We’ve explained how the Funds Travel Rule applies to cryptocurrency businesses, but what’s the best way to record compliance with the guidance?
To this day, no topic in bitcoin compliance causes more confusion than the Funds Travel Rule.
Though there has been significant commentary about how the Travel Rule applies to cryptocurrency and the challenges therein, most business owners and entrepreneurs still feel like they’re in the dark about what compliance with this guidance looks like in their day-to-day.
Regulators haven’t helped much in this regard. If anything, they’ve inadvertently created more panic by reminding us that the Travel Rule is nothing new and has applied to virtual currency since as far back as 2011.
Don’t think they aren’t serious about enforcing it, either. In fact, the United States Department of the Treasury’s Financial Crimes Enforcement Network FinCEN never misses an opportunity to remind us they’re watching closely.
Though Travel Rule enforcement is an inevitability, compliance with the guideline still eludes cryptos. They’re not necessarily being stubborn, either. Critics of the Travel Rule contend that fundamental technological features of cryptocurrency make Travel Rule compliance impossible.
Still, the U.S. is leading the pack in Travel Rule enforcement, which means cryptos need policies and processes in place yesterday.
So where does that leave business owners in cryptocurrency?
Scrambling to understand the rule and come up with creative ways to comply with it.
Now might be the time for some good news.
Take a deep breath.
Travel Rule compliance is possible.
Though there is no neat and tidy “easy” button for it. It’s also important to note that we’re just at the beginning of understanding Travel Rule compliance.
Related reading: The biggest compliance challenges cryptocurrency will face in 2020.
Regardless, the important thing to remember right now is that there is a deadline looming for crypto businesses to comply with the Travel Rule. So if you haven’t put those policies in place for compliance and recordkeeping, you are running out of time to meet that June 2020 date.
There are policies and procedures cryptos can put in place to comply, and best practices for logging that compliance.
In this post, we’ll mostly cover the latter, though we’ll point out other articles we’ve written on the Travel Rule along the way to help you understand the big picture.
A reminder of what the Travel Rule is
The “Travel Rule” refers to Bank Secrecy Act rule 31 CFR 103.33(g) (“Travel Rule” is something of a shorthand nickname in regulatory circles). The rule requires that a financial institution (in this case, your business) collect certain information in transactions so that you can “pass on” that information to the next financial institution. You must also retain good records of all of this information.
Related reading: The Funds Travel Rule explained for crypto.
So what does all of that mean for your typical exchange of cryptocurrency? How does this apply to a customer walking up to a bitcoin ATM you operate looking to make a purchase?
That’s where it gets complicated, and where critics argue that the Travel Rule is more a square peg than usual when it comes to cryptocurrency regulation.
Beyond the understandable privacy concerns of some activists in the bitcoin community, the 30,000-foot problem is that the architecture of bitcoin and its ecosystem weren’t built to be compatible with the regulations that apply to traditional financial transactions.
Travel Rule compliance, as many rightly point out, is practically impossible.
However, the good news for businesses that take compliance requirements seriously is that they are already doing more to adhere to the Travel Rule than they realize.
Additionally, some best practices have already emerged for complying as one can.
Related reading: We’re already doing a lot of what the Travel Rule requires
Businesses that practice robust Know Your Customer (KYC) are already gathering much of the required information about the “originating financial institution” (i.e., a customer) during customer onboarding, and blockchain analytics software exists that can identify details about the destination (i.e., owners of cryptocurrency wallet addresses).
So, what information do you need to gather for Funds Travel Rule compliance, and how do you record it?
Travel Rule due diligence and recordkeeping
The best practice prescribed right now is for financial institutions (that’s you, the business owner) to identify, to the best of their ability, whether the destination of funds is a financial institution as defined by the BSA for any transaction amount of $3,000 or more.
This means carrying out reasonable due diligence to independently verify the destination for your own records, and with respect and deference to the privacy of your customers. That is to say, this recordkeeping is for your own benefit to produce in the event of an examination by regulators or law enforcement.
Related reading: What to say about the Travel Rule during an examination.
Gathering this information takes some creativity. You can directly inquire with the customers requesting a transaction about the destination of funds, you can perform blockchain analysis, and you can also do a fair amount of open-source research.
The kind of information you want to try and get your hands on includes but is not limited to:
- Name and address of the originator
- Amount of the payment order
- Date of the payment order
- Any payment instructions
- Identity of the beneficiary’s institution
- Originator’s TIN (e.g., SSN or EIN) or, if none, the alien identification number or passport number and country of issuance, or a notation in the record of the lack thereof
- Copy or record of the method of payment for the funds transfer
- As many of the following items, as possible:
- Name and address of the beneficiary
- Account number of the beneficiary
- Any other specific identifier of the beneficiary
- Name and address of the person placing the payment order
If, in a transaction, your business is the “beneficiary,” then you need to obtain additional information from the originating institution.
This information should include:
- Name and address of the beneficiary
- The type of document reviewed
- The number of the identification document
- The beneficiary’s TIN, or, if none, the alien identification number or passport number and country of issuance, or a notation in the record of the lack thereof
- If the institution has knowledge that the person receiving the proceeds is not the beneficiary, the institution must obtain and retain a record of the beneficiary’s name and address, as well as the beneficiary’s identification
- A copy of the check or other instrument used to affect the payment, or the institution must record the information on the instrument. The institution must also record the name and address of the person to whom it was sent.
Where does all of this information go?
Into a Travel Rule Log you keep with your other records.
This part is crucial. Without tight recordkeeping, you cannot demonstrate your compliance with the Travel Rule.
We’re including a sample log you can use below. Paste the following fields into a spreadsheet or table:
Outgoing Transfer
|
|
Customer Name | |
Customer Address | |
Tax Identification Number* | |
Cryptocurrency Address | |
Funds Transfer Amount ($) | |
Date of Customer Request | |
Date of Submission to Originating Bank | |
Instructions to Originating Bank, if any | |
Beneficiary Institution | |
Beneficiary Account Number | |
Other Beneficiary Information, if any | |
Method of Payment for the Funds Transfer | |
[Your company’s] Representative Placing the Funds Transfer Order
|
|
Incoming Transfer
|
|
Customer Name | |
Customer Address | |
Tax Identification Number * | |
Number on the Identification Document | |
Identification, if Beneficiary is Not Customer | |
Cryptocurrency Address | |
Funds Transfer Amount ($) | |
Copy of check or instrument** | |
* [If none, the alien identification number or passport number and country of issuance, or a notation in the record of the lack thereof.]
** [A copy of the check or other instrument used to affect the payment, or the institution must record the information on the instrument. The institution must also record the name and address of the person to whom it was sent.]
Key takeaways for bitcoin compliance
How business owners should apply the Travel Rule to their compliance regimes remains an unclear and unsettled issue.
But, the June 2020 deadline is nearing, and financial institutions need to show that they have something in place.
There will be more best practice prescriptions and innovative solutions to come as the issue evolves, but if you’re uncertain about your company’s compliance with the Travel Rule, you can reach out to us here.
We are an AML consulting firm that specializes in regulatory compliance for cryptocurrency businesses, and are here to serve.