Country requirements

Status

In force.

Regulation

Resolución 49/2024

Enforcement/application date

March 26, 2024

Threshold

Resolution establishes that the Obligated subjects must comply with the identification of the originator and the beneficiary of the transactions covered by the travel rule, in the terms established by the International Standards of the FATF and in the modality that the FIU establishes for the exchange and validation of said information.

Information will be updated when FIU publishes clarifications.

VASP Due Diligence

Data to be shared

Domestic vs cross-border transfers

Self-hosted wallet verification

Status

In force.

Regulation

FMA Circular 04/2022

Regulation (EU) 2015/847

Enforcement/application date

February 23, 2022

Threshold

EUR 1,000

VASP Due Diligence

No requirement.

Data to be shared

Originator:

a) Full name;

b) Account number (or unique transaction identifier);

c) Address, official personal document number, customer identification number or date and place of birth.

Beneficiary:

d) Full name;

e) Payment account number (or unique transaction identifier).

Domestic vs cross-border transfers

There is a difference.

Domestic. The following data should be transferred: b) and e). However, within three working days of receiving a request for information from the payee's PSP or IPSP, the following data should be made available:

• More than EUR 1000: a), b), c), d), e);
• Les than EUR 1000: a), b), d), e).

Cross-border. The following data should be transferred:

• More than EUR 1000: a), b), c), d), e);
• Less than EUR 1000: a), b), d), e).

Self-hosted wallet verification

No requirement.

Application of requirements

According to the FMA Circular, the transfer of funds regulation (Regulation (EU) 2015/847) also applies to the transfer of virtual currencies.

Time and way to share the Information

The regulation does not express the time to share explicitly.

FMA specifies that during the registration, VASPs should provide a description of the internal control system and the planned strategies and procedures in order to meet the requirements set out in the and Regulation (EU) 2015/847 (“Transfer of Funds Regulation”) as well as the requirements in FATF Recommendation 16 (“travel rule”).

According to the Recommendation 16, information should be summitted immediately and in secure manner.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) The crypto-asset service provider of the originator shall ensure that transfers of crypto-assets are accompanied by the information on the originator and beneficiary specified in Section "Scope of the PII", taking into account rules for cross-border transfers and transfers within the Union.

2) Before transferring funds, the VASP of the payer (originator) shall verify the accuracy of the information about the originator on the basis of documents, data or information obtained from a reliable and independent source. Verification shall be deemed to have taken place where:

(a) a payer's identity has been verified in accordance with Article 13 of Directive (EU) 2015/849 and the information obtained pursuant to that verification has been stored in accordance with Article 40 of that Directive; or

(b) Article 14(5) of Directive (EU) 2015/849 applies to the payer. The VASP of the originator shall not execute any transfer of funds before ensuring full compliance with the Article 4 of the EU Regulation 2015/847.

3) The beneficiary’s crypto asset service provider must:

• Implement effective procedures, including, where appropriate, ex-post monitoring or real-time monitoring, in order to detect whether the information on the originator or the beneficiary is missing; (For more details please see Article 7 of the Regulation and the section Procedure for inaccurate, incomplete information)
• establish and implement effective risk-based procedures to assess whether to carry out, reject or suspend a transaction and what follow-up action to take; and
• report suspicious transactions to the competent supervisory authority on certain conditions.

4) In the case of transfers of crypto-assets exceeding EUR 1 000, whether those transfers are carried out in a single transaction or in several transactions which appear to be linked, before making the crypto-assets available to the beneficiary, the crypto-asset service provider of the beneficiary shall verify the accuracy of the information on the beneficiary on the basis of documents, data or information obtained from a reliable and independent source.

- In the case of transfers of crypto-assets not exceeding EUR 1 000 that do not appear to be linked to other transfers of crypto-asset which, together with the transfer in question, exceed EUR 1 000, the crypto-asset service provider of the beneficiary shall only verify the accuracy of the information on the beneficiary in the following cases:

(a) where the crypto-asset service provider of the beneficiary effects the pay-out of the crypto-assets in cash or anonymous electronic money;

(b) where the crypto-asset service provider of the beneficiary has reasonable grounds for suspecting money laundering or terrorist financing.

Verification shall also be deemed to have taken place in cases specified in paragraph 2 of this Section.

5) The procedures in relation to unhosted wallets are specified in section "VA transfer in case unhosted wallets or person other than a VASP".

Batch file transfer

In the case of a batch file transfer from a single originator where the VASPs of the beneficiary are established outside the Union, the requirement of the paragraph 1 from the Section "Scope of the PII" (Article 4(1)) shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information referred to in paragraphs (1), (2) and (3) of the Section "Scope of the PII" (Article 4), that that information has been verified in accordance with paragraph 2 of the Section "Actions required" (Article 4(4) and (5)), and that the individual transfers carry the payment account number of the payer (originator) or, where paragraph (3) of the Section "Scope of the PII" applies, the unique transaction identifier.

Procedure for inaccurate, incomplete information

The VASP of the beneficiary shall implement effective risk-based procedures, including procedures based on the risk-sensitive basis, for determining whether to execute or reject a transfer of crypto-assets lacking the required complete originator and beneficiary information and for taking the appropriate follow-up action.

Where the VASP of the beneficiary becomes aware, when receiving transfers of crypto-assets, that the information is missing or incomplete, the crypto-asset service provider shall reject the transfer or ask for the required information on the originator and the beneficiary before or after making the crypto-assets available to the beneficiary, on a risk-sensitive basis.

Where the VASP repeatedly fails to provide the required information on the payer or the payee, the payment service provider of the payee shall take steps, which may initially include the issuing of warnings and setting of deadlines, before either rejecting any future transfers of funds from that payment service provider, or restricting or terminating its business relationship with that payment service provider.

The VASP of the beneficiary shall report that failure, and the steps taken, to the competent authority responsible for monitoring compliance with anti-money laundering and counter terrorist financing provisions.

Record retention

Retention period — 10 years (according to AML Act).

Notes

Rules for intermediaries:

Intermediary VASPs shall ensure that all the information received on the payer (originator) and the payee (beneficiary) that accompanies a transfer of funds is retained with the transfer.

Detection of missing information on the payer (originator) or the payee (beneficiary)

1) The intermediary VASP shall implement effective procedures to detect whether the fields relating to the information on the payer (originator) and the payee (beneficiary) in the messaging or payment and settlement system used to effect the transfer of funds have been filled in using characters or inputs admissible in accordance with the conventions of that system.

2) The intermediary VASP shall implement effective procedures, including, where appropriate, ex-post monitoring or real-time monitoring, in order to detect whether the following information on the payer (originator) or the payee (beneficiary) is missing:

(a) for transfers of VA where the VASP of the payer (originator) and the payee (beneficiary) are established in the Union;

(b) for transfers of VA where the VASP of the payer (originator) and the payee (beneficiary) is established outside the Union;

(c) for batch file transfers where the VASP of the payer (originator) and the payee (beneficiary) is established outside the Union.

Transfers of VA with missing information on the payer(originator) and the payee (beneficiary)

1) The intermediary VASP shall establish effective risk-based procedures for determining whether to execute, reject or suspend a transfer of funds lacking the required payer (originator) and the payee (beneficiary) information and for taking the appropriate follow up action.

Where the intermediary VASP becomes aware, when receiving transfers of VA, that the information required is missing or has not been filled in using characters or inputs admissible in accordance with the conventions of the messaging or payment and settlement system it shall reject the transfer or ask for the required information on the payer (originator) and the payee (beneficiary) before or after the transmission of the transfer of VA, on a risk-sensitive basis.

2) Where a VASP repeatedly fails to provide the required information on the payer (originator) and the payee (beneficiary), the intermediary VASP shall take steps, which may initially include the issuing of warnings and setting of deadlines, before either rejecting any future transfers of funds from that payment service provider, or restricting or terminating its business relationship with that VASP. The intermediary VASP shall report that failure, and the steps taken, to the competent authority responsible for monitoring compliance with anti-money laundering and counter terrorist financing provisions.

The intermediary VASP shall take into account missing information on the payer (originator) and the payee (beneficiary) as a factor when assessing whether a transfer of funds, or any related transaction, is suspicious, and whether it is to be reported to the FIU in accordance with Directive (EU) 2015/849.

Status

In force.

Regulation

DARE Act 2020

Schedules 4 and 5 to the DARE Act

Financial Transactions and Reporting Act, 2018

Resolución 49/2024

Digital Assets and Registered Exchanges (Anti-money Laundering, Countering Financing of Terrorism and Countering Financing of Proliferation) Rules, 2022

Enforcement/application date

June 6, 2018

Threshold

BSD 1,000

VASP Due Diligence

No requirement.

Data to be shared

Originator:

a) Full name;

b) Account number (or a unique transaction identifier); and

c) Address or date and place of birth or the payer's national identity number or customer identification number.

Beneficiary:

d) Full name;

e) Account number (or a unique transaction identifier).

Domestic vs cross-border transfers

There is a difference.

Domestic. The following data needs to be transfered: b), but other data should be provided within 3 business days after request.

Cross-border. The following data should be transfered:

• More than BSD 1,000: a), b), c), d), e);
• Less than BSD 1,000: a), b), d), e).

Self-hosted wallet verification

No requirement.

Application of requirements

The Travel Rule obligation applies to virtual assets (digital assets) transfers in the Bahamas, as in the Fifth Schedule of DARE Act, a digital asset business is defined as a “financial institution” defined in the Financial Transactions Reporting Act, 2018 (FTRA).

This inclusion obliges such business to have the same full set of AML/KYC requirements of traditional financial institutions.

Thus, digital asset businesses must comply with the FTRA and the FTR (Wire Transfers) Regulations, 2018, which captures the Travel Rule’s provisions.

An appropriate confirmation response was received from the Bahamas Securities Commission.

Time and way to share the Information

No information.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

Obligations of Originating Financial Institutions

1) Subject to paragraph (2), an originating financial institution shall, before conducting a wire transfer/VA transfer, verify the payer's (originator's) identity in accordance with section 7(1) of the Act and the Financial Transactions Reporting Regulations.

2) Where the payer (originator) is a facility holder of the originating financial institution and the originating financial institution has already verified his identity in accordance with section 7(1) of the Act, the originating financial institution is not required to verify the payer's identity pursuant to paragraph (1).

3) Subject to regulations 4 and 5, originating financial institutions shall ensure that each wire transfer (VA transfer) of one thousand dollars or more is accompanied by the information specified in Section "Scope of the PII".

4) Exemption for batch file transfers. Please see Section "Batch file transfer".

5) Requirements for domestic wire transfers. Please see Section "The presence of differences in domestic and cross-border transfers".

6) Cross-border wire transfers below one thousand dollars. Please see Section "The presence of differences in domestic and cross-border transfers".

7) Retention of records. Please see Section "Records retention".

8) Refusal to execute wire transfers. Where an originating financial institution:

(a) is unable to comply with the requirements specified in paragraphs 1 through 7; or

(b) has any suspicion of money laundering or terrorism financing, the originating financial institution shall not execute the wire transfer (VA transfer).

Obligations of Beneficiary Financial Institutions

1) Detection of missing payer (originator) and payee (beneficiary) information. See Section "Procedure for inaccurate, incomplete information".

2) Duty to verify identity.

• 1) Subject to paragraph 2), a beneficiary financial institution shall, before paying out funds in cash or cash equivalent/VA to a payee (beneficiary) in The Bahamas with respect to a cross-border wire transfer (VA transfer) of one thousand dollars or more, verify the payee's identity as provided under section 7(1) of the Act and the Financial Transactions Reporting Regulations, 2018.
• 2) Where the payee (beneficiary) is a facility holder of the beneficiary financial institution and the beneficiary financial institution has already verified his identity in accordance with section 7(1) of the Act, the beneficiary financial institution is not required to verify the payee's (beneficiary's) identity pursuant to paragraph 1).

3) Duty to assess risks. See Section "Procedure for inaccurate, incomplete information".

Suspicious transaction reporting.

Every financial institution that controls both the originating and the beneficiary side of a wire transfer shall:

(a) take into account all the information from both the originating financial institution and the beneficiary financial institution in order to determine whether a suspicious transaction report has to be filed; and

(b) where applicable, file a suspicious transaction report in any country affected by the suspicious wire transfer and make relevant transaction information available to the appropriate authorities.

Batch file transfer

"Batch file transfer" means a transfer comprised of several individual wire transfers (VA transfers) that are sent by a payer to the same financial institution, irrespective of whether the individual transfers are intended ultimately for one or more payees (beneficiary).

Where a batch file transfer comprises individual wire transfers (VA transfers) of one thousand dollars or more from a single payer (originator) to payees (beneficiary) outside The Bahamas, the originating financial institution shall be exempted from the requirements of paragraph 3 of the Section "The main actions required" in respect of the inclusion of the payer's information with each individual transfer, provided that

(a) the batch file contains the information required under parahraph 3 specified in Section "The main actions required" on

(i) the payer;

(ii) the payees; and

(b) the individual wire transfers include the payer's account number or, if no account is used , a unique transaction identifier.

Procedure for inaccurate, incomplete information

Every beneficiary financial institution shall take reasonable measures, which may include post-event monitoring or real-time monitoring where feasible, to identify cross-border wire transfers that lack required payer (originator) and payee (beneficiary) information.

Duty to assess risks.

1) Every beneficiary financial institution shall adopt risk-based policies and procedures that enable them to determine:

(a) when to execute, reject, or suspend wire transfers (VA transfers) that are not accompanied by the complete payer (originator) and payee (beneficiary) information as required; and

(b) the appropriate follow-up action.

2) Where the originating financial institution repeatedly fails to provide the completepayer (originator) and payee (beneficiary) information as required, the beneficiary financial institution shall give the originating financial institution a reasonable opportunity to correct the failures, before it:

(a) rejects any future transfers of funds from the originating financial institution;

(b) restricts its business relationship with the originating financial institution; or

(c) terminates its business relationship with the originating financial institution.

3) Every beneficiary financial institution shall report any decision to reject future wire transfers (VA transfers) from, or to restrict or terminate its business relationship with, the originating financial institution to the beneficiary financial institution's Supervisory Authority.

4) Every beneficial financial institution shall consider missing or incomplete payer and payee information as a factor in assessing whether the wire transfer (VA transfer), or any related transaction , is suspicious, and whether it must be reported to the Financial Intelligence Unit in accordance with these Regulations and the Act.

Record retention

An originating financial institution shall keep for five years, a record of any information on the payer (originator) and the payee (beneficiary) obtained under paragraphs 1, 2 and 3 of the Section "The main actions required".

Notes

Obligations of intermediary financial institutions

Technical limitations.

(1) Intermediary financial institutions shall ensure that payer (originator) and payee (beneficiary) information received with a wire transfer (VA transfer) remains with the transfer unless technical limitations of the payment systems prevent this.

(2) Where technical limitations prevent the required payer (originator) and payee (beneficiary), or payer (originator) or payee (beneficiary), information accompanying a cross-border wire transfer (VA transfer) from remaining with a related domestic wire transfer (VA transfer), the intermediary financial institution shall keep a record, for at least five years, of all the payer (originator) and payee (beneficiary), or payer (originator) or payee (beneficiary), information received from the originating financial institution or another intermediary financial institution.

(3) Where an intermediary financial institution receives a wire transfer (VA transfer) that does not have complete payer (originator) and payee (beneficiary), or payer (originator) or payee (beneficiary), information as required under these Regulations, it shall use a payment system with technical limitations only if:

(a) it informs the beneficiary financial institution or the other intermediary financial institution that it does not have complete payer (originator) and payee (beneficiary), or payer (originator) or payee (beneficiary), information as required;

(b) it informs the beneficiary financial institution or the other intermediary financial institution that it intends to use a payment system with technical limitations; and

(c) it conveys the information in sub-paragraphs (a) and (b) using a form of communication accepted by, or agreed between, itself and the beneficiary financial institution or the other intermediary financial institution.

(4) Where the intermediary financial institution uses a payment system with technical limitations, it shall, upon request from the beneficiary financial institution or another intermediary financial institution, provide all the payer (originator) or payee (beneficiary) information it has received, whether complete or not, within three business days of receiving the request.

Detection of missing payer (originator) and payee (beneficiary) information.

Intermediary financial institutions shall take reasonable measures, which are consistent with straight-through processing, to identify cross-border wire transfers (VA transfer) that Jack the required payer (originator) and payee (beneficiary) information.

Duty to assess risks. Intermediary financial institutions shall adopt risk-based policies and procedures that enable them to determine:

(a) when to execute, reject or suspend wire transfers that are not accompanied by the complete payer (originator) and payee (beneficiary) information as required; and

(b) the appropriate follow-up action.

Status

In force.

Regulation

Transfers of Crypto-assets

AML-2A AML-2A: Money Transfers and Accepted Crypto-asset Transfers

Enforcement/application date

January 01, 2020 for crypto-asset licensees.

January, 2024 for investment firm licensees.

Threshold

No threshold.

VASP Due Diligence

No requirement.

Data to be shared

Originator:

(a) Full name;

(b) Account number;

(c) Address, or national identity number, or customer identification number, or date and place of birth;

Beneficiary:

(d) Full name; and

(e) Account number.

Domestic vs cross-border transfers

No difference.

All transfers of accepted crypto-assets as cross-border transfer should be considered as cross-border transfers rather than domestic transfer.

Self-hosted wallet verification

No requirement.

Status

In force.

Regulation

Sector-Specific Guidance Notes for Digital Asset Business (DAB)

Guidance Notes for AML/ATF Regulated Financial Institutions

Enforcement/application date

January 1, 2018

Threshold

USD 1,000

VASP Due Diligence

Required in relation to non-Bermudian counterparty.

Data to be shared

Originator:

- Natural Person:

a) Full name;

b) Address (or date and place of birth, customer identification number or national identity number);

c) Account number (or unique identifier).

- Legal Entity:

a) Full name;

b) Address;

c) Account number (or unique identifier).

Beneficiary:

d) Full name;

e) Account number (or unique identifier).

Domestic vs cross-border transfers

There is a difference.

Domestic. The following data needs to be transfered irrespective of the threshold: c), but other data should be provided within 3 business days after request.

Cross-border.

• If more than USD 1,000: a), b), c), d), e).

Self-hosted wallet verification

No requirement.

Application of requirements

Any Regulated Financial Institution (RFI), including an RFI conducting Digital Assets Business (DAB), that provides services for the transfer of digital assets, money transmission, or other transfer of funds, is a payment service provider (PSP) engaging in a wire transfer and is subject to the rules for wire transfers set forth in POCR Regulations 21 through 31A and Chapter 8: Wire Transfers.

Time and way to share the Information

The information should be immediately available.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) Regulated Financial Institutions (RFIs) conducting wire transfers must ensure that complete information on both the originator and beneficiary accompanies each cross- border transfer of funds over $1,000, and each cross-border transaction that is carried out in several operations that appear to be linked and together exceed $1,000.

2) Where the originator is an accountholder at the originating PSP, the originating PSP must ensure, before transferring funds, that the complete information on the originator conveyed in the payment is accurate and has been verified.

3) POCR Regulation 11 requires each RFI that is a Payment Service Provider (PSP) to apply appropriate enhanced due diligence measures to transfers of funds presenting higher risks of ML/TF (the criteria are specified in sections VIII.156-VIII.157 of the Notice).

4) Prior to transferring funds, a beneficiary PSP must ensure that the identity of the beneficiary is accurate and verified for any transfer of funds over $1,000 and for any transfer of funds that is carried out in several operations that appear to be linked and together exceed $1,000.

5) Where the originator is not an accountholder and the transfer is $1,000 or less, the originatibg PSP must obtain information establishing the originator’s identity and address. Where the address is substituted with a payer’s date and place of birth, customer identification number or national identity number, that customer information must be obtained. PSPs are not required to verify the information obtained for such transactions; nonetheless, it is advisable to do so in all cases. Where a transaction is carried out in several operations that appear to be linked and together exceed $1,000, the verification requirements described in paragraph 8.31 of the GN apply.

Where the beneficiary is not an accountholder and the transfer is $1,000 or less, the beneficiary PSP must obtain information establishing the originator's identity. PSPs are not required to verify the information obtained for such transactions; nonetheless, it is advisable to do so in all cases. Where a transaction is carried out in several operations that appear to be linked and together exceed $1,000, the verification requirements described in paragraph 8.51 of the GN apply.

6) Beneficiary PSPs must have effective policies, procedures and controls, including post- event monitoring or real-time monitoring where feasible, to detect whether incoming transfers of funds include all required information.

For more details, see Section 8 of the GN.

Batch file transfer

Where there is a batch file transfer from a single payer and the payee PSP is situated outside Bermuda, complete information will be considered to have been transferred, provided that:

a) The batch file transfer contains complete information on the payer and each of the payees for each individual transfer;

b) The individual transfers of funds carry the account number of the payer or a unique identifier where an account number is not available; and

c) The complete information provided on all payees is fully traceable within the beneficiary country.

Record retention

The originating PSP must keep records for five years of complete information on the originator and beneficiary that accompanies transfers of funds.

Notes

Intermediary PSPs must ensure that, for each cross-border transfer of funds, all information received on the originator and beneficiary is kept with the transfer. Intermediary PSPs should forward transfers through a messaging system capable of carrying all of the complete information. Where technical limitations associated with a messaging system prevent all information received on the payer and payee from accompanying the transfer, an intermediary PSP may nonetheless use the messaging system with technical limitations under certain conditions (see section 8.39 0f the GN)

Where an intermediary PSP becomes aware, when receiving a transfer of funds, that information on the payer or payee is incomplete or missing, the intermediary PSP must either:

a) Reject the transfer;

b) Request the complete information on the payer and payee; or

c) Make an internal SAR to the reporting officer.

Where a payer PSP or intermediary PSP regularly fails to supply complete information, the intermediary PSP must report that fact to the BMA and must take steps to attempt to ensure that the payer PSP or intermediary PSP provides complete information.

The intermediary PSP should maintain records of all information received from theoriginating PSP, beneficiary PSP and any other intermediary PSPs.

For more details, see Sections 8.37-8.48 of the GN.

Status

In force.

Regulation

Anti-Money Laundering and Terrorist Financing (Amendment) Code of Practice, 2022

FSC Guide

Enforcement/application date

December 1, 2022

Threshold

No threshold.

VASP Due Diligence

Required.

Data to be shared

Originator:

a) Full name;

b) Address;

c) Account number (or a unique identifier);

d) Date and place of birth; or the customer identification number or national identity number of the payer.

Beneficiary:

e) Full name;

f) Account number (or a unique identifier).

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Application of requirements

The rules apply to the transfer of virtual assets which is sent or received by a virtual asset service provider that is established in the Virgin Islands.

A virtual assets service provider shall comply with all the relevant requirements of the particular Part of law, in the countries in which it operates directly or through its agents.

Time and way to share the Information

Information accompanying a transfer of virtual assets shall be provided to the beneficiary virtual assets service provider or obliged entity:

(a) simultaneously with the transfer of virtual assets;

(b) either directly by attaching the information with the transfer, or providing the information indirectly; and

(c) in a secure manner that protects:

• the integrity and use of the information; and
• the information from unauthorized disclosure.

A beneficiary virtual assets service provider shall, upon request from the Agency or Commission, provide complete originating information and complete beneficiary information that accompanies a transfer of virtual assets, within 3 working days of receiving the request, excluding the date on which the request is made.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) An originating virtual asset service provider shall, in relation to every transfer

(a) obtain and maintain complete originator information and complete beneficiary information on each transfer of virtual assets; and

(b) submit complete originator information and complete beneficiary information to the beneficiary virtual assets service provider or obliged entity, with the transfer of virtual assets.

2) The originating virtual assets service provider shall, before transferring any virtual assets, verify the complete originator information on the basis of documents, data or information obtained from a reliable and independent source. In the case of a transfer from an account, the originating virtual assets service provider may deem verification of the complete originator information to have taken place if it has complied with the provisions of the Anti-money Laundering Regulations, Revised Edition 2020, and the Code relating to the verification of the identity of the originator in connection with the opening of that account.

3) A beneficiary virtual assets service provider shall

(a) on receipt of a transfer of virtual assets, obtain and maintain complete originating information and complete beneficiary information on each transfer of virtual assets received; and

(b) put effective procedures in place for the detection of incomplete or missing complete originator information or complete beneficiary information, including post-event monitoring or real-time monitoring, where feasible.

4) A beneficiary virtual assets service provider shall verify the accuracy of information on the beneficiary on the basis of documents, data or information obtained from a reliable and independent source.

5) Originating and beneficiary VASPs can deem verification of such information if:

• it is to or from an account maintained by the VASP and the VASP has verified the identity of the account holder; or
• it is not to or from an account maintained by the VASP, does not exceed US$ 1,000 in value, does not form part of several operations that appear to be linked and together exceed US $1,000, and the relevant VASP does not otherwise suspect money laundering, terrorist financing, proliferation financing, or other financial crime.

6) Where the same VASP holds or controls both the originator and beneficiary sides of a transfer of virtual assets, that VASP will need to consider the information from both sides of the transfer to determine if there are any AML concerns and a suspicious activity report should be filed in relation to the transfer in any country affected by a suspicious transfer of virtual assets.

7) Where a virtual assets service provider that holds or controls both the originator and the beneficiary side of a transfer of virtual assets, that virtual assets service provider shall

(a) consider the information from both the originator and beneficiary sides of the transfer of funds in order to determine whether a suspicious activity report should be filed; and

(b) file a suspicious activity report in any country affected by the suspicious transfer of virtual assets, and make relevant transaction information available to the Agency and the relevant competent authority of any country affected by the suspicious transfer.

Batch file transfer

"Batch file transfer of virtual assets” means several individual transfers of virtual assets which are bundled together for transmission.

Paragraph (1) from the Section "Actions required" does not apply in the case of a batch file virtual asset transfer from a single payer, if:

(a) the batch file contains complete originator information and complete beneficiary information that is fully traceable within the beneficiary’s country; and

(b) the individual virtual assets transfers bundled together in the batch file carry the account number of the payer or a unique identifier.

In the case of batch file virtual assets transfers, complete originator information and complete beneficiary information are required only in the batch file, and not in the individual virtual assets transfers bundled together in it.

Procedure for inaccurate, incomplete information

Where a beneficiary virtual assets service provider becomes aware that the complete originator information or complete beneficiary information is missing or incomplete when receiving a transfer of virtual assets, the virtual assets service provider shall have risk- based policies and procedures to determine whether to

(a) execute, reject or suspend the transfer; and

(b) undertake an appropriate follow-up action, which may include

• requesting the missing information on the originator;
• rejecting future transfers of funds from the originating virtual assets service provider;
• restricting or terminating its relationship with the originating virtual assets service provider;
• determining whether the transfer of virtual assets or any related transaction should be reported to the Agency as a suspicious transaction or activity; and
• taking any other reasonable measures to mitigate risks of money laundering, terrorist financing or proliferation financing involved.

Record retention

The originating virtual assets service provider shall keep records of complete originator information and complete beneficiary information that accompany the transfer of virtual assets, for a period of at least 5 years

(a) from the date of the transfer, in the case of a transfer not made from an account; and

(b) from the date that the business relationship ended, in the case of a transfer made from an account.

A beneficiary virtual assets service provider shall keep records of complete originating information and complete beneficiary information which accompanies each transfer of virtual assets, for at least 5 years

(a) from the date the transfer was completed, in the case of a transfer to a beneficiary that does not hold an account; and

(b) from the date that the business relationship ended, in the case of a transfer to a beneficiary that holds an account.

Notes

Intermediary virtual assets service provider. The rules applies where the intermediary virtual assets service provider is situated within the Virgin Islands.

An intermediary virtual assets service provider shall

(a) ensure that any information it receives on the originator and the beneficiary that accompanies a transfer of virtual assets is kept with that transfer; and

(b) put effective procedures in place for the detection of virtual assets transfers that lack complete originator information and complete beneficiary information, consistent with straight-through processing.

Where the intermediary virtual assets service provider becomes aware that the complete originator information or complete beneficiary information is missing or incomplete when receiving transfers of funds, the intermediary virtual assets service provider shall, relying on its risk-based policies and procedures, determine whether to

(a) execute, reject or suspend the transfer; and

(b) undertake an appropriate follow-up action which may include:

• requesting the missing information from the originating virtual assets service provider;
• rejecting future transfers of funds from the originating virtual assets service provider;
• restrict or terminate its relationship with the originating virtual assets service provider; and
• determining whether the transfer of virtual assets or any related transaction should be reported to the Agency as a suspicious transaction or activity.

An intermediary virtual assets service provider shall, upon request from the Agency or Commission, provide complete originating information and complete beneficiary information that accompanies a transfer of virtual assets, within 3 days working days of receiving the request, excluding the date on which the request is made.

An intermediary virtual assets service provider shall, for at least 5 years from the date of the transfer, keep records of complete originating information and complete beneficiary information which accompanies each transfer of virtual assets.

Status

In force.

Regulation

PCMLTFR

Fintrac Guidance 2021

Enforcement/application date

June 1, 2021

Threshold

CAD 1,000

VASP Due Diligence

No requirement.

Data to be shared

Originator:

a) Full name;

b) Address;

c) Account number or other reference number (if any) of the person or entity who requested the transfer (originator information).

Beneficiary:

d) Full name;

e) Address;

f) Account number or other reference number (if any) of the beneficiary.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Application of requirements

The obligation applies when VC transferring.

Time and way to share the Information

No explicit information.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) FEs, MSBs and FMSBs must include the travel rule information when they send VC transfers, and must take reasonable measures to ensure that this information is included when they receive VC transfers which require a VC record to be kept.

2) Develop and apply written risk-based policies and procedures as prescribed in the Section "Procedure for inaccurate, incomplete information".

Batch file transfer

No information.

Procedure for inaccurate, incomplete information

If the entity receives a VC transfer that should include the travel rule information but does not, it must take reasonable measures to obtain that information. These reasonable measures should be outlined in policies and procedures.

Each entity must also develop in writing and apply risk-based policies and procedures for determining what to do when, after taking reasonable measures, it was unable to obtain the travel rule information. Its policies and procedures must address under which circumstances it allow, suspend or reject the transaction, and outline any follow-up measures it will take.

Record retention

Retention period is at least 5 years.

Scope of the data should be retained is specified in Section 12 (r)(s) of the PCMLTFR.

Notes

No additional information.

Status

In force.

Regulation

Anti-Money Laundering Regulations (2023 Revisions)

CIMA Guidance Notes

Enforcement/application date

July 1, 2022

Threshold

No threshold.

VASP Due Diligence

No requirement.

Data to be shared

Originator:

a) Full name;

b) Account number (or unique transaction reference number); or

c) Address of the originator, the number of a Government- issued document evidencing the originator’s identity or the originator’s customer identification number or date and place of birth.

Beneficiary:

d) Full name;

e) Account number (or unique transaction reference number).

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Application of requirements

The rule applies to transfers of virtual assets. Transfer of virtual asset means any transaction carried out on behalf of an originator with a view to making the virtual asset available to a beneficiary.

Time and way to share the Information

An originating virtual asset service provider shall provide the information to the beneficiary virtual asset service provider or obliged entity simultaneously or concurrently with the transfer of virtual assets.

An originating virtual asset service provider may provide the information to the beneficiary virtual asset service provider or obliged entity directly by attaching the information to the transfer of virtual assets or providing the information indirectly.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) An originating virtual asset service provider shall, when conducting a transfer of virtual assets to a beneficiary, collect and record the information specified in Section "Scope of the PII".

2) An originating virtual asset service provider shall, before conducting the transfer of virtual assets, verify the information on the originator on the basis of documents, data or information that meet the requirements of regulation 20(1)

3) A beneficiary virtual asset service provider shall, on receipt of a transfer of virtual assets, collect and record the information specified in Section "Scope of the PII".

4) A beneficiary virtual asset service provider shall verify the accuracy of information on the beneficiary on the basis of documents, data or information that meets the requirements of regulation 20(1).

5) An originating virtual asset service provider shall not execute transfers of virtual assets where the originating virtual asset service provider is unable to collect and maintain information on the originator and beneficiary.

6) A beneficiary virtual asset service provider shall have effective systems in place to detect missing required information on both the originator and beneficiary.

7) A beneficiary virtual asset service provider shall adopt risk-based policies and procedures for determining —

(a) whether to execute, reject or suspend a transfer of virtual assets; and

(b) the resulting procedures to be applied, where the required originator or beneficiary information is incomplete.

8) The procedures in relation to unhosted wallets are specified in section "VA transfer in case unhosted wallets or person other than a VASP"

9) A competent authority may, by notice in writing, require an originating virtual asset service provider or a beneficiary virtual asset service provider to provide information in respect of a transfer of virtual assets. An originating virtual asset service provider or a beneficiary virtual asset service provider which receives a notice shall comply with that notice within the period and in the manner specified in the notice.

10) A virtual asset service provider shall comply with all of the relevant requirements under the Regulation in the countries in which they operate, either directly or through the agents of the virtual asset service provider.

11) A virtual asset service provider, that controls both the originating virtual asset service provider and the beneficiary virtual asset service provider, shall —

(a) consider the information from both the originating virtual asset service provider and the beneficiary virtual asset service provider to determine whether a suspicious activity report should be filed; and further to paragraph (a), file the suspicious activity report in the country from which the transfer of virtual assets originated or to which the transfer of virtual assets was destined and make relevant transaction information available to the Financial Reporting Authority and the relevant authorities in the country from which the transfer originated or to which it was destined.

Batch file transfer

Batch file transfer of virtual assets means several individual transfers of virtual assets which are bundled together for transmission.

For batch file transfers of virtual assets from a single originator, regulation 49C(1) (Section Scope of the PII) shall not apply to the individual transfers of virtual assets bundled together if:

(a) the batch file contains:

• the name of the originator;
• where an account is used to process the transfer of virtual assets by the originator, the account number of the originator;
• the address of the originator, the number of a Government-issued document evidencing the originator’s identity or the originator’s customer identification number or date and place of birth; and

(b) the individual transfers of virtual assets carry the account number of the originator or a unique identifier.

A batch file shall contain the name, account number or unique identifier of the beneficiary that is traceable in the beneficiary country.

Procedure for inaccurate, incomplete information

An originating virtual asset service provider shall not execute transfers of virtual assets where the originating virtual asset service provider is unable to collect and maintain information on the originator and beneficiary.

A beneficiary virtual asset service provider shall have effective systems in place to detect missing required information on both the originator and beneficiary.

Where a beneficiary virtual asset service provider detects, when receiving transfers of virtual assets, that information on the originator is missing or incomplete, the beneficiary virtual asset service provider shall either reject the transfer of virtual assets or request complete information on the originator.

A beneficiary virtual asset service provider shall adopt risk-based policies and procedures for determining:

(a) whether to execute, reject or suspend a transfer of virtual assets; and

(b) the resulting procedures to be applied, where the required originator or beneficiary information is incomplete.

Where an originating virtual asset service provider regularly fails to supply the required information on the originator, the beneficiary virtual asset service provider shall adopt reasonable measures to rectify noncompliance with these Regulations before:

(a) rejecting any future transfers of virtual assets from that originating virtual asset service provider;

(b) restricting its business relationship with that originating virtual asset service provider; or

(c) terminating its business relationship with that originating virtual asset service provider, and the beneficiary virtual asset service provider shall report to the Financial Reporting Authority and to the relevant Supervisory Authority any such decision to restrict or terminate its business relationship with that originating virtual asset service provider.

A beneficiary virtual asset service provider shall consider incomplete information about the originator as a factor in assessing whether a transfer of virtual assets, or any related transaction, is suspicious and where it is determined that the transaction is suspicious, the suspicious transaction shall be reported to the Financial Reporting Authority in accordance with the Law.

Record retention

An originating virtual asset service provider shall, for at least five years, keep records of complete information on the originator and beneficiary which accompanies each transfer of virtual assets.

A beneficiary virtual asset service provider shall, for at least five years, keep records of complete information on the originator and beneficiary which accompanies each transfer of virtual assets.

Notes

An intermediary virtual asset service provider which participates in a transfer of virtual assets shall ensure that all information received on the originator and the beneficiary that accompanies a transfer of virtual assets is kept with the transfer of virtual assets.

An intermediary virtual asset service provider shall:

(a) take reasonable measures, which are consistent with straight- through processing, to identify transfers of virtual assets that lack required originator or beneficiary information; and

(b) adopt risk-based policies and procedures for determining:

• when to execute, reject or suspend a transfer of virtual assets; and
• the resulting procedures to be applied, where the required originator or beneficiary information is incomplete.

Where technical limitations prevent an intermediary virtual asset service provider from sending the required originator or beneficiary information with the transfer of virtual assets, the intermediary virtual asset service provider shall keep a record of all the information received from the originating virtual asset service provider, obliged entity or other intermediary, for at least five years.

An intermediary virtual asset service provider shall have risk-based policies and procedures for determining:

(a) when to execute, reject, or suspend a transfer of virtual assets lacking required originator or required beneficiary information; and

(b) the appropriate follow-up action.

Status

In force.

Regulation

Resolucion 89/2022

Resolucion 76/2023

Enforcement/application date

January 1, 2023

Threshold

USD 1,000 or its equivalent in local currency.

VASP Due Diligence

No requirement.

Data to be shared

If more than USD 1,000:

- Originator:

a) Full name;

b) Account number;

c) Physical or geographical address of the originator, or the national identity number, or the customer identification number that uniquely identifies the originator of the ordering institution, or the date and place of birth.

- Beneficiary:

d) Full name;

e) Account number.

If less than USD 1,000: a), b), d), e).

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Application of requirements

No information.

Time and way to share the Information

The information should be transferred immediately and securely.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

For authorization as a provider of virtual assets services, the applicant accompanies the letter of request addressed to the Central Bank of Cuba, the following documents:

<...>

Procedures relating to the system for preventing and combating money-laundering, the financing of terrorism and the proliferation of weapons of mass destruction, including, inter alia, the obligation to:

a) apply due diligence and obtain, retain and transmit information about the originator and the beneficiary immediately and securely when making transfers of virtual assets, where it is reasonably suspected by the characteristics of the participants or the circumstances of the transaction in question;

b) obtain, retain and transmit information from the originator and beneficiary, immediately and securely, of transfers of virtual assets exceeding the threshold of one thousand US dollars or its equivalent in freely convertible currency or Cuban pesos; and

c) issue suspicious transaction reports and supplementary information requested by the General Directorate of Financial Operations of the Central Bank of Cuba.

Batch file transfer

No information.

Procedure for inaccurate, incomplete information

No information.

Record retention

No information.

Notes

No additional information.

Status

In force.

Regulation

CySEC Policy Statement on the registration and operations of crypto-asset services providers

Enforcement/application date

2021

Threshold

EUR 1,000

VASP Due Diligence

No requirement.

Data to be shared

Originator:

a) Full name;

b) Account number (or a unique transaction identifier);

One of the following:

c) Physical address; or

d) National identity number; or

e) Customer identification number; or

f) Date and place of birth.

Beneficiary:

g) Full name;

h) Account number (or a unique transaction identifier).

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Application of requirements

The requirement applies for material crypto-asset transfers between CASPs.

Time and way to share the Information

The obliged entity (CASP) must immediately and by secure means obtain the information and submit it to the relevant counterparty CASP.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

Originator Obligations:

1) Where an obliged entity (including CASP) sends a material crypto-asset transfer to a CASP, the relevant obliged entity must immediately and by secure means obtain the information specified in section "Scope of the PII" and submit it to the counterparty CASP.

2) An obliged entity must follow the above irrespective of whether the obliged entity in question and the payer are the same person.

Beneficiary Obligations:

1) Where an obliged entity receives a crypto-asset transfer from a CASP, the obliged entity must ensure that:

(i) it has received the information specified in Section "Scope of the PII", and

(ii) the information is consistent with its own records in respect of the payee’s name and, where applicable, the payee’s account number

2) Obliged entity must perform actions specified in sections "VA transfer in case unhosted wallets or person other than a VASP" and "Procedure for inaccurate, incomplete information".

The actions specified above shall apply to an obliged entity irrespective of whether the said obliged entity and the payee are the same person.

Batch file transfer

No information.

Procedure for inaccurate, incomplete information

Before an obliged entity executes a material crypto-asset transfer received from any person, it must ensure that it has effective risk-based policies and procedures in place for the purposes of:

(i) determining whether any of the information as the case may be, is missing, is incomplete or, where applicable, is inconsistent with the obliged entity’s own records, and

(ii) where a default is identified pursuant to point (i) directly above:

a) determining whether to execute, reject or suspend the material crypto-asset transfer, and

b) determining the appropriate follow-up action.

Record retention

The information obtained by obliged entities as per this section shall be deemed as part of their customer due diligence process and relevant records must be kept in accordance with the AML/CFT Law and the AML/CFT Directive.

An obliged entity maintains the documents and information, for a period of five (5) years after the end of the business relationship with the customer or after the date of an occasional transaction.

Notes

No additional information.

Status

In force.

Regulation

Normas Técnicas para Facilitar la Participación de las Entidades Financieras en el Ecosistema Bitcoin (Technical Rules)

Enforcement/application date

September 7, 2021

Threshold

USD 1,000 or its equivalent in Bitcoin

VASP Due Diligence

No requirement.

Data to be shared

Originator:

a) Full name;

b) Account number;

c) Address (when available);

d) Identification of the financial institution;

e) Negotiated amount;

f) Execution date.

Beneficiary:

g) Full name;

h) Address (when available);

i) Identification of the financial institution;

j) Account number;

k) Any other identifying information of the recipient (When available).

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Application of requirements

The subjects obliged to comply with the provisions established in the Technical Rules are Banks, Cooperative Banks and Savings and Credit Societies, Electronic Money Providers.

These Rules are intended to regulate subjects that offer bitcoin-based services to their customers, whether natural or legal persons, and these services may be offered directly or through a Bitcoin Service Provider.

Subjects may engage in the provision of bitcoin-based custodial or non-custodial wallet services, exchange services, payment processing, among other services, as well as offer the full suite of their banking services to a Bitcoin Service Provider.

The Rules do not apply to Bitcoin Service Providers that register in accordance with the provisions of Executive Decree No. 27 dated August 27, 2021, unless they are considered entities according to the Rules.

Time and way to share the Information

See The main actions required section below.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

For any transfer of funds that is greater than or equal to one thousand dollars or its equivalent in Bitcoin, measured at the time of the transaction, for which an entity is involved in the payment flow, said entity must obtain the information specified in section "Scope of the PII".

Entities must establish policies and procedures based on best practices, including FATF recommendations and the Law Against Money and Asset Laundering.

Batch file transfer

See The main actions required section above.

Procedure for inaccurate, incomplete information

See The main actions required section above.

Record retention

Entities must keep the records related to their bitcoin-based services for a period of fifteen years from the date of completion of the transaction.

Notes

No additional information.

Status

In force.

Regulation

Money Laundering and Terrorist Financing Prevention Act

Enforcement/application date

March 15, 2022

Threshold

No threshold.

VASP Due Diligence

No requirement.

Data to be shared

Originator:

Natural person:

a) The person’s name;

b) Unique identifier of the transaction;

c) Identifier of the payment account or virtual currency wallet;

d) The title and number of the identity document and personal identification code or date and place of birth;

e) Residential address.

Legal person:

f) The person’s name;

g) Unique identifier of the transaction;

h) Identifier of the payment account or virtual currency wallet,

i) The person’s registry code or, where it does not have one, the relevant identifier in the country of its seat (a combination of numbers or letters equivalent to a registration number);

j) The address of the seat.

Beneficiary:

k) Transaction’s unique identifier;

l) Where the particulars of the identifier of a payment account or virtual currency wallet are used to perform the transaction, also those particulars.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Application of requirements

The requirement applies in case of performing a transaction of exchange or transfer of virtual currency.

Time and way to share the Information

The transaction initiator’s VASP transmits the particulars without delay and securely to the recipient’s VASP.

Transmission of the particulars may be arranged together with transmission of the set of payment instructions to the recipient’s virtual currency service provider or to the recipient’s credit or financial institution.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) Initiator’s VASP ascertains the identity of each customer, and, with respect to the initiator, collects at least the particulars from the Section "Scope of the PII". A provider of virtual currency service also collects, with respect to the virtual currency or to the recipient of the transfer, the particulars specified in Section "Scope of the PII".

2) The transaction initiator’s virtual currency service provider transmits the particulars mentioned in Section "Scope of the PII" of to the recipient’s virtual currency service provider in the way prescribed in particular Section.

3) A provider of virtual currency service must, in accordance with internal procedures established following risk analysis, lay down rules that regulate when virtual currency amounts are to be transferred back to transaction initiator and when they are not to be made available to the transaction recipient.

4) When applying actions from the Section "Scope of the PII" a provider of virtual currency service must, when it recognizes the presence of increased risk and considers whether to notify the FIU of a suspicious transaction following the rules, take into account the completeness and sufficiency of the particulars concerning the transaction initiator and the recipient.

Batch file transfer

No information.

Procedure for inaccurate, incomplete information

A provider of virtual currency service must, in accordance with internal procedures established following risk analysis, lay down rules that regulate when virtual currency amounts are to be transferred back to transaction initiator and when they are not to be made available to the transaction recipient.

Record retention

A provider of virtual currency service must preserve any documents, copies of documents and particulars related to fulfilment of the Travel rule obligations for five years following termination of the business relationship with the customer.

Notes

*If a person has several first and/or last names, all first and/or last names must be reflected in the data recorded for the transaction. If a person has multiple citizenships, data on all citizenships must be collected.

For more information, refer to this link (Seletuskiri).

Status

In force.

Regulation

European Parliament legislative resolution of 20 April 2023 on the proposal for a regulation of the European Parliament and of the Council on information accompanying transfers of funds and certain crypto-assets (recast)

Enforcement/application date

June 9, 2023, but it shall apply from December 30, 2024

Threshold

No threshold.

VASP Due Diligence

Required on VASPs established in third countries.

Data to be shared

Originator:

a) Full name;

b) Distributed ledger address (or Account number) (or unique transaction identifier);

c) Address, including the name of the country, official personal document number and customer identification number, (or Date and place of birth);

d) Subject to the existence of the necessary field in the relevant message format, and where provided by the originator to its crypto-asset service provider, the current LEI or, in its

Beneficiary:

e) Full name;

f) Distributed ledger address (or Account number) (or unique transaction identifier);

g) Subject to the existence of the necessary field in the relevant message format, and where provided by the originator to its crypto-asset service provider, the current LEI or, in its absence, any other available equivalent official identifier of the originator.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

Required for transactions exceeding EUR 1,000.

Application of requirements

The Regulation apply to transfers of crypto-assets, including transfers of crypto-assets executed by means of crypto-ATMs, where the crypto-asset service provider, or the intermediary crypto-asset service provider, of either the originator or the beneficiary has its registered office in the Union.

The Regulation is not applied to a transfer of crypto-assets if any of the following conditions is met:

(a) both the originator and the beneficiary are crypto-asset service providers acting on their own behalf;

(b) the transfer constitutes a person-to-person transfer of crypto-assets carried out without the involvement of a crypto-asset service provider.

Crypto-assets that are unique and not fungible are not subject to the requirements of this Regulation unless they are classified as crypto-assets or funds under Regulation (EU) 2023/1114.

Persons that provide only ancillary infrastructure, such as internet network and infrastructure service providers, cloud service providers or software developers, that enables another entity to provide transfer services for crypto-assets, should not fall within the scope of the Regulation unless they perform transfers of crypto-assets.

Time and way to share the Information

The information referred to in paragraphs 1 and 2 of the Section "Scope of the PII" shall be submitted in advance of, or simultaneously or concurrently with, the transfer of crypto-assets and in a secure manner and in accordance with Regulation (EU) 2016/679 (GDPR).

The information referred to in paragraphs 1 and 2 shall not be required to be attached directly to, or be included in, the transfer of crypto-assets.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) The crypto-asset service provider of the originator shall ensure that transfers of crypto-assets are accompanied by the information on the originator and beneficiary specified in section "Scope of PII".

2) Before transferring crypto-assets, the crypto-asset service provider of the originator shall verify the accuracy of the information about originator on the basis of documents, data or information obtained from a reliable and independent source. Verification shall be deemed to have taken place where one of the following applies:

(a) the identity of the originator has been verified in accordance with Article 13 of Directive (EU) 2015/849 and the information obtained pursuant to that verification has been retained in accordance with Article 40 of that Directive; or

(b) Article 14(5) of Directive (EU) 2015/849 applies to the originator.

3) The crypto-asset service provider of the originator shall not allow for the initiation, or execute any transfer, of crypto-assets before ensuring full compliance with the requirements established in Article 14 of the Regulation.

4) The crypto-asset service provider of the beneficiary shall implement effective procedures, including, where appropriate, monitoring after or during the transfers, in order to detect whether the information on the originator and the beneficiary is included in, or follows, the transfer or batch file transfer of crypto-assets.

5) For procedures in relation to self-hosted address please see section "VA transfer in case unhosted wallets or person other than a VASP"

6) Before making the crypto-assets available to the beneficiary, the crypto-asset service provider of the beneficiary shall verify the accuracy of the information on the beneficiary referred to in paragraph 2 in the Section "Scope of the PII", on the basis of documents, data or information obtained from a reliable and independent source.Verification shall be deemed to have taken place where one of the following applies:

(a) the identity of the beneficiary has been verified in accordance with Article 13 of Directive (EU) 2015/849 and the information obtained pursuant to that verification has been retained in accordance with Article 40 of that Directive; or

(b) Article 14(5) of Directive (EU) 2015/849 applies to the beneficiary.

7) The crypto-asset service provider of the beneficiary shall implement effective risk-based procedures, including procedures based on the risk-sensitive basis, for determining whether to execute or reject a transfer of crypto-assets lacking the required complete originator and beneficiary information and for taking the appropriate follow-up action. The detaild information is specified in Section Procedure for inaccurate, incomplete information.

8) The crypto-asset service provider of the beneficiary shall take into account missing or incomplete information on the originator or the beneficiary when assessing whether a transfer of crypto-assets, or any related transaction, is suspicious and whether it is to be reported to the FIU in accordance with Directive (EU) 2015/849.

9) Crypto-asset service providers shall have in place internal policies, procedures and controls to ensure the implementation of Union and national restrictive measures when performing transfers of funds and crypto-assets under the Regulation. The European Banking Authority (EBA) shall issue particular guidelines [18 months after the date of entry into force of this Regulation] specifying the measures.

10) Personal data shall be processed by crypto-asset service providers on the basis of the Regulation only for the purposes of the prevention of money laundering and terrorist financing and shall not be further processed in a way that is incompatible with those purposes. The processing of personal data on the basis of the Regulation for commercial purposes shall be prohibited. Crypto-asset service providers shall provide new clients with the information required pursuant to Article 13 of Regulation (EU) 2016/679 before establishing a business relationship or carrying out an occasional transaction. That information shall, be provided in a concise, transparent, intelligible and easily accessible form in accordance with Article 12 of Regulation (EU) 2016/679 and shall in particular, include a general notice concerning the legal obligations of payment service providers and crypto-asset service providers under this Regulation when processing personal data for the purposes of the prevention of money laundering and terrorist financing. Crypto-asset service providers shall ensure at all times that the transmission of any personal data on the parties involved in a transfer of funds or a transfer of crypto-assets is conducted in accordance with Regulation (EU) 2016/679.

Batch file transfer

In the case of a batch file transfer of crypto-assets from a single originator, Article 14(1) (paragraph 1 in the Section "main actions requred") shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information referred to in Article 14(1), (2) and (3) (paragraphs 1,2,3 in the Section "Scope of the PII"), that that information has been verified in accordance with Article 14(6) and (7) (paragraph 2 in the Section "main actions requred"), and that the individual transfers carry the distributed ledger address of the originator, where Article 14(2), point (b), applies, the crypto-asset account number of the originator, where Article 14(2), point (c), applies, or the unique transaction identifier, where Article 14(3) applies.

Procedure for inaccurate, incomplete information

The crypto-asset service provider of the beneficiary shall implement effective risk- based procedures, including procedures based on the risk-sensitive basis referred to in Article 13 of Directive (EU) 2015/849, for determining whether to execute, reject, return or suspend a transfer of crypto-assets lacking the required complete information on the originator and the beneficiary and for taking the appropriate follow-up action.

Where the crypto-asset service provider of the beneficiary becomes aware that the information about originator or beneficiary is missing or incomplete, that crypto-asset service provider shall, on a risk-sensitive basis and without undue delay:

(a) reject the transfer or return the transferred crypto-assets to the originator’s crypto-asset account; or

(b) request the required information on the originator and the beneficiary before making the crypto-assets available to the beneficiary.

Where a crypto-asset service provider repeatedly fails to provide the required information on the originator or the beneficiary, the crypto-asset service provider of the beneficiary shall:

(a) take steps, which may initially include the issuing of warnings and setting of deadlines, before proceeding to a rejection, restriction or termination in accordance with point (b) if the required information is still not provided ; or

(b) directly reject any future transfers of crypto-assets to or from, or restrict or terminate its business relationship with, that crypto-asset service provider. The crypto-asset service provider of the beneficiary shall report that failure, and the steps taken, to the competent authority responsible for monitoring compliance with anti-money laundering and counter-terrorist financing provisions.

Record retention

Information on the originator and beneficiary shall not be retained for longer than strictly necessary. Crypto-asset service providers of the originator and beneficiary shall retain records of the information on originator and beneficiary, for a period of five years.

Upon expiry of the retention period, crypto-asset service providers shall ensure that the personal data is deleted, unless otherwise provided for by national law which determines under which circumstances crypto-asset service providers may or shall further retain such data.

That further retention period shall not exceed five years.

Notes

‘Transfer of crypto-assets’ means any transaction with the aim of moving crypto- assets from one distributed ledger address, crypto-asset account or other device allowing the storage of crypto-assets to another, carried out by at least one crypto-asset service provider acting on behalf of either an originator or a beneficiary, irrespective of whether the originator and the beneficiary are the same person and irrespective of whether the crypto-asset service provider of the originator and that of the beneficiary are one and the same.

Obligations on intermediary crypto-asset service providers

Intermediary crypto-asset service providers shall ensure that all the information received on the originator and the beneficiary that accompanies a transfer of crypto-assets is transmitted with the transfer and that records of such information are retained and made available on request to the competent authorities.

The intermediary crypto-asset service provider shall implement effective procedures, including, where appropriate, monitoring after or during the transfers, in order to detect whether the information on the originator or the beneficiary has been submitted previously, simultaneously or concurrently with the transfer or batch file transfer of crypto- assets, including where the transfer is made to or from a self-hosted address.

The intermediary crypto-asset service provider shall establish effective risk-based procedures, including procedures based on the risk-sensitive basis referred to in Article 13 of Directive (EU) 2015/849, for determining whether to execute, reject, return or suspend a transfer of crypto-assets lacking the required information on the originator and the beneficiary and for taking the appropriate follow up action.

Where the intermediary crypto-asset service provider becomes aware, when receiving transfers of crypto-assets, that the information on the originator or beneficiary is missing or incomplete, that intermediary crypto-asset service provider shall, on a risk-sensitive basis and without undue delay: (a) reject the transfer or return the transferred crypto-assets; or

(b) request the required information on the originator and the beneficiary before making the transmission of the transfer of crypto-assets.

Where the crypto-asset service provider repeatedly fails to provide the required information on the originator or the beneficiary, the intermediary crypto-asset service provider shall:

(a) take steps, which may initially include the issuing of warnings and setting of deadlines, before proceeding to a rejection, restriction or termination in accordance with point (b) if the required information is still not provided; or

(b) directly reject any future transfers of crypto-assets to or from, or restrict or terminate its business relationship with, that crypto-asset service provider. The intermediary crypto-asset service provider shall report that failure, and the steps taken, to the competent authority responsible for monitoring compliance with anti-money laundering and counter-terrorist financing provisions.

The intermediary crypto-asset service provider shall take into account missing information on the originator or the beneficiary as a factor when assessing whether a transfer of crypto- assets, or any related transaction, is suspicious, and whether it is to be reported to the FIU in accordance with Directive (EU) 2015/849.

Status

Not in force.

Regulation

Law of Georgia on facilitating the prevention of money laundering and the financing of terrorism

Order №253/04 of the President of the National Bank of Georgia (ფულადი სახსრების გადარიცხვის და ვირტუალური აქტივის გადაცემის თანმხლები ინფორმაციის შესახებ დებულების დამტკიცების თაობაზე საქართველოს ეროვნული ბანკის პრეზიდენტის 2018 წლის 30 ნოემბრის №253/04 ბრძანება)

Enforcement/application date

December 31, 2027

Threshold

EUR 1,000, USD 1,000, or GEL 3,000

VASP Due Diligence

No requirement.

Data to be shared

Originator:

a) The name of the originator (in the case of an individual — first and last name);

b) The distributed ledger address of the originator, if the transfer of the virtual asset is recorded on a network that uses distributed ledger technology (DLT) or similar technology, and the originator's virtual asset account number, if such an account exists and is used for processing the transfer;

c) The originator's virtual asset account number, if the transfer of the virtual asset is not recorded on a network that uses distributed ledger technology (DLT) or similar technology;

d) The address of the originator, including the name of the country, or the originator's identity document/passport number or personal identification number, or the originator's date and place of birth;

e) The official identification data of the legal entity of the originator (possibly including the LEI), if the relevant field is presented in the transfer message format and provided by the originator to the VASP.

Beneficiary:

a) The name of the beneficiary (in the case of an individual — first and last name);

b) The distributed ledger address of the beneficiary, if the transfer of the virtual asset is recorded on a network that uses distributed ledger technology (DLT) or similar technology, and the beneficiary's virtual asset account number, if such an account exists and is used for processing the transfer;

c) The beneficiary's virtual asset account number, if the transfer of the virtual asset is not recorded on a network that uses distributed ledger technology (DLT) or similar technology;

d) The official identification data of the legal entity of the beneficiary (possibly including the LEI), if the relevant field is presented in the transfer message format and provided by the beneficiary to the VASP.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

Required if the value of the virtual asset transferred to a self-hosted address exceeds EUR 1,000, USD 1,000, GEL 3,000, or the equivalent in other foreign currencies.

Application of requirements

The transfer of a convertible virtual asset is an operation performed by the initiator or with his order/consent to ensure the availability of a convertible virtual asset to the recipient by digital means. When transferring a convertible virtual asset, the initiator and recipient may be the same person, or the initiator and the recipient of the convertible virtual asset may be served by one virtual asset service provider.

Time and way to share the Information

Information will be provided as soon as the relevant regulatory authority instructions are published.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

The virtual asset service provider is obliged to ensure that the transfer and/or receipt of the convertible virtual asset is accompanied by the accompanying information determined by the regulatory body.

The provider of the recipient of the convertible virtual asset must study whether there is a basis for submitting the report provided for in the first paragraph of Article 25 of this law, if the transfer of the convertible virtual asset does not fully contain the identification data of the initiator/recipient of the transfer of the convertible virtual asset in accordance with the rules determined by the supervisory authority.

Batch file transfer

Information will be provided as soon as the relevant regulatory authority instructions are published.

Procedure for inaccurate, incomplete information

Information will be provided as soon as the relevant regulatory authority instructions are published.

Record retention

Information will be provided as soon as the relevant regulatory authority instructions are published.

Notes

No additional information.

Status

In force.

Regulation

Ordinance on enhanced due diligence when transferring crypto assets (crypto asset transfer ordinance - KryptoWTransferV) (2023)

Banking Act

Enforcement/application date

October 1, 2021

Threshold

EUR 1,000

VASP Due Diligence

No requirement.

Data to be shared

Originator:

a) Full name;

b) Account number (or unique transaction identifier);

c) Address, official personal document number, customer identification number or date and place of birth.

Beneficiary:

d) Full name;

e) Payment account number (or unique transaction identifier).

Domestic vs cross-border transfers

There is a difference.

Domestic. The following data needs to be transfered: b), e) but other data should be provided within 3 business days after request.

Cross-border. The following data should be stransfered:

• If more than EUR 1,000: a), b), c), d), e);
• If less than EUR 1, 000: a), b), d), e).

Self-hosted wallet verification

No requirement.

Application of requirements

The requirement applies in the case of transfers crypto assets.

Transfer: a transfer of crypto assets or private cryptographic keys within the scope of conducting banking transactions within the meaning of Section 1 (1) sentence 2 of the Banking Act, the provision of financial services within the meaning of Section 1 (1a) sentence 2 of the Banking Act or investment services within the meaning of Section 2 (2) to (4) of the Securities Institutes Act, which is initiated on behalf of a client with the aim of making crypto assets available to a beneficiary, regardless of whether the client and beneficiary are identical and whether the crypto asset service provider of the client and the beneficiary is identical.

Time and way to share the Information

The regulation does not express the time to share explicitly.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) The crypto-asset service provider of the originator shall ensure that transfers of crypto-assets are accompanied by the information on the originator and beneficiary specified in Section "Scope of the PII", taking into account rules for cross-border transfers.

2) Before transferring funds, the CASP of the payer (originator) shall verify the accuracy of the information about the originator on the basis of documents, data or information obtained from a reliable and independent source. Verification shall be deemed to have taken place where:

(a) a payer's identity has been verified in accordance with Article 13 of Directive (EU) 2015/849 and the information obtained pursuant to that verification has been stored in accordance with Article 40 of that Directive; or

(b) Article 14(5) of Directive (EU) 2015/849 applies to the payer. The CASP of the originator shall not execute any transfer of funds before ensuring full compliance with the Article 4 of the EU Regulation 2015/847.

3) The beneficiary’s crypto asset service provider must:

• Implement effective procedures, including, where appropriate, ex-post monitoring or real-time monitoring, in order to detect whether the information on the originator or the beneficiary is missing; (For more details please see Article 7 of the Regulation and the section Procedure for inaccurate, incomplete information)
• establish and implement effective risk-based procedures to assess whether to carry out, reject or suspend a transaction and what follow-up action to take; and
• report suspicious transactions to the competent supervisory authority on certain conditions.

4) In the case of transfers of crypto-assets exceeding EUR 1 000, whether those transfers are carried out in a single transaction or in several transactions which appear to be linked, before making the crypto-assets available to the beneficiary, the crypto-asset service provider of the beneficiary shall verify the accuracy of the information on the beneficiary on the basis of documents, data or information obtained from a reliable and independent source.

- In the case of transfers of crypto-assets not exceeding EUR 1 000 that do not appear to be linked to other transfers of crypto-asset which, together with the transfer in question, exceed EUR 1 000, the crypto-asset service provider of the beneficiary shall only verify the accuracy of the information on the beneficiary in the following cases:

(a) where the crypto-asset service provider of the beneficiary effects the pay-out of the crypto-assets in cash or anonymous electronic money;

(b) where the crypto-asset service provider of the beneficiary has reasonable grounds for suspecting money laundering or terrorist financing. Verification shall also be deemed to have taken place in cases specified in paragraph 2 of this Section.

5) The procedures in relation to unhosted wallets are specified in section "VA transfer in case unhosted wallets or person other than a VASP"

Batch file transfer

1. In the case of a batch file transfer from a single originator where the CASPs of the beneficiary are established outside the Union, the requirement of the paragraph 1 from the Section "Scope of the PII" (Article 4(1)) shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information referred to in paragraphs (1), (2) and (3) of the Section "Scope of the PII" (Article 4), that that information has been verified in accordance with paragraph 2 of the Section "Actions required" (Article 4(4) and (5)), and that the individual transfers carry the payment account number of the payer (originator) or, where paragraph (3) of the Section "Scope of the PII" applies, the unique transaction identifier.

Procedure for inaccurate, incomplete information

The crypto-asset service provider of the beneficiary shall implement effective risk-based procedures, including procedures based on the risk-sensitive basis, for determining whether to execute or reject a transfer of crypto-assets lacking the required complete originator and beneficiary information and for taking the appropriate follow-up action.

Where the crypto-asset service provider of the beneficiary becomes aware, when receiving transfers of crypto-assets, that the information is missing or incomplete, the crypto-asset service provider shall reject the transfer or ask for the required information on the originator and the beneficiary before or after making the crypto-assets available to the beneficiary, on a risk-sensitive basis.

Where the crypto-asset service provider repeatedly fails to provide the required information on the payer or the payee, the payment service provider of the payee shall take steps, which may initially include the issuing of warnings and setting of deadlines, before either rejecting any future transfers of funds from that payment service provider, or restricting or terminating its business relationship with that payment service provider.

The crypto-asset service provider of the beneficiary shall report that failure, and the steps taken, to the competent authority responsible for monitoring compliance with anti-money laundering and counter terrorist financing provisions.

Record retention

Information on the originator and the beneficiary shall not be retained for longer than strictly necessary. CASPs of the originator and of the beneficiary shall retain records of the information for a period of five years.

Notes

No additional information.

Status

In force.

Regulation

Proceeds of crime act 2015

Virtual Asset Service Provider Registration Framework Scope Guidance Note

Enforcement/application date

March 22, 2021

Threshold

EUR 1,000

VASP Due Diligence

No requirement.

Data to be shared

Originator:

a) Full name;

b) Account number (or a unique transaction identifier);

One of the following:

c) Physical address; or

d) National identity number; or

e) Customer identification number; or

f) Date and place of birth.

Beneficiary:

g) Full name;

h) Account number (or a unique transaction identifier).

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Application of requirements

The requirement applies in case of virtual asset transfer, that means any material transaction, on behalf of a payer, with a view to making a virtual asset available to a payee, irrespective of whether the payer and the payee are the same person.

Time and way to share the Information

Where a relevant financial business sends a virtual asset transfer to a virtual asset service provider, the relevant financial business must obtain the information specified in the Section "Scope of the PII", and submit it to the virtual asset service provider (a) immediately, and (b) by secure means.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) The relevant financial business must obtain the information specified in Section "Scope of the PII", and submit it to the virtual asset service provider. Is should apply to a relevant financial business irrespective of whether the relevant financial business and the payer are the same person.

2) Where a relevant financial business receives a virtual asset transfer from a virtual asset service provider, the relevant financial business must ensure that−

(a) it has received the information specified in the Section "Scope of the PII"; and

(b) the information is consistent with its own records in respect of the payee’s name and, where applicable, the payee’s account number.

3) Before a relevant financial business executes a virtual asset transfer received from any person, it must ensure that it has effective risk-based policies and procedures in place for the purposes of−

(a) determining whether any of the information referred to Section "Scope of the PII", as the case may be, is missing, incomplete or, where applicable, inconsistent with the relevant financial business’s own records; and

(b) see section "Procedures for innacurate, incomplete information".

Paragraphs (2) and (3) shall apply to a relevant financial business irrespective of whether the relevant financial business and the payee are the same person.

4) The procedures in relation to unhosted wallets are specified in section "VA transfer in case unhosted wallets or person other than a VASP".

Batch file transfer

No information.

Procedure for inaccurate, incomplete information

Where a default is identified (information is missing, incomplete), relevant financial business must:

• determine whether to execute, reject or suspend the virtual asset transfer;
• determine the appropriate follow-up action.

Record retention

A relevant financial business must keep the records for the period of five years.

Notes

No additional information.

Status

In force.

Regulation

Anti-Money Laundering and Counter-Terrorist Financing (Amendment) Ordinance 2022

AML/CFT Guideline

TEXT

TEXT

Enforcement/application date

June 1, 2023

Threshold

HKD 8,000

VASP Due Diligence

Required.

Data to be shared

If more than HKD 8,000:

- Originator:

a) Full name;

b) Account number (or a unique reference number);

c) Address, customer identification number or identification document number or, date and place of birth.

- Beneficiary:

d) Full name;

e) Account number (or a unique reference number).

If less than HKD 8,000: a), b), d), e).

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

Required.

Application of requirements

The rule applies when transfer VAs.

A virtual asset transfer is a transaction carried out:

(a) by an institution (ordering institution) on behalf of an originator by transferring any virtual assets; and

(b) with a view to making the virtual assets available:

• to that person or another person (recipient); and
• at an institution (beneficiary institution), which may be the ordering institution or another institution, whether or not one or more other institutions (intermediary institutions) participate in completion of the transfer of the virtual assets.

Time and way to share the Information

According to the Guideline, for the avoidance of doubt, the required information may be submitted either directly or indirectly to the beneficiary institution provided that it is submitted in accordance with the requirements set out in paragraphs 12.11.9 (securely) and 12.11.10 (immediately)*. This means that it is not necessary for the required information to be attached directly to, or be included in, the virtual asset transfer itself.

For the avoidance of doubt, an ordering institution should not execute a virtual asset transfer when it could not ensure that the required information could be submitted to a beneficiary institution, and where applicable, an intermediary institution, in a secure manner having regard to the above guidance and the VA transfer counterparty due diligence results.

According to SFC Consultation Conclusions, where the required information cannot be submitted to the beneficiary institution immediately, the SFC considers that submission as soon as practicable after the virtual asset transfer to be acceptable as an interim measure until 1 January 2024, having regard to the implementation status of the Travel Rule in other major jurisdictions.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) Before carrying out a virtual asset transfer, a financial institution that is an ordering institution must obtain and record the information specified in Section "Scope of the PII" (a)-(e).

2) A financial institution that is an ordering institution in a virtual asset transfer must submit to the beneficiary institution the information specified in Section "Scope of the PII".

3) For a virtual asset transfer involving virtual assets that amount to not less than $8,000, an ordering institution must ensure that the required originator information submitted with the virtual asset transfer is accurate.

For an occasional virtual asset transfer involving virtual assets that amount to not less than $8,000, an ordering institution must verify the identity of the originator. For an occasional virtual asset transfer involving virtual assets that amount to less than $8,000, the ordering institution is in general not required to verify the originator’s identity, except when several transactions are carried out which appear to the ordering institution to be linked and amount to not less than $8,000, or when there is a suspicion of ML/TF.

4) A financial institution that is a beneficiary institution in a virtual asset transfer must obtain and record the information submitted to it by the institution from which it receives the transfer instruction.

5) For a virtual asset transfer involving virtual assets that amount to not less than $8,000, a beneficiary institution should verify the identity of the recipient if the identity has not been previously verified as part of its CDD process. The beneficiary institution should also confirm whether the recipient’s name and account number obtained from the institution from which it receives the transfer instruction match with the recipient information verified by it, and take reasonable measures as set out in paragraph 12.11.24 of the Guideline where such information does not match.

6) A FI should establish and maintain effective procedures to ensure compliance with to enable it to carry out sanctions screening and transaction monitoring procedures on all relevant parties involved in a virtual asset transfer in an effective manner.

7) A financial Institution must implement procedure for inaccurate, incomplete information, as specified in respective section.

8) The procedures in relation to unhosted wallets are specified in section "VA transfer in case unhosted wallets or person other than a VASP"

Batch file transfer

No information.

Procedure for inaccurate, incomplete information

Where a financial institution (instructed institution) is a beneficiary institution or an intermediary institution in a virtual asset transfer—

(a) if the institution (instructing institution) from which the instructed institution receives the transfer instruction does not submit all of the information in connection with the virtual asset transferred to the instructed institution, the instructed institution must as soon as reasonably practicable—

(i) obtain the missing information from the instructing institution; and

(ii) if the missing information cannot be obtained, either—

(A) consider restricting or terminating its business relationship with the instructing institution; or

(B) take reasonable measures to mitigate the risk of money laundering or terrorist financing involved; or

if the instructed institution is aware that any of the information submitted to it that purports to be information is incomplete or meaningless, it must as soon as reasonably practicable take reasonable measures to mitigate the risk of money laundering or terrorist financing involved.

For more detailed information, see the AML/CFT Guideline.

Record retention

Retention period is at least 5 years.

Notes

If a financial institution acts as an intermediary institution in a virtual asset transfer, it must transmit all of the information that it receives with the transfer to the institution to which it passes on the transfer instruction.

For the rules regarding incomplete information for the intermediary, see the Section "Procedure for inaccurate, incomplete information".

Status

In force.

Regulation

AML & CFT Guidelines For Reporting Entities Providing Services Related To Virtual Digital Assets

Enforcement/application date

March 10, 2023

Threshold

No threshold.

VASP Due Diligence

Required.

Data to be shared

Originator:

a) Permanent Account Number (PAN) or National Identity Number;

b) Full name;

c) Account number;

d) Physical (geographical) address, or date and place of birth.

Beneficiary:

e) Full name;

f) Account number.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Status

In force.

Regulation

Regulation of Bappebti Number 8 of 2021 on Guidelines for the Organization of Physical Market Trading of Crypto Assets through the Futures Exchange.

Regulation of the Commodity Futures Trading Supervisory Agency of the Republic of Indonesia Number 13 of 2022 on the Amendment to Regulation of Bappebti Number 8 of 2021 on Guidelines for the Organization of Physical Market Trading of Crypto Assets through the Futures Exchange.

Enforcement/application date

October, 2021

Threshold

USD 1,000 or its equivalent in local currency.

VASP Due Diligence

No requirement.

Data to be shared

If more than USD 1,000:

- Originator:

a) Full name;

b) Wallet address;

c) Address;

d) Identity Cards are mandatory for Indonesian citizens, or passports and identity cards issued by the country of origin of Crypto Asset Customers (KITAP) or Limited Stay Permit Cards (KITAS) for foreign nationals if it is possible to obtain them.

- Beneficiary:

e) Full name;

f) Wallet address;

g) Address.

If less than USD 1,000: a), b), e), f).

Domestic vs cross-border transfers

No information.

Self-hosted wallet verification

No requirement.

Application of requirements

The concept of ‘travel rules’ applies when providing services for moving or transferring crypto assets by Prospective Crypto Asset Physical Traders or Crypto Asset Physical Traders.

Time and way to share the Information

No information.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) The Prospective Crypto Asset Physical Traders or Crypto Asset Physical Traders must obtain the information specified in the Section "Scope of the PII";

2) Prospective Crypto Asset Physical Traders or Crypto Asset Physical Traders are prohibited from facilitating the movement or transfer of Crypto Assets, if they do not apply the Travel Rule principle.

Batch file transfer

No information.

Procedure for inaccurate, incomplete information

No information.

Record retention

Retention period is at least 5 years.

Notes

No additional information.

Status

Not in force.

Regulation

Travel Rule (Transfer of Virtual Assets) Code 2024 - Consultation Paper

Enforcement/application date

TBD

Threshold

A consultation was held. We will update the details as soon as the final document is released.

VASP Due Diligence

Data to be shared

Domestic vs cross-border transfers

Self-hosted wallet verification

Status

In force.

Regulation

Anti-Money Laundering Order

Enforcement/application date

November 14, 2021

Threshold

No threshold.

VASP Due Diligence

No requirement.

Data to be shared

Originator:

a) Full name;

b) Identity number (or a unique identity number), or the date of birth or the date of incorporation;

c) Address;

d) Account number (or another unique identification number)

Beneficiary:

e) Full name;

f) Account number (or another unique identification number).

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Application of requirements

The rule applies for transfer of virtual currency

Time and way to share the Information

The Service Provider transferred the information details in an immediate and secure manner to the recipient of the transfer.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) A Service Provider will not conduct a transaction involving a virtual currency transfer without performing the following:

(1) The Service Provider registered the information details of the originator as stated in paragraphs (1) to (4) and (7) as provided in Section "Scope of the PII" and the information details of the beneficiary as stated in paragraphs (5) to (7) as provided in Section "Scope of the PII";

(2) The Service Provider transferred the information details in an immediate and secure manner to the recipient of the transfer.

2) A Service Provider will not receive a transfer of virtual currency without performing the following actions:

(1) It registered the information of the originator as stated in paragraphs (1) to (4) and (7), as provided in Section "Scope of the PII";

(2) It registered the information regarding the beneficiary as stated in paragraphs (5) to 7 as stated in Section "Scope of the PII".

3) The Service Provider will record the identification details after it verified the identification details according to the identification document; as regards the registration of the identification information of the account number in paragraphs (4) and (6) from the Section "Scope of the PII" – the Service Provider will record the account number based on a document containing the name and the account number of the Service Recipient.

Batch file transfer

Batch file — a number of transfers performed for the same originator to different beneficiaries simultaneously.

In the event a Service Provider performed a number of cross border transfers of virtual currency, for the same originator in one batch file, the said batch file will include the information contained in the Section "Scope of the PII" with respect to each of the transfers in the batch file.

Procedure for inaccurate, incomplete information

No information.

Record retention

Retention period is at least 5 years.

Notes

No additional information.

Status

In force.

Regulation

Act on Prevention of Transfer of Criminal Proceeds

Enforcement Act

SFA Scheme

Designation of a country or region based on the provisions of Article 17-2 and Article 17-3 of the Enforcement Order of the Act on Prevention of Transfer of Proceeds from Crime

Enforcement/application date

JVCEA introduced a travel rule as a self-regulatory rule from April 1, 2022.

However, amendments to the AML Act entered into force in June, 2023.

Threshold

No threshold.

VASP Due Diligence

No requirement.

Data to be shared

Originator:

- Natural person:

a) Full name;

b) Residence or customer identification number, etc;

c) Blockchain address or number that can identify the address.

- Legal person:

d) Name;

e) Location of head office or principal office or customer identification number, etc;

f) Blockchain address or number that can identify the address.

Beneficiary:

- Natural person:

g) Full name;

h) Blockchain address or number that can identify the address.

- Legal person:

i) Name;

j) Blockchain address or number that can identify the address.

Domestic vs cross-border transfers

If the transaction is carried out with foreign VASP, travel Rule apply only to countries and regions specified by the Financial Services Agency. (United States of America, Albania, Israel, Canada, Cayman Islands, Gibraltar, Singapore, Switzerland, Serbia, The Republic of Korea, Germany, Bahamas, Bermuda, The Philippines, Venezuela, Hong Kong, Malaysia, Mauritius, Liechtenstein, Luxembourg).

Self-hosted wallet verification

No requirement.

Application of requirements

Transfer to domestic VASP/Transfer to foreign VASP Eligible (individuals and unregistered businesses are excluded).

Travel Rule apply only to countries and regions specified by the Financial Services Agency. (United States of America, Albania, Israel, Canada, Cayman Islands, Gibraltar, Singapore, Switzerland, Serbia, The Republic of Korea, Germany, Bahamas, Bermuda, The Philippines, Venezuela, Hong Kong, Malaysia, Mauritius, Liechtenstein, Luxembourg).

Time and way to share the Information

The information should be sent at the time of VA transfer.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) Sender's VASP should transfer the information about the sender and recepient at the time of VA transfer to another VASP.

2) VASPs are obliged to record and preserve matters notified or received.

Batch file transfer

No information.

Procedure for inaccurate, incomplete information

No information.

Record retention

According to the AML Act, retention period is at least seven years.

Notes

No additional information.

Status

In force.

Regulation

EU Legislation (Information Accompanying Transfers of Funds) (Jersey) Regulations 2017

Regulation (EU) 2015/847

Travel Rule guidance note

Regulation (EU) 2023/1113

Enforcement/application date

September 1, 2023

Threshold

EUR 1,000

VASP Due Diligence

No requirement.

Data to be shared

Originator:

a) The name of the originator;

b) Registered or trading names (in case of legal entity);

c) The account number of the originator, or other unique transaction identifiers;

d) The transaction hash number (every transaction that occurs on the blockchain is recorded as a block, and each block has a unique hash).

- Natural Person:

e) One of the following:

• Customer identification number;
• Address;
• Birth certificate, passport number, or national ID card number (or individual's date and place of birth).

Legal Entity:

f) One of the following:

• Customer identification number;
• Address of originator's registered office (or principal place of business).

Beneficiary:

g) The name of the beneficiary;

h) Registered or trading names (in case of legal entity);

i) The account number of the beneficiary, or other unique transaction identifiers;

j) The transaction hash number (every transaction that occurs on the blockchain is recorded as a block, and each block has a unique hash).

Domestic vs cross-border transfers

There is a difference.

Domestic (inside the Union): at least c).

Cross-border: if less than EUR 1,000: a), c), g), h).

Self-hosted wallet transfer: c).

Self-hosted wallet verification

Required (in higher risk cases).

Status

In force.

Regulation

1. Due Diligence Act

2. Due Diligence Ordinance

3. FMA Instruction

Enforcement/application date

June 1, 2021

Threshold

CHF 1

VASP Due Diligence

No requirement.

Data to be shared

Originator:

a) Name (first and last name/company name);

b) Designation or number account (e.g. the TT identifier) of the TT client (or individual transaction code);

c) Address, the number of a valid official ID, the customer number or the date and place of birth.

Beneficiary:

d) Name (first and last name/company name);

e) Designation or number account (e.g. the TT identifier) (or individual transaction code).

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

Required.

Application of requirements

The requirements apply to TT transfers, regardless of whether the TT service providers involved in the TT transfer are registered as such or not.

"TT transfer" is all disposals of a virtual currency or a token within the meaning of Art. 6 of the Token and TT Service Provider Act from one TT Service Provider to another TT Service Provider.

Time and way to share the Information

The exchange of information must take place in a secure manner before the completion of the TT transfer.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

For more detailed information, see the FMA Instruction.

1) In the case of TT transfers, the ordering TT service provider must collect the nformation from the Section "Scope of the PII" and transmit it to the beneficiary TT service provider.

2) Before concluding a TT transfer, the ordering TT service provider must check whether the information to be transmitted is correct, complete and suitable. The information on the beneficiary does not have to be verified.

3) The client TT service provider is also responsible for sanctions screening for both the client information and for the beneficiary information. In addition to the TT account, the name of the client/beneficiary must also be compared.

4) The beneficiary TT Service Provider must obtain and verify the information on the beneficiary and provide sanction screening for both the ordering party and the beneficiary information. In addition to the TT account, a name comparison must also be carried out. The sanctions screening must be carried out before the conclusion of the TT transfer.

5) After the information has been transmitted, the benefiting TT Service Provider must check the relevant information for completeness. Furthermore, the plausibility check must also include an analysis of the correctness and meaningfulness of the data.

6) The benefiting TT Service Provider must establish procedures for inaccurate, incomplete information, information submitted late, and for measures with regard to repeatedly defaulting TT service providers.

7) The procedures in relation to unhosted wallets are specified in section "VA transfer in case unhosted wallets or person other than a VASP".

Batch file transfer

No information.

Procedure for inaccurate, incomplete information

The beneficiary TT Service Provider sets up effective, risk-based procedures with the help of which it can be determined whether a TT Transfer is to be rejected or suspended due to information that is not transmitted, not in accordance with the regulations, is incomplete or delayed, and which further measures are to be taken are to be met.

If the beneficiary TT Service Provider establishes that information was not transmitted, not in accordance with the regulations, incomplete or late, it must reject the TT transfer order on a risk-oriented basis or provide the prescribed information, setting a deadline of request three days. A TT transfer may only be completed once the requested data has been transmitted and made available to the TT beneficiary.

If an ordering TT Service Provider repeatedly fails to provide the required information, the beneficiary TT Service Provider can reject all future TT transfer orders from the ordering TT Service Provider or restrict the business relationship with it after a reminder has been issued and a deadline has been set or quit.

For more detailed information, see the FMA Instruction.

Record retention

Retention period — 10 years (according to AML law).

Notes

No additional information.

Status

Not in force.

Regulation

Amedments to the AML law

Enforcement/application date

January 1, 2025

Threshold

No information.

VASP Due Diligence

No requirement.

Data to be shared

Originator:

- Natural person:

a) Name(s), surname(s);

b) Unique transaction code;

c) Payment account or deposit virtual currency wallet identification codes;

d) Type of identity document, its number;

e) Personal identification number (foreigner's date of birth, if any, personal identification number or other unique sequence of characters assigned to this person to identify the person) and citizenship (if the person is stateless, indicate the country that issued the document confirming the personal identity);

f) Residential address;

- Legal entity:

g) Name;

h) Unique transaction code;

i) Payment account or deposit virtual currency wallet identification codes;

j) The code (if the code is not provided, the registration statement);

k) Registered office address;

Beneficiary:

- Natural person:

l) Name(s), surname(s);

m) Personal code (foreigner's date of birth, if any, personal code or other unique sequence of characters assigned to this person to identify the person);

n) Payment account or deposit virtual currency wallet identification codes;

- Legal entity:

o) Name;

p) The code (if the code is provided);

q) Identification codes of payment accounts or depository virtual currency wallets.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Application of requirements

The requirement is applied when performing a virtual currency exchange, transfer or other transactions with virtual currency.

Time and way to share the Information

The instruction to perform the operation should be transmitted together with the information.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) Initiator's VASP must collect, store and transfer to the operator of the virtual currency exchange of the recipient, the depository virtual currency wallets operator or financial institution the information specified in Section "Scope of the PII".

2) A virtual currency exchange operator or a depository virtual currency wallet operator may not accept a transaction from another virtual currency exchange operator or a depository virtual currency wallet operator, if the latter does not comply with the requirement to transfer the information.

Batch file transfer

No information.

Procedure for inaccurate, incomplete information

A virtual currency exchange operator or a depository virtual currency wallet operator may not accept a transaction from another virtual currency exchange operator or a depository virtual currency wallet operator, if the latter does not comply with the requirement to transfer the information.

Record retention

The retention period is eight years from the date of termination of transactions or business relationships with the customer.

Notes

No additional information.

Status

In force.

Regulation

Law on the fight against money laundering and terrorist financing

Communiqué on virtual assets, virtual asset service providers and the related registration process

Regulation (EU) 2015/847

Enforcement/application date

2020

Threshold

EUR 1,000

VASP Due Diligence

No requirement.

Data to be shared

Originator:

a) Full name;

b) Account number (or unique transaction identifier);

c) Address, official personal document number, customer identification number or date and place of birth.

Beneficiary:

d) Full name;

e) Payment account number (or unique transaction identifier)

Domestic vs cross-border transfers

There is a difference.

Domestic. The following data needs to be transferred: b) and e). However, within three working days of receiving a request for information from the payee's PSP or IPSP, the following data should be made available:

• If more than EUR 1,000: a), b), c), d), e);
• If less than EUR 1,000: a), b), d), e).

Cross-border. The following data should be transferred:

• If more than EUR 1,000: a), b), c), d), e);
• If less than EUR 1,000: a), b), d), e).

Self-hosted wallet verification

No requirement.

Application of requirements

VASPs have to comply with the professional obligations as provided for in Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015 on information accompanying transfer of funds and repealing Regulation (EC) No 1781/2006.

Time and way to share the Information

The regulation does not express the time to share explicitly.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) The crypto-asset service provider of the originator shall ensure that transfers of crypto-assets are accompanied by the information on the originator and beneficiary specified in Section "Scope of the PII", taking into account rules for cross-border transfers and transfers within the Union.

2) Before transferring funds, the VASP of the payer (originator) shall verify the accuracy of the information about the originator on the basis of documents, data or information obtained from a reliable and independent source. Verification shall be deemed to have taken place where:

(a) a payer's identity has been verified in accordance with Article 13 of Directive (EU) 2015/849 and the information obtained pursuant to that verification has been stored in accordance with Article 40 of that Directive; or

(b) Article 14(5) of Directive (EU) 2015/849 applies to the payer. The VASP of the originator shall not execute any transfer of funds before ensuring full compliance with the Article 4 of the EU Regulation 2015/847.

3) The beneficiary’s crypto asset service provider must:

• Implement effective procedures, including, where appropriate, ex-post monitoring or real-time monitoring, in order to detect whether the information on the originator or the beneficiary is missing; (For more details please see Article 7 of the Regulation and the section Procedure for inaccurate, incomplete information)
• establish and implement effective risk-based procedures to assess whether to carry out, reject or suspend a transaction and what follow-up action to take; and
• report suspicious transactions to the competent supervisory authority on certain conditions.

4) In the case of transfers of crypto-assets exceeding EUR 1 000, whether those transfers are carried out in a single transaction or in several transactions which appear to be linked, before making the crypto-assets available to the beneficiary, the crypto-asset service provider of the beneficiary shall verify the accuracy of the information on the beneficiary on the basis of documents, data or information obtained from a reliable and independent source.

In the case of transfers of crypto-assets not exceeding EUR 1 000 that do not appear to be linked to other transfers of crypto-asset which, together with the transfer in question, exceed EUR 1 000, the crypto-asset service provider of the beneficiary shall only verify the accuracy of the information on the beneficiary in the following cases:

(a) where the crypto-asset service provider of the beneficiary effects the pay-out of the crypto-assets in cash or anonymous electronic money;

(b) where the crypto-asset service provider of the beneficiary has reasonable grounds for suspecting money laundering or terrorist financing.

Verification shall also be deemed to have taken place in cases specified in paragraph 2 of this Section.

Batch file transfer

In the case of a batch file transfer from a single originator where the VASPs of the beneficiary are established outside the Union, the requirement of the paragraph 1 from the Section "Scope of the PII" (Article 4(1)) shall not apply to the individual transfers bundled together therein, provided that the batch file contains the information referred to in paragraphs (1), (2) and (3) of the Section "Scope of the PII" (Article 4), that that information has been verified in accordance with paragraph 2 of the Section "Actions required" (Article 4(4) and (5)), and that the individual transfers carry the payment account number of the payer (originator) or, where paragraph (3) of the Section "Scope of the PII" applies, the unique transaction identifier.

Procedure for inaccurate, incomplete information

The VASP of the beneficiary shall implement effective risk-based procedures, including procedures based on the risk-sensitive basis, for determining whether to execute or reject a transfer of crypto-assets lacking the required complete originator and beneficiary information and for taking the appropriate follow-up action.

Where the VASP of the beneficiary becomes aware, when receiving transfers of crypto-assets, that the information is missing or incomplete, the crypto-asset service provider shall reject the transfer or ask for the required information on the originator and the beneficiary before or after making the crypto-assets available to the beneficiary, on a risk-sensitive basis.

Where the VASP repeatedly fails to provide the required information on the payer or the payee, the payment service provider of the payee shall take steps, which may initially include the issuing of warnings and setting of deadlines, before either rejecting any future transfers of funds from that payment service provider, or restricting or terminating its business relationship with that payment service provider.

The VASP of the beneficiary shall report that failure, and the steps taken, to the competent authority responsible for monitoring compliance with anti-money laundering and counter terrorist financing provisions.

Record retention

Retention period — 5 years (according to AML Act).

Notes

Rules for intermediaries:

Intermediary VASPs shall ensure that all the information received on the payer (originator) and the payee (beneficiary) that accompanies a transfer of funds is retained with the transfer.

Detection of missing information on the payer (originator) or the payee (beneficiary)

1) The intermediary VASP shall implement effective procedures to detect whether the fields relating to the information on the payer (originator) and the payee (beneficiary) in the messaging or payment and settlement system used to effect the transfer of funds have been filled in using characters or inputs admissible in accordance with the conventions of that system.

2) The intermediary VASP shall implement effective procedures, including, where appropriate, ex-post monitoring or real-time monitoring, in order to detect whether the following information on the payer (originator) or the payee (beneficiary) is missing:

(a) for transfers of VA where the VASP of the payer (originator) and the payee (beneficiary) are established in the Union;

(b) for transfers of VA where the VASP of the payer (originator) and the payee (beneficiary) is established outside the Union;

(c) for batch file transfers where the VASP of the payer (originator) and the payee (beneficiary) is established outside the Union.

Transfers of VA with missing information on the payer(originator) and the payee (beneficiary)

1) The intermediary VASP shall establish effective risk-based procedures for determining whether to execute, reject or suspend a transfer of funds lacking the required payer (originator) and the payee (beneficiary) information and for taking the appropriate follow up action.

Where the intermediary VASP becomes aware, when receiving transfers of VA, that the information required is missing or has not been filled in using characters or inputs admissible in accordance with the conventions of the messaging or payment and settlement system it shall reject the transfer or ask for the required information on the payer (originator) and the payee (beneficiary) before or after the transmission of the transfer of VA, on a risk-sensitive basis.

2) Where a VASP repeatedly fails to provide the required information on the payer (originator) and the payee (beneficiary), the intermediary VASP shall take steps, which may initially include the issuing of warnings and setting of deadlines, before either rejecting any future transfers of funds from that payment service provider, or restricting or terminating its business relationship with that VASP. The intermediary VASP shall report that failure, and the steps taken, to the competent authority responsible for monitoring compliance with anti-money laundering and counter terrorist financing provisions.

The intermediary VASP shall take into account missing information on the payer (originator) and the payee (beneficiary) as a factor when assessing whether a transfer of funds, or any related transaction, is suspicious, and whether it is to be reported to the FIU in accordance with Directive (EU) 2015/849.

Status

In force.

Regulation

Guidelines on Prevention of Money Laundering and Terrorism Financing for Reporting Institutions in the Capital Market

Enforcement/application date

April 26, 2021

Threshold

No threshold.

VASP Due Diligence

No requirement.

Data to be shared

Originator:

a) Full name;

b) National registration identity card number or passport number;

c) Account number or digital wallet address or a unique transaction reference number;

d) Address or date and place of birth.

Beneficiary:

e) Full name;

f) Account number or digital wallet address or a unique transaction reference number.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Application of requirements

The requirements are applicable to a reporting institution providing wire transfer of digital assets.

Time and way to share the Information

No information.

The message or instruction for cross-border wire transfer should be accompanied by the information.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) A reporting institution must not execute wire transfer of digital assets if it does not comply with the requirements.

2) In providing wire transfer of a digital asset, the reporting institutions must comply with requirements on targeted financial sanctions.

3) A reporting institution which is an ordering institution must ensure that the message or instruction for cross-border wire transfer are accompanied by the information specified in Section "Scope of the PII".

4) A beneficiary institution is required to take reasonable measures, including post-event or real-time monitoring where feasible, to identify the transfers that lack the required originator information or required beneficiary information. A beneficiary institution is required to have effective risk-based policies and procedures for determining:

(a) when to execute, reject, or suspend a wire transfer lacking the required originator or required beneficiary information; and

(b) the appropriate follow-up action.

Batch file transfer

No information.

Procedure for inaccurate, incomplete information

A beneficiary institution is required to take reasonable measures, including post-event or real-time monitoring where feasible, to identify the transfers that lack the required originator information or required beneficiary information.

A beneficiary institution is required to have effective risk-based policies and procedures for determining:

(a) when to execute, reject, or suspend a wire transfer lacking the required originator or required beneficiary information; and

(b) the appropriate follow-up action.

Record retention

A reporting institution must keep records of all transactions and ensure they are up to date and relevant.

A reporting institution is required to maintain records for a period of at least seven years from:

(a) in the case of record obtained through the CDD and enhanced CDD process, the date the account is closed; or

(b) in the case of transaction records, the date the transaction is completed or terminated.

Notes

No additional information.

Status

In force.

Regulation

VIATOS Act

AML/CFT Guidance Notes for Virtual Asset Service Providers & Issuers of Initial Token Offerings

Enforcement/application date

February 7, 2022

Threshold

No threshold.

VASP Due Diligence

Required.

Data to be shared

Originator:

a) Full name;

b) Account number (or a unique transaction reference number);

Any of the following information:

c) Physical address;

d) National Identity Card number or passport number;

e) Customer identification number; or

f) Place of birth;

Beneficiary:

g) Full name;

h) Account number (or a unique transaction reference number).

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Application of requirements

The obligation applies when transfer of virtual assets.

Transfer of virtual asset means any transaction carried out on behalf of another person that moves a virtual asset from one virtual asset address or account to another.

Time and way to share the Information

The originating virtual asset service provider shall immediately and securely submit the information obtained and held to the beneficiary virtual asset service provider or any other financial institution.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) Where a transfer of virtual asset is made –

(a) the originating virtual asset service provider shall –

(i) obtain and hold required and accurate originator information and required beneficiary information on the transfer; and

(ii) immediately and securely submit the information obtained and held pursuant to subparagraph (i) to the beneficiary virtual asset service provider or any other financial institution; and

(b) the beneficiary virtual asset service provider shall obtain and hold required originator information and required and accurate beneficiary information on the transfer.

2) An originating virtual asset service provider shall ensure that all transfers of virtual assets are always accompanied by –

(a) required and accurate originator information, and

(b) required beneficiary information, as specified in Section "Scope of the PII".

3) The originating virtual asset service provider shall not execute a transfer of virtual asset where it does not comply with the requirements specified in paragraph (2) of this Section.

4) A beneficiary virtual asset service provider shall take measures specified in Section "Procedure for inaccurate, incomplete information".

5) According to Guidance Notes, VASPs would be expected to make use of relevant software to:

• identify risk-related details about the beneficiary through blockchain analytics and sanctions screening providers;
• allow to generate reports to the FSC on a timely basis, upon request.

6) As far as occasional transactions are concerned, following consequential amendments made in the FIAMLA, a VASP is required to:

(i) apply CDD measures in respect to an occasional transaction in an amount equal to or above 1000 US dollars or an equivalent amount in foreign currency where the exchange rate to be used to calculate the US dollar equivalent shall be the selling rate in force at the time of the transaction, whether conducted as a single transaction or several transactions that appear to be linked; and

(ii) record, in respect to an occasional transaction in an amount below 1000 US dollars, the name of the originator and the beneficiary; and the virtual asset wallet address for each or a unique transaction reference number.

Batch file transfer

No information.

Procedure for inaccurate, incomplete information

A beneficiary virtual asset service provider shall:

(a) take reasonable measures, which may include post- event monitoring or real-time monitoring where feasible, to identify transfers of virtual assets that lack required originator information or required beneficiary information;

(b) have risk-based policies and procedures for determining:

• (i) when to execute, reject or suspend a transfer of virtual asset lacking required originator or required beneficiary information; and
• (ii) the appropriate follow-up actions.

Record retention

The information obtained and held shall be kept in a manner that they are immediately made available to the Commission and, upon request, to any other relevant competent authority.

According to Guidance Notes, VASPs would be expected to make use of relevant software to store encrypted customer’s PII for up to seven years.

Notes

The Travel Rule requirements also extend to a financial institution, acting as intermediary, when sending or receiving virtual asset transfers on behalf of a customer as they would have applied to a VASP.

Status

In force.

Regulation

General Notice No. 510, Bank of Namibia: Travel Rules: Virtual Assets Act, 2023

Virtual Assets Act, 2023

Enforcement/application date

September 1, 2023

Threshold

No threshold.

VASP Due Diligence

No requirement.

Data to be shared

Originator:

a) Full name;

b) Virtual asset account number (or a unique transaction reference number);

Any of the following information:

c) Physical address;

d) National identity card number or passport number;

e) Customer identification number; or

f) Place of birth;

Beneficiary:

g) Full name;

h) Virtual asset account number (or a unique transaction reference number).

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Status

In force.

Regulation

Anti-Money Laundering and Countering Financing of Terrorism (Requirements and Compliance) Amendment Regulations 2023

Anti-Money Laundering and Countering Financing of Terrorism Act 2009

Virtual Asset Service Providers Guideline

Enforcement/application date

Partially implemented in 2020.

The amendments will be effective from June 1, 2024.

Threshold

NZD 1,000

VASP Due Diligence

Required.

Data to be shared

Originator:

a) Full name;

b) Account number or other identifying information;

One of the following:

c) Address;

d) National identity number;

e) Customer identification number;

f) Place and date of birth.

Beneficiary:

g) Full name;

h) Account number (or a unique transaction reference number).

Domestic vs cross-border transfers

There is a difference.

Domestic. The following data needs to be transfered: b), but a), c), d), e), f), g) or other information should be provided within 3 working days after the request.

Cross-border: a), b), c), d), e), f), g), h).

Self-hosted wallet verification

No requirement.

Status

In force.

Regulation

Money Laundering (Prevention and Prohibition) Act, 2022

Securities and Exchange Commission (capital market operators anti-money laundering and combating the financing of terrorism) Regulations, 2022

Enforcement/application date

May 12, 2022

Threshold

$ 1,000

VASP Due Diligence

No requirement.

Data to be shared

Originator:

a) Full name;

b) Wallet address;

c) Physical address or national identity number or, where the originator is not a natural person, the incorporation number or business registration number.

Beneficiary:

d) Full name;

e) Wallet address.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Application of requirements

VASPs must comply with the requirements applicable to all CMOs under the MLPPA and the SEC Regulations, subject to the qualifications set forth in subsections (2) and (3) of the regulation 15.

Time and way to share the Information

Originating VASP must submit the information obtained and held to the beneficiary VASP or financial institution (if any) immediately and securely.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) Originating VASPs must:

(i) obtain and hold full originator information as specified in the Section "Scope of the PII" and verify that the originator information is accurate

(ii) obtain and hold full beneficiary information as specified in the Section "Scope of the PII" (iii) submit the information obtained and held under (i) and (ii) to the beneficiary VASP or financial institution (if any) immediately and securely, and

(iv) make the information obtained and held under (i) and (ii) available on request to appropriate authorities

2) Beneficiary VASPs must:

(i) obtain and hold full originator information as specified in the Section "Scope of the PII"

(ii) obtain and hold full beneficiary information as specified the Section "Scope of the PII" and verify that the beneficiary information is accurate, and

(iii) make the information obtained and held under (i) and (ii) available on request to competent authorities

3) The same obligations apply to non-VASP CMOs when sending or receiving virtual asset transfers on behalf of a customer.

Batch file transfer

No information.

Procedure for inaccurate, incomplete information

No information.

Record retention

A CMO shall maintain all originator and beneficiary information collected in accordance with regulation 21 of these regulations.

Notes

No additional information.

Status

In force.

Regulation

Decision No. (E/35/2023)

Enforcement/application date

June 6, 2023

Threshold

No threshold.

VASP Due Diligence

No requirement.

Data to be shared

Originator:

a) Full name;

b) Wallet address (or a unique transaction reference);

c) Physical address; or national identification or customer identification number, or the date and place of birth.

Beneficiary:

a) Full name;

b) Wallet address (or unique transaction reference).

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Status

In force.

Regulation

BSP Circular No. 1108

Memorandum No. M-2023-042

Enforcement/application date

February 5, 2021

Threshold

₱ 50,000

VASP Due Diligence

Required.

Data to be shared

Originator:

a) Full name;

b) Account number;

c) Physical (geographical) address, or national identity number, or customer identification number, or date and place of birth.

Beneficiary:

d) Full name;

e) Account number.

If less than ₱ 50,000: a), b), d), e).

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

EDD is required (wallet ownership/control check can be a part of it).

Application of requirements

The rule applies for VA transfer.

Time and way to share the Information

The required information must be transmitted immediately and in a secure manner.

VASPs shall uphold the confidentiality, integrity and availability of the required information to facilitate recordkeeping and use of such information by receiving VASPs or other covered entities, as well as to prevent unauthorized disclosure. Entities should also submit the required information simultaneously or concurrently with the transfer itself.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) The originating institution in a VA transfer must obtain and hold the required and accurate originator information as well as the required beneficiary information, and transmit said information to the beneficiary institution.

2) Beneficiary institutions must obtain and hold required originator information as well as required and accurate beneficiary information. All the information gathered shall be made available on request to competent authorities.

3) For large value pay-outs of more than P500,000 or its equivalent in foreign currency, in any single transaction with customers or counterparties, enhanced due diligence shall be conducted and said pay-outs shalI only be made via check payment or direct credit to deposit accounts or account to account transfer using electronic fund transfer facilities.

Batch file transfer

No information.

Procedure for inaccurate, incomplete information

No information.

Record retention

A VASP shall ensure that transaction and due diligence records are maintained for a period of at least five (5) years and adhere to other guidelines issued by the Bangko Sentral on the maintenance of records.

Notes

No additional information.

Status

In force.

Regulation

Aviso do Banco de Portugal n.o 1/2023 (Notice)

Lei n.º 83/2017, de 18 de agosto

Enforcement/application date

July 15, 2023

Threshold

No threshold.

VASP Due Diligence

Required.

Data to be shared

Originator:

a) Full name;

b) Address or addresses of the distributed ledger and, where it exists and is used to process the transfer, the internal number of customer portfolio identification;

c) Portfolio's internal identification number (or the unique transaction identifier);

d) Full address of residence, official identification document number and customer identification number or, alternatively, date and place of birth.

Beneficiary:

e) Full name;

f) Address or addresses of the distributed ledger and, where it exists and is used to process the transfer, the internal number of identification of the portfolio with the entity that carries out activities with virtual assets or the entity of an equivalent nature that receives the transfer on behalf of the beneficiary;

g) Internal identification number of the portfolio (or the unique transaction identifier).

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

Required.

Application of requirements

Entities that carry out activities with virtual assets should comply with the Travel Rule provisions regarding transfers of virtual assets that, regardless of the respective value, they send/receive on behalf of a customer.

Time and way to share the Information

The information does not have to be directly attached or included in the transfer of virtual assets, as long as it is submitted, through secure channels, before or simultaneously with the execution of the transfer.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) Entities carrying out activities with VA ensure that the transfers of VA they send are accompanied by the information specified in section "Sope of the PII".

2) Before carrying out the transfer of virtual assets, the entity verifies the accuracy of the information relating to the originator referred to in subparagraph a) of the section "Scope of the PII", based on documents or information obtained from sources of information considered reputable , credible and sufficient.

3) Entities carrying out activities with virtual assets refuse to initiate or execute any transfer of virtual assets before ensuring full compliance with the Article 37 of the Notice (Transfer of VA).

4) Beneficiary VASPs apply effective procedures, including, whenever appropriate, real-time or ex post monitoring of transfers, to detect whether the information on the originator and beneficiary are included in, or accompany, the transfer of virtual assets or the transfer of virtual assets in batches.

5) Before making the virtual assets available to the beneficiary, the beneficiary VASPs verify the accuracy of the information regarding the beneficiary based on documents or information obtained from sources of information considered suitable, credible and sufficient.

6) Beneficiary VASPs implement effective risk-based procedures, under the terms of the Law and this Notice, to determine when they execute, reject or suspend a transfer of virtual assets that is not accompanied by the complete information required about the originator and beneficiary and to take appropriate follow-up measures.

7) The procedures in relation to unhosted wallets are specified in section "VA transfer in case unhosted wallets or person other than a VASP".

Batch file transfer

In the case of transfers of virtual assets in batches from a single payer, the provisions of the Article 37 of the Notice (Transfer of VA) are not applicable to individual transfers grouped in that batch, provided that, cumulatively:

a) The respective file contains the information referred to in Section "Scope of the PII";

b) The information referred to in the previous paragraph has been verified; and

c) Individual transfers contain the information referred to in subparagraph iii) of subparagraph a) and subparagraph iii) of subparagraph b) in the Section "Scope of the PII".

Procedure for inaccurate, incomplete information

Beneficiary VASPs implement effective risk-based procedures, under the terms of the Law and this Notice, to determine when they execute, reject or suspend a transfer of virtual assets that is not accompanied by the complete information required about the originator and beneficiary and to take appropriate follow-up measures.

When applying the risk-based procedures referred to in the previous number, the entities carrying out activities with virtual assets take into account the procedures adopted in compliance with the provisions of article 28 of the Law and article 27 of this present Notice.

If they are aware, at the time of receiving transfers of virtual assets, that the information on the originator or beneficiary referred to in subparagraphs a) and b) of the section "Scope of the PII" is missing or incomplete, the beneficiary VASPs, depending on the concretely identified risk and without undue delay:

a) Reject the transfer or return the transferred virtual assets to the distributed registration address; or

b) Request the originating VASP or entity of an equivalent nature for the required missing information about the originator or beneficiary before making the virtual assets available to the beneficiary.

The VASPs consider the omission or incompleteness of the required information about the originator or beneficiary as a factor to be taken into account:

a) For the application of enhanced identification and due diligence measures to the business relationship, occasional transaction or operation, under the terms of the Law and the Notice;

b) Within the framework of the examination duty provided for in article 52 of the Law and in article 46 of the Notice, in order to assess the potentially suspicious nature of the transfer of virtual assets, or any related transaction, for the purpose of complying with the duty of communication foreseen in articles 43 and 44 of the Law.

Whenever, they identify originating VASPs or entities of an equivalent nature that repeatedly do not provide, or provide incompletely, the required information about the originator or the beneficiary, the beneficiary VASPs adopt appropriate measures for the deficiencies detected.

The following are examples of measures to be adopted by beneficiary VASPs:

a) In an initial phase, setting an additional deadline for providing the required information on the originator or beneficiary or issuing a notice indicating the measures that will be adopted if the originating VASP or a equivalent nature continues to not provide the requested information;

b) Rejection of any future transfers of virtual assets from or to the originating VASP or entity of an equivalent nature;

c) Restriction or termination of the business relationship with the originating VASP or entity of an equivalent nature, in cases where the risk associated with it cannot be managed through other means or procedures, including through the application of measures due diligence identification measures provided for in article 42 of the Notice.

Beneficiary VASPs communicate to Banco de Portugal, through the channels referred to in article 51 of the Notice and within a maximum period of three months:

a) Identification of the entity carrying out activities with virtual assets or an entity of an equivalent nature that repeatedly fails to provide, or provides incompletely, the required information on the payer or beneficiary, indicating, among other elements, the country where is authorized or registered;

b) The nature of the omission or incompleteness, including:

i) The frequency of transfers of virtual assets with missing or incomplete information;

ii) The period of time in which the omissions or incompleteness occurred;

iii) Any reasons invoked by the entity carrying out activities with virtual assets or entity of an equivalent nature to justify the repeated omission or incompleteness of the required information.

c) A description of the measures adopted under the previous number.

Record retention

Retention period is 7 years after the moment in which the identification of the customer was processed or, in the case of business relationships, after their end.

Notes

Transfer of assets by intermediaries

Intermediary VASPs shall ensure that all information received on the payer and payee referred to in subparagraphs a) and b) of the section "Scope of the PII" which are included in, or accompanying, a transfer of virtual assets are:

a) Transmitted with the transfer, the provisions of article 37(3) of the Notice being applicable;

b) Kept under the terms of article 51 of the Law and article 45 of the Notice; It is

c) Made available at the request of Banco de Portugal.

Entities carrying out activities with virtual assets also observe the provisions of paragraphs 5 to 12 of article 39 of the Notice, with the necessary adaptations, in relation to the transfers of virtual assets.

Status

Not in force.

Regulation

Virtual Asset Service Providers Bill, 2024

Enforcement/application date

TBD

Act shall come into operation on such date as the Minister may by notice in the Gazette appoint and different dates may be appointed for different parts of the Act.

Threshold

SCR 50,000

VASP Due Diligence

No requirement.

Data to be shared

Originator:

a) Full name;

b) Wallet address (or unique transaction reference number);

c) Address (including the name of the country, government issued identifciation information inclusive of the national identification number (if applicable)) or customer identification number or date and place of birth.

Beneficiary:

d) Full name;

e) Wallet address (or unique transaction reference number).

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Status

In force.

Regulation

MAS Notice 2022

MAS Guidelines

Enforcement/application date

February 28, 2020

Threshold

SCG 1,500

VASP Due Diligence

No requirement.

Data to be shared

If more than S$ 1,500:

- Originator:

a) Full name;

b) Account number (or unique transaction reference number);

And any of the following (when exceeding S$ 1,500):

c)The value transfer originator’s ⎯

d) Residential address, or

e) Registered or business address, and if different, principal place of business;

f) Unique identification number (such as an identity card number, birth certificate number or passport number, or where the value transfer originator is not a natural person, the incorporation number or business registration number); or

g) Date and place of birth, incorporation or registration of the value transfer originator.

- Beneficiary:

h) Full name;

i) Account number (or unique transaction reference number).

If less than S$ 1,500: a), b), h), i).

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

Required.

Application of requirements

This rule shall apply to a payment service provider when:

(a) it effects the sending of one or more digital payment tokens by value transfer; or

(b) it receives one or more digital payment tokens by value transfer on the account of the value transfer originator or the value transfer beneficiary, but shall not apply to a transfer and settlement between the payment service provider and another financial institution where the payment service provider and the other financial institution are acting on their own behalf as the value transfer originator and the value transfer beneficiary.

Time and way to share the Information

All value transfer originator and value transfer beneficiary information collected by the ordering institution shall be immediately and securely submitted to the beneficiary institution.

"Immediately" means that the information collected by the ordering institution should be submitted to the beneficiary institution simultaneously or concurrent with the value transfer.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) Before effecting a value transfer, every payment service provider that is an ordering institution shall ⎯

(a) identify the value transfer originator and take reasonable measures to verify the value transfer originator’s identity, as the case may be (if the payment service provider has not already done so); and

(b) record adequate details of the value transfer so as to permit its reconstruction, including but not limited to, the date of the value transfer, the type and value of digital payment token(s) transferred and the value date.

2) Ordering institution shall transfer the required information (Section Scope of the PII).

3) A payment service provider should monitor payment messages to and from higher risk countries or jurisdictions, as well as transactions with higher risk countries or jurisdictions and suspend or reject payment messages or transactions with sanctioned parties or countries or jurisdictions. Where name screening checks confirm that the value transfer originator or value transfer beneficiary is a terrorist or terrorist entity, the requirement for the payment service provider to block, reject or freeze assets of these terrorists or terrorist entities cannot be risk-based. Where there are positive hits arising from name screening checks, they should be escalated to the AML/CFT compliance function. The decision to approve or reject the receipt or release of the value transfer should be made at an appropriate level and documented.

4) A payment service provider that is a beneficiary institution shall take reasonable measures, including post-event monitoring or real-time monitoring where feasible, to identify value transfers that lack the required value transfer originator or required value transfer beneficiary information.

5) A payment service provider that is a beneficiary institution shall implement appropriate internal risk-based policies, procedures and controls for determining ⎯

(a) when to execute, reject, or suspend a value transfer lacking required value transfer originator or value transfer beneficiary information; and

(b) the appropriate follow-up action.

6) For a payment service provider that controls both the ordering institution and the beneficiary institution, it shall ⎯

(a) take into account all the information from both the ordering institution and the beneficiary institution in order to determine whether an STR has to be filed; and

(b) where applicable, file an STR in any country or jurisdiction affected by the value transfer, and make transaction information available to the relevant authorities.

7) The procedures in relation to unhosted wallets are specified in section "VA transfer in case unhosted wallets or person other than a VASP"

Batch file transfer

“Batch transfer” means a transfer comprising a number of individual value transfers that are sent by a value transfer originator to the same financial institutions, irrespective of whether the individual value transfers are intended ultimately for one or more value transfer beneficiaries.

Where several individual value transfers from a single value transfer originator are bundled in a batch file for transmission to value transfer beneficiaries, a payment service provider shall ensure that the batch transfer file contains:

(a) the value transfer originator information required by paragraph 2 from the Section "Scope of the PII" (13.6 from the Notice) and which has been verified; and

(b) the value transfer beneficiary information required by paragraph 2 from the Section "Scope of the PII" (13.6 from the Notice), which are fully traceable within the beneficiary country or jurisdiction.

Procedure for inaccurate, incomplete information

A payment service provider that is a beneficiary institution shall implement appropriate internal risk-based policies, procedures and controls for determining:

• when to execute, reject, or suspend a value transfer lacking required value transfer originator or value transfer beneficiary information; and
• the appropriate follow-up action.

Record retention

A payment service provider shall comply with the following record retention periods:

(a) for CDD information relating to the business relations, value transfers, transactions undertaken without an account being opened as well as account files, business correspondence and results of any analysis undertaken, a period of at least 5 years following the termination of such business relations or completion of such value transfers or transactions; and

(b) for data, documents and information relating to a transaction, including any information needed to explain and reconstruct the transaction, a period of at least 5 years following the completion of the transaction.

Notes

A payment service provider that is an intermediary institution shall retain all the information accompanying the value transfer.

Where a payment service provider that is an intermediary institution effects a value transfer to another intermediary institution or a beneficiary institution, the payment service provider shall immediately and securely provide the information accompanying the value transfer, to that other intermediary institution or beneficiary institution.

Where technical limitations prevent the required value transfer originator or value transfer beneficiary information accompanying a value transfer from remaining with a related value transfer, a record shall be kept, for at least five years, by the receiving intermediary institution of all the information received from the ordering institution or another intermediary institution.

An intermediary institution shall take reasonable measures, which are consistent with straight-through processing, to identify value transfers that lack the required value transfer originator or value transfer beneficiary information.

An intermediary institution shall implement appropriate internal risk-based policies, procedures and controls for determining:

(a) when to execute, reject, or suspend a value transfer lacking required value transfer originator or value transfer beneficiary information; and

(b) the appropriate follow-up action.

Status

Not in force.

Regulation

Directive 9 concerning the implementation of the "Travel Rule" relating to crypto asset transfers in accordance with the Financial Action Task Force Recommendations

Enforcement/application date

TBD

Threshold

A consultation was held. We will update the details as soon as the final document is released.

VASP Due Diligence

Data to be shared

Domestic vs cross-border transfers

Self-hosted wallet verification

Status

In force.

Regulation

Act on reporting and using specified financial transaction information (1) with enforcement decree (2)

Enforcement/application date

March 25, 2022

Threshold

KRW 1,000,000

VASP Due Diligence

No requirement.

Data to be shared

Originator:

a) Full name (or name of the corporation or organization and the name of the representative);

b) Virtual asset addresses.

Beneficiary:

c) Full name (or name of the corporation or organization and the name of the representative);

d) Virtual asset addresses.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Application of requirements

The travel rule under the Act applies only when a transfer of virtual asset occurs between VASPs.

Time and way to share the Information

Information under subparagraph 1 from the Section "Scope of the PII" shall be provided together in the case of transfer of virtual assets, and information under subparagraph 2 shall be provided within three business days from the date of request for information provision.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

A virtual asset business entity that transfers virtual assets shall provide the information from the Section "Scope of the PII" to the virtual asset business entity to which the virtual asset is transferred.

Batch file transfer

No information.

Procedure for inaccurate, incomplete information

No information.

Record retention

VASPs are obligated to keep relevant user information on senders and receivers for five years from the time of termination of transactions.

Notes

No additional information.

Status

In force.

Regulation

1. AMLO-FINMA

2. FINMA guidance 02/2019 "payments on the blockchain"

Enforcement/application date

January 1, 2020

Threshold

No threshold.

VASP Due Diligence

No requirement.

Data to be shared

Originator:

a) Full name;

b) Account number (or transaction-related reference number);

c) Address (or date and place of birth, the client number or the national identity number of the client).

Beneficiary:

d) Full name;

e) Account number (or transaction-related reference number).

Domestic vs cross-border transfers

There is a difference.

Domestic: b), e), but other data should be provided within 3 days after request.

Cross-border: a), b), c), d), e).

Self-hosted wallet verification

Required.

Application of requirements

In the case of payment orders.

Time and way to share the Information

AMLO-FINMA does not express the time to share explicitly.

However, FINMA Guidance 02/2019 indicates, that Article 10 AMLO-FINMA requires that information about the client and the beneficiary be transmitted with payment orders*.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) The originator's financial intermediary shall provide particular data specified in the Section "Scope of the PII", taking into account rules for cross-border and domestic transfers.

2) The financial intermediary shall ensure that the details of the originator are accurate and complete and that the details of the beneficiary are complete as well.

3) The financial intermediary must identify the contracting party (client) if a transaction with a virtual currency or several such transactions that appear to be linked to each other reach or exceed the amount of 1000 francs, provided that these transactions do not constitute transfers of money and value and there is no permanent business relationship associated with these transactions. In the case of cash payments or the acceptance of other anonymous means of payment for the sale or purchase of virtual currencies, it takes technical precautions to avoid exceeding the threshold referred to in paragraph 1 by interconnected transactions within 30 days. It may waive the identification of the contracting party if it has carried out further transactions for the same contracting party and has ensured that the contracting party is the person who has already been identified in the first transaction. It must identify the contracting party in any case if there are suspicions of possible money laundering or terrorist financing.

4) According to FINMA Guidance, the financial intermediary receiving this information then has the opportunity to check the name of the sender against sanction lists.

5) The financial intermediary informs the client in an appropriate manner about the disclosure of his or her details in payment transactions.

6) The financial intermediary of the beneficiary person determines how it proceeds when it receives payment orders that contain incomplete information about the client or the beneficiary. It should be risk-oriented.

7) The procedures in relation to unhosted wallets are specified in section "VA transfer in case unhosted wallets or person other than a VASP"

Batch file transfer

No information.

Procedure for inaccurate, incomplete information

According to FINMA Guidance, the beneficiary's financial intermediary decide whether it should return the payment in the event of discrepancies.

The beneficiary's financial intermediary shall define how to proceed upon reception of payment orders containing incomplete information of the client (originator) or beneficiary. The financial intermediary shall take a risk-based approach.

Record retention

The retention period is at least 10 years.

Notes

*It is not necessary for the information to be transmitted on the blockchain. Transmission can take place via other communication channels.

Status

No information. Request was sent.

Regulation

Regulations Governing Anti-Money Laundering and Countering the Financing of Terrorism for Enterprises Handling Virtual Currency Platform or Transaction

Enforcement/application date

The effective date of Article 7 (in relation travel rule) shall be specified by the FSC.

The current status is undefined.

Threshold

No information.

VASP Due Diligence

Required.

Data to be shared

Originator:

a) Full name;

b) Information on the wallet used;

One of the following information:

c) Number of official identity document.;

d) Address;

e) Date and place of birth.

Beneficiary:

f) Full name;

g) Information on the wallet used.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Application of requirements

The obligation applies when transfer of virtual assets.

Time and way to share the Information

The information should be submitted immediately and securely to the enterprise serving as the beneficiary party.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) The enterprise shall obtain required and accurate information on the customer transferring the virtual currency (the originator) and required information on the customer receiving the virtual currency (the beneficiary). It shall hold previously acquired information in accordance with Article 10 of the Regulation, and submit the aforementioned information immediately and securely to the enterprise serving as the beneficiary party. Law enforcement authorities should be able to compel immediate production or such information and the enterprise shall respond accordingly.

2) Where the enterprise fails to conduct the transfer, it is not allowed to process the virtual currency transfer.

3) Where the enterprise serves as the beneficiary party of virtual currency transfers, it shall comply with the following provisions:

a) Take reasonable measures to identify virtual currency transfers that lack the required information.

b) Have risk-based policies and procedures for determining when to execute, reject, or suspend a virtual currency transfer that lacks the required information and the appropriate follow-up actions.

c) Maintain the information on the originator and beneficiary in accordance with Article 10 of the Regulation (please see Section "Retention Period").

4) The enterprise shall establish policies and procedures for watch list filtering, based on a risk-based approach, to detect, match and filter whether customers, beneficial owners or connected parties of the customers are individuals, legal persons or organizations sanctioned under the Counter-Terrorism Financing Act or terrorists or terrorist groups identified or investigated by a foreign government or an international organization.

Batch file transfer

No information.

Procedure for inaccurate, incomplete information

Where the enterprise serves as the beneficiary party of virtual currency transfers, it shall comply with the following provisions:

a) Take reasonable measures to identify virtual currency transfers that lack the required information.

b) Have risk-based policies and procedures for determining when to execute, reject, or suspend a virtual currency transfer that lacks the required information and the appropriate follow-up actions.

Record retention

The enterprise shall keep records on all business relations and transactions with its customers in hard copy or electronic form and in accordance with the following provisions:

1) The enterprise shall maintain all necessary records on domestic and international transactions for at least five years or a longer period as otherwise required by law.

2) The enterprise shall keep all the following information for at least five years or a longer period as otherwise required by law after the business relationship is ended, or after the date of the occasional transactions:

(1) All records obtained through CDD measures, such as copies or records of passports, identity cards, driving licenses or other similar official identification documents.

(2) Contract document files.

(3) Business correspondence, including information on the background and purpose obtained from inquiries to complex, unusual large transactions and the results of any analysis undertaken.

3) Transaction records maintained by the enterprise shall be sufficient to reconstruct individual transactions so as to provide, if necessary, evidence of criminal activity.

4) The enterprise shall ensure that transaction records and CDD information will be available swiftly to the competent authorities when such requests are made with appropriate authority.

Notes

No additional information.

Status

In force.

Regulation

Guidance – Regulation of Virtual Asset Activities in ADGM (VER05.181223)

AML 10.3 AML 10.3 Wire transfers and the Travel Rule

Enforcement/application date

December 21, 2023

Threshold

No threshold.

VASP Due Diligence

Required.

Data to be shared

Originator:

a) Full name;

b) Account number (or unique trnasaction reference number);

c) Address; national identity number; travel document number; customer identification number; or, date and place of birth.

Beneficiary:

d) Full name;

e) Account number (or a unique transaction reference number).

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Status

In force.

Regulation

AML 9.3 Electronic fund transfers

AML 9.3A Additional requirements for Crypto Token transfers

AML 9.3B Additional requirements for NFT and Utility Token transfers

Enforcement/application date

June 3, 2024

Threshold

USD 1,000

VASP Due Diligence

Required when value of $ 1,000 or more.

Data to be shared

Originator:

a) Full name;

b) Account number (or a unique reference number).

One of the following:

c) Address;

d) National identity number (such as identity card number or passport number);

e) Customer Identification number;

f) date and place of birth;

Beneficiary:

g) Full name;

h) Account number.

Domestic vs cross-border transfers

There is a difference.

Domestic: a), b), one of c), d), e), f) or b) but other data should be provided within 3 days after request.

Cross-border:

• If less than USD 1,000: a), b), g), h);
• If more than USD 1,000: a), b), one of c), d), e), f), and g), h).

Self-hosted wallet verification

No requirement.

Status

In force.

Regulation

3. VARA Rulebook

Virtual Assets and Related Activities Regulation 2023

Enforcement/application date

February 7, 2023

Threshold

AED 3,500

VASP Due Diligence

Required.

Data to be shared

Originator:

a) Full name;

b) Account number or VA Wallet address;

c) Residential or business address.

Beneficiary:

d) Full name;

e) Account number or VA Wallet address.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Status

In force.

Regulation

1. Amendment of Cabinet Resolution No. (24) of 2022

2. Cabinet Decision No. 10 of 2019

Enforcement/application date

March 31, 2022

Threshold

AED 3,500

VASP Due Diligence

No requirement.

Data to be shared

Originator:

a) Full name;

b) Account number (or a unique transaction reference number);

c) Address; identity number or travel document; date and place of birth.

Beneficiary:

d) Full name;

e) Account number (or a unique transaction reference number).

Domestic vs cross-border transfers

There is a difference.

Domestic: a), b), c) unless this information can be made available by other means. If it's possible, provide b), but other data should be provided within 3 days after request.

Cross-border:

• If more than AED 3,500: a), b), c), d), e);
• If less than AED 3,500: a), b), c), d), e) but without the need to verify the accuracy of the data referred to, unless there are suspicions about committing a crime.

Self-hosted wallet verification

No requirement.

Application of requirements

According to Amendments of Cabinet Resolution No.(24), Virtual asset service providers must comply with the provisions of Articles (5-9), (1/15/12), and (16, 1/17, 1/18, 19–32), (35, 38, 39), and (60) of the decision.

Articles 27-30 of the Cabinet Decision No. 10 of 2019 are devoted to wire transfers.

VA Transfers.

Time and way to share the Information

The information should be transferred immediately and securely.

Prior to initiating any transfer of Virtual Assets.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) Ordering institution must transfer information specified in Section "Scope of the PII" to the beneficiary institution.

2) For cross-border VA transfers of AED 3,500 or more, a Beneficiary VASP shall verify the identity of the beneficiary, if the identity has not been previously verified. VASPs shall ensure that all cross-border VA transfers less than AED 3,500 are always accompanied by the data specified in Section "Scope of the PII", without the need to verify the accuracy of the data referred to, unless there are suspicions about committing the Crime.

3) Beneficiary VASPs shall take reasonable measures, to identify cross-border VA transfers that lack required originator information or required beneficiary information, which may include real-time monitoring where feasible or post-event monitoring.

4) Beneficiary VASPs shall take reasonable measures, to identify cross-border VA transfers that lack required originator information or required beneficiary information, which may include real-time monitoring where feasible or post-event monitoring. Beneficiary VASPs shall have risk-based policies and procedures determining when to execute, reject, or suspend a wire transfer lacking required originator or required beneficiary information; and for determining the appropriate follow-up action.

5) In the case of a provider of money or value transfer services that controls both the ordering and the beneficiary side of a cross-border VA transfer, the provider of money or value transfer services shall:

(a) Take into account all information from both the ordering and beneficiary sides in order to determine whether an STR is to be filed; and

(b) If it is decided to file STR regarding the Transaction, the STR shall be sent to the Financial Intelligence Unit in the relevant country, attaching all relevant transaction information.

6) Financial institutions shall not carry out wire transfers if they fail to comply with the conditions of set out in Article 27 of the Cabinet Decision.

1) Prior to initiating any transfer of Virtual Assets with an equivalent value exceeding AED 3,500, VASPs must obtain and hold required and accurate originator information and required beneficiary information and make it available on request to VARA and/or other appropriate authorities.

2) Prior to permitting any clients access to Virtual Assets received from a transfer with an equivalent value exceeding AED 3,500, a beneficiary VASP must obtain and hold required originator information and required and accurate beneficiary information and make it available on request to VARA and/or other appropriate authorities.

3) In complying with the Travel Rule, VASPs must consider how they will handle the risks associated with—

a) deposits or withdrawals [including those which are compliant with the Travel Rule and those which are not];

b) non-obliged entities [i.e. unhosted VA Wallets]; and

c) Anonymity-Enhanced Transactions.

4) VASPs shall be required to demonstrate to VARA how they comply with the Travel Rule during the licensing process and submit to VARA relevant policies and controls. VASPs should also include their plan to comply with the Travel Rule with virtual asset service providers in jurisdictions where the Travel Rule is not a legislative requirement [i.e. the “sunrise issue”].

5) In implementing policies and controls to comply with the Travel Rule and AML/CFT Rules, VASPs shall be guided by FATF Interpretive Note to Recommendation 15 and all applicable laws, regulatory requirements and guidelines as may be in force from time to time. VASPs must monitor for any transaction or series of transactions that seeks to circumvent any regulatory thresholds to bypass Travel Rule requirements.

6) VARA may require VASPs to report on their compliance with the Travel Rule and the effectiveness of their implementing policies and controls, at any time.

Batch file transfer

In the event that several individual cross-border VA transfers from a single originator are bundled in a batch file for transmission to beneficiaries, the batch file shall contain required and accurate originator information, and full beneficiary information, that is fully traceable within the beneficiary country; and the financial institution shall be required to include the originator’s account number or unique transaction reference number.

No information.

In implementing policies and controls to comply with the Travel Rule and AML/CFT Rules, VASPs shall be guided by FATF Interpretive Note to Recommendation 15 and all applicable laws, regulatory requirements and guidelines as may be in force from time to time.

Procedure for inaccurate, incomplete information

Beneficiary VASPs shall take reasonable measures, to identify cross-border wire transfers that lack required originator information or required beneficiary information, which may include real-time monitoring where feasible or post-event monitoring.

Beneficiary VASPs shall have risk-based policies and procedures determining when to execute, reject, or suspend a wire transfer lacking required originator or required beneficiary information; and for determining the appropriate follow-up action.

No information.

In implementing policies and controls to comply with the Travel Rule and AML/CFT Rules, VASPs shall be guided by FATF Interpretive Note to Recommendation 15 and all applicable laws, regulatory requirements and guidelines as may be in force from time to time.

Record retention

VASPs shall maintain all records, documents, data and statistics for all financial transactions and local or international commercial and cash transactions for a period of no less than five years from the date of completion of the transaction or termination of the business relationship with the Customer.

No information.

In implementing policies and controls to comply with the Travel Rule and AML/CFT Rules, VASPs shall be guided by FATF Interpretive Note to Recommendation 15 and all applicable laws, regulatory requirements and guidelines as may be in force from time to time.

Notes

An intermediary VAPs shall ensure that all originator and beneficiary information that accompanies a VA transfer is retained with it for cross-border VA transfers.

Where technical limitations prevent the required originator or beneficiary information accompanying a cross-border VA transfer from remaining with a related domestic VA transfer, the Intermediary VASP shall keep a record of all the information received from the ordering financial institution or another cross-border Intermediary VASP, in accordance with the provisions of Article (24) of the Decision.

Intermediary VASPs shall take reasonable measures, which are consistent with straight- through processing, to identify cross-border VA transfers that lack required originator information or required beneficiary information and shall have risk-based policies and procedures for determining when to execute, reject, or suspend a wire transfer; and the appropriate follow-up action.

No additional information.

Status

In force.

Regulation

MLR 2017 (as ammended 2022)

FCA expectations

JMLSG Guidance (Sector 22 and Sector 22 Annex I)

Enforcement/application date

September 1, 2023

Threshold

No threshold.

VASP Due Diligence

According to FCA Expectations, the firm is expected to take all reasonable steps and exercise all due diligence to comply with the Travel Rule.

Data to be shared

Originator:

a) Full name (if legal entity: registered name or trading name);

b) Account number (or the unique transaction identifier).

- Legal Entity:

(c) One of the following:

(i) the customer identification number; or

(ii) the address of the originator’s registered office, or, if different, or if there is none, its principal place of business;

- Natural Person:

(d) One of the following:

(i) the customer identification number;

(ii) the individual’s address;

(iii) the individual’s birth certificate number, passport number or national identity card number;

(iv) the individual’s date and place of birth.

Beneficiary:

e) Full name (if legal entity: registered name or trading name);

f) Account number (or the unique transaction identifier).

Domestic vs cross-border transfers

There is a difference.

Domestic: a), b), e), f); but c) and d) should be provided within 3 days after request.

Cross-border:

• If more than EUR 1,000: a), b), c), d), e), f);
• If less than EUR 1,000: a), b), e), f).

Self-hosted wallet verification

Recommended (in higher risk cases - JMLSG).

Application of requirements

The obligation applies in respect of a crypto-asset transfer which is not excluded by the law:

• This does not apply in respect of a transfer of funds within the meaning of Article 3.9 of the funds transfer regulation.
• This does not apply to a crypto-asset transfer where both the originator and the beneficiary is a crypto-asset business acting on its own behalf.

Time and way to share the Information

Under the JMLSG Guide, the provision of the required information must occur before or at the moment the transaction is completed.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) In respect of an inter-cryptoasset business transfer, the cryptoasset business of the originator must ensure that the cryptoasset transfer is accompanied by the information specified in paragraph (1) and paragraph (2) of the Section "Scope of the PII", depending on the type of transfer (domestic or international).

2) Information relating to the originator must have been verified by the cryptoasset business of the originator on the basis of documents or information in either case obtained from a reliable source which is independent of the person whose identity is being verified. A cryptoasset business of an originator must not make an inter-cryptoasset business transfer before ensuring full compliance with the regulation.

3) When a cryptoasset business of a beneficiary receives a cryptoasset as part of an inter-cryptoasset business transfer it must, before making the cryptoasset available to the beneficiary, check whether— (a) it has received the information required by regulation to be provided; and (b) the information relating to the beneficiary corresponds with information verified by it under Part 3 of the law (customer due diligence).

4) The CB of the originator may consider executing the transfer after the CB of the beneficiary has checked that the beneficiary information corresponds with verification of its CDD, if it does not unduly impact time required to complete the transaction, is in line with its procedures, and in keeping with a risk-based approach.

5) Where the cryptoasset business of the beneficiary becomes aware that any information required by regulation to be provided is missing or does not correspond with information verified by it under Part 3, the cryptoasset business of the beneficiary must— (a) request the cryptoasset business of the originator to provide the missing information; (b) consider whether to make enquiries as to any discrepancy between information received and information verified by it under Part 3; and (c) consider whether to apply action from the Section "Procedure for inaccurate, incomplete information".

6) Recipient CBs should ensure that they have taken all reasonable steps to determine the jurisdiction of the originator CBs, especially where the CB may have group entities trading under similar names in other or multiple jurisdictions.

7) Under the JMLSG Guide, Crypto businesses (CBs) should adopt a risk-based approach in attributing wallets. All reasonable steps should be taken to identify the counterparty and whether a wallet is hosted or unhosted. Steps taken should also be proportionate to the size and nature of the business and could include, but are not limited to, the following:

• Blockchain analysis where appropriate (see para 40);
• Query the wallet address using discoverability methods provided by the TR solution being used by the CB;
• Consult the CB’s own address book;
• Obtain information on the wallet status and/or identity of the CB from the beneficiary. The procedures in relation to unhosted wallets are specified in section "VA transfer in case unhosted wallets or person other than a VASP". CBs should consider rescreening wallets as part of their ongoing and wider compliance systems and controls.

8) The cryptoasset business of a beneficiary must report to the FCA repeated failure by a cryptoasset business to provide any information required by regulation as well as any steps the cryptoasset business of the beneficiary has taken in respect of such failures.

9) A cryptoasset business must respond fully and without delay to a request in writing from a law enforcement authority for any information held in connection with this requirement which that authority reasonably requires in connection with the authority’s functions.

10) A CB should note its obligations in terms of the MLRs (Reg 41) and the Data Protection Act 2018.

11) Under the FCA recommendations, when sending a cryptoasset transfer to a jurisdiction without the Travel Rule, CBs have to:

• Take all reasonable steps to establish whether the firm can receive the required information.
• If the firm cannot receive the necessary information, the UK cryptoasset business must still collect and verify the information as required by the Money Laundering Regulations (MLRs) and should store that information before making the cryptoasset transfer.

When receiving a cryptoasset transfer from a jurisdiction without the Travel Rule:

• If the cryptoasset transfer has missing or incomplete information, UK cryptoasset businesses must consider the countries in which the firm operates and the status of the Travel Rule in those countries.
• The UK cryptoasset business should take these factors into account when making a risk-based assessment of whether to make the cryptoassets available to the beneficiary.

Batch file transfer

In the case of a batch file transfer where the cryptoasset business of the beneficiary is carrying on business wholly outside the United Kingdom, paragraphs (1) from the Section "Scope of the PII" and (2) from the Section "the presence of differences in domestic and cross-border transfers" do not apply to each of the individual business transfers, provided that—

(a)the batch is accompanied by the information required by paragraphs (1) and (2) from the Section "scope of the PII"; and

(b)each individual transfer within the batch is accompanied by the account number of the originator, or if there is no account number, the unique transaction identifier.

Under the JMLSG Guide, where the crypto business (CB) of the beneficiary is carrying on business wholly outside the UK (ie. it is not in scope of the MLRs Regs 8 and 9) information on the batch must be submitted securely and simultaneously with the transfer. A batch file transfer is a bundle of individual inter-cryptoasset business transfers from a single originator. The TR applies to each of the underlying transfers forming the bundle. The information must be verified by the CB of the originator on the basis of reliability and independence.

Procedure for inaccurate, incomplete information

Where the crypto-asset business of the beneficiary becomes aware that any information required by regulation to be provided is missing or does not correspond with information verified by it under Part 3 (customer due diligence), the crypto-asset business of the beneficiary must consider whether:

• to delay making the crypto asset available to the beneficiary until the information is received or any discrepancy resolved; and
• if the information is not received or discrepancy resolved within a reasonable time, to return the crypto asset to the crypto-asset business of the originator.

In deciding what action to take the crypto-asset business must have regard to:

(a) the risk assessments carried out by the crypto-asset business under regulations 18(1) (risk assessment by relevant persons) and 18A(1) (risk assessment by relevant persons in relation to proliferation financing); and

(b) its assessment of the level of risk of money laundering, terrorist financing and proliferation financing arising from the inter-cryptoasset business transfer.

In assessing the level of risk, the crypto-asset business must take account of factors including:

(a) the purpose and nature of its business relationship with the beneficiary and of the inter-cryptoasset business transfer;

(b) the value of the inter-cryptoasset business transfer and any crypto-asset transfer which appears to be linked;

(c) the frequency of crypto-asset transfers made by or to the beneficiary via the crypto-asset business of the beneficiary; and

(d) the duration of its business relationship with the beneficiary.

The crypto-asset business of a beneficiary must report to the FCA repeated failure by a crypto-asset business to provide any information required as well as any steps the crypto-asset business of the beneficiary has taken in respect of such failures.

Record retention

Retention period is 5 years (according to AML act).

Notes

“Inter-cryptoasset business transfer” means a transaction carried out by two or more cryptoasset businesses which involves the making available of a cryptoasset of an originator to a beneficiary, provided that at least one of the cryptoasset businesses involved in the transaction is carrying on business in the United Kingdom in respect of the transaction (whether that is a cryptoasset business acting for the originator or a cryptoasset business acting for the beneficiary or an intermediary cryptoasset business).

Rules for intermediaries:

1) Missing information

When an intermediary cryptoasset business receives a cryptoasset as part of an inter-cryptoasset business transfer it must, before further transferring the cryptoasset, check whether it has received the information required by regulation to be provided.

Where an intermediary cryptoasset business becomes aware that any information required by regulation to be provided is missing, the intermediary cryptoasset business must:

(a) request the cryptoasset business from which it received the transfer to provide the missing information; and

(b) consider whether—

• to delay the onward transfer of the cryptoasset until the information is received; and
• if the information is not received within a reasonable time, to return the cryptoasset to the cryptoasset business from which it was received.

In deciding what action to take an intermediary cryptoasset business must have regard to the risk assessments carried out by the intermediary cryptoasset business and its assessment of the level of risk of money laundering, terrorist financing and proliferation financing arising from the inter-cryptoasset business transfer.

In assessing the level of risk the intermediary cryptoasset business must take account of factors including: (a) the purpose and nature of the business relationship with its customer cryptoasset business, and of the inter-cryptoasset business transfer; and

(b) the value of the inter-cryptoasset business transfer and any cryptoasset transfer which appears to be linked.

An intermediary cryptoasset business must report to the FCA repeated failure by a cryptoasset business to provide any information required by regulation as well as any steps the intermediary cryptoasset business has taken in respect of such failures.

2) Retention of information with an inter-cryptoasset business transfer

An intermediary cryptoasset business must—

(a) ensure that all the information that is provided in relation to an inter-cryptoasset business transfer pursuant to regulation, including any that is requested to be provided before the transfer is made under the previous rule (regulation 64E(2)(a)), also accompanies the onward transfer (whether to another intermediary cryptoasset business or to the cryptoasset business of the beneficiary); and

(b) send on to the relevant cryptoasset business, as soon as practicable, any information requested under the previous rule (under regulation 64E(2)(a)) which is received after it has transferred the cryptoasset to the relevant cryptoasset business.

Status

In force.

Regulation

FinCEN Guidelines 2019

31 CFR § 1010.410 (e),(f)

Enforcement/application date

2013

Threshold

USD 3,000 or its equivalent in CVC.

VASP Due Diligence

No requirement.

Data to be shared

Originator:

a) Full name;

b) Account number;

c) Address;

d) Amount of the transmittal order;

e) Execution date of the transmittal order.

Beneficiary:

f) Identity of the financial institution;

g) Full name and address;

h) Account number;

i) Any other specific identifier.

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Application of requirements

To the extent that any of the money transmitter’s transactions constitute a “transmittal of funds” under FinCEN’s regulations, then the money transmitter must also comply with the “Funds Transfer Rule” and the “Funds Travel Rule.”

Because a transmittal order involving CVC is an instruction to pay “a determinable amount of money,” transactions involving CVC qualify as transmittals of funds, and thus may fall within the Funds Travel Rule.

Time and way to share the Information

The money transmitter must obtain or provide the required regulatory information either before or at the time of the transmittal of value, regardless of how a money transmitter sets up their system for clearing and settling transactions, including those involving CVC.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) A transmittor's financial institution shall include in a transmittal order, at the time it is sent to a receiving financial institution, the information from the Section "Scope of the PII".

2) Each financial institution filters the watch list in sanction and reports suspicious transactions immediately if necessary, according to BSA.

Batch file transfer

No information.

Procedure for inaccurate, incomplete information

No information.

Record retention

Financial institution have to keep records — at least 5 years.

Notes

A receiving financial institution that acts as an intermediary financial institution, if it accepts a transmittal order, shall include in a corresponding transmittal order at the time it is sent to the next receiving financial institution, the information specified in Section "Scope of the PII" , if received from the sender.

Status

In force.

Regulation

Normas relativas a la administración y fiscalización de los riesgos relacionados con la legitimación de capitales, el financiamiento del terrorismo y el financiamiento de la proliferación de armas de destrucción masiva, aplicables a los proveedores de servicios de activos virtuales y a las personas y entidades que proporcionen productos y servicios a través de actividades que involucren activos virtuales, en el Sistema Integral de Criptoactivos

Enforcement/application date

2021

Threshold

EUR 1,000 or its equivalent in local currency.

VASP Due Diligence

No requirement.

Data to be shared

Originator:

a) Full name;

b) Account number or virtual wallet (or a unique reference number);

c) Address or national identity number or the client's identification number or the date and place of his birth.

Beneficiary:

d) Full name;

e) Account number or virtual wallet (or a unique reference number).

Domestic vs cross-border transfers

No difference.

Self-hosted wallet verification

No requirement.

Application of requirements

The rules apply when making transfers of virtual assets.

Time and way to share the Information

The Obliged Subjects must immediately and securely transmit the required information of the originator and the beneficiary.

This required information must be submitted simultaneously, or concurrently, with the actual transfer of the virtual asset.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) Both the Regulated Entity ordering the transfer, and the Regulated Entity beneficiary of the same, must keep this required information and both must take the measures to freeze without delay funds and virtual assets that are owned or controlled or that are available, directly or indirectly, or for the benefit of persons and entities designated by the United Nations Security Council Resolutions that urge member states to prevent and suppress the financing of terrorism and the financing of the proliferation of weapons of mass destruction. The UNIF must be informed about the frozen funds and virtual assets, as well as the actions carried out in compliance with said Resolutions.

2) If during the establishment or in the course of the business relationship or when transactions are carried out, the Reporting Entity suspects or has reasonable grounds to suspect that the transactions are related to ML/FT/FPWMD, or there are doubts about the veracity or adequacy of the customer identification data obtained, an attempt should be made to identify and verify the identity of the customer and the final beneficiary, regardless of the threshold designated, and make a Suspicious Activity Report to the UNIF.

Batch file transfer

No information.

Procedure for inaccurate, incomplete information

No information.

Record retention

Retention period is at least 5 years.

Notes

The intermediary Obligated Subjects that facilitate the transfers of virtual assets as an intermediate element of a chain of transfers, they must accompany the transfer with the information of the originator, the beneficiary and ensure that this required information is transmitted throughout the chain of transfers, and must maintain its record.

This required information from the originator and the beneficiary does not need to be communicated as part (as incorporated) of the transfer in the blockchain or other distributed registry platform, the sending of this required information, to the beneficiary Regulated Entity, can be by a process totally different from the of the chain of blocks and distributed ledger, being that any technology, software solution or tool is acceptable, as long as it allows compliance with this obligation in an effective, immediate and secure manner.

The intermediary Obligated Subjects must identify and report suspicious transactions, take freezing measures and avoid transactions or operations with persons and entities designated by the United Nations Security Council Resolutions that urge Member States to prevent the Financing of Terrorism and of the Proliferation of Weapons of Mass Destruction.

Status

In force.

Regulation

Financial Intelligence Centre Amendment Act 16 of 2020

Notice on Regulations Prescribing Thresholds

Enforcement/application date

2020

Threshold

(a)For legal persons: USD 10,000 or its equivalent in local currency;

(b)For individuals: USD 5,000 or its equivalent in local currency.

VASP Due Diligence

No requirement.

Data to be shared

Originator:

a) Identity of the originator;

b) Account number (or a unique reference number);

Beneficiary:

c) Identity of the beneficiary;

d) Account number (or a unique reference number).

Domestic vs cross-border transfers

There is a difference.

Domestic: b), d) if this information can be made available by other means, but other data should be provided within 3 days after request.

Cross border: a), b), c), d).

Self-hosted wallet verification

No requirement.

Application of requirements

In 2020, the virtual asset service procider was included in the term of financial service provider: “ financial service provider ” has the meaning assigned to the words in the Banking and Financial Services Act, 2017 and includes a virtual asset service provider.

Subsections (1) and (2) of the Article 26 (wire thansfer) do not apply to transfers executed as a result of credit card or debit card transactions or to transfers between financial service providers acting for their own account, except that the credit card or debit card number accompanies the transfer resulting from the transaction.

Time and way to share the Information

No information.

The main actions required

(For detailed information, see the respective act. If any requirements in a particular jurisdiction are not listed in the section, compared to another jurisdiction, then the relevant information is not specified in the legislation).

1) A financial service provider undertaking a wire transfer equal to, or above, a prescribed threshold shall—

(a) identify and verify the identity of the originator

(b) obtain and maintain information on the identity of the beneficiary

(c) obtain and maintain the account number of the originator and beneficiary, or in the absence of an account number, a unique reference number

(d) obtain and maintain the originator’s address or, in the absence of address, the national identity number, or date and place of birth, and

(e) include information from paragraphs (a) to (c) in the message or payment form accompanying the transfer

Despite the requirements of subsection (1), a financial service provider is not required to verify the identity of a customer with which that financial service provider has an existing business relationship and where the financial service provider is satisfied that it already knows and has verified the true identity of the customer.

2) A beneficiary financial service provider shall take reasonable measures specified in the Section "Procedure for inaccurate, incomplete information".

3) A money or value transfer service provider shall, in the case of a money or value transfer service provider that controls both the ordering and the beneficiary side of a wire transfer—

(a) take into account all the information from both the ordering and beneficiary sides in order to determine whether the wire transfer has to be reported, and

(b) submit a suspicious transaction report in any country affected by the suspicious wire transfer, and make relevant transaction information available to the Centre

4) Where a financial service provider under subsection (1) receives wire transfers that do not contain the complete originator information required under that subsection, that financial service provider shall take measures to obtain and verify the missing information from the ordering institution or the beneficiary.

5) A financial service provider shall, where it fails to obtain any missing information, refuse acceptance of the transfer and report the transfer to the Centre.

Batch file transfer

Where several individual cross border wire transfers from a single originator are bundled in a batch file for transmission to beneficiaries, the batch file should contain required and accurate originator information, and full beneficiary information, that is fully traceable within the beneficiary country, and the financial service provider shall include the originator’s account number or unique transaction reference number.

Procedure for inaccurate, incomplete information

A beneficiary financial service provider shall take reasonable measures, including, where feasible, post event monitoring or real time monitoring to identify cross border wire transfers that lack required originator information or required beneficiary information.

A beneficiary financial service provider shall develop and implement risk based policies and procedures for determining—

(a) when to execute, reject, or suspend a wire transfer lacking required originator or required beneficiary information, and

(b) the appropriate follow up action

Record retention

Retention period is not less than ten (10) years.

Notes

Where a financial service provider acts as an intermediary in a chain of payments, it shall retransmit all of the information it received with the wire transfer and any other information that may be necessary to identify the originator and beneficiary.

An intermediary financial service provider shall develop and implement risk based policies and procedures for determining—

(a) when to execute, reject, or suspend a wire transfer lacking required originator or required beneficiary information, and

(b) the appropriate follow up action