Menu
Member's Hub
Join us
Member sign in
Login

In the age of crypto, is FATF playing catch-up on Recommendation 16?

by Elizabeth Travis, partner, OpusDatum

Share this post

As crypto reshapes finance, the FATF’s Travel Rule struggles to keep pace—can global regulators close the gap on illicit transactions?

The Financial Action Task Force (FATF) has long been the global standard-setter for AML and CTF measures. Among its 40 Recommendations, Recommendation 16 (R.16) has been pivotal in addressing the traceability of financial transactions, requiring the inclusion of originator and beneficiary information in wire transfers to prevent misuse for illicit purposes. Yet, as the financial world evolves, particularly with the advent of cryptoassets, a key question arises: Is the FATF playing catch-up on R.16?

Recommendation 16: A quick recap

R.16, often referred to as the Travel Rule, requires financial institutions to collect, retain, and transmit specific information about the originator and beneficiary of wire transfers, including those involving virtual assets. This data must ‘travel’ with the transaction throughout its lifecycle, enabling authorities to trace and investigate suspicious activity effectively.

While this requirement has been a cornerstone of AML and CTF efforts, its implementation has traditionally focused on the banking sector, which operates within well-defined regulatory frameworks. However, the emergence of decentralised finance (DeFi), virtual asset service providers (VASPs), and borderless crypto transactions has created significant challenges for the FATF’s framework, making enforcement and compliance more complex.

Cryptoassets and the traceability gap

The explosion of cryptoassets has highlighted gaps in the original formulation and application of R.16. Unlike traditional banking, crypto transactions often involve pseudonymous addresses, decentralised platforms, and non-custodial wallets, making it far more difficult to enforce the Travel Rule. While traditional financial institutions had decades to develop systems for compliance, the crypto sector’s rapid innovation has left regulators struggling to keep pace.

In 2019, the FATF extended R.16 to include cryptoasset transfers, requiring VASPs to collect and share originator and beneficiary information. However, practical implementation has been slow, with many jurisdictions yet to adopt the updated guidance fully. Moreover, the FATF’s updated approach has faced significant challenges:

  • Technological barriers: Unlike wire transfers, crypto transactions are inherently decentralised and global. Implementing Travel Rule compliance requires the development of new technical standards and tools, many of which are still in their infancy. Emerging technical solutions, such as the Travel Rule Information Sharing Architecture (TRISA) and the InterVASP Messaging Standard (IVMS101), are still being refined and adopted unevenly across jurisdictions.
  • Jurisdictional inconsistencies: The FATF recommendations are not legally binding, and jurisdictions implement them at different paces. While countries like the UK, the EU, Switzerland, Singapore, and Japan have made significant strides in Travel Rule compliance, others have yet to introduce robust frameworks. This uneven implementation creates regulatory arbitrage opportunities, allowing illicit actors to exploit less-regulated jurisdictions.
  • Privacy concerns: Balancing transparency with user privacy has proven contentious, particularly in jurisdictions with strong data protection laws.
  • The rise of DeFi and unhosted wallets: DeFi platforms and unhosted wallets (e.g., MetaMask) fall outside the scope of many current regulatory frameworks. This makes it challenging for regulators to enforce the Travel Rule, as these platforms often operate without intermediaries. The FATF has acknowledged this issue but is still grappling with how to regulate systems that lack traditional gatekeepers.

Challenges of implementation

While the FATF has made significant strides in adapting R.16 to the realities of the digital age, critics argue that it has been reactive rather than proactive. Key indicators include:

  1. Delayed guidance: The FATF’s initial guidance on applying the Travel Rule to cryptoassets came years after the widespread adoption of Bitcoin and other cryptocurrencies.
  2. Industry-led solutions: Industry-led solutions have driven many technological innovations for Travel Rule compliance, such as messaging protocols like TRISA and OpenVASP, rather than the FATF itself. This raises questions about whether the FATF is leading or following.
  3. Speed of innovation: The crypto space evolves far faster than traditional finance, with new technologies and models (e.g., NFTs, layer-2 scaling solutions, and DAOs) constantly emerging.
  4. Cross-border coordination: Achieving consistent international enforcement of the Travel Rule requires extensive cooperation, but differing regulatory priorities and capacities among countries slow this process. Even in countries that have adopted the FATF’s updated guidance, compliance among VASPs remains inconsistent.

The FATF’s role in shaping the future

Despite these criticisms, the FATF is crucial in forging international consensus on AML and CTF standards. The organisation has engaged with industry stakeholders and updated its guidance to address emerging risks. The recent push to assess jurisdictions’ compliance with crypto-specific Travel Rule obligations is a step in the right direction. However, whether these measures are sufficient to close the traceability gap remains to be seen.

Conclusion

Elizabeth Travis, partner, OpusDatum

Is the FATF playing catch-up on R.16? The answer is nuanced. On the one hand, the FATF’s extension of the Travel Rule to cryptoassets demonstrates its commitment to modern financial crime prevention. On the other hand, the pace of technological innovation and the decentralised nature of cryptoassets have exposed significant limitations in the FATF’s traditional approach.

The UK and the EU have implemented legislation covering crypto transactions ahead of the FATF’s global guidance. This proactive stance underscores the agility of national regulators compared to the FATF’s broader, consensus-driven model.

Moving forward, the FATF must update its recommendations and focus on fostering collaboration between regulators, industry, and technology providers. By doing so, R.16 can remain a powerful tool in the fight against financial crime rather than an outdated relic struggling to keep up with a rapidly evolving digital economy.

More To Explore

The Payments Association

St Clement’s House

27 Clements Lane

London EC4N 7AE

+44 20 3540 9760
 

© Copyright 2024 The Payments Association. All Rights Reserved. The Payments Association is the trading name of Emerging Payments Ventures Limited.

Emerging Ventures Limited t/a The Payments Association; Registered in England and Wales, Company Number 06672728; VAT no. 938829859; Registered office address St. Clement’s House, 27 Clements Lane, London, England, EC4N 7AE.

PA@TheCity Non-Member Guest Policy

Follow us on

Back to main menu

Membership

Our members

Member benefits

Become a member

Merchant Community Membership

Our merchants

Join the merchant community

Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.
Sign in
Become a member
Contact us
Careers
Youtube Spotify Twitter Linkedin

Welcome

Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Haven't set up an account yet?
Having trouble logging in?

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?

E-mail us