASP

No information.

Procedure for inaccurate, incomplete information

A virtual currency exchange operator or a depository virtual currency wallet operator may not accept a transaction from another virtual currency exchange operator or a depository virtual currency wallet operator, if the latter does not comply with the requirement to transfer the information.

Record retention

The retention period is eight years from the date of termination of transactions or business relationships with the customer.

Notes

No additional information.

Application of requirements

The requirement applies in case of virtual asset transfer, that means any material transaction, on behalf of a payer, with a view to making a virtual asset available to a payee, irrespective of whether the payer and the payee are the same person.

De minimis threshold* (the amount 1) only above which the transfer of data is required; or 2) below which the transfer of a smaller set of data is required than above it)

EUR 1,000

Time and way to share the Information

Where a relevant financial business sends a virtual asset transfer to a virtual asset service provider, the relevant financial business must obtain the information specified in the Section "Scope of the PII", and submit it to the virtual asset service provider (a) immediately, and (b) by secure means.

Counterparty Due Diligence

No information.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) The relevant financial business must obtain the information specified in Section "Scope of the PII", and submit it to the virtual asset service provider. Is should apply to a relevant financial business irrespective of whether the relevant financial business and the payer are the same person.

2) Where a relevant financial business receives a virtual asset transfer from a virtual asset service provider, the relevant financial business must ensure that−

(a) it has received the information specified in the Section "Scope of the PII"; and

(b) the information is consistent with its own records in respect of the payee’s name and, where applicable, the payee’s account number.

3) Before a relevant financial business executes a virtual asset transfer received from any person, it must ensure that it has effective risk-based policies and procedures in place for the purposes of−

(a) determining whether any of the information referred to Section "Scope of the PII", as the case may be, is missing, incomplete or, where applicable, inconsistent with the relevant financial business’s own records; and

(b) see section "Procedures for innacurate, incomplete information".

Paragraphs (2) and (3) shall apply to a relevant financial business irrespective of whether the relevant financial business and the payee are the same person.

4) The procedures in relation to unhosted wallets are specified in section "VA transfer in case unhosted wallets or person other than a VASP".

Scope of the PII

Information on payer and payee:

(a) the payee’s name;

(b) the payee’s virtual asset account number;

(c) the payer’s name;

(d) the payer’s virtual asset account number;

(e) where the payee or the payer does not have a virtual asset account number, a unique transaction identifier; and

(f) one of the following:

• the payer’s address;
• the payer’s national identity number;
• the payer’s customer identification number; or
• the payer’s date and place of birth.

Batch file transfer

No information.

The presence of differences in domestic and cross-border transfers

Differences not established.

VA transfer in case unhosted wallets or person other than a VASP

Where a relevant financial business receives a virtual asset transfer from a person other than a virtual asset service provider, the relevant financial business must ensure that it obtains, from the payee:

• the payer’s name;
• one of the following:
• the payer’s address;
• the payer’s national identity number;
• the payer’s customer identification number;
• the payer’s date and place of birth.

Procedure for inaccurate, incomplete information

Where a default is identified (information is missing, incomplete), relevant financial business must:

• determine whether to execute, reject or suspend the virtual asset transfer;
• determine the appropriate follow-up action.

Record retention

A relevant financial business must keep the records for the period of five years.

Notes

No additional information.

Application of requirements

The obligation applies in respect of a crypto-asset transfer which is not excluded by the law:

• This does not apply in respect of a transfer of funds within the meaning of Article 3.9 of the funds transfer regulation.
• This does not apply to a crypto-asset transfer where both the originator and the beneficiary is a crypto-asset business acting on its own behalf.

De minimis threshold* (the amount 1) only above which the transfer of data is required; or 2) below which the transfer of a smaller set of data is required than above it)

No threshold.

However, a larger amount of data must be transferred for a transaction exceeding EUR 1,000 for international transfers.

Time and way to share the Information

Under the JMLSG Guide, the provision of the required information must occur before or at the moment the transaction is completed.

Counterparty Due Diligence

According to FCA Expectations, the firm is expected to take all reasonable steps and exercise all due diligence to comply with the Travel Rule.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) In respect of an inter-cryptoasset business transfer, the cryptoasset business of the originator must ensure that the cryptoasset transfer is accompanied by the information specified in paragraph (1) and paragraph (2) of the Section "Scope of the PII", depending on the type of transfer (domestic or international).

2) Information relating to the originator must have been verified by the cryptoasset business of the originator on the basis of documents or information in either case obtained from a reliable source which is independent of the person whose identity is being verified. A cryptoasset business of an originator must not make an inter-cryptoasset business transfer before ensuring full compliance with the regulation.

3) When a cryptoasset business of a beneficiary receives a cryptoasset as part of an inter-cryptoasset business transfer it must, before making the cryptoasset available to the beneficiary, check whether— (a) it has received the information required by regulation to be provided; and (b) the information relating to the beneficiary corresponds with information verified by it under Part 3 of the law (customer due diligence).

4) The CB of the originator may consider executing the transfer after the CB of the beneficiary has checked that the beneficiary information corresponds with verification of its CDD, if it does not unduly impact time required to complete the transaction, is in line with its procedures, and in keeping with a risk-based approach.

5) Where the cryptoasset business of the beneficiary becomes aware that any information required by regulation to be provided is missing or does not correspond with information verified by it under Part 3, the cryptoasset business of the beneficiary must— (a) request the cryptoasset business of the originator to provide the missing information; (b) consider whether to make enquiries as to any discrepancy between information received and information verified by it under Part 3; and (c) consider whether to apply action from the Section "Procedure for inaccurate, incomplete information".

6) Recipient CBs should ensure that they have taken all reasonable steps to determine the jurisdiction of the originator CBs, especially where the CB may have group entities trading under similar names in other or multiple jurisdictions.

7) Under the JMLSG Guide, Crypto businesses (CBs) should adopt a risk-based approach in attributing wallets. All reasonable steps should be taken to identify the counterparty and whether a wallet is hosted or unhosted. Steps taken should also be proportionate to the size and nature of the business and could include, but are not limited to, the following:

• Blockchain analysis where appropriate (see para 40);
• Query the wallet address using discoverability methods provided by the TR solution being used by the CB;
• Consult the CB’s own address book;
• Obtain information on the wallet status and/or identity of the CB from the beneficiary. The procedures in relation to unhosted wallets are specified in section "VA transfer in case unhosted wallets or person other than a VASP". CBs should consider rescreening wallets as part of their ongoing and wider compliance systems and controls.

8) The cryptoasset business of a beneficiary must report to the FCA repeated failure by a cryptoasset business to provide any information required by regulation as well as any steps the cryptoasset business of the beneficiary has taken in respect of such failures.

9) A cryptoasset business must respond fully and without delay to a request in writing from a law enforcement authority for any information held in connection with this requirement which that authority reasonably requires in connection with the authority’s functions.

10) A CB should note its obligations in terms of the MLRs (Reg 41) and the Data Protection Act 2018.

11) Under the FCA recommendations, when sending a cryptoasset transfer to a jurisdiction without the Travel Rule, CBs have to:

• Take all reasonable steps to establish whether the firm can receive the required information.
• If the firm cannot receive the necessary information, the UK cryptoasset business must still collect and verify the information as required by the Money Laundering Regulations (MLRs) and should store that information before making the cryptoasset transfer.

When receiving a cryptoasset transfer from a jurisdiction without the Travel Rule:

• If the cryptoasset transfer has missing or incomplete information, UK cryptoasset businesses must consider the countries in which the firm operates and the status of the Travel Rule in those countries.
• The UK cryptoasset business should take these factors into account when making a risk-based assessment of whether to make the cryptoassets available to the beneficiary.

Scope of the PII

(1) The information specified in this paragraph is:

(a) the name of the originator and the beneficiary;

(b) if the originator or beneficiary is a firm, the registered name of the originator or beneficiary (as the case may be), or if there is no registered name, the trading name;

(c) the account number of the originator and the beneficiary, or if there is no account number, the unique transaction identifier.

(2) The information specified in this paragraph is:

(a) if the originator is a firm —

• the customer identification number; or
• the address of the originator’s registered office, or, if different, or if there is none, its principal place of business;

(b) if the originator is an individual, one of the following —

• the customer identification number;
• the individual’s address;
• the individual’s birth certificate number, passport number or national identity card number;
• the individual’s date and place of birth.

Batch file transfer

In the case of a batch file transfer where the cryptoasset business of the beneficiary is carrying on business wholly outside the United Kingdom, paragraphs (1) from the Section "Scope of the PII" and (2) from the Section "the presence of differences in domestic and cross-border transfers" do not apply to each of the individual business transfers, provided that—

(a)the batch is accompanied by the information required by paragraphs (1) and (2) from the Section "scope of the PII"; and

(b)each individual transfer within the batch is accompanied by the account number of the originator, or if there is no account number, the unique transaction identifier.

Under the JMLSG Guide, where the crypto business (CB) of the beneficiary is carrying on business wholly outside the UK (ie. it is not in scope of the MLRs Regs 8 and 9) information on the batch must be submitted securely and simultaneously with the transfer. A batch file transfer is a bundle of individual inter-cryptoasset business transfers from a single originator. The TR applies to each of the underlying transfers forming the bundle. The information must be verified by the CB of the originator on the basis of reliability and independence.

The presence of differences in domestic and cross-border transfers

1) For domestic transfer, the crypto-asset business of the originator must provide the information specified in paragraph (2) from the Section ""Scope of the PII"" in addition to information specified in paragraph (1) upon request of the crypto-asset business of a beneficiary within three working days.

2) For international transfer, the crypto-asset business of the originator must ensure that the inter-cryptoasset business transfer is also accompanied by the information specified in paragraph (2) of the Section "Scope of the PII" where the transfer is equal to or exceeds the equivalent in crypto-assets of 1,000 euros in value.

VA transfer in case unhosted wallets or person other than a VASP

A crypto-asset business involved in an unhosted wallet transfer may request from its customer (whether the originator or the beneficiary):

(a) such information specified in paragraph (1) from the Section "Scope of the PII" as it does not already hold; and

(b) where the unhosted wallet transfer is equal to or exceeds the equivalent in crypto assets of 1,000 euros in value (taken together with any other crypto-asset transfer which appears to be linked), and where its customer is the beneficiary, the information specified in paragraph (2) from the Section "Scope of the PII" in respect of the originator.

In determining whether to request information from its customer, the cryptoasset business must have regard to:

(a) the risk assessments carried out by the crypto-asset business under regulations 18(1) and 18A(1); and

(b) its assessment of the level of risk of money laundering, terrorist financing and proliferation financing arising from the unhosted wallet transfer.

In assessing the level of risk, a crypto-asset business must take account of factors including:

(a) the purpose and nature of:

• the business relationship with its customer (whether beneficiary or originator); and
• the unhosted wallet transfer;

(b) the value of the unhosted wallet transfer and any crypto-asset transfer which appears to be linked;

(c) the frequency of crypto-asset transfers made by or to the customer (whether beneficiary or originator) via the crypto-asset business; and

(d)the duration of the business relationship with its customer.

In the event that the crypto-asset business involved in an unhosted wallet transfer does not receive information requested it must not make the crypto asset available to the beneficiary.

Procedure for inaccurate, incomplete information

Where the crypto-asset business of the beneficiary becomes aware that any information required by regulation to be provided is missing or does not correspond with information verified by it under Part 3 (customer due diligence), the crypto-asset business of the beneficiary must consider whether:

• to delay making the crypto asset available to the beneficiary until the information is received or any discrepancy resolved; and
• if the information is not received or discrepancy resolved within a reasonable time, to return the crypto asset to the crypto-asset business of the originator.

In deciding what action to take the crypto-asset business must have regard to:

(a) the risk assessments carried out by the crypto-asset business under regulations 18(1) (risk assessment by relevant persons) and 18A(1) (risk assessment by relevant persons in relation to proliferation financing); and

(b) its assessment of the level of risk of money laundering, terrorist financing and proliferation financing arising from the inter-cryptoasset business transfer.

In assessing the level of risk, the crypto-asset business must take account of factors including:

(a) the purpose and nature of its business relationship with the beneficiary and of the inter-cryptoasset business transfer;

(b) the value of the inter-cryptoasset business transfer and any crypto-asset transfer which appears to be linked;

(c) the frequency of crypto-asset transfers made by or to the beneficiary via the crypto-asset business of the beneficiary; and

(d) the duration of its business relationship with the beneficiary.

The crypto-asset business of a beneficiary must report to the FCA repeated failure by a crypto-asset business to provide any information required as well as any steps the crypto-asset business of the beneficiary has taken in respect of such failures.

Record retention

Retention period is 5 years (according to AML act).

Notes

“Inter-cryptoasset business transfer” means a transaction carried out by two or more cryptoasset businesses which involves the making available of a cryptoasset of an originator to a beneficiary, provided that at least one of the cryptoasset businesses involved in the transaction is carrying on business in the United Kingdom in respect of the transaction (whether that is a cryptoasset business acting for the originator or a cryptoasset business acting for the beneficiary or an intermediary cryptoasset business).

Rules for intermediaries:

1) Missing information

When an intermediary cryptoasset business receives a cryptoasset as part of an inter-cryptoasset business transfer it must, before further transferring the cryptoasset, check whether it has received the information required by regulation to be provided.

Where an intermediary cryptoasset business becomes aware that any information required by regulation to be provided is missing, the intermediary cryptoasset business must:

(a) request the cryptoasset business from which it received the transfer to provide the missing information; and

(b) consider whether—

• to delay the onward transfer of the cryptoasset until the information is received; and
• if the information is not received within a reasonable time, to return the cryptoasset to the cryptoasset business from which it was received.

In deciding what action to take an intermediary cryptoasset business must have regard to the risk assessments carried out by the intermediary cryptoasset business and its assessment of the level of risk of money laundering, terrorist financing and proliferation financing arising from the inter-cryptoasset business transfer.

In assessing the level of risk the intermediary cryptoasset business must take account of factors including: (a) the purpose and nature of the business relationship with its customer cryptoasset business, and of the inter-cryptoasset business transfer; and

(b) the value of the inter-cryptoasset business transfer and any cryptoasset transfer which appears to be linked.

An intermediary cryptoasset business must report to the FCA repeated failure by a cryptoasset business to provide any information required by regulation as well as any steps the intermediary cryptoasset business has taken in respect of such failures.

2) Retention of information with an inter-cryptoasset business transfer

An intermediary cryptoasset business must—

(a) ensure that all the information that is provided in relation to an inter-cryptoasset business transfer pursuant to regulation, including any that is requested to be provided before the transfer is made under the previous rule (regulation 64E(2)(a)), also accompanies the onward transfer (whether to another intermediary cryptoasset business or to the cryptoasset business of the beneficiary); and

(b) send on to the relevant cryptoasset business, as soon as practicable, any information requested under the previous rule (under regulation 64E(2)(a)) which is received after it has transferred the cryptoasset to the relevant cryptoasset business.

Application of requirements

The requirements apply to TT transfers, regardless of whether the TT service providers involved in the TT transfer are registered as such or not.

"TT transfer" is all disposals of a virtual currency or a token within the meaning of Art. 6 of the Token and TT Service Provider Act from one TT Service Provider to another TT Service Provider.

De minimis threshold* (the amount 1) only above which the transfer of data is required; or 2) below which the transfer of a smaller set of data is required than above it)

CHF 1

Time and way to share the Information

The exchange of information must take place in a secure manner before the completion of the TT transfer.

Counterparty Due Diligence

Before concluding a TT transfer, the TT service provider must determine whether the respective counterparty is a TT service provider.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

For more detailed information, see the FMA Instruction.

1) In the case of TT transfers, the ordering TT service provider must collect the nformation from the Section "Scope of the PII" and transmit it to the beneficiary TT service provider.

2) Before concluding a TT transfer, the ordering TT service provider must check whether the information to be transmitted is correct, complete and suitable. The information on the beneficiary does not have to be verified.

3) The client TT service provider is also responsible for sanctions screening for both the client information and for the beneficiary information. In addition to the TT account, the name of the client/beneficiary must also be compared.

4) The beneficiary TT Service Provider must obtain and verify the information on the beneficiary and provide sanction screening for both the ordering party and the beneficiary information. In addition to the TT account, a name comparison must also be carried out. The sanctions screening must be carried out before the conclusion of the TT transfer.

5) After the information has been transmitted, the benefiting TT Service Provider must check the relevant information for completeness. Furthermore, the plausibility check must also include an analysis of the correctness and meaningfulness of the data.

6) The benefiting TT Service Provider must establish procedures for inaccurate, incomplete information, information submitted late, and for measures with regard to repeatedly defaulting TT service providers.

7) The procedures in relation to unhosted wallets are specified in section "VA transfer in case unhosted wallets or person other than a VASP".

Scope of the PII

Information on client (originator):

• the name (first and last name/company name) of the TT client;
• the designation or number of the TT account (e.g. the TT identifier) of the TT client; and
• the address, the number of a valid official ID, the customer number or the date and place of birth of the TT client.

Information on beneficiary:

• the name (first and last name/company name) of the TT beneficiary;
• the designation or number of the TT account (e.g. the TT identifier) of the TT beneficiary;

If a TT transfer does not take place from or to a TT account, instead of the information above collect and transmit the individual transaction code.

Batch file transfer

No information.

The presence of differences in domestic and cross-border transfers

TT transfers are always considered cross-border.

VA transfer in case unhosted wallets or person other than a VASP

If a TT transfer is not subject to the "Travel Rule" because the counterparty is not a TT service provider or a foreign equivalent, increased due diligence requirements apply to this transaction. Those subject to due diligence must therefore implement appropriate risk reduction procedures and strategies. Means of risk reduction can be, for example, obtaining and checking third-party documents, which can be used to check the purpose and volume of the transfer, or a "proof of ownership" in the case of transfer to or from an "unhosted/private wallet" of the Customers. In addition, such transactions must be analyzed using a blockchain tracking tool.

Sunrise problems: The domestic TT service provider must proceed as follows, based on risk:

First and foremost, an attempt should be made to carry out an exchange of information. If this should be rejected by the other party, this must be documented. A corresponding risk assessment must then be carried out. If the counterparty is domiciled in countries that generally have a high ML/TF risk, appropriate measures must be taken to reduce the transfer risk.

For more detailed information, see the FMA Instruction.

Procedure for inaccurate, incomplete information

The beneficiary TT Service Provider sets up effective, risk-based procedures with the help of which it can be determined whether a TT Transfer is to be rejected or suspended due to information that is not transmitted, not in accordance with the regulations, is incomplete or delayed, and which further measures are to be taken are to be met.

If the beneficiary TT Service Provider establishes that information was not transmitted, not in accordance with the regulations, incomplete or late, it must reject the TT transfer order on a risk-oriented basis or provide the prescribed information, setting a deadline of request three days. A TT transfer may only be completed once the requested data has been transmitted and made available to the TT beneficiary.

If an ordering TT Service Provider repeatedly fails to provide the required information, the beneficiary TT Service Provider can reject all future TT transfer orders from the ordering TT Service Provider or restrict the business relationship with it after a reminder has been issued and a deadline has been set or quit.

For more detailed information, see the FMA Instruction.

Record retention

Retention period — 10 years (according to AML law).

Notes

No additional information.

Application of requirements

According to the FMA Circular, the transfer of funds regulation (Regulation (EU) 2015/847) also applies to the transfer of virtual currencies.

De minimis threshold* (the amount 1) only above which the transfer of data is required; or 2) below which the transfer of a smaller set of data is required than above it)

EUR 1,000

When a transaction is below the threshold, a smaller set of data is required.

Time and way to share the Information

The regulation does not express the time to share explicitly.

FMA specifies that during the registration, VASPs should provide a description of the internal control system and the planned strategies and procedures in order to meet the requirements set out in the and Regulation (EU) 2015/847 (“Transfer of Funds Regulation”) as well as the requirements in FATF Recommendation 16 (“travel rule”).

According to the Recommendation 16, information should be summitted immediately and in secure manner.

Counterparty Due Diligence

Concerning counterparty due diligence, there is no explicit information in the EU Directive. As for FATF Guidance, the counterparty due diligence is required.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) The crypto-asset service provider of the originator shall ensure that transfers of crypto-assets are accompanied by the information on the originator and beneficiary specified in Section "Scope of the PII", taking into account rules for cross-border transfers and transfers within the Union.

2) Before transferring funds, the VASP of the payer (originator) shall verify the accuracy of the information about the originator on the basis of documents, data or information obtained from a reliable and independent source. Verification shall be deemed to have taken place where:

(a) a payer's identity has been verified in accordance with Article 13 of Directive (EU) 2015/849 and the information obtained pursuant to that verification has been stored in accordance with Article 40 of that Directive; or

(b) Article 14(5) of Directive (EU) 2015/849 applies to the payer. The VASP of the originator shall not execute any transfer of funds before ensuring full compliance with the Article 4 of the EU Regulation 2015/847.

3) The beneficiary’s crypto asset service provider must:

• Implement effective procedures, including, where appropriate, ex-post monitoring or real-time monitoring, in order to detect whether the information on the originator or the beneficiary is missing; (For more details please see Article 7 of the Regulation and the section Procedure for inaccurate, incomplete information)
• establish and implement effective risk-based procedures to assess whether to carry out, reject or suspend a transaction and what follow-up action to take; and
• report suspicious transactions to the competent supervisory authority on certain conditions.

4) In the case of transfers of crypto-assets exceeding EUR 1 000, whether those transfers are carried out in a single transaction or in several transactions which appear to be linked, before making the crypto-assets available to the beneficiary, the crypto-asset service provider of the beneficiary shall verify the accuracy of the information on the beneficiary on the basis of documents, data or information obtained from a reliable and independent source.

- In the case of transfers of crypto-assets not exceeding EUR 1 000 that do not appear to be linked to other transfers of crypto-asset which, together with the transfer in question, exceed EUR 1 000, the crypto-asset service provider of the beneficiary shall only verify the accuracy of the information on the beneficiary in the following cases:

(a) where the crypto-asset service provider of the beneficiary effects the pay-out of the crypto-assets in cash or anonymous electronic money;

(b) where the crypto-asset service provider of the beneficiary has reasonable grounds for suspecting money laundering or terrorist financing.

Verification shall also be deemed to have taken place in cases specified in paragraph 2 of this Section.

5) The procedures in relation to unhosted wallets are specified in section "VA transfer in case unhosted wallets or person other than a VASP".

Scope of the PII

According to EU Regulation:

1) Information on the payer (originator):

(a) the name;

(b) the account number; and

(c) address, official personal document number, customer identification number or date and place of birth.

2) Information on the payee (beneficiary):

(a) the name; and

(b) payment account number.

3) By way of derogation from point (b) of paragraph 1 and point (b) of paragraph 2, in the case of a transfer not made from or to a payment account, the payment service provider of the payer shall ensure that the transfer of funds is accompanied by a unique transaction identifier rather than the payment account number(s).

Batch file transfer

In the case of a batch file transfer from a single originator where the VASPs of the beneficiary are established outside the Union, the requirement of the paragraph 1 from the Section "Scope of the PII" (Article 4(1)) shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information referred to in paragraphs (1), (2) and (3) of the Section "Scope of the PII" (Article 4), that that information has been verified in accordance with paragraph 2 of the Section "Actions required" (Article 4(4) and (5)), and that the individual transfers carry the payment account number of the payer (originator) or, where paragraph (3) of the Section "Scope of the PII" applies, the unique transaction identifier.

The presence of differences in domestic and cross-border transfers

According to FATF, all VA transfers should be treated as cross-border wire transfers.

According to the EU Regulation:

Transfer within the Union:

1) By way of derogation from paragraphs (1) and (2) of the Section "Scope of the PII", where all VASPs involved in the payment chain are established in the Union, transfers of VA shall be accompanied by at least the payment account number of both the payer (originator) and the payee (beneficiary) or, where parahraph (3) of the Section "Scope of the PII" applies, the unique transaction identifier, without prejudice to the information requirements laid down in Regulation (EU) No 260/2012, where applicable.

2) Notwithstanding paragraph 1, the VASP of the payer (originator) shall, within three working days of receiving a request for information from the VASP of the payee (beneficiary) or from the intermediary crypto asset service provider, make available the following:

(a) for transfers of VA exceeding EUR 1 000 , whether those transfers are carried out in a single transaction or in several transactions which appear to be linked, the information on the payer (originator) or the payee (beneficiary) in accordance with the Section "Scope of the PII";

(b) for transfers of VA not exceeding EUR 1 000 that do not appear to be linked to other transfers of funds which, together with the transfer in question, exceed EUR 1 000 , at least:

(i) the names of the payer (originator) and of the payee (beneficiary); and

(ii) the payment account numbers of the payer (originator) and of the payee (beneficiary) or, where paragraph (3) of the Section "Scope of the PII" applies applies, the unique transaction identifier.

3) In the case of transfers of VA referred to in paragraph 2(b) above, the VASP of the payer (originator) need not verify the information on the payer unless the payment service provider of the payer:

(a) has received the funds to be transferred in cash or in anonymous electronic money; or

(b) has reasonable grounds for suspecting money laundering or terrorist financing.

Transfers to outside the Union

By way of derogation from paragraph 1 from the Section "scope of the PII" (Article 4(1)), and, where applicable, without prejudice to the information required in accordance with Regulation (EU) No 260/2012, where the VASP of the originator is established outside the Union, transfers of funds not exceeding EUR 1 000 that do not appear to be linked to other transfers of funds which, together with the transfer in question, exceed EUR 1 000 , shall be accompanied by at least:

(a) the names of the originator and of the beneficiary; and

(b) the payment account numbers of the originator and of the beneficiary or, where paragraph (3) of the Section "Scope of the PII" applies, the unique transaction identifier.

By way of derogation from paragraph 2 from the Section "Actions required" (Article 4(4)), the VASP of the originator need not verify the information on the beneficiary unless the VASP of the originator:

(a) has received the funds to be transferred in cash or in anonymous electronic money; or

(b) has reasonable grounds for suspecting money laundering or terrorist financing.

VA transfer in case unhosted wallets or person other than a VASP

There is no information in EU Regulation.

According to FATF Guidelines (2021), VASPs and obliged entities may undertake transfers to non-obliged entities (i.e., unhosted wallets). In such circumstances, a VASP should obtain the required originator and beneficiary information from their customer. Such transfers would fall within scope of the VASP’s broader AML/CFT obligations, such as transaction monitoring and targeted financial sanctions compliance.

Therefore, VASPs should collect data on their unhosted wallet transfers, and monitor and assess that information as necessary to determine to what extent a transaction is within their risk appetite, and the appropriate risk-based controls to apply to such a transaction/individual customer, and to meet STR obligations. Similar logic would apply in considering the risks posed by VASPs that are not yet licensed/registered and supervised for AML/CFT purposes, as they are based in a jurisdiction that has not yet implemented the FATF Standards for VAs/VASPs.

A VASP may choose to impose additional limitations, controls, or prohibitions on transactions with unhosted wallets in line with their risk analysis. Potential measures include:

(a) enhancing existing risk-based control framework to account for specific risks posed by transactions with unhosted wallets (e.g., accounting for specific users, patterns of observed conduct, local and regional risks, and information from regulators and law enforcement); and

(b) studying the feasibility of accepting transactions only from/to VASPs and other obliged entities, and/or unhosted wallets that the VASP has assessed to be reliable.

Procedure for inaccurate, incomplete information

The VASP of the beneficiary shall implement effective risk-based procedures, including procedures based on the risk-sensitive basis, for determining whether to execute or reject a transfer of crypto-assets lacking the required complete originator and beneficiary information and for taking the appropriate follow-up action.

Where the VASP of the beneficiary becomes aware, when receiving transfers of crypto-assets, that the information is missing or incomplete, the crypto-asset service provider shall reject the transfer or ask for the required information on the originator and the beneficiary before or after making the crypto-assets available to the beneficiary, on a risk-sensitive basis.

Where the VASP repeatedly fails to provide the required information on the payer or the payee, the payment service provider of the payee shall take steps, which may initially include the issuing of warnings and setting of deadlines, before either rejecting any future transfers of funds from that payment service provider, or restricting or terminating its business relationship with that payment service provider.

The VASP of the beneficiary shall report that failure, and the steps taken, to the competent authority responsible for monitoring compliance with anti-money laundering and counter terrorist financing provisions.

Record retention

Retention period — 10 years (according to AML Act).

Notes

Rules for intermediaries:

Intermediary VASPs shall ensure that all the information received on the payer (originator) and the payee (beneficiary) that accompanies a transfer of funds is retained with the transfer.

Detection of missing information on the payer (originator) or the payee (beneficiary)

1) The intermediary VASP shall implement effective procedures to detect whether the fields relating to the information on the payer (originator) and the payee (beneficiary) in the messaging or payment and settlement system used to effect the transfer of funds have been filled in using characters or inputs admissible in accordance with the conventions of that system.

2) The intermediary VASP shall implement effective procedures, including, where appropriate, ex-post monitoring or real-time monitoring, in order to detect whether the following information on the payer (originator) or the payee (beneficiary) is missing:

(a) for transfers of VA where the VASP of the payer (originator) and the payee (beneficiary) are established in the Union;

(b) for transfers of VA where the VASP of the payer (originator) and the payee (beneficiary) is established outside the Union;

(c) for batch file transfers where the VASP of the payer (originator) and the payee (beneficiary) is established outside the Union.

Transfers of VA with missing information on the payer(originator) and the payee (beneficiary)

1) The intermediary VASP shall establish effective risk-based procedures for determining whether to execute, reject or suspend a transfer of funds lacking the required payer (originator) and the payee (beneficiary) information and for taking the appropriate follow up action.

Where the intermediary VASP becomes aware, when receiving transfers of VA, that the information required is missing or has not been filled in using characters or inputs admissible in accordance with the conventions of the messaging or payment and settlement system it shall reject the transfer or ask for the required information on the payer (originator) and the payee (beneficiary) before or after the transmission of the transfer of VA, on a risk-sensitive basis.

2) Where a VASP repeatedly fails to provide the required information on the payer (originator) and the payee (beneficiary), the intermediary VASP shall take steps, which may initially include the issuing of warnings and setting of deadlines, before either rejecting any future transfers of funds from that payment service provider, or restricting or terminating its business relationship with that VASP. The intermediary VASP shall report that failure, and the steps taken, to the competent authority responsible for monitoring compliance with anti-money laundering and counter terrorist financing provisions.

The intermediary VASP shall take into account missing information on the payer (originator) and the payee (beneficiary) as a factor when assessing whether a transfer of funds, or any related transaction, is suspicious, and whether it is to be reported to the FIU in accordance with Directive (EU) 2015/849.

Application of requirements

Entities that carry out activities with virtual assets should comply with the Travel Rule provisions regarding transfers of virtual assets that, regardless of the respective value, they send/receive on behalf of a customer.

De minimis threshold* (the amount 1) only above which the transfer of data is required; or 2) below which the transfer of a smaller set of data is required than above it)

No threshold.

Time and way to share the Information

The information does not have to be directly attached or included in the transfer of virtual assets, as long as it is submitted, through secure channels, before or simultaneously with the execution of the transfer.

Counterparty Due Diligence

Entities that carry out activities with virtual assets should conduct counterparty due diligence (the details are specified in Article 41 of the Notice).

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) Entities carrying out activities with VA ensure that the transfers of VA they send are accompanied by the information specified in section "Sope of the PII".

2) Before carrying out the transfer of virtual assets, the entity verifies the accuracy of the information relating to the originator referred to in subparagraph a) of the section "Scope of the PII", based on documents or information obtained from sources of information considered reputable , credible and sufficient.

3) Entities carrying out activities with virtual assets refuse to initiate or execute any transfer of virtual assets before ensuring full compliance with the Article 37 of the Notice (Transfer of VA).

4) Beneficiary VASPs apply effective procedures, including, whenever appropriate, real-time or ex post monitoring of transfers, to detect whether the information on the originator and beneficiary are included in, or accompany, the transfer of virtual assets or the transfer of virtual assets in batches.

5) Before making the virtual assets available to the beneficiary, the beneficiary VASPs verify the accuracy of the information regarding the beneficiary based on documents or information obtained from sources of information considered suitable, credible and sufficient.

6) Beneficiary VASPs implement effective risk-based procedures, under the terms of the Law and this Notice, to determine when they execute, reject or suspend a transfer of virtual assets that is not accompanied by the complete information required about the originator and beneficiary and to take appropriate follow-up measures.

7) The procedures in relation to unhosted wallets are specified in section "VA transfer in case unhosted wallets or person other than a VASP".

Scope of the PII

a) With regard to the originator:

(i) Full name;

(ii) In the case of transfers of virtual assets recorded on a network using a distributed ledger technology or a similar technology, the address or addresses of the distributed ledger and, where it exists and is used to process the transfer, the internal number of customer portfolio identification;

(iii) In the case of transfers of virtual assets not registered on a network using distributed registration technologies or similar, the portfolio's internal identification number or, if not available, the unique transaction identifier;

(iv) Full address of residence, official identification document number and customer identification number or, alternatively, date and place of birth.

b) Regarding the beneficiary:

(i) Full name;

(ii) In the case of transfers of virtual assets registered on a network on a network using distributed ledger technology or a similar technology, the address or addresses of the distributed ledger and, where it exists and is used to process the transfer, the internal number of identification of the portfolio with the entity that carries out activities with virtual assets or the entity of an equivalent nature that receives the transfer on behalf of the beneficiary;

(iii) In the case of transfers of virtual assets not registered on a network using distributed ledger technology or a similar technology, the internal identification number of the portfolio with the entity carrying out activities with virtual assets or the entity of an equivalent nature that receives the transfer on behalf of the beneficiary or, if not available, the unique transaction identifier.

Batch file transfer

In the case of transfers of virtual assets in batches from a single payer, the provisions of the Article 37 of the Notice (Transfer of VA) are not applicable to individual transfers grouped in that batch, provided that, cumulatively:

a) The respective file contains the information referred to in Section "Scope of the PII";

b) The information referred to in the previous paragraph has been verified; and

c) Individual transfers contain the information referred to in subparagraph iii) of subparagraph a) and subparagraph iii) of subparagraph b) in the Section "Scope of the PII".

The presence of differences in domestic and cross-border transfers

No information.

VA transfer in case unhosted wallets or person other than a VASP

In the case of transfers of virtual assets from or to self-hosted addresses, entities carrying out activities with virtual assets:

a) Obtain and retain information about the originator and beneficiary, in terms that ensure that the transfer of virtual assets can be individually identified ;

b) Adopt reinforced identification and due diligence measures appropriate to the degree of increased risk associated with the operation.

Without prejudice to the adoption of other measures that prove appropriate to mitigate the identified risks, in relation to transfers of virtual assets that the entity send or receive on behalf of a customer (payer or beneficiary, respectively) in an amount greater than € 1,000, entities that carry out activities with virtual assets adopt measures that, depending on the concretely identified risk, ensure that the self-hosted address is held by the customer, whenever the same declares to be the originator or beneficiary, as the case may be, of the transaction.

Procedure for inaccurate, incomplete information

Beneficiary VASPs implement effective risk-based procedures, under the terms of the Law and this Notice, to determine when they execute, reject or suspend a transfer of virtual assets that is not accompanied by the complete information required about the originator and beneficiary and to take appropriate follow-up measures.

When applying the risk-based procedures referred to in the previous number, the entities carrying out activities with virtual assets take into account the procedures adopted in compliance with the provisions of article 28 of the Law and article 27 of this present Notice.

If they are aware, at the time of receiving transfers of virtual assets, that the information on the originator or beneficiary referred to in subparagraphs a) and b) of the section "Scope of the PII" is missing or incomplete, the beneficiary VASPs, depending on the concretely identified risk and without undue delay:

a) Reject the transfer or return the transferred virtual assets to the distributed registration address; or

b) Request the originating VASP or entity of an equivalent nature for the required missing information about the originator or beneficiary before making the virtual assets available to the beneficiary.

The VASPs consider the omission or incompleteness of the required information about the originator or beneficiary as a factor to be taken into account:

a) For the application of enhanced identification and due diligence measures to the business relationship, occasional transaction or operation, under the terms of the Law and the Notice;

b) Within the framework of the examination duty provided for in article 52 of the Law and in article 46 of the Notice, in order to assess the potentially suspicious nature of the transfer of virtual assets, or any related transaction, for the purpose of complying with the duty of communication foreseen in articles 43 and 44 of the Law.

Whenever, they identify originating VASPs or entities of an equivalent nature that repeatedly do not provide, or provide incompletely, the required information about the originator or the beneficiary, the beneficiary VASPs adopt appropriate measures for the deficiencies detected.

The following are examples of measures to be adopted by beneficiary VASPs:

a) In an initial phase, setting an additional deadline for providing the required information on the originator or beneficiary or issuing a notice indicating the measures that will be adopted if the originating VASP or a equivalent nature continues to not provide the requested information;

b) Rejection of any future transfers of virtual assets from or to the originating VASP or entity of an equivalent nature;

c) Restriction or termination of the business relationship with the originating VASP or entity of an equivalent nature, in cases where the risk associated with it cannot be managed through other means or procedures, including through the application of measures due diligence identification measures provided for in article 42 of the Notice.

Beneficiary VASPs communicate to Banco de Portugal, through the channels referred to in article 51 of the Notice and within a maximum period of three months:

a) Identification of the entity carrying out activities with virtual assets or an entity of an equivalent nature that repeatedly fails to provide, or provides incompletely, the required information on the payer or beneficiary, indicating, among other elements, the country where is authorized or registered;

b) The nature of the omission or incompleteness, including:

i) The frequency of transfers of virtual assets with missing or incomplete information;

ii) The period of time in which the omissions or incompleteness occurred;

iii) Any reasons invoked by the entity carrying out activities with virtual assets or entity of an equivalent nature to justify the repeated omission or incompleteness of the required information.

c) A description of the measures adopted under the previous number.

Record retention

Retention period is 7 years after the moment in which the identification of the customer was processed or, in the case of business relationships, after their end.

Notes

Transfer of assets by intermediaries

Intermediary VASPs shall ensure that all information received on the payer and payee referred to in subparagraphs a) and b) of the section "Scope of the PII" which are included in, or accompanying, a transfer of virtual assets are:

a) Transmitted with the transfer, the provisions of article 37(3) of the Notice being applicable;

b) Kept under the terms of article 51 of the Law and article 45 of the Notice; It is

c) Made available at the request of Banco de Portugal.

Entities carrying out activities with virtual assets also observe the provisions of paragraphs 5 to 12 of article 39 of the Notice, with the necessary adaptations, in relation to the transfers of virtual assets.

Application of requirements

The requirement applies for material crypto-asset transfers between CASPs.

De minimis threshold* (the amount 1) only above which the transfer of data is required; or 2) below which the transfer of a smaller set of data is required than above it)

Any transaction with a value equal to or in excess of EUR 1,000.

Time and way to share the Information

The obliged entity (CASP) must immediately and by secure means obtain the information and submit it to the relevant counterparty CASP.

Counterparty Due Diligence

No information.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

Originator Obligations:

1) Where an obliged entity (including CASP) sends a material crypto-asset transfer to a CASP, the relevant obliged entity must immediately and by secure means obtain the information specified in section "Scope of the PII" and submit it to the counterparty CASP.

2) An obliged entity must follow the above irrespective of whether the obliged entity in question and the payer are the same person.

Beneficiary Obligations:

1) Where an obliged entity receives a crypto-asset transfer from a CASP, the obliged entity must ensure that:

(i) it has received the information specified in Section "Scope of the PII", and

(ii) the information is consistent with its own records in respect of the payee’s name and, where applicable, the payee’s account number

2) Obliged entity must perform actions specified in sections "VA transfer in case unhosted wallets or person other than a VASP" and "Procedure for inaccurate, incomplete information".

The actions specified above shall apply to an obliged entity irrespective of whether the said obliged entity and the payee are the same person.

Scope of the PII

(i) The payee’s name and surname

(ii) The payee’s crypto-asset account number

(iii) Thepayer’snameandsurname

(iv) The payer’s crypto-asset account number

(v) Where the payee or the payer does not have a crypto-asset account number, a unique transaction identifier, and

(vi) One of the following:

a) the payer’s physical address

b) the payer’s national identity number

c) the payer’s customer identification number, or

d) the payer’s date and place of birth

Batch file transfer

No information.

The presence of differences in domestic and cross-border transfers

No information.

VA transfer in case unhosted wallets or person other than a VASP

Where an obliged entity receives a crypto-asset transfer from a person other than a CASP, the obliged entity must ensure that it obtains, from the payee:

(i) the information specified in point (iii) of the Section "Scope of the PII", and

(ii) the information specified in point (vi) of the Section "Scope of the PII"

Procedure for inaccurate, incomplete information

Before an obliged entity executes a material crypto-asset transfer received from any person, it must ensure that it has effective risk-based policies and procedures in place for the purposes of:

(i) determining whether any of the information as the case may be, is missing, is incomplete or, where applicable, is inconsistent with the obliged entity’s own records, and

(ii) where a default is identified pursuant to point (i) directly above:

a) determining whether to execute, reject or suspend the material crypto-asset transfer, and

b) determining the appropriate follow-up action.

Record retention

The information obtained by obliged entities as per this section shall be deemed as part of their customer due diligence process and relevant records must be kept in accordance with the AML/CFT Law and the AML/CFT Directive.

An obliged entity maintains the documents and information, for a period of five (5) years after the end of the business relationship with the customer or after the date of an occasional transaction.

Notes

No additional information.

Application of requirements

VASPs have to comply with the professional obligations as provided for in Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015 on information accompanying transfer of funds and repealing Regulation (EC) No 1781/2006.

De minimis threshold* (the amount 1) only above which the transfer of data is required; or 2) below which the transfer of a smaller set of data is required than above it)

EUR 1,000

When a transaction is below the threshold, a smaller set of data is required.

Time and way to share the Information

The regulation does not express the time to share explicitly.

Counterparty Due Diligence

No information.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) The crypto-asset service provider of the originator shall ensure that transfers of crypto-assets are accompanied by the information on the originator and beneficiary specified in Section "Scope of the PII", taking into account rules for cross-border transfers and transfers within the Union.

2) Before transferring funds, the VASP of the payer (originator) shall verify the accuracy of the information about the originator on the basis of documents, data or information obtained from a reliable and independent source. Verification shall be deemed to have taken place where:

(a) a payer's identity has been verified in accordance with Article 13 of Directive (EU) 2015/849 and the information obtained pursuant to that verification has been stored in accordance with Article 40 of that Directive; or

(b) Article 14(5) of Directive (EU) 2015/849 applies to the payer. The VASP of the originator shall not execute any transfer of funds before ensuring full compliance with the Article 4 of the EU Regulation 2015/847.

3) The beneficiary’s crypto asset service provider must:

• Implement effective procedures, including, where appropriate, ex-post monitoring or real-time monitoring, in order to detect whether the information on the originator or the beneficiary is missing; (For more details please see Article 7 of the Regulation and the section Procedure for inaccurate, incomplete information)
• establish and implement effective risk-based procedures to assess whether to carry out, reject or suspend a transaction and what follow-up action to take; and
• report suspicious transactions to the competent supervisory authority on certain conditions.

4) In the case of transfers of crypto-assets exceeding EUR 1 000, whether those transfers are carried out in a single transaction or in several transactions which appear to be linked, before making the crypto-assets available to the beneficiary, the crypto-asset service provider of the beneficiary shall verify the accuracy of the information on the beneficiary on the basis of documents, data or information obtained from a reliable and independent source.

In the case of transfers of crypto-assets not exceeding EUR 1 000 that do not appear to be linked to other transfers of crypto-asset which, together with the transfer in question, exceed EUR 1 000, the crypto-asset service provider of the beneficiary shall only verify the accuracy of the information on the beneficiary in the following cases:

(a) where the crypto-asset service provider of the beneficiary effects the pay-out of the crypto-assets in cash or anonymous electronic money;

(b) where the crypto-asset service provider of the beneficiary has reasonable grounds for suspecting money laundering or terrorist financing.

Verification shall also be deemed to have taken place in cases specified in paragraph 2 of this Section.

Scope of the PII

According to EU Regulation:

1) Information on the payer (originator):

(a) the name;

(b) the account number; and

(c) address, official personal document number, customer identification number or date and place of birth.

2) Information on the payee (beneficiary):

(a) the name; and

(b) payment account number.

3) By way of derogation from point (b) of paragraph 1 and point (b) of paragraph 2, in the case of a transfer not made from or to a payment account, the payment service provider of the payer shall ensure that the transfer of funds is accompanied by a unique transaction identifier rather than the payment account number(s).

Batch file transfer

In the case of a batch file transfer from a single originator where the VASPs of the beneficiary are established outside the Union, the requirement of the paragraph 1 from the Section "Scope of the PII" (Article 4(1)) shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information referred to in paragraphs (1), (2) and (3) of the Section "Scope of the PII" (Article 4), that that information has been verified in accordance with paragraph 2 of the Section "Actions required" (Article 4(4) and (5)), and that the individual transfers carry the payment account number of the payer (originator) or, where paragraph (3) of the Section "Scope of the PII" applies, the unique transaction identifier.

The presence of differences in domestic and cross-border transfers

Transfer within the Union:

1) By way of derogation from paragraphs (1) and (2) of the Section "Scope of the PII", where all VASPs involved in the payment chain are established in the Union, transfers of VA shall be accompanied by at least the payment account number of both the payer (originator) and the payee (beneficiary) or, where parahraph (3) of the Section "Scope of the PII" applies, the unique transaction identifier, without prejudice to the information requirements laid down in Regulation (EU) No 260/2012, where applicable.

2) Notwithstanding paragraph 1, the VASP of the payer (originator) shall, within three working days of receiving a request for information from the VASP of the payee (beneficiary) or from the intermediary crypto asset service provider, make available the following:

(a) for transfers of VA exceeding EUR 1 000 , whether those transfers are carried out in a single transaction or in several transactions which appear to be linked, the information on the payer (originator) or the payee (beneficiary) in accordance with the Section "Scope of the PII";

(b) for transfers of VA not exceeding EUR 1 000 that do not appear to be linked to other transfers of funds which, together with the transfer in question, exceed EUR 1 000 , at least:

(i) the names of the payer (originator) and of the payee (beneficiary); and

(ii) the payment account numbers of the payer (originator) and of the payee (beneficiary) or, where paragraph (3) of the Section "Scope of the PII" applies applies, the unique transaction identifier.

3) In the case of transfers of VA referred to in paragraph 2(b) above, the VASP of the payer (originator) need not verify the information on the payer unless the payment service provider of the payer:

(a) has received the funds to be transferred in cash or in anonymous electronic money; or

(b) has reasonable grounds for suspecting money laundering or terrorist financing.

Transfers to outside the Union

By way of derogation from paragraph 1 from the Section "scope of the PII" (Article 4(1)), and, where applicable, without prejudice to the information required in accordance with Regulation (EU) No 260/2012, where the VASP of the originator is established outside the Union, transfers of funds not exceeding EUR 1 000 that do not appear to be linked to other transfers of funds which, together with the transfer in question, exceed EUR 1 000 , shall be accompanied by at least:

(a) the names of the originator and of the beneficiary; and

(b) the payment account numbers of the originator and of the beneficiary or, where paragraph (3) of the Section "Scope of the PII" applies, the unique transaction identifier.

By way of derogation from paragraph 2 from the Section "Actions required" (Article 4(4)), the VASP of the originator need not verify the information on the beneficiary unless the VASP of the originator:

(a) has received the funds to be transferred in cash or in anonymous electronic money; or

(b) has reasonable grounds for suspecting money laundering or terrorist financing.

VA transfer in case unhosted wallets or person other than a VASP

No information.

Procedure for inaccurate, incomplete information

The VASP of the beneficiary shall implement effective risk-based procedures, including procedures based on the risk-sensitive basis, for determining whether to execute or reject a transfer of crypto-assets lacking the required complete originator and beneficiary information and for taking the appropriate follow-up action.

Where the VASP of the beneficiary becomes aware, when receiving transfers of crypto-assets, that the information is missing or incomplete, the crypto-asset service provider shall reject the transfer or ask for the required information on the originator and the beneficiary before or after making the crypto-assets available to the beneficiary, on a risk-sensitive basis.

Where the VASP repeatedly fails to provide the required information on the payer or the payee, the payment service provider of the payee shall take steps, which may initially include the issuing of warnings and setting of deadlines, before either rejecting any future transfers of funds from that payment service provider, or restricting or terminating its business relationship with that payment service provider.

The VASP of the beneficiary shall report that failure, and the steps taken, to the competent authority responsible for monitoring compliance with anti-money laundering and counter terrorist financing provisions.

Record retention

Retention period — 5 years (according to AML Act).

Notes

Rules for intermediaries:

Intermediary VASPs shall ensure that all the information received on the payer (originator) and the payee (beneficiary) that accompanies a transfer of funds is retained with the transfer.

Detection of missing information on the payer (originator) or the payee (beneficiary)

1) The intermediary VASP shall implement effective procedures to detect whether the fields relating to the information on the payer (originator) and the payee (beneficiary) in the messaging or payment and settlement system used to effect the transfer of funds have been filled in using characters or inputs admissible in accordance with the conventions of that system.

2) The intermediary VASP shall implement effective procedures, including, where appropriate, ex-post monitoring or real-time monitoring, in order to detect whether the following information on the payer (originator) or the payee (beneficiary) is missing:

(a) for transfers of VA where the VASP of the payer (originator) and the payee (beneficiary) are established in the Union;

(b) for transfers of VA where the VASP of the payer (originator) and the payee (beneficiary) is established outside the Union;

(c) for batch file transfers where the VASP of the payer (originator) and the payee (beneficiary) is established outside the Union.

Transfers of VA with missing information on the payer(originator) and the payee (beneficiary)

1) The intermediary VASP shall establish effective risk-based procedures for determining whether to execute, reject or suspend a transfer of funds lacking the required payer (originator) and the payee (beneficiary) information and for taking the appropriate follow up action.

Where the intermediary VASP becomes aware, when receiving transfers of VA, that the information required is missing or has not been filled in using characters or inputs admissible in accordance with the conventions of the messaging or payment and settlement system it shall reject the transfer or ask for the required information on the payer (originator) and the payee (beneficiary) before or after the transmission of the transfer of VA, on a risk-sensitive basis.

2) Where a VASP repeatedly fails to provide the required information on the payer (originator) and the payee (beneficiary), the intermediary VASP shall take steps, which may initially include the issuing of warnings and setting of deadlines, before either rejecting any future transfers of funds from that payment service provider, or restricting or terminating its business relationship with that VASP. The intermediary VASP shall report that failure, and the steps taken, to the competent authority responsible for monitoring compliance with anti-money laundering and counter terrorist financing provisions.

The intermediary VASP shall take into account missing information on the payer (originator) and the payee (beneficiary) as a factor when assessing whether a transfer of funds, or any related transaction, is suspicious, and whether it is to be reported to the FIU in accordance with Directive (EU) 2015/849.

Application of requirements

To the extent that any of the money transmitter’s transactions constitute a “transmittal of funds” under FinCEN’s regulations, then the money transmitter must also comply with the “Funds Transfer Rule” and the “Funds Travel Rule.”

Because a transmittal order involving CVC is an instruction to pay “a determinable amount of money,” transactions involving CVC qualify as transmittals of funds, and thus may fall within the Funds Travel Rule.

De minimis threshold* (the amount 1) only above which the transfer of data is required; or 2) below which the transfer of a smaller set of data is required than above it)

USD 3,000 or its equivalent in CVC (there was proposal to lower the threshold to $250 for funds entering or leaving the USA).

Time and way to share the Information

The money transmitter must obtain or provide the required regulatory information either before or at the time of the transmittal of value, regardless of how a money transmitter sets up their system for clearing and settling transactions, including those involving CVC.

Counterparty Due Diligence

No information.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) A transmittor's financial institution shall include in a transmittal order, at the time it is sent to a receiving financial institution, the information from the Section "Scope of the PII".

2) Each financial institution filters the watch list in sanction and reports suspicious transactions immediately if necessary, according to BSA.

Scope of the PII

1) The name and, if the payment is ordered from an account, the account number of the transmittor.

2) The address of the transmittor.

3) The amount of the transmittal order.

4) The execution date of the transmittal order.

5) The identity of the recipient's financial institution.

6) As many of the following items as are received with the transmittal order:

• The name and address of the recipient.
• The account number of the recipient.
• Any other specific identifier of the recipient.

7) Either the name and address or numerical identifier of the transmittor's financial institution.

The same rules applies for the intermediary financial institution.

Batch file transfer

No information.

The presence of differences in domestic and cross-border transfers

There is a project in relation to threshold, but it still doesn't come into force.

VA transfer in case unhosted wallets or person other than a VASP

No information.

Procedure for inaccurate, incomplete information

No information.

Record retention

Financial institution have to keep records — at least 5 years.

Notes

A receiving financial institution that acts as an intermediary financial institution, if it accepts a transmittal order, shall include in a corresponding transmittal order at the time it is sent to the next receiving financial institution, the information specified in Section "Scope of the PII" , if received from the sender.

Application of requirements

Transfer to domestic VASP/Transfer to foreign VASP Eligible (individuals and unregistered businesses are excluded).

Travel Rule apply only to countries and regions specified by the Financial Services Agency. (United States of America, Albania, Israel, Canada, Cayman Islands, Gibraltar, Singapore, Switzerland, Serbia, The Republic of Korea, Germany, Bahamas, Bermuda, The Philippines, Venezuela, Hong Kong, Malaysia, Mauritius, Liechtenstein, Luxembourg).

De minimis threshold* (the amount 1) only above which the transfer of data is required; or 2) below which the transfer of a smaller set of data is required than above it)

No threshold.

Time and way to share the Information

The information should be sent at the time of VA transfer.

Counterparty Due Diligence

No information.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) Sender's VASP should transfer the information about the sender and recepient at the time of VA transfer to another VASP.

2) VASPs are obliged to record and preserve matters notified or received.

Scope of the PII

Sender information

- natural person

1) Full name

2) Residence or customer identification number, etc.

3) Blockchain address or number that can identify the address

- legal person

1) Name

2) Location of head office or principal office or customer identification number, etc.

3) Blockchain address or number that can identify the address

Recipient information

- natural person

1) Name

2) Blockchain address or number that can identify the address

- legal person

1) Name

2) Blockchain address or number that can identify the address

Batch file transfer

No information.

The presence of differences in domestic and cross-border transfers

If the transaction is carried out with foreign VASP, travel Rule apply only to countries and regions specified by the Financial Services Agency. (United States of America, Albania, Israel, Canada, Cayman Islands, Gibraltar, Singapore, Switzerland, Serbia, The Republic of Korea, Germany, Bahamas, Bermuda, The Philippines, Venezuela, Hong Kong, Malaysia, Mauritius, Liechtenstein, Luxembourg).

VA transfer in case unhosted wallets or person other than a VASP

Crypto assets can be transferred to an “unhosted wallet,” which is a wallet that users manage themselves; P2P transactions can be performed using this unhosted wallet. Transactions with unhosted wallets have risks due to their anonymity and lack of transfer restrictions by the administrator.

FSA will require VASPs to collect and store owner information regarding transactions with unhosted wallets, etc.* and will promote visualization of transaction routes in conjunction with travel rules. *Refers to not only wallets managed by individuals but also wallets that are not subject to notification obligations, such as wallets managed by unregistered businesses or businesses located in countries where notification obligations are not imposed.

1) Request that the owner information (name, address, etc.) of the transaction partner's unhosted wallet, etc. be obtained and recorded*.

*When receiving a transfer, it is important to note that the customer does not necessarily know all of the information about the sender's owner, so the information should be limited to what is known.

2) FSA will request that the following measures be taken to improve the system.

• Investigate and analyze the attributes of the transaction partner's unhosted wallet, etc., and evaluate the money laundering risk.
• Collecting the owner information (name, address, etc.) of the transaction partner

Procedure for inaccurate, incomplete information

No information.

Record retention

According to the AML Act, retention period is at least seven years.

Notes

No additional information.

Application of requirements

The obligation applies when VC transferring.

De minimis threshold

CAD 1,000 or more.

Time and way to share the Information

No explicit information.

Counterparty Due Diligence

No information.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) FEs, MSBs and FMSBs must include the travel rule information when they send VC transfers, and must take reasonable measures to ensure that this information is included when they receive VC transfers which require a VC record to be kept.

2) Develop and apply written risk-based policies and procedures as prescribed in the Section "Procedure for inaccurate, incomplete information".

Scope of the PII

The required travel rule information for VC transfers is the following:

• the name, address and the account number or other reference number (if any) of the person or entity who requested the transfer (originator information).
• the name, address and the account number or other reference number (if any) of the beneficiary.

Batch file transfer

No information.

The presence of differences in domestic and cross-border transfers

No information.

VA transfer in case unhosted wallets or person other than a VASP

No information.

Procedure for inaccurate, incomplete information

If the entity receives a VC transfer that should include the travel rule information but does not, it must take reasonable measures to obtain that information. These reasonable measures should be outlined in policies and procedures.

Each entity must also develop in writing and apply risk-based policies and procedures for determining what to do when, after taking reasonable measures, it was unable to obtain the travel rule information. Its policies and procedures must address under which circumstances it allow, suspend or reject the transaction, and outline any follow-up measures it will take.

Record retention

Retention period is at least 5 years.

Scope of the data should be retained is specified in Section 12 (r)(s) of the PCMLTFR.

Notes

No additional information.

Application of requirements

This rule shall apply to a payment service provider when:

(a) it effects the sending of one or more digital payment tokens by value transfer; or

(b) it receives one or more digital payment tokens by value transfer on the account of the value transfer originator or the value transfer beneficiary, but shall not apply to a transfer and settlement between the payment service provider and another financial institution where the payment service provider and the other financial institution are acting on their own behalf as the value transfer originator and the value transfer beneficiary.

De minimis threshold

S$ 1,500

When a transaction is below the threshold, a smaller set of data is required.

Time and way to share the Information

All value transfer originator and value transfer beneficiary information collected by the ordering institution shall be immediately and securely submitted to the beneficiary institution.

"Immediately" means that the information collected by the ordering institution should be submitted to the beneficiary institution simultaneously or concurrent with the value transfer.

Counterparty Due Diligence

No information.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) Before effecting a value transfer, every payment service provider that is an ordering institution shall ⎯

(a) identify the value transfer originator and take reasonable measures to verify the value transfer originator’s identity, as the case may be (if the payment service provider has not already done so); and

(b) record adequate details of the value transfer so as to permit its reconstruction, including but not limited to, the date of the value transfer, the type and value of digital payment token(s) transferred and the value date.

2) Ordering institution shall transfer the required information (Section Scope of the PII).

3) A payment service provider should monitor payment messages to and from higher risk countries or jurisdictions, as well as transactions with higher risk countries or jurisdictions and suspend or reject payment messages or transactions with sanctioned parties or countries or jurisdictions. Where name screening checks confirm that the value transfer originator or value transfer beneficiary is a terrorist or terrorist entity, the requirement for the payment service provider to block, reject or freeze assets of these terrorists or terrorist entities cannot be risk-based. Where there are positive hits arising from name screening checks, they should be escalated to the AML/CFT compliance function. The decision to approve or reject the receipt or release of the value transfer should be made at an appropriate level and documented.

4) A payment service provider that is a beneficiary institution shall take reasonable measures, including post-event monitoring or real-time monitoring where feasible, to identify value transfers that lack the required value transfer originator or required value transfer beneficiary information.

5) A payment service provider that is a beneficiary institution shall implement appropriate internal risk-based policies, procedures and controls for determining ⎯

(a) when to execute, reject, or suspend a value transfer lacking required value transfer originator or value transfer beneficiary information; and

(b) the appropriate follow-up action.

6) For a payment service provider that controls both the ordering institution and the beneficiary institution, it shall ⎯

(a) take into account all the information from both the ordering institution and the beneficiary institution in order to determine whether an STR has to be filed; and

(b) where applicable, file an STR in any country or jurisdiction affected by the value transfer, and make transaction information available to the relevant authorities.

7) The procedures in relation to unhosted wallets are specified in section "VA transfer in case unhosted wallets or person other than a VASP"

Scope of the PII

PII that ordering VASPs are required to share with the beneficiary VASPs varies depending on the transaction amount.

1. Value Transfers Below or Equal To S$1,500

(a) the name of the value transfer originator;

(b) the value transfer originator’s account number (or unique transaction reference number where no account number exists);

(c) the name of the value transfer beneficiary; and

(d) the value transfer beneficiary’s account number (or unique transaction reference number where no account number exists).

The list of data and conditions for transferring to an intermediary institution in Singapore is specified in Section 13.5. of the Notice.

2. Value Transfers Exceeding S$1,500

(a) the name of the value transfer originator;

(b) the value transfer originator’s account number (or unique transaction reference number where no account number exists);

(c) the name of the value transfer beneficiary; and

(d) the value transfer beneficiary’s account number (or unique transaction reference number where no account number exists).

and any of the following:

(a) the value transfer originator’s ⎯

• residential address, or
• registered or business address, and if different, principal place of business, as may be appropriate;

(b) the value transfer originator’s unique identification number (such as an identity card number, birth certificate number or passport number, or where the value transfer originator is not a natural person, the incorporation number or business registration number); or

(c) the date and place of birth, incorporation or registration of the value transfer originator (as may be appropriate).

The list of data and conditions for transferring to an intermediary institution in Singapore is specified in Section 13.8. of the Notice.

Batch file transfer

“Batch transfer” means a transfer comprising a number of individual value transfers that are sent by a value transfer originator to the same financial institutions, irrespective of whether the individual value transfers are intended ultimately for one or more value transfer beneficiaries.

Where several individual value transfers from a single value transfer originator are bundled in a batch file for transmission to value transfer beneficiaries, a payment service provider shall ensure that the batch transfer file contains:

(a) the value transfer originator information required by paragraph 2 from the Section "Scope of the PII" (13.6 from the Notice) and which has been verified; and

(b) the value transfer beneficiary information required by paragraph 2 from the Section "Scope of the PII" (13.6 from the Notice), which are fully traceable within the beneficiary country or jurisdiction.

The presence of differences in domestic and cross-border transfers

No information.

VA transfer in case unhosted wallets or person other than a VASP

Where the ordering institution is unable to comply with the requirements in paragraphs 13.3 to 13.10 of the Notice, it shall not execute the value transfer.

For the avoidance of doubt, paragraph 13 of the Notice does not apply to transfers of DPT received from or made to persons who do not fall within the definition of an “ordering institution” or a “beneficiary institution” respectively (See Article 2.1 of the Notice for definitions). A payment service provider may therefore choose to engage in such transactions without applying the requirements set out in paragraph 13. However, as required under paragraph 6.27 of the Notice, the payment service provider should recognize that such transactions may present higher ML/TF risks, and apply appropriate enhanced risk mitigation measures, which could include but are not limited to:

(a) identifying and verifying the identities of the originator and beneficiary of the transfers:

• where the transfer of DPT has been received from or sent to the payment service provider’s own customer’s personal wallet address, requiring the customer to demonstrate control over the said wallet address, by effecting a transfer of DPT of an amount specified by the payment service provider;
• where the originator or beneficiary is identified to be a third party, taking reasonable steps to verify the identity of the third party, which could include the additional checks listed under paragraph 6-12-3 above;

(b) establishing the identity of the beneficial owners of such beneficiaries; and

(c) performing screening and enhanced monitoring over such transactions.

Procedure for inaccurate, incomplete information

A payment service provider that is a beneficiary institution shall implement appropriate internal risk-based policies, procedures and controls for determining:

• when to execute, reject, or suspend a value transfer lacking required value transfer originator or value transfer beneficiary information; and
• the appropriate follow-up action.

Record retention

A payment service provider shall comply with the following record retention periods:

(a) for CDD information relating to the business relations, value transfers, transactions undertaken without an account being opened as well as account files, business correspondence and results of any analysis undertaken, a period of at least 5 years following the termination of such business relations or completion of such value transfers or transactions; and

(b) for data, documents and information relating to a transaction, including any information needed to explain and reconstruct the transaction, a period of at least 5 years following the completion of the transaction.

Notes

A payment service provider that is an intermediary institution shall retain all the information accompanying the value transfer.

Where a payment service provider that is an intermediary institution effects a value transfer to another intermediary institution or a beneficiary institution, the payment service provider shall immediately and securely provide the information accompanying the value transfer, to that other intermediary institution or beneficiary institution.

Where technical limitations prevent the required value transfer originator or value transfer beneficiary information accompanying a value transfer from remaining with a related value transfer, a record shall be kept, for at least five years, by the receiving intermediary institution of all the information received from the ordering institution or another intermediary institution.

An intermediary institution shall take reasonable measures, which are consistent with straight-through processing, to identify value transfers that lack the required value transfer originator or value transfer beneficiary information.

An intermediary institution shall implement appropriate internal risk-based policies, procedures and controls for determining:

(a) when to execute, reject, or suspend a value transfer lacking required value transfer originator or value transfer beneficiary information; and

(b) the appropriate follow-up action.

Application of requirements

The travel rule under the Act applies only when a transfer of virtual asset occurs between VASPs.

De minimis threshold* (the amount 1) only above which the transfer of data is required; or 2) below which the transfer of a smaller set of data is required than above it)

The travel rule applies when a VASP transfers virtual assets worth KRW 1 million or more to another VASP upon user’s request.

Time and way to share the Information

Information under subparagraph 1 from the Section "Scope of the PII" shall be provided together in the case of transfer of virtual assets, and information under subparagraph 2 shall be provided within three business days from the date of request for information provision.

Counterparty Due Diligence

No information.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

A virtual asset business entity that transfers virtual assets shall provide the information from the Section "Scope of the PII" to the virtual asset business entity to which the virtual asset is transferred.

Scope of the PII

1) A virtual asset business entity that transfers virtual assets shall provide the following information to the virtual asset business entity to which the virtual asset is transferred:

• The names of the customer sending the virtual asset and the customer receiving the virtual asset (in the case of a corporation or organization, it refers to the name of the corporation or organization and the name of the representative).
• Virtual asset addresses of customers who send virtual assets and customers who receive virtual assets.

2) In the case of a request by the commissioner of the Korea Financial Intelligence Unit (KoFIU) or a virtual asset business operator to whom virtual assets are transferred, the customer's resident registration number (referring to the corporate registration number in the case of a corporation) or passport number/foreigner registration number (applicable only to foreigners) should be provided.

Batch file transfer

No information.

The presence of differences in domestic and cross-border transfers

According to the FSC press release, unlike domestic VASPs, overseas VASPs are not bound by or prepared to implement the travel rule. Thus, after consulting with the virtual asset industry, transfers of virtual assets to overseas VASPs will take place only after confirming that the sender and receiver are the same person and when there exist low risks of money laundering via overseas VASPs.

VA transfer in case unhosted wallets or person other than a VASP

No information.

Procedure for inaccurate, incomplete information

No information.

Record retention

VASPs are obligated to keep relevant user information on senders and receivers for five years from the time of termination of transactions.

Notes

No additional information.

Application of requirements

According to Amendments of Cabinet Resolution No.(24), Virtual asset service providers must comply with the provisions of Articles (5-9), (1/15/12), and (16, 1/17, 1/18, 19–32), (35, 38, 39), and (60) of the decision.

Articles 27-30 of the Cabinet Decision No. 10 of 2019 are devoted to wire transfers.

VA Transfers.

De minimis threshold

AED 3,500

When a transaction is below the threshold, a smaller set of data is required.

AED 3,500

Time and way to share the Information

The information should be transferred immediately and securely.

Prior to initiating any transfer of Virtual Assets.

Counterparty Due Diligence

No information.

Prior to entering into any transaction with a counterparty VASP or virtual asset service provider in any other jurisdiction, VASPs must complete risk-based due diligence on such counterparty in order to mitigate AML/CFT risks. This due diligence does not need to be completed for every subsequent transaction with the counterparty unless a heightened counterparty risk is assessed or identified.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) Ordering institution must transfer information specified in Section "Scope of the PII" to the beneficiary institution.

2) For cross-border VA transfers of AED 3,500 or more, a Beneficiary VASP shall verify the identity of the beneficiary, if the identity has not been previously verified. VASPs shall ensure that all cross-border VA transfers less than AED 3,500 are always accompanied by the data specified in Section "Scope of the PII", without the need to verify the accuracy of the data referred to, unless there are suspicions about committing the Crime.

3) Beneficiary VASPs shall take reasonable measures, to identify cross-border VA transfers that lack required originator information or required beneficiary information, which may include real-time monitoring where feasible or post-event monitoring.

4) Beneficiary VASPs shall take reasonable measures, to identify cross-border VA transfers that lack required originator information or required beneficiary information, which may include real-time monitoring where feasible or post-event monitoring. Beneficiary VASPs shall have risk-based policies and procedures determining when to execute, reject, or suspend a wire transfer lacking required originator or required beneficiary information; and for determining the appropriate follow-up action.

5) In the case of a provider of money or value transfer services that controls both the ordering and the beneficiary side of a cross-border VA transfer, the provider of money or value transfer services shall:

(a) Take into account all information from both the ordering and beneficiary sides in order to determine whether an STR is to be filed; and

(b) If it is decided to file STR regarding the Transaction, the STR shall be sent to the Financial Intelligence Unit in the relevant country, attaching all relevant transaction information.

6) Financial institutions shall not carry out wire transfers if they fail to comply with the conditions of set out in Article 27 of the Cabinet Decision.

1) Prior to initiating any transfer of Virtual Assets with an equivalent value exceeding AED 3,500, VASPs must obtain and hold required and accurate originator information and required beneficiary information and make it available on request to VARA and/or other appropriate authorities.

2) Prior to permitting any clients access to Virtual Assets received from a transfer with an equivalent value exceeding AED 3,500, a beneficiary VASP must obtain and hold required originator information and required and accurate beneficiary information and make it available on request to VARA and/or other appropriate authorities.

3) In complying with the Travel Rule, VASPs must consider how they will handle the risks associated with—

a) deposits or withdrawals [including those which are compliant with the Travel Rule and those which are not];

b) non-obliged entities [i.e. unhosted VA Wallets]; and

c) Anonymity-Enhanced Transactions.

4) VASPs shall be required to demonstrate to VARA how they comply with the Travel Rule during the licensing process and submit to VARA relevant policies and controls. VASPs should also include their plan to comply with the Travel Rule with virtual asset service providers in jurisdictions where the Travel Rule is not a legislative requirement [i.e. the “sunrise issue”].

5) In implementing policies and controls to comply with the Travel Rule and AML/CFT Rules, VASPs shall be guided by FATF Interpretive Note to Recommendation 15 and all applicable laws, regulatory requirements and guidelines as may be in force from time to time. VASPs must monitor for any transaction or series of transactions that seeks to circumvent any regulatory thresholds to bypass Travel Rule requirements.

6) VARA may require VASPs to report on their compliance with the Travel Rule and the effectiveness of their implementing policies and controls, at any time.

Scope of the PII

For international transfers equal or exceeding AED 3,500:

(a) The name of the originator, his or her identity number or travel document, date and place of birth, address and account number. In the absence of an account, the transfer must include a unique transaction reference number which allows the process to be tracked.

(b) The name of the beneficiary and his account number used to make the transfers. In the absence of the account, the transfer must include a unique transaction reference number which allows the process to be tracked.

For cross-border wire transfers less than AED 3,500:

The same information (a), (b), but without the need to verify the accuracy of the data referred to, unless there are suspicions about committing the Crime.

For domestic wire transfers:

The ordering financial institution shall ensure that the information accompanying the VA transfer includes originator information as indicated in (a), unless this information can be made available to the beneficiary financial institution and relevant authorities by other means.

Where the information accompanying the domestic VA transfer can be made available to the beneficiary financial institution and relevant authorities by other means, the ordering financial institution shall be only required to include the account number or a unique transaction reference number, provided that this number or identifier will permit the transaction to be traced back to the originator or the beneficiary. The ordering financial institution shall make the information available within three business days of receiving the request either from the beneficiary financial institution or from relevant authorities.

Required originator information shall include, but not be limited to, the originator’s —

a) name;

b) account number or VA Wallet address; and

c) residential or business address.

Required beneficiary information shall include, but not be limited to, the beneficiary’s —

a) name; and

b) account number or VA Wallet address.

Batch file transfer

In the event that several individual cross-border VA transfers from a single originator are bundled in a batch file for transmission to beneficiaries, the batch file shall contain required and accurate originator information, and full beneficiary information, that is fully traceable within the beneficiary country; and the financial institution shall be required to include the originator’s account number or unique transaction reference number.

No information.

In implementing policies and controls to comply with the Travel Rule and AML/CFT Rules, VASPs shall be guided by FATF Interpretive Note to Recommendation 15 and all applicable laws, regulatory requirements and guidelines as may be in force from time to time.

The presence of differences in domestic and cross-border transfers

Different set of information (see Scope of the PII)

No information.

In implementing policies and controls to comply with the Travel Rule and AML/CFT Rules, VASPs shall be guided by FATF Interpretive Note to Recommendation 15 and all applicable laws, regulatory requirements and guidelines as may be in force from time to time.

VA transfer in case unhosted wallets or person other than a VASP

No information.

In complying with the Travel Rule, VASPs must consider how they will handle the risks associated with non-obliged entities [i.e. unhosted VA Wallets]

<...>

In implementing policies and controls to comply with the Travel Rule and AML/CFT Rules, VASPs shall be guided by FATF Interpretive Note to Recommendation 15 and all applicable laws, regulatory requirements and guidelines as may be in force from time to time.

Procedure for inaccurate, incomplete information

Beneficiary VASPs shall take reasonable measures, to identify cross-border wire transfers that lack required originator information or required beneficiary information, which may include real-time monitoring where feasible or post-event monitoring.

Beneficiary VASPs shall have risk-based policies and procedures determining when to execute, reject, or suspend a wire transfer lacking required originator or required beneficiary information; and for determining the appropriate follow-up action.

No information.

In implementing policies and controls to comply with the Travel Rule and AML/CFT Rules, VASPs shall be guided by FATF Interpretive Note to Recommendation 15 and all applicable laws, regulatory requirements and guidelines as may be in force from time to time.

Record retention

VASPs shall maintain all records, documents, data and statistics for all financial transactions and local or international commercial and cash transactions for a period of no less than five years from the date of completion of the transaction or termination of the business relationship with the Customer.

No information.

In implementing policies and controls to comply with the Travel Rule and AML/CFT Rules, VASPs shall be guided by FATF Interpretive Note to Recommendation 15 and all applicable laws, regulatory requirements and guidelines as may be in force from time to time.

Notes

An intermediary VAPs shall ensure that all originator and beneficiary information that accompanies a VA transfer is retained with it for cross-border VA transfers.

Where technical limitations prevent the required originator or beneficiary information accompanying a cross-border VA transfer from remaining with a related domestic VA transfer, the Intermediary VASP shall keep a record of all the information received from the ordering financial institution or another cross-border Intermediary VASP, in accordance with the provisions of Article (24) of the Decision.

Intermediary VASPs shall take reasonable measures, which are consistent with straight- through processing, to identify cross-border VA transfers that lack required originator information or required beneficiary information and shall have risk-based policies and procedures for determining when to execute, reject, or suspend a wire transfer; and the appropriate follow-up action.

No additional information.

Application of requirements

The rule applies to transfers of virtual assets. Transfer of virtual asset means any transaction carried out on behalf of an originator with a view to making the virtual asset available to a beneficiary.

De minimis threshold* (the amount 1) only above which the transfer of data is required; or 2) below which the transfer of a smaller set of data is required than above it)

No threshold.

Time and way to share the Information

An originating virtual asset service provider shall provide the information to the beneficiary virtual asset service provider or obliged entity simultaneously or concurrently with the transfer of virtual assets.

An originating virtual asset service provider may provide the information to the beneficiary virtual asset service provider or obliged entity directly by attaching the information to the transfer of virtual assets or providing the information indirectly.

Counterparty Due Diligence

No information.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) An originating virtual asset service provider shall, when conducting a transfer of virtual assets to a beneficiary, collect and record the information specified in Section "Scope of the PII".

2) An originating virtual asset service provider shall, before conducting the transfer of virtual assets, verify the information on the originator on the basis of documents, data or information that meet the requirements of regulation 20(1)

3) A beneficiary virtual asset service provider shall, on receipt of a transfer of virtual assets, collect and record the information specified in Section "Scope of the PII".

4) A beneficiary virtual asset service provider shall verify the accuracy of information on the beneficiary on the basis of documents, data or information that meets the requirements of regulation 20(1).

5) An originating virtual asset service provider shall not execute transfers of virtual assets where the originating virtual asset service provider is unable to collect and maintain information on the originator and beneficiary.

6) A beneficiary virtual asset service provider shall have effective systems in place to detect missing required information on both the originator and beneficiary.

7) A beneficiary virtual asset service provider shall adopt risk-based policies and procedures for determining —

(a) whether to execute, reject or suspend a transfer of virtual assets; and

(b) the resulting procedures to be applied, where the required originator or beneficiary information is incomplete.

8) The procedures in relation to unhosted wallets are specified in section "VA transfer in case unhosted wallets or person other than a VASP"

9) A competent authority may, by notice in writing, require an originating virtual asset service provider or a beneficiary virtual asset service provider to provide information in respect of a transfer of virtual assets. An originating virtual asset service provider or a beneficiary virtual asset service provider which receives a notice shall comply with that notice within the period and in the manner specified in the notice.

10) A virtual asset service provider shall comply with all of the relevant requirements under the Regulation in the countries in which they operate, either directly or through the agents of the virtual asset service provider.

11) A virtual asset service provider, that controls both the originating virtual asset service provider and the beneficiary virtual asset service provider, shall —

(a) consider the information from both the originating virtual asset service provider and the beneficiary virtual asset service provider to determine whether a suspicious activity report should be filed; and further to paragraph (a), file the suspicious activity report in the country from which the transfer of virtual assets originated or to which the transfer of virtual assets was destined and make relevant transaction information available to the Financial Reporting Authority and the relevant authorities in the country from which the transfer originated or to which it was destined.

Scope of the PII

(a) The name of the originator and the beneficiary.

(b) Where an account is used to process the transfer of virtual assets by:

• the originator, the account number of the originator; or
• the beneficiary, the account number of the beneficiary.

(c) The address of the originator, the number of a Government- issued document evidencing the originator’s identity or the originator’s customer identification number or date and place of birth; and

(d) Where an account is not used to process the transfer of virtual assets, the unique transaction reference number that permits traceability of the transaction.

Batch file transfer

Batch file transfer of virtual assets means several individual transfers of virtual assets which are bundled together for transmission.

For batch file transfers of virtual assets from a single originator, regulation 49C(1) (Section Scope of the PII) shall not apply to the individual transfers of virtual assets bundled together if:

(a) the batch file contains:

• the name of the originator;
• where an account is used to process the transfer of virtual assets by the originator, the account number of the originator;
• the address of the originator, the number of a Government-issued document evidencing the originator’s identity or the originator’s customer identification number or date and place of birth; and

(b) the individual transfers of virtual assets carry the account number of the originator or a unique identifier.

A batch file shall contain the name, account number or unique identifier of the beneficiary that is traceable in the beneficiary country.

The presence of differences in domestic and cross-border transfers

No information.

VA transfer in case unhosted wallets or person other than a VASP

According to CIMA Guidance Notes, VASPs receiving a VA transfer from an entity that is not a VASP or other obliged entity (e.g., from an individual VA user using his/her own DLT software, such as an unhosted wallet) or sending to a non-obliged entity, should obtain the required originator/beneficiary information from their customer.

Procedure for inaccurate, incomplete information

An originating virtual asset service provider shall not execute transfers of virtual assets where the originating virtual asset service provider is unable to collect and maintain information on the originator and beneficiary.

A beneficiary virtual asset service provider shall have effective systems in place to detect missing required information on both the originator and beneficiary.

Where a beneficiary virtual asset service provider detects, when receiving transfers of virtual assets, that information on the originator is missing or incomplete, the beneficiary virtual asset service provider shall either reject the transfer of virtual assets or request complete information on the originator.

A beneficiary virtual asset service provider shall adopt risk-based policies and procedures for determining:

(a) whether to execute, reject or suspend a transfer of virtual assets; and

(b) the resulting procedures to be applied, where the required originator or beneficiary information is incomplete.

Where an originating virtual asset service provider regularly fails to supply the required information on the originator, the beneficiary virtual asset service provider shall adopt reasonable measures to rectify noncompliance with these Regulations before:

(a) rejecting any future transfers of virtual assets from that originating virtual asset service provider;

(b) restricting its business relationship with that originating virtual asset service provider; or

(c) terminating its business relationship with that originating virtual asset service provider, and the beneficiary virtual asset service provider shall report to the Financial Reporting Authority and to the relevant Supervisory Authority any such decision to restrict or terminate its business relationship with that originating virtual asset service provider.

A beneficiary virtual asset service provider shall consider incomplete information about the originator as a factor in assessing whether a transfer of virtual assets, or any related transaction, is suspicious and where it is determined that the transaction is suspicious, the suspicious transaction shall be reported to the Financial Reporting Authority in accordance with the Law.

Record retention

An originating virtual asset service provider shall, for at least five years, keep records of complete information on the originator and beneficiary which accompanies each transfer of virtual assets.

A beneficiary virtual asset service provider shall, for at least five years, keep records of complete information on the originator and beneficiary which accompanies each transfer of virtual assets.

Notes

An intermediary virtual asset service provider which participates in a transfer of virtual assets shall ensure that all information received on the originator and the beneficiary that accompanies a transfer of virtual assets is kept with the transfer of virtual assets.

An intermediary virtual asset service provider shall:

(a) take reasonable measures, which are consistent with straight- through processing, to identify transfers of virtual assets that lack required originator or beneficiary information; and

(b) adopt risk-based policies and procedures for determining:

• when to execute, reject or suspend a transfer of virtual assets; and
• the resulting procedures to be applied, where the required originator or beneficiary information is incomplete.

Where technical limitations prevent an intermediary virtual asset service provider from sending the required originator or beneficiary information with the transfer of virtual assets, the intermediary virtual asset service provider shall keep a record of all the information received from the originating virtual asset service provider, obliged entity or other intermediary, for at least five years.

An intermediary virtual asset service provider shall have risk-based policies and procedures for determining:

(a) when to execute, reject, or suspend a transfer of virtual assets lacking required originator or required beneficiary information; and

(b) the appropriate follow-up action.

Application of requirements

The rules apply to the transfer of virtual assets which is sent or received by a virtual asset service provider that is established in the Virgin Islands.

A virtual assets service provider shall comply with all the relevant requirements of the particular Part of law, in the countries in which it operates directly or through its agents.

De minimis threshold* (the amount 1) only above which the transfer of data is required; or 2) below which the transfer of a smaller set of data is required than above it)

No threshold.

Time and way to share the Information

Information accompanying a transfer of virtual assets shall be provided to the beneficiary virtual assets service provider or obliged entity:

(a) simultaneously with the transfer of virtual assets;

(b) either directly by attaching the information with the transfer, or providing the information indirectly; and

(c) in a secure manner that protects:

• the integrity and use of the information; and
• the information from unauthorized disclosure.

A beneficiary virtual assets service provider shall, upon request from the Agency or Commission, provide complete originating information and complete beneficiary information that accompanies a transfer of virtual assets, within 3 working days of receiving the request, excluding the date on which the request is made.

Counterparty Due Diligence

No information.

According to FSC Guide, VASPs are guided to note the risks that bad actors would seek to exploit VASPs and VAs to obscure the source of criminal proceeds towards furthering criminal activities. Therefore, VASPs are required to assess ML and TF risks posed by counterparty VASPs. This requires VASPs to conduct due diligence and risk assessments in relation to counterparty VASPs. Given the speed and scale of transactions involving virtual assets, it is vital that VASPs develop and implement robust systems that allow for compliance with the Travel Rule, as well as mitigate against the threat of ML, TF, and PF.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) An originating virtual asset service provider shall, in relation to every transfer

(a) obtain and maintain complete originator information and complete beneficiary information on each transfer of virtual assets; and

(b) submit complete originator information and complete beneficiary information to the beneficiary virtual assets service provider or obliged entity, with the transfer of virtual assets.

2) The originating virtual assets service provider shall, before transferring any virtual assets, verify the complete originator information on the basis of documents, data or information obtained from a reliable and independent source. In the case of a transfer from an account, the originating virtual assets service provider may deem verification of the complete originator information to have taken place if it has complied with the provisions of the Anti-money Laundering Regulations, Revised Edition 2020, and the Code relating to the verification of the identity of the originator in connection with the opening of that account.

3) A beneficiary virtual assets service provider shall

(a) on receipt of a transfer of virtual assets, obtain and maintain complete originating information and complete beneficiary information on each transfer of virtual assets received; and

(b) put effective procedures in place for the detection of incomplete or missing complete originator information or complete beneficiary information, including post-event monitoring or real-time monitoring, where feasible.

4) A beneficiary virtual assets service provider shall verify the accuracy of information on the beneficiary on the basis of documents, data or information obtained from a reliable and independent source.

5) Originating and beneficiary VASPs can deem verification of such information if:

• it is to or from an account maintained by the VASP and the VASP has verified the identity of the account holder; or
• it is not to or from an account maintained by the VASP, does not exceed US$ 1,000 in value, does not form part of several operations that appear to be linked and together exceed US $1,000, and the relevant VASP does not otherwise suspect money laundering, terrorist financing, proliferation financing, or other financial crime.

6) Where the same VASP holds or controls both the originator and beneficiary sides of a transfer of virtual assets, that VASP will need to consider the information from both sides of the transfer to determine if there are any AML concerns and a suspicious activity report should be filed in relation to the transfer in any country affected by a suspicious transfer of virtual assets.

7) Where a virtual assets service provider that holds or controls both the originator and the beneficiary side of a transfer of virtual assets, that virtual assets service provider shall

(a) consider the information from both the originator and beneficiary sides of the transfer of funds in order to determine whether a suspicious activity report should be filed; and

(b) file a suspicious activity report in any country affected by the suspicious transfer of virtual assets, and make relevant transaction information available to the Agency and the relevant competent authority of any country affected by the suspicious transfer.

Scope of the PII

Complete originator information, means the name and address of the originator, together with:

(a) the originator’s account number where the account is used to process a transaction, or a unique identifier in the absence of an account; and

(b) the originator’s date and place of birth; or

(c) the customer identification number or national identity number of the payer.

Complete beneficiary information, means

(a) the beneficiary’s name; and

(b) the beneficiary’s account number where such an account is used to process the transaction, or a unique identifier in the absence of an account number.

Batch file transfer

"Batch file transfer of virtual assets” means several individual transfers of virtual assets which are bundled together for transmission.

Paragraph (1) from the Section "Actions required" does not apply in the case of a batch file virtual asset transfer from a single payer, if:

(a) the batch file contains complete originator information and complete beneficiary information that is fully traceable within the beneficiary’s country; and

(b) the individual virtual assets transfers bundled together in the batch file carry the account number of the payer or a unique identifier.

In the case of batch file virtual assets transfers, complete originator information and complete beneficiary information are required only in the batch file, and not in the individual virtual assets transfers bundled together in it.

The presence of differences in domestic and cross-border transfers

No information.

VA transfer in case unhosted wallets or person other than a VASP

No information.

Procedure for inaccurate, incomplete information

Where a beneficiary virtual assets service provider becomes aware that the complete originator information or complete beneficiary information is missing or incomplete when receiving a transfer of virtual assets, the virtual assets service provider shall have risk- based policies and procedures to determine whether to

(a) execute, reject or suspend the transfer; and

(b) undertake an appropriate follow-up action, which may include

• requesting the missing information on the originator;
• rejecting future transfers of funds from the originating virtual assets service provider;
• restricting or terminating its relationship with the originating virtual assets service provider;
• determining whether the transfer of virtual assets or any related transaction should be reported to the Agency as a suspicious transaction or activity; and
• taking any other reasonable measures to mitigate risks of money laundering, terrorist financing or proliferation financing involved.

Record retention

The originating virtual assets service provider shall keep records of complete originator information and complete beneficiary information that accompany the transfer of virtual assets, for a period of at least 5 years

(a) from the date of the transfer, in the case of a transfer not made from an account; and

(b) from the date that the business relationship ended, in the case of a transfer made from an account.

A beneficiary virtual assets service provider shall keep records of complete originating information and complete beneficiary information which accompanies each transfer of virtual assets, for at least 5 years

(a) from the date the transfer was completed, in the case of a transfer to a beneficiary that does not hold an account; and

(b) from the date that the business relationship ended, in the case of a transfer to a beneficiary that holds an account.

Notes

Intermediary virtual assets service provider. The rules applies where the intermediary virtual assets service provider is situated within the Virgin Islands.

An intermediary virtual assets service provider shall

(a) ensure that any information it receives on the originator and the beneficiary that accompanies a transfer of virtual assets is kept with that transfer; and

(b) put effective procedures in place for the detection of virtual assets transfers that lack complete originator information and complete beneficiary information, consistent with straight-through processing.

Where the intermediary virtual assets service provider becomes aware that the complete originator information or complete beneficiary information is missing or incomplete when receiving transfers of funds, the intermediary virtual assets service provider shall, relying on its risk-based policies and procedures, determine whether to

(a) execute, reject or suspend the transfer; and

(b) undertake an appropriate follow-up action which may include:

• requesting the missing information from the originating virtual assets service provider;
• rejecting future transfers of funds from the originating virtual assets service provider;
• restrict or terminate its relationship with the originating virtual assets service provider; and
• determining whether the transfer of virtual assets or any related transaction should be reported to the Agency as a suspicious transaction or activity.

An intermediary virtual assets service provider shall, upon request from the Agency or Commission, provide complete originating information and complete beneficiary information that accompanies a transfer of virtual assets, within 3 days working days of receiving the request, excluding the date on which the request is made.

An intermediary virtual assets service provider shall, for at least 5 years from the date of the transfer, keep records of complete originating information and complete beneficiary information which accompanies each transfer of virtual assets.

Application of requirements

The requirements are applicable to a reporting institution providing wire transfer of digital assets.

De minimis threshold* (the amount 1) only above which the transfer of data is required; or 2) below which the transfer of a smaller set of data is required than above it)

No threshold.

Time and way to share the Information

No information.

The message or instruction for cross-border wire transfer should be accompanied by the information.

Counterparty Due Diligence

No information.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) A reporting institution must not execute wire transfer of digital assets if it does not comply with the requirements.

2) In providing wire transfer of a digital asset, the reporting institutions must comply with requirements on targeted financial sanctions.

3) A reporting institution which is an ordering institution must ensure that the message or instruction for cross-border wire transfer are accompanied by the information specified in Section "Scope of the PII".

4) A beneficiary institution is required to take reasonable measures, including post-event or real-time monitoring where feasible, to identify the transfers that lack the required originator information or required beneficiary information. A beneficiary institution is required to have effective risk-based policies and procedures for determining:

(a) when to execute, reject, or suspend a wire transfer lacking the required originator or required beneficiary information; and

(b) the appropriate follow-up action.

Scope of the PII

For cross-border wire transfer:

(a) Required and accurate originator information:

• name;
• national registration identity card number or passport number;
• account number or digital wallet address or a unique transaction reference number used to process the transaction which permits traceability of the transaction; and
• address or date and place of birth.

(b) Required beneficiary information:

• name; and
• account number or digital wallet address or a unique transaction reference number used to process the transaction which permits traceability of the transaction.

Batch file transfer

No information.

The presence of differences in domestic and cross-border transfers

No explicit information.

Due to the wording of the Guidelines, it seems that all transfers of crypto-assets should be treated as cross-border wire transfers.

VA transfer in case unhosted wallets or person other than a VASP

No information.

Procedure for inaccurate, incomplete information

A beneficiary institution is required to take reasonable measures, including post-event or real-time monitoring where feasible, to identify the transfers that lack the required originator information or required beneficiary information.

A beneficiary institution is required to have effective risk-based policies and procedures for determining:

(a) when to execute, reject, or suspend a wire transfer lacking the required originator or required beneficiary information; and

(b) the appropriate follow-up action.

Record retention

A reporting institution must keep records of all transactions and ensure they are up to date and relevant.

A reporting institution is required to maintain records for a period of at least seven years from:

(a) in the case of record obtained through the CDD and enhanced CDD process, the date the account is closed; or

(b) in the case of transaction records, the date the transaction is completed or terminated.

Notes

No additional information.

Application of requirements

The rule applies for VA transfer.

De minimis threshold* (the amount 1) only above which the transfer of data is required; or 2) below which the transfer of a smaller set of data is required than above it)

P 50,000.00 or more, or its equivalent in foreign currency.

Time and way to share the Information

The required information must be transmitted immediately and in a secure manner.

VASPs shall uphold the confidentiality, integrity and availability of the required information to facilitate recordkeeping and use of such information by receiving VASPs or other covered entities, as well as to prevent unauthorized disclosure. Entities should also submit the required information simultaneously or concurrently with the transfer itself.

Counterparty Due Diligence

No information.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) The originating institution in a VA transfer must obtain and hold the required and accurate originator information as well as the required beneficiary information, and transmit said information to the beneficiary institution.

2) Beneficiary institutions must obtain and hold required originator information as well as required and accurate beneficiary information. All the information gathered shall be made available on request to competent authorities.

3) For large value pay-outs of more than P500,000 or its equivalent in foreign currency, in any single transaction with customers or counterparties, enhanced due diligence shall be conducted and said pay-outs shalI only be made via check payment or direct credit to deposit accounts or account to account transfer using electronic fund transfer facilities.

Scope of the PII

(a) Originator's name (i.e., the sending customer).

(b) Originator's account number used to process the transaction (e.g., the VA wallet).

(c) Originator's physical (geographical) address, or national identity number, or customer identification number (i.e., not a transaction number) that uniquely identifies the originator to the ordering institution, or date and place of birth.

(d) Beneficiary's name.

(e) Beneficiary account number where such an account is used to process the transaction (e.g., the VA wallet).

Batch file transfer

No information.

The presence of differences in domestic and cross-border transfers

VASPs and other BSFIs that engage in or facilitate VA transfers shall consider all VA transfer transactions as cross-border wire transfers and shall comply with pertinent rules on wire transfers.

VA transfer in case unhosted wallets or person other than a VASP

No information.

Procedure for inaccurate, incomplete information

No information.

Record retention

A VASP shall ensure that transaction and due diligence records are maintained for a period of at least five (5) years and adhere to other guidelines issued by the Bangko Sentral on the maintenance of records.

Notes

No additional information.

Application of requirements

The rule applies for transfer of virtual currency

De minimis threshold* (the amount 1) only above which the transfer of data is required; or 2) below which the transfer of a smaller set of data is required than above it)

No threshold.

Time and way to share the Information

The Service Provider transferred the information details in an immediate and secure manner to the recipient of the transfer.

Counterparty Due Diligence

No information.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) A Service Provider will not conduct a transaction involving a virtual currency transfer without performing the following:

(1) The Service Provider registered the information details of the originator as stated in paragraphs (1) to (4) and (7) as provided in Section "Scope of the PII" and the information details of the beneficiary as stated in paragraphs (5) to (7) as provided in Section "Scope of the PII";

(2) The Service Provider transferred the information details in an immediate and secure manner to the recipient of the transfer.

2) A Service Provider will not receive a transfer of virtual currency without performing the following actions:

(1) It registered the information of the originator as stated in paragraphs (1) to (4) and (7), as provided in Section "Scope of the PII";

(2) It registered the information regarding the beneficiary as stated in paragraphs (5) to 7 as stated in Section "Scope of the PII".

3) The Service Provider will record the identification details after it verified the identification details according to the identification document; as regards the registration of the identification information of the account number in paragraphs (4) and (6) from the Section "Scope of the PII" – the Service Provider will record the account number based on a document containing the name and the account number of the Service Recipient.

Scope of the PII

(1) The originator's name.

(2) The originator's identity number; in the event the Service Provider does not have the identity number of the originator – a unique identity number in the Service Provider, or the date of birth or the date of incorporation, as the case may be, if it possesses such information.

(3) The originator's address.

(4) The originator's account number in the financial institution from which the transfer was performed; in the event the Service Provider does not have an account number — another unique identification number that will enable to track and identify the transfer.

(5) The beneficiary’s name.

(6) The beneficiary’s account number, in the financial institution to which the transfer was performed; in the event the Service Provider does not have an account number — another unique identification number that will enable tracking and identification of the transfer.

(7) With respect to transactions in a virtual currency, the transfer documents will also record the addresses of the virtual currency wallets involved in the transaction.

Batch file transfer

Batch file — a number of transfers performed for the same originator to different beneficiaries simultaneously.

In the event a Service Provider performed a number of cross border transfers of virtual currency, for the same originator in one batch file, the said batch file will include the information contained in the Section "Scope of the PII" with respect to each of the transfers in the batch file.

The presence of differences in domestic and cross-border transfers

No information.

VA transfer in case unhosted wallets or person other than a VASP

No information.

Procedure for inaccurate, incomplete information

No information.

Record retention

Retention period is at least 5 years.

Notes

No additional information.

Application of requirements

The rules apply when making transfers of virtual assets.

De minimis threshold* (the amount 1) only above which the transfer of data is required; or 2) below which the transfer of a smaller set of data is required than above it)

EUR 1,000 or its equivalent.

Time and way to share the Information

The Obliged Subjects must immediately and securely transmit the required information of the originator and the beneficiary.

This required information must be submitted simultaneously, or concurrently, with the actual transfer of the virtual asset.

Counterparty Due Diligence

No information.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) Both the Regulated Entity ordering the transfer, and the Regulated Entity beneficiary of the same, must keep this required information and both must take the measures to freeze without delay funds and virtual assets that are owned or controlled or that are available, directly or indirectly, or for the benefit of persons and entities designated by the United Nations Security Council Resolutions that urge member states to prevent and suppress the financing of terrorism and the financing of the proliferation of weapons of mass destruction. The UNIF must be informed about the frozen funds and virtual assets, as well as the actions carried out in compliance with said Resolutions.

2) If during the establishment or in the course of the business relationship or when transactions are carried out, the Reporting Entity suspects or has reasonable grounds to suspect that the transactions are related to ML/FT/FPWMD, or there are doubts about the veracity or adequacy of the customer identification data obtained, an attempt should be made to identify and verify the identity of the customer and the final beneficiary, regardless of the threshold designated, and make a Suspicious Activity Report to the UNIF.

Scope of the PII

(a) Name of the originator and the beneficiary.

(b) An account number or virtual wallet for each one, when said virtual accounts or wallets are used to process the transaction or in the absence of an account or wallet, a unique reference number of the transaction that allows it to be traced.

(c) The originator's address or his national identity number or the client's identification number or the date and place of his birth.

Batch file transfer

No information.

The presence of differences in domestic and cross-border transfers

No information.

VA transfer in case unhosted wallets or person other than a VASP

Since not all transfers of virtual assets involve two Reporting Entities, in those cases in which the transfer involves a single Reporting Entity at either end of the same, the latter must comply with the requirements related to the information required with respect to its customer (the originator or beneficiary, as the case may be).

Procedure for inaccurate, incomplete information

No information.

Record retention

Retention period is at least 5 years.

Notes

The intermediary Obligated Subjects that facilitate the transfers of virtual assets as an intermediate element of a chain of transfers, they must accompany the transfer with the information of the originator, the beneficiary and ensure that this required information is transmitted throughout the chain of transfers, and must maintain its record.

This required information from the originator and the beneficiary does not need to be communicated as part (as incorporated) of the transfer in the blockchain or other distributed registry platform, the sending of this required information, to the beneficiary Regulated Entity, can be by a process totally different from the of the chain of blocks and distributed ledger, being that any technology, software solution or tool is acceptable, as long as it allows compliance with this obligation in an effective, immediate and secure manner.

The intermediary Obligated Subjects must identify and report suspicious transactions, take freezing measures and avoid transactions or operations with persons and entities designated by the United Nations Security Council Resolutions that urge Member States to prevent the Financing of Terrorism and of the Proliferation of Weapons of Mass Destruction.

Application of requirements

The rule applies when transfer VAs.

A virtual asset transfer is a transaction carried out:

(a) by an institution (ordering institution) on behalf of an originator by transferring any virtual assets; and

(b) with a view to making the virtual assets available:

• to that person or another person (recipient); and
• at an institution (beneficiary institution), which may be the ordering institution or another institution, whether or not one or more other institutions (intermediary institutions) participate in completion of the transfer of the virtual assets.

De minimis threshold* (the amount 1) only above which the transfer of data is required; or 2) below which the transfer of a smaller set of data is required than above it)

HKD 8,000

When a transaction is below the threshold, a smaller set of data is required.

Time and way to share the Information

According to the Guideline, for the avoidance of doubt, the required information may be submitted either directly or indirectly to the beneficiary institution provided that it is submitted in accordance with the requirements set out in paragraphs 12.11.9 (securely) and 12.11.10 (immediately)*. This means that it is not necessary for the required information to be attached directly to, or be included in, the virtual asset transfer itself.

For the avoidance of doubt, an ordering institution should not execute a virtual asset transfer when it could not ensure that the required information could be submitted to a beneficiary institution, and where applicable, an intermediary institution, in a secure manner having regard to the above guidance and the VA transfer counterparty due diligence results.

According to SFC Consultation Conclusions, where the required information cannot be submitted to the beneficiary institution immediately, the SFC considers that submission as soon as practicable after the virtual asset transfer to be acceptable as an interim measure until 1 January 2024, having regard to the implementation status of the Travel Rule in other major jurisdictions.

Counterparty Due Diligence

To ensure that the required information is submitted in a secure manner, an ordering institution should undertake the VA transfer counterparty due diligence measures and take other appropriate measures and controls as specified in Guideline.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) Before carrying out a virtual asset transfer, a financial institution that is an ordering institution must obtain and record the information specified in Section "Scope of the PII" (a)-(e).

2) A financial institution that is an ordering institution in a virtual asset transfer must submit to the beneficiary institution the information specified in Section "Scope of the PII".

3) For a virtual asset transfer involving virtual assets that amount to not less than $8,000, an ordering institution must ensure that the required originator information submitted with the virtual asset transfer is accurate.

For an occasional virtual asset transfer involving virtual assets that amount to not less than $8,000, an ordering institution must verify the identity of the originator. For an occasional virtual asset transfer involving virtual assets that amount to less than $8,000, the ordering institution is in general not required to verify the originator’s identity, except when several transactions are carried out which appear to the ordering institution to be linked and amount to not less than $8,000, or when there is a suspicion of ML/TF.

4) A financial institution that is a beneficiary institution in a virtual asset transfer must obtain and record the information submitted to it by the institution from which it receives the transfer instruction.

5) For a virtual asset transfer involving virtual assets that amount to not less than $8,000, a beneficiary institution should verify the identity of the recipient if the identity has not been previously verified as part of its CDD process. The beneficiary institution should also confirm whether the recipient’s name and account number obtained from the institution from which it receives the transfer instruction match with the recipient information verified by it, and take reasonable measures as set out in paragraph 12.11.24 of the Guideline where such information does not match.

6) A FI should establish and maintain effective procedures to ensure compliance with to enable it to carry out sanctions screening and transaction monitoring procedures on all relevant parties involved in a virtual asset transfer in an effective manner.

7) A financial Institution must implement procedure for inaccurate, incomplete information, as specified in respective section.

8) The procedures in relation to unhosted wallets are specified in section "VA transfer in case unhosted wallets or person other than a VASP"

Scope of the PII

For a virtual asset transfer involving virtual assets that amount to not less than $8,000:

(a) the originator’s name;

(b) the number of the originator’s account maintained with the financial institution and from which the virtual assets are transferred or, in the absence of such an account, a unique reference number assigned to the virtual asset transfer by the financial institution;

(c) the originator’s address, the originator’s customer identification number or identification document number or, if the originator is an individual, the originator’s date and place of birth;

(d) the recipient’s name; and

(e) the number of the recipient’s account maintained with the beneficiary institution and to which the virtual assets are transferred or, in the absence of such an account, a unique reference number assigned to the virtual asset transfer by the beneficiary institution.

For a virtual asset transfer involving virtual assets that amount to less than $8,000:

the information obtained and held under subsection (a), (b), (d) and (e) in relation to the transfer.

Batch file transfer

No information.

The presence of differences in domestic and cross-border transfers

No information.

VA transfer in case unhosted wallets or person other than a VASP

Before an FI sends or receives virtual assets to or from an unhosted wallet on behalf of its customer (i.e. the originator or the recipient, as the case may be), the FI should obtain the following originator and recipient information from the customer and record:

(a) in relation to a virtual asset transfer to an unhosted wallet,

(i) the originator’s name;

(ii) the number of the originator’s account maintained with the FI and from which the virtual assets are transferred or, in the absence of such an account, a unique reference number assigned to the virtual asset transfer by the FI;

(iii) the originator’s address, the originator’s customer identification number or identification document number or, if the originator is an individual, the originator’s date and place of birth;

(iv) the recipient’s name; and

(v) the recipient’s wallet address;

(b) in relation to a virtual asset transfer from an unhosted wallet,

(i) the originator’s name;

(ii) the originator’s wallet address;

(iii) the originator’s address, the originator’s customer identification number or identification document number or, if the originator is an individual, the originator’s date and place of birth;

(iv) the recipient’s name; and

(v) the number of the recipient’s account maintained with the FI and to which the virtual assets are transferred or, in the absence of such an account, a unique reference number assigned to the virtual asset transfer by the FI.

An FI should also assess the ML/TF risks associated with virtual asset transfers to or from unhosted wallets and take reasonable measures on a risk-sensitive basis to mitigate and manage the ML/TF risks associated with the transfers, which include:

(a) conduct enhanced monitoring of virtual asset transfers with unhosted wallets;

(b) accept virtual asset transfers only to or from unhosted wallets that the FI has assessed to be reliable, having regard to the screening results of the virtual asset transactions and the associated wallet addresses (see paragraphs 12.7.2 to 12.7.4 and 12.7.6 of the Guideline) and the assessment results of the ownership or control of the unhosted wallet 170 (see paragraphs 12.10.6 and 12.10.7 of the Guideline); and

(c) (where appropriate) impose transaction limits.

Procedure for inaccurate, incomplete information

Where a financial institution (instructed institution) is a beneficiary institution or an intermediary institution in a virtual asset transfer—

(a) if the institution (instructing institution) from which the instructed institution receives the transfer instruction does not submit all of the information in connection with the virtual asset transferred to the instructed institution, the instructed institution must as soon as reasonably practicable—

(i) obtain the missing information from the instructing institution; and

(ii) if the missing information cannot be obtained, either—

(A) consider restricting or terminating its business relationship with the instructing institution; or

(B) take reasonable measures to mitigate the risk of money laundering or terrorist financing involved; or

if the instructed institution is aware that any of the information submitted to it that purports to be information is incomplete or meaningless, it must as soon as reasonably practicable take reasonable measures to mitigate the risk of money laundering or terrorist financing involved.

For more detailed information, see the AML/CFT Guideline.

Record retention

Retention period is at least 5 years.

Notes

If a financial institution acts as an intermediary institution in a virtual asset transfer, it must transmit all of the information that it receives with the transfer to the institution to which it passes on the transfer instruction.

For the rules regarding incomplete information for the intermediary, see the Section "Procedure for inaccurate, incomplete information".

Application of requirements

The concept of ‘travel rules’ applies when providing services for moving or transferring crypto assets by Prospective Crypto Asset Physical Traders or Crypto Asset Physical Traders.

De minimis threshold

Rupiah value that is equivalent to USD 1,000.

When a transaction is below the threshold, a smaller set of data is required.

Time and way to share the Information

No information.

Counterparty Due Diligence

No information.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) The Prospective Crypto Asset Physical Traders or Crypto Asset Physical Traders must obtain the information specified in the Section "Scope of the PII";

2) Prospective Crypto Asset Physical Traders or Crypto Asset Physical Traders are prohibited from facilitating the movement or transfer of Crypto Assets, if they do not apply the Travel Rule principle.

Scope of the PII

If the threshold of the transaction is more than or equal to the Rupiah value that is equivalent to USD 1,000:

Information about the sender includes:

a) sender's name, sender's Wallet address, and sender's address; and

b) Identity Cards are mandatory for Indonesian citizens, or passports and identity cards issued by the country of origin of Crypto Asset Customers (KITAP) or Limited Stay Permit Cards (KITAS) for foreign nationals if it is possible to obtain them.

In the case of recipients or Wallet addresses including cold Wallets or Wallets other than Prospective Physical Traders of Crypto Assets or Physical Traders of Crypto Assets, the information about recipient include:

a) recipient's name;

b) the recipient's Wallet address; and

c) recipient address.

If the threshold of the transaction is less than the Rupiah value that is equivalent to USD 1,000:

• name of the sender;
• the sender's Wallet address;
• recipient's name; and
• recipient's Wallet address.

Batch file transfer

No information.

The presence of differences in domestic and cross-border transfers

No information.

VA transfer in case unhosted wallets or person other than a VASP

No information.

Procedure for inaccurate, incomplete information

No information.

Record retention

Retention period is at least 5 years.

Notes

No additional information.

Application of requirements

The obligation applies when transfer of virtual assets.

De minimis threshold* (the amount 1) only above which the transfer of data is required; or 2) below which the transfer of a smaller set of data is required than above it)

No information.

It can be assumed, that if the corresponding regulations does not specify the threshold, the rule is applied to all transactions regardless of the amount.

Time and way to share the Information

The information should be submitted immediately and securely to the enterprise serving as the beneficiary party.

Counterparty Due Diligence

When the enterprise transfers virtual currencies, it shall verify that the transaction counterparty (originating party or beneficiary party) is subject to and supervised for compliance with AML/CFT requirements consistent with standards set by the Financial Action Task Force on Money Laundering (FATF).

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) The enterprise shall obtain required and accurate information on the customer transferring the virtual currency (the originator) and required information on the customer receiving the virtual currency (the beneficiary). It shall hold previously acquired information in accordance with Article 10 of the Regulation, and submit the aforementioned information immediately and securely to the enterprise serving as the beneficiary party. Law enforcement authorities should be able to compel immediate production or such information and the enterprise shall respond accordingly.

2) Where the enterprise fails to conduct the transfer, it is not allowed to process the virtual currency transfer.

3) Where the enterprise serves as the beneficiary party of virtual currency transfers, it shall comply with the following provisions:

a) Take reasonable measures to identify virtual currency transfers that lack the required information.

b) Have risk-based policies and procedures for determining when to execute, reject, or suspend a virtual currency transfer that lacks the required information and the appropriate follow-up actions.

c) Maintain the information on the originator and beneficiary in accordance with Article 10 of the Regulation (please see Section "Retention Period").

4) The enterprise shall establish policies and procedures for watch list filtering, based on a risk-based approach, to detect, match and filter whether customers, beneficial owners or connected parties of the customers are individuals, legal persons or organizations sanctioned under the Counter-Terrorism Financing Act or terrorists or terrorist groups identified or investigated by a foreign government or an international organization.

Scope of the PII

(1) Information of the originator includes the name of the originator, information on the wallet used for transferring the virtual currency, and one of the following information of the originator:

A. Number of official identity document.

B. Address.

C. Date and place of birth.

(2) Information of the beneficiary include the name of the beneficiary and information on the wallet used for receiving the virtual currency.

Batch file transfer

No information.

The presence of differences in domestic and cross-border transfers

No information.

VA transfer in case unhosted wallets or person other than a VASP

No information.

Procedure for inaccurate, incomplete information

Where the enterprise serves as the beneficiary party of virtual currency transfers, it shall comply with the following provisions:

a) Take reasonable measures to identify virtual currency transfers that lack the required information.

b) Have risk-based policies and procedures for determining when to execute, reject, or suspend a virtual currency transfer that lacks the required information and the appropriate follow-up actions.

Record retention

The enterprise shall keep records on all business relations and transactions with its customers in hard copy or electronic form and in accordance with the following provisions:

1) The enterprise shall maintain all necessary records on domestic and international transactions for at least five years or a longer period as otherwise required by law.

2) The enterprise shall keep all the following information for at least five years or a longer period as otherwise required by law after the business relationship is ended, or after the date of the occasional transactions:

(1) All records obtained through CDD measures, such as copies or records of passports, identity cards, driving licenses or other similar official identification documents.

(2) Contract document files.

(3) Business correspondence, including information on the background and purpose obtained from inquiries to complex, unusual large transactions and the results of any analysis undertaken.

3) Transaction records maintained by the enterprise shall be sufficient to reconstruct individual transactions so as to provide, if necessary, evidence of criminal activity.

4) The enterprise shall ensure that transaction records and CDD information will be available swiftly to the competent authorities when such requests are made with appropriate authority.

Notes

No additional information.

Application of requirements

The obligation applies when transfer of virtual assets.

Transfer of virtual asset means any transaction carried out on behalf of another person that moves a virtual asset from one virtual asset address or account to another.

De minimis threshold* (the amount 1) only above which the transfer of data is required; or 2) below which the transfer of a smaller set of data is required than above it)

No threshold.

Time and way to share the Information

The originating virtual asset service provider shall immediately and securely submit the information obtained and held to the beneficiary virtual asset service provider or any other financial institution.

Counterparty Due Diligence

According to Guidance Notes, VASPs would be expected to make use of relevant software to perform robust due diligence or KYC process on counterpart institutions and identify counterparty wallet type (pre-transaction).

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) Where a transfer of virtual asset is made –

(a) the originating virtual asset service provider shall –

(i) obtain and hold required and accurate originator information and required beneficiary information on the transfer; and

(ii) immediately and securely submit the information obtained and held pursuant to subparagraph (i) to the beneficiary virtual asset service provider or any other financial institution; and

(b) the beneficiary virtual asset service provider shall obtain and hold required originator information and required and accurate beneficiary information on the transfer.

2) An originating virtual asset service provider shall ensure that all transfers of virtual assets are always accompanied by –

(a) required and accurate originator information, and

(b) required beneficiary information, as specified in Section "Scope of the PII".

3) The originating virtual asset service provider shall not execute a transfer of virtual asset where it does not comply with the requirements specified in paragraph (2) of this Section.

4) A beneficiary virtual asset service provider shall take measures specified in Section "Procedure for inaccurate, incomplete information".

5) According to Guidance Notes, VASPs would be expected to make use of relevant software to:

• identify risk-related details about the beneficiary through blockchain analytics and sanctions screening providers;
• allow to generate reports to the FSC on a timely basis, upon request.

6) As far as occasional transactions are concerned, following consequential amendments made in the FIAMLA, a VASP is required to:

(i) apply CDD measures in respect to an occasional transaction in an amount equal to or above 1000 US dollars or an equivalent amount in foreign currency where the exchange rate to be used to calculate the US dollar equivalent shall be the selling rate in force at the time of the transaction, whether conducted as a single transaction or several transactions that appear to be linked; and

(ii) record, in respect to an occasional transaction in an amount below 1000 US dollars, the name of the originator and the beneficiary; and the virtual asset wallet address for each or a unique transaction reference number.

Scope of the PII

Information about originator:

(i) the name of the originator;

(ii) the originator virtual asset account number where such an account is used to process the transaction or, in the absence of a virtual asset account number, a unique transaction reference number which permits traceability of the transaction; and

(iii) any of the following information:

(A) the originator’s physical address;

(B) the originator’s National Identity Card number or passport number;

(C) the originator’s customer identification number; or

(D) the originator’s place of birth;

Information about beneficiary:

(i) the name of the beneficiary; and

(ii) the beneficiary virtual asset account number where such an account is used to process the transaction or, in the absence of a virtual asset account number, a unique transaction reference number which permits traceability of the transaction.

Batch file transfer

No information.

The presence of differences in domestic and cross-border transfers

No information.

VA transfer in case unhosted wallets or person other than a VASP

No information.

Procedure for inaccurate, incomplete information

A beneficiary virtual asset service provider shall:

(a) take reasonable measures, which may include post- event monitoring or real-time monitoring where feasible, to identify transfers of virtual assets that lack required originator information or required beneficiary information;

(b) have risk-based policies and procedures for determining:

• (i) when to execute, reject or suspend a transfer of virtual asset lacking required originator or required beneficiary information; and
• (ii) the appropriate follow-up actions.

Record retention

The information obtained and held shall be kept in a manner that they are immediately made available to the Commission and, upon request, to any other relevant competent authority.

According to Guidance Notes, VASPs would be expected to make use of relevant software to store encrypted customer’s PII for up to seven years.

Notes

The Travel Rule requirements also extend to a financial institution, acting as intermediary, when sending or receiving virtual asset transfers on behalf of a customer as they would have applied to a VASP.

Application of requirements

The Travel Rule obligation applies to virtual assets (digital assets) transfers in the Bahamas, as in the Fifth Schedule of DARE Act, a digital asset business is defined as a “financial institution” defined in the Financial Transactions Reporting Act, 2018 (FTRA).

This inclusion obliges such business to have the same full set of AML/KYC requirements of traditional financial institutions.

Thus, digital asset businesses must comply with the FTRA and the FTR (Wire Transfers) Regulations, 2018, which captures the Travel Rule’s provisions.

An appropriate confirmation response was received from the Bahamas Securities Commission.

De minimis threshold* (the amount 1) only above which the transfer of data is required; or 2) below which the transfer of a smaller set of data is required than above it)

BSD $1,000 or more.

Time and way to share the Information

No information.

Counterparty Due Diligence

No information.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

Obligations of Originating Financial Institutions

1) Subject to paragraph (2), an originating financial institution shall, before conducting a wire transfer/VA transfer, verify the payer's (originator's) identity in accordance with section 7(1) of the Act and the Financial Transactions Reporting Regulations.

2) Where the payer (originator) is a facility holder of the originating financial institution and the originating financial institution has already verified his identity in accordance with section 7(1) of the Act, the originating financial institution is not required to verify the payer's identity pursuant to paragraph (1).

3) Subject to regulations 4 and 5, originating financial institutions shall ensure that each wire transfer (VA transfer) of one thousand dollars or more is accompanied by the information specified in Section "Scope of the PII".

4) Exemption for batch file transfers. Please see Section "Batch file transfer".

5) Requirements for domestic wire transfers. Please see Section "The presence of differences in domestic and cross-border transfers".

6) Cross-border wire transfers below one thousand dollars. Please see Section "The presence of differences in domestic and cross-border transfers".

7) Retention of records. Please see Section "Records retention".

8) Refusal to execute wire transfers. Where an originating financial institution:

(a) is unable to comply with the requirements specified in paragraphs 1 through 7; or

(b) has any suspicion of money laundering or terrorism financing, the originating financial institution shall not execute the wire transfer (VA transfer).

Obligations of Beneficiary Financial Institutions

1) Detection of missing payer (originator) and payee (beneficiary) information. See Section "Procedure for inaccurate, incomplete information".

2) Duty to verify identity.

• 1) Subject to paragraph 2), a beneficiary financial institution shall, before paying out funds in cash or cash equivalent/VA to a payee (beneficiary) in The Bahamas with respect to a cross-border wire transfer (VA transfer) of one thousand dollars or more, verify the payee's identity as provided under section 7(1) of the Act and the Financial Transactions Reporting Regulations, 2018.
• 2) Where the payee (beneficiary) is a facility holder of the beneficiary financial institution and the beneficiary financial institution has already verified his identity in accordance with section 7(1) of the Act, the beneficiary financial institution is not required to verify the payee's (beneficiary's) identity pursuant to paragraph 1).

3) Duty to assess risks. See Section "Procedure for inaccurate, incomplete information".

Suspicious transaction reporting.

Every financial institution that controls both the originating and the beneficiary side of a wire transfer shall:

(a) take into account all the information from both the originating financial institution and the beneficiary financial institution in order to determine whether a suspicious transaction report has to be filed; and

(b) where applicable, file a suspicious transaction report in any country affected by the suspicious wire transfer and make relevant transaction information available to the appropriate authorities.

Scope of the PII

(a) information regarding the payer (originator)

(i) name;

(ii) account number, where an account is used to process the transaction or, if no account is used, a unique transaction identifier; and

(iii) address or date and place of birth or the payer's national identity number or customer identification number;

(b) information regarding the payee's (beneficiary)

(i) name; and

(ii) account number, where an account is used to process the transaction or, if no account is used, a unique transaction identifier.

Batch file transfer

"Batch file transfer" means a transfer comprised of several individual wire transfers (VA transfers) that are sent by a payer to the same financial institution, irrespective of whether the individual transfers are intended ultimately for one or more payees (beneficiary).

Where a batch file transfer comprises individual wire transfers (VA transfers) of one thousand dollars or more from a single payer (originator) to payees (beneficiary) outside The Bahamas, the originating financial institution shall be exempted from the requirements of paragraph 3 of the Section "The main actions required" in respect of the inclusion of the payer's information with each individual transfer, provided that

(a) the batch file contains the information required under parahraph 3 specified in Section "The main actions required" on

(i) the payer;

(ii) the payees; and

(b) the individual wire transfers include the payer's account number or, if no account is used , a unique transaction identifier.

The presence of differences in domestic and cross-border transfers

Requirements for domestic wire transfers (VA transfers).

Every wire transfer (VA transfer) may be accompanied solely by the account number of the payer (originator), or a unique transaction identifier, where

(a) the originating financial institution of the payer (originator) and the beneficiary financial institution of the payee (beneficiary) are both situated in The Bahamas; and

(b) the originating financial institution provides the complete payer (originator) information prescribed in paragraph 3 from the Section "The main actions required" to any intermediary or beneficiary financial institution requesting such information within three business days of such a request.

Cross-border wire transfers (VA transfers) below one thousand dollars.

Where the beneficiary financial institution of the payee (beneficiary) is situated outside of The Bahamas, transfers of funds of less than one thousand dollars must be accompanied by the information required under sub-paragraphs (i) and (ii) of paragraph (a) and paragraph (b) from the Section "Scope of the PII".

VA transfer in case unhosted wallets or person other than a VASP

According to the Bahamas’ Approach to the Regulation of Digital Asset Businesses, digital asset businesses (DABs) can conduct business with persons in jurisdictions that have not enacted the Travel Rule. However, they must comply with the Financial Transactions Reporting (Wire Transfers) Regulations, 2018 and the Financial Transactions Reporting (WIRE TRANSFERS) (Amendment) Regulations, 2022 (not yet in force).

Procedure for inaccurate, incomplete information

Every beneficiary financial institution shall take reasonable measures, which may include post-event monitoring or real-time monitoring where feasible, to identify cross-border wire transfers that lack required payer (originator) and payee (beneficiary) information.

Duty to assess risks.

1) Every beneficiary financial institution shall adopt risk-based policies and procedures that enable them to determine:

(a) when to execute, reject, or suspend wire transfers (VA transfers) that are not accompanied by the complete payer (originator) and payee (beneficiary) information as required; and

(b) the appropriate follow-up action.

2) Where the originating financial institution repeatedly fails to provide the completepayer (originator) and payee (beneficiary) information as required, the beneficiary financial institution shall give the originating financial institution a reasonable opportunity to correct the failures, before it:

(a) rejects any future transfers of funds from the originating financial institution;

(b) restricts its business relationship with the originating financial institution; or

(c) terminates its business relationship with the originating financial institution.

3) Every beneficiary financial institution shall report any decision to reject future wire transfers (VA transfers) from, or to restrict or terminate its business relationship with, the originating financial institution to the beneficiary financial institution's Supervisory Authority.

4) Every beneficial financial institution shall consider missing or incomplete payer and payee information as a factor in assessing whether the wire transfer (VA transfer), or any related transaction , is suspicious, and whether it must be reported to the Financial Intelligence Unit in accordance with these Regulations and the Act.

Record retention

An originating financial institution shall keep for five years, a record of any information on the payer (originator) and the payee (beneficiary) obtained under paragraphs 1, 2 and 3 of the Section "The main actions required".

Notes

Obligations of intermediary financial institutions

Technical limitations.

(1) Intermediary financial institutions shall ensure that payer (originator) and payee (beneficiary) information received with a wire transfer (VA transfer) remains with the transfer unless technical limitations of the payment systems prevent this.

(2) Where technical limitations prevent the required payer (originator) and payee (beneficiary), or payer (originator) or payee (beneficiary), information accompanying a cross-border wire transfer (VA transfer) from remaining with a related domestic wire transfer (VA transfer), the intermediary financial institution shall keep a record, for at least five years, of all the payer (originator) and payee (beneficiary), or payer (originator) or payee (beneficiary), information received from the originating financial institution or another intermediary financial institution.

(3) Where an intermediary financial institution receives a wire transfer (VA transfer) that does not have complete payer (originator) and payee (beneficiary), or payer (originator) or payee (beneficiary), information as required under these Regulations, it shall use a payment system with technical limitations only if:

(a) it informs the beneficiary financial institution or the other intermediary financial institution that it does not have complete payer (originator) and payee (beneficiary), or payer (originator) or payee (beneficiary), information as required;

(b) it informs the beneficiary financial institution or the other intermediary financial institution that it intends to use a payment system with technical limitations; and

(c) it conveys the information in sub-paragraphs (a) and (b) using a form of communication accepted by, or agreed between, itself and the beneficiary financial institution or the other intermediary financial institution.

(4) Where the intermediary financial institution uses a payment system with technical limitations, it shall, upon request from the beneficiary financial institution or another intermediary financial institution, provide all the payer (originator) or payee (beneficiary) information it has received, whether complete or not, within three business days of receiving the request.

Detection of missing payer (originator) and payee (beneficiary) information.

Intermediary financial institutions shall take reasonable measures, which are consistent with straight-through processing, to identify cross-border wire transfers (VA transfer) that Jack the required payer (originator) and payee (beneficiary) information.

Duty to assess risks. Intermediary financial institutions shall adopt risk-based policies and procedures that enable them to determine:

(a) when to execute, reject or suspend wire transfers that are not accompanied by the complete payer (originator) and payee (beneficiary) information as required; and

(b) the appropriate follow-up action.

Application of requirements

The subjects obliged to comply with the provisions established in the Technical Rules are Banks, Cooperative Banks and Savings and Credit Societies, Electronic Money Providers.

These Rules are intended to regulate subjects that offer bitcoin-based services to their customers, whether natural or legal persons, and these services may be offered directly or through a Bitcoin Service Provider.

Subjects may engage in the provision of bitcoin-based custodial or non-custodial wallet services, exchange services, payment processing, among other services, as well as offer the full suite of their banking services to a Bitcoin Service Provider.

The Rules do not apply to Bitcoin Service Providers that register in accordance with the provisions of Executive Decree No. 27 dated August 27, 2021, unless they are considered entities according to the Rules.

De minimis threshold* (the amount 1) only above which the transfer of data is required; or 2) below which the transfer of a smaller set of data is required than above it)

$ 1,000

Time and way to share the Information

See The main actions required section below.

Counterparty Due Diligence

Before entering into a contractual relationship with a Bitcoin Service Provider, an entity will perform due diligence on the Bitcoin Service Provider, given the nature of the services to be provided and the risk associated with such a relationship in accordance with the policies of each entity. Any entity will carry out enhanced due diligence to preserve the safety, soundness and integrity of the entity and of the financial system in general. Due diligence issues, including but not limited to, a Bitcoin Service Provider's business qualifications, financial condition, legal and regulatory compliance, risk management and controls, money laundering risk prevention systems, retail financing terrorism, information security and operational resistance.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

For any transfer of funds that is greater than or equal to one thousand dollars or its equivalent in Bitcoin, measured at the time of the transaction, for which an entity is involved in the payment flow, said entity must obtain the information specified in section "Scope of the PII".

Entities must establish policies and procedures based on best practices, including FATF recommendations and the Law Against Money and Asset Laundering.

Scope of the PII

Information about Originator:

• Name
• Account number
• Address (when available)
• Identification of the financial institution
• Negotiated amount
• Execution date

Information about Beneficiary:

• Name
• Address (When available)
• Identification of the financial institution
• Account number
• Any other identifying information of the recipient (When available)

Batch file transfer

See The main actions required section above.

The presence of differences in domestic and cross-border transfers

See The main actions required section above.

VA transfer in case unhosted wallets or person other than a VASP

See The main actions required section above.

Procedure for inaccurate, incomplete information

See The main actions required section above.

Record retention

Entities must keep the records related to their bitcoin-based services for a period of fifteen years from the date of completion of the transaction.

Notes

No additional information.

Application of requirements

Any Regulated Financial Institution (RFI), including an RFI conducting Digital Assets Business (DAB), that provides services for the transfer of digital assets, money transmission, or other transfer of funds, is a payment service provider (PSP) engaging in a wire transfer and is subject to the rules for wire transfers set forth in POCR Regulations 21 through 31A and Chapter 8: Wire Transfers.

De minimis threshold* (the amount 1) only above which the transfer of data is required; or 2) below which the transfer of a smaller set of data is required than above it)

$ 1,000

Time and way to share the Information

The information should be immediately available.

Counterparty Due Diligence

A Bermudian PSP should transact only with non-Bermudian PSPs that it has approved using an appropriate risk assessment. Bermudian PSPs should ensure that any non-Bermudian PSP implements the wire transfer standards set forth by the FATF.

Before a Bermudian PSP enters into or elects to maintain a relationship with any non-Bermudian PSP, the Bermudian PSP should ensure that it understands and has vetted the beneficial ownership of any non-Bermudian PSP that is not listed on an appointed stock exchange and is subject to Bermuda disclosure obligations or disclosure obligations equivalent to those in Bermuda.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) Regulated Financial Institutions (RFIs) conducting wire transfers must ensure that complete information on both the originator and beneficiary accompanies each cross- border transfer of funds over $1,000, and each cross-border transaction that is carried out in several operations that appear to be linked and together exceed $1,000.

2) Where the originator is an accountholder at the originating PSP, the originating PSP must ensure, before transferring funds, that the complete information on the originator conveyed in the payment is accurate and has been verified.

3) POCR Regulation 11 requires each RFI that is a Payment Service Provider (PSP) to apply appropriate enhanced due diligence measures to transfers of funds presenting higher risks of ML/TF (the criteria are specified in sections VIII.156-VIII.157 of the Notice).

4) Prior to transferring funds, a beneficiary PSP must ensure that the identity of the beneficiary is accurate and verified for any transfer of funds over $1,000 and for any transfer of funds that is carried out in several operations that appear to be linked and together exceed $1,000.

5) Where the originator is not an accountholder and the transfer is $1,000 or less, the originatibg PSP must obtain information establishing the originator’s identity and address. Where the address is substituted with a payer’s date and place of birth, customer identification number or national identity number, that customer information must be obtained. PSPs are not required to verify the information obtained for such transactions; nonetheless, it is advisable to do so in all cases. Where a transaction is carried out in several operations that appear to be linked and together exceed $1,000, the verification requirements described in paragraph 8.31 of the GN apply.

Where the beneficiary is not an accountholder and the transfer is $1,000 or less, the beneficiary PSP must obtain information establishing the originator's identity. PSPs are not required to verify the information obtained for such transactions; nonetheless, it is advisable to do so in all cases. Where a transaction is carried out in several operations that appear to be linked and together exceed $1,000, the verification requirements described in paragraph 8.51 of the GN apply.

6) Beneficiary PSPs must have effective policies, procedures and controls, including post- event monitoring or real-time monitoring where feasible, to detect whether incoming transfers of funds include all required information.

For more details, see Section 8 of the GN.

Scope of the PII

Complete information on the payer means:

a) The payer’s name;

b) The payer’s address; and

c) The payer’s account number.

Complete information on the payee means:

a) The payee’s name; and

b) The payee’s account number.

Where the payer is a natural person, the payer’s address may be substituted with the payer’s date and place of birth, customer identification number or national identity number.

Where a payer or payee does not have an account number, the PSP must substitute it with a unique identifier that allows the transaction to be traced to the payee.

RFIs conducting DAB should allow substitutions described above only to address legitimate business needs and should use the substitutions only in limited circumstances where the risks associated with a departure from the standard are objectively justified and documented. As a general practice, each RFI conducting DAB should ensure that its terms and conditions of business with each payer address the release of the complete information described in paragraphs 8.9 through 8.19 of the General Guidance to other RFIs involved in the execution of the transfer.

Batch file transfer

Where there is a batch file transfer from a single payer and the payee PSP is situated outside Bermuda, complete information will be considered to have been transferred, provided that:

a) The batch file transfer contains complete information on the payer and each of the payees for each individual transfer;

b) The individual transfers of funds carry the account number of the payer or a unique identifier where an account number is not available; and

c) The complete information provided on all payees is fully traceable within the beneficiary country.

The presence of differences in domestic and cross-border transfers

For Bermuda-based PSPs, the POCR covers international transfers and domestic transfers.

A Bermudian PSP should transact only with non-Bermudian PSPs that it has approved using an appropriate risk assessment. Bermudian PSPs should ensure that any non-Bermudian PSP implements the wire transfer standards set forth by the FATF.

Before a Bermudian PSP enters into or elects to maintain a relationship with any non-Bermudian PSP, the Bermudian PSP should ensure that it understands and has vetted the beneficial ownership of any non-Bermudian PSP that is not listed on an appointed stock exchange and is subject to Bermuda disclosure obligations or disclosure obligations equivalent to those in Bermuda.

Domestic transfers

Where the originating PSP, beneficiary PSP and any and all intermediary PSPs are all located within Bermuda, transfers of funds need be accompanied only by the originator’s account number or by a unique identifier which permits the transaction to be traced back to the originator.

The originating PSP must provide the beneficiary PSP or any competent authority with the complete information on the originator within three working days of receiving any request from the beneficiary PSP or competent authority, respectively.

The above information requirements are minimum standards. It is open to PSPs to elect to supply the complete information on the originator and beneficiary with transfers that are eligible for a reduced information requirement. Doing so limits the likely incidence of inbound requests for complete information.

It is also open to PSPs to request the complete information from originating PSPs and intermediary PSPs in order to ascertain the degree to which accurate and complete information travels through particular PSPs.

VA transfer in case unhosted wallets or person other than a VASP

No information.

Procedure for inaccurate, incomplete information

Beneficiary PSPs must have effective policies, procedures and controls, including post- event monitoring or real-time monitoring where feasible, to detect whether incoming transfers of funds include all required information.

Where a PSP becomes aware, in the course of processing a payment, that it is missing required information, or that the required information provided is meaningless or otherwise incomplete, the payee PSP must:

a) Reject the transfer;

b) Request the complete information on the payer and payee; and/or

c) Make an internal SAR to the reporting officer.

A beneficiary PSP should also take one or more of the steps outlined in paragraph 8.56 where it knows or suspects that information provided by the originating PSP or any intermediary PSP has been stripped or altered at any point in the payment chain.

Where a originating PSP regularly fails to provide all required information on the originator and beneficiary, the beneficiary PSP must inform the BMA and take steps to ensure that the originating PSP provides all required information. Steps a beneficiary PSP may take in such a situation include, but are not limited to, issuing warnings to the originating PSP and setting deadlines for the originating PSP to provide all required information.

Where, despite the beneficiary PSP taking the steps describedabove, an originating PSP still regularly fails to provide all required information on the originator and beneficiary, the beneficiary PSP must either reject any future transfers of funds from the originating PSP or determine whether to restrict or terminate the business relationship with the originating PSP, either completely or in respect of funds transfers.

For more details, see Sections 8.49-8.66 of the GN.

Record retention

The originating PSP must keep records for five years of complete information on the originator and beneficiary that accompanies transfers of funds.

Notes

Intermediary PSPs must ensure that, for each cross-border transfer of funds, all information received on the originator and beneficiary is kept with the transfer. Intermediary PSPs should forward transfers through a messaging system capable of carrying all of the complete information. Where technical limitations associated with a messaging system prevent all information received on the payer and payee from accompanying the transfer, an intermediary PSP may nonetheless use the messaging system with technical limitations under certain conditions (see section 8.39 0f the GN)

Where an intermediary PSP becomes aware, when receiving a transfer of funds, that information on the payer or payee is incomplete or missing, the intermediary PSP must either:

a) Reject the transfer;

b) Request the complete information on the payer and payee; or

c) Make an internal SAR to the reporting officer.

Where a payer PSP or intermediary PSP regularly fails to supply complete information, the intermediary PSP must report that fact to the BMA and must take steps to attempt to ensure that the payer PSP or intermediary PSP provides complete information.

The intermediary PSP should maintain records of all information received from theoriginating PSP, beneficiary PSP and any other intermediary PSPs.

For more details, see Sections 8.37-8.48 of the GN.

Application of requirements

No information.

De minimis threshold* (the amount 1) only above which the transfer of data is required; or 2) below which the transfer of a smaller set of data is required than above it)

US 1,000 dollars or its equivalent in freely convertible currency or Cuban pesos.

Time and way to share the Information

The information should be transferred immediately and securely.

Counterparty Due Diligence

No information.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

For authorization as a provider of virtual assets services, the applicant accompanies the letter of request addressed to the Central Bank of Cuba, the following documents:

<...>

Procedures relating to the system for preventing and combating money-laundering, the financing of terrorism and the proliferation of weapons of mass destruction, including, inter alia, the obligation to:

a) To apply due diligence and obtain, retain and transmit information about the originator and the beneficiary immediately and securely when making transfers of virtual assets, where it is reasonably suspected by the characteristics of the participants or the circumstances of the transaction in question;

b) to obtain, retain and transmit information from the originator and beneficiary, immediately and securely, of transfers of virtual assets exceeding the threshold of one thousand US dollars or its equivalent in freely convertible currency or Cuban pesos; and

c) issue suspicious transaction reports and supplementary information requested by the General Directorate of Financial Operations of the Central Bank of Cuba.

Scope of the PII

No information.

Batch file transfer

No information.

The presence of differences in domestic and cross-border transfers

No information.

VA transfer in case unhosted wallets or person other than a VASP

No information.

Procedure for inaccurate, incomplete information

No information.

Record retention

No information.

Notes

No additional information.

Application of requirements

The transfer of a convertible virtual asset is an operation performed by the initiator or with his order/consent to ensure the availability of a convertible virtual asset to the recipient by digital means. When transferring a convertible virtual asset, the initiator and recipient may be the same person, or the initiator and the recipient of the convertible virtual asset may be served by one virtual asset service provider.

De minimis threshold* (the amount 1) only above which the transfer of data is required; or 2) below which the transfer of a smaller set of data is required than above it)

Information will be provided as soon as the relevant regulatory authority instructions are published.

Time and way to share the Information

Information will be provided as soon as the relevant regulatory authority instructions are published.

Counterparty Due Diligence

No information.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

The virtual asset service provider is obliged to ensure that the transfer and/or receipt of the convertible virtual asset is accompanied by the accompanying information determined by the regulatory body.

The provider of the recipient of the convertible virtual asset must study whether there is a basis for submitting the report provided for in the first paragraph of Article 25 of this law, if the transfer of the convertible virtual asset does not fully contain the identification data of the initiator/recipient of the transfer of the convertible virtual asset in accordance with the rules determined by the supervisory authority.

Scope of the PII

Information will be provided as soon as the relevant regulatory authority instructions are published.

Batch file transfer

Information will be provided as soon as the relevant regulatory authority instructions are published.

The presence of differences in domestic and cross-border transfers

Information will be provided as soon as the relevant regulatory authority instructions are published.

VA transfer in case unhosted wallets or person other than a VASP

Information will be provided as soon as the relevant regulatory authority instructions are published.

Procedure for inaccurate, incomplete information

Information will be provided as soon as the relevant regulatory authority instructions are published.

Record retention

Information will be provided as soon as the relevant regulatory authority instructions are published.

Notes

No additional information.

Application of requirements

In 2020, the virtual asset service procider was included in the term of financial service provider: “ financial service provider ” has the meaning assigned to the words in the Banking and Financial Services Act, 2017 and includes a virtual asset service provider.

Subsections (1) and (2) of the Article 26 (wire thansfer) do not apply to transfers executed as a result of credit card or debit card transactions or to transfers between financial service providers acting for their own account, except that the credit card or debit card number accompanies the transfer resulting from the transaction.

De minimis threshold* (the amount 1) only above which the transfer of data is required; or 2) below which the transfer of a smaller set of data is required than above it)

The prescribed threshold for a wire transfer transaction is provided under Regulation 6 of S.I No. 52 of 2016 as:

(a) an amount equal to or above Kwacha Equivalent of USD 10,000.00 (whether denominated in Zambian Kwacha or a foreign currency in relation to a legal person or legal arrangement)

(b) an amount equal to, or above the Kwacha equivalent of USD 5,000.00 (whether denominated in Zambian Kwacha or a foreign currency in relation to an individual)

There is no reporting requirement for this threshold unless the financial institution fails to get any missing information from a reporting entity in which case a report must be made to the Centre.

Time and way to share the Information

No information.

Counterparty Due Diligence

No information.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) A financial service provider undertaking a wire transfer equal to, or above, a prescribed threshold shall—

(a) identify and verify the identity of the originator

(b) obtain and maintain information on the identity of the beneficiary

(c) obtain and maintain the account number of the originator and beneficiary, or in the absence of an account number, a unique reference number

(d) obtain and maintain the originator’s address or, in the absence of address, the national identity number, or date and place of birth, and

(e) include information from paragraphs (a) to (c) in the message or payment form accompanying the transfer

Despite the requirements of subsection (1), a financial service provider is not required to verify the identity of a customer with which that financial service provider has an existing business relationship and where the financial service provider is satisfied that it already knows and has verified the true identity of the customer.

2) A beneficiary financial service provider shall take reasonable measures specified in the Section "Procedure for inaccurate, incomplete information".

3) A money or value transfer service provider shall, in the case of a money or value transfer service provider that controls both the ordering and the beneficiary side of a wire transfer—

(a) take into account all the information from both the ordering and beneficiary sides in order to determine whether the wire transfer has to be reported, and

(b) submit a suspicious transaction report in any country affected by the suspicious wire transfer, and make relevant transaction information available to the Centre

4) Where a financial service provider under subsection (1) receives wire transfers that do not contain the complete originator information required under that subsection, that financial service provider shall take measures to obtain and verify the missing information from the ordering institution or the beneficiary.

5) A financial service provider shall, where it fails to obtain any missing information, refuse acceptance of the transfer and report the transfer to the Centre.

Scope of the PII

(a) Identity of the originator

(b) Identity of the beneficiary

(c) The account number of the originator and beneficiary, or in the absence of an account number, a unique reference number

Batch file transfer

Where several individual cross border wire transfers from a single originator are bundled in a batch file for transmission to beneficiaries, the batch file should contain required and accurate originator information, and full beneficiary information, that is fully traceable within the beneficiary country, and the financial service provider shall include the originator’s account number or unique transaction reference number.

The presence of differences in domestic and cross-border transfers

Where the information accompanying the domestic wire transfer can be made available to the beneficiary financial service provider and appropriate authorities by other means the —

(a) ordering financial service provider shall include the account number or a unique transaction reference number, except that this number or unique transaction reference number will permit the transaction to be traced back to the originator or the beneficiary

(b) ordering financial service provider shall make the information available within three business days of receiving the request either from the beneficiary financial service provider or from the Centre or supervisory authority, and

(c) law enforcement agencies shall compel immediate production of that information where required.

Where the required originator or beneficiary information accompanying a cross border wire transfer does not remain with a related domestic wire transfer, the intermediary financial service provider shall keep a record, for at least ten years, of all the information received from the ordering financial service provider or another intermediary financial service provider.

VA transfer in case unhosted wallets or person other than a VASP

No information.

Procedure for inaccurate, incomplete information

A beneficiary financial service provider shall take reasonable measures, including, where feasible, post event monitoring or real time monitoring to identify cross border wire transfers that lack required originator information or required beneficiary information.

A beneficiary financial service provider shall develop and implement risk based policies and procedures for determining—

(a) when to execute, reject, or suspend a wire transfer lacking required originator or required beneficiary information, and

(b) the appropriate follow up action

Record retention

Retention period is not less than ten (10) years.

Notes

Where a financial service provider acts as an intermediary in a chain of payments, it shall retransmit all of the information it received with the wire transfer and any other information that may be necessary to identify the originator and beneficiary.

An intermediary financial service provider shall develop and implement risk based policies and procedures for determining—

(a) when to execute, reject, or suspend a wire transfer lacking required originator or required beneficiary information, and

(b) the appropriate follow up action

Application of requirements

VASPs must comply with the requirements applicable to all CMOs under the MLPPA and the SEC Regulations, subject to the qualifications set forth in subsections (2) and (3) of the regulation 15.

De minimis threshold* (the amount 1) only above which the transfer of data is required; or 2) below which the transfer of a smaller set of data is required than above it)

$ 1,000

When a transaction is below the threshold, a smaller set of data is required.

Time and way to share the Information

Originating VASP must submit the information obtained and held to the beneficiary VASP or financial institution (if any) immediately and securely.

Counterparty Due Diligence

No information.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) Originating VASPs must:

(i) obtain and hold full originator information as specified in the Section "Scope of the PII" and verify that the originator information is accurate

(ii) obtain and hold full beneficiary information as specified in the Section "Scope of the PII" (iii) submit the information obtained and held under (i) and (ii) to the beneficiary VASP or financial institution (if any) immediately and securely, and

(iv) make the information obtained and held under (i) and (ii) available on request to appropriate authorities

2) Beneficiary VASPs must:

(i) obtain and hold full originator information as specified in the Section "Scope of the PII"

(ii) obtain and hold full beneficiary information as specified the Section "Scope of the PII" and verify that the beneficiary information is accurate, and

(iii) make the information obtained and held under (i) and (ii) available on request to competent authorities

3) The same obligations apply to non-VASP CMOs when sending or receiving virtual asset transfers on behalf of a customer.

Scope of the PII

A CMO shall ensure that all cross-border transfers always include full originator information and must verify that the originator information is accurate. Full originator information includes:

(a) the full name of the originator

(b) the originator’s wallet address, and

(c) physical address or national identity number or, where the originator is not a natural person, the incorporation number or business registration number

A CMO shall ensure that all cross-border transfers always include full beneficiary information. Full beneficiary information includes:

(a) name of the beneficiary, and

(b) the originator’s wallet address

Cross-border transfers below $ 1,000 are exempt from the requirements specified above. For all cross-border transfers below $1,000, a CMO shall:

(a) ensure that all such transfers include the name of the originator, the name of the beneficiary, and the wallet address for each, and

(b) verify the information pertaining to its customer if there is a suspicion of money laundering or terrorist financing

Batch file transfer

No information.

The presence of differences in domestic and cross-border transfers

All virtual asset transfers must be treated as cross-border transfers and subject to the requirements for cross-border wire transfers under regulation 12 of the SEC Regulations.

VA transfer in case unhosted wallets or person other than a VASP

No information.

Procedure for inaccurate, incomplete information

No information.

Record retention

A CMO shall maintain all originator and beneficiary information collected in accordance with regulation 21 of these regulations.

Notes

No additional information.