The implementation of the FATF Travel Rule to VASPs in India

The  Financial Action Task Force (FATF) Travel Rule or just Travel Rule is the common name for FATF Recommendation 16 on combating money laundering. The Travel Rule requires businesses to collect and share the personal data of participants in a transaction. Initially applied to only banking institutions, in June 2019, the FATF extended this rule to crypto companies, terming them Virtual Asset Service Providers (VASPs).

FATF mutual evaluations are in-depth country reports analyzing the implementation and effectiveness of measures to combat money laundering and countering terrorist financing (AML/CFT). In this evaluation process, the FATF also assesses the robustness of the AML/CFT guardrails for the VASPs in a country, effectively assessing if the country has implemented the Travel Rule or not.  

While the FATF doesn’t specify the method for the implementation of the Travel Rule in its detailed guidance most countries implement it by amending the domestic AML/CFT laws. The AML/CFT regime in India has matured over the last two decades with the Prevention of Money Laundering Act, 2002 (PMLA) that came into force in 2005 and was amended several times. A recent amendment on 7th March 2023 brings business activities associated with Virtual Digital Assets (VDA) under the PMLA. This was India’s implementation of the Travel Rule.

With a little more than a year since this amendment, several VASPs in India have been registered with the Financial Intelligence Unit of India (FIU-IND), and the FIU-IND also blocked web access blocked web access for several VASPs over their non-compliance to the PMLA. In this year, FATF also conducted India’s Mutual Evaluation in November 2023, and the report of this evaluation is expected to be discussed in June 2024 during the FATF Plenary and Working Group Meetings in Singapore.

What exactly is the Travel Rule?

The Travel Rule requires VASPs to share sender and recipient data with each other during transactions. As the personal data of the transacting entities “travels” along with their transfers, the recommendation is called the “Travel Rule”. Simply put, the Travel Rule requires the following information to accompany all qualifying wire transfers:

  1. The name of the originator.
  2. The originator account number where such an account is used to process the transaction.
  3. The originator’s address, national identity number, customer identification number, or date and place of birth.
  4. The name of the beneficiary; and
  5. The beneficiary account number where such an account is used to process the transaction.

In the absence of an account number, a unique transaction reference number should be included to permit traceability of the transaction. Bundled / batch transactions have similar requirements.Recommendation 16 identifies three types of participants in a transaction and gives specific instructions for the implementation of the rule to those:

  1. Ordering financial institution
  2. Intermediary financial institution
  3. Beneficiary financial institution

An intermediary financial institution acts as an ordering financial institution while initiating the transaction, and acts like a beneficiary financial institution while receiving a financial transaction, and hence must fulfill obligations placed on both types of financial institutions.

How does India comply with the Travel Rule?

As stated above, India has complied to the FATF Travel Rule by amending the Prevention of Money Laundering Act (PMLA), 2002 on 7 March 2023 to include Virtual Digital Assets - Service Providers (SP) into the ambit of the PMLA. Further to this amendment, the Financial Intelligence Unit of India (FIU-IND) came out with AML & CFT Guidelines for reporting entities providing services related to Virtual Digital Assets (Guidelines). These guidelines refer to Section 12(1)(a) of the PMLA, under which SPs should ensure to include required and accurate originator information, and required beneficiary information, on wire transfers and related messages. SPs should also monitor wire transfers to detect those which lack the required originator and/or beneficiary information and screen the transactions.

According to the guidelines, the originating SPs must obtain and hold required and accurate originator information and required beneficiary information on VDA transfers, submit the above information to the beneficiary SP or financial institution (if any) immediately and securely, and make it available on request to appropriate authorities. Beneficiary SPs must obtain, and hold required originator information and accurate beneficiary information on VDA transfers and make it available on request to appropriate authorities. This applies regardless of whether the value of the VDA transfer is denominated in fiat currency or another VDA. The guidelines further require the following information to be collected by the ordering SP and the beneficiary SP.

The required information, which the ordering SP (sender) must obtain and hold, includes:

  1. Originator’s Permanent Account Number (PAN) 
  2. Originator’s name (i.e., the sending person’s verified full name);
  3. Originator’s account number used to process the transaction. In the VDA context, this would mean the “wallet address” of the originator.
  4. Originator’s physical (geographical) address that uniquely identifies the originator to the ordering institution, or date and place of birth. Provided that such an address has been verified for accuracy by the originator SP as part of its KYC process.
  5. Beneficiary’s name (i.e., the name of the person who is identified by the originator as the receiver of the VDA transfer). This is not required to be verified by the ordering institution for accuracy, but should be reviewed for the purpose of STR monitoring and sanction screening; and 
  6. Beneficiary account number used to process the transaction. In the VDA context, this could mean the “wallet address” of the beneficiary.

The required information which the beneficiary SP must obtain from the originator SP and hold, includes:

  1. Originator’s Permanent Account Number (PAN) or National Identity Number 
  2. Originator’s name (i.e., the sending person’s name). The beneficiary institution does not need to be verify the originator’s name for accuracy but should review it for the purpose of STR monitoring and sanction screening. 
  3. Originator’s account number used to process the transaction. In the VDA context, this could mean the “wallet address” of the originator. Originator’s physical (geographical) address that uniquely identifies the originator to the ordering institution, or date and place of birth.
  4. Beneficiary’s name (i.e., the name of the person who is identified by the originator as the receiver of the VDA transfer). The beneficiary institution must verify the beneficiary’s name for accuracy, if the name of their customer has not been previously verified. Thus, the beneficiary institution can confirm if the beneficiary’s name and account number they obtain from the ordering institution match with the beneficiary institution’s verified customer data.
  5. Beneficiary’s account number used to process the transaction. In the VDA context, this could mean the “wallet address” of the beneficiary.

 

Author credits: This blog was authored by Rohan Naik, Associate, Ikigai Law

Image credit: Pixabay

Challenge
the status quo

Bringing what's next...