What is the point of the “travel rule”?

A couple of years ago, as you may have read in the Financial Times at the time, the Financial Action Task Force (FATF) extended their recommendations to include cryptocurrency exchange and wallet providers and such like, referred to as Virtual Asset Service Providers (VASPs). This meant that all countries must supervise and monitor these, and that they should apply anti-money laundering and anti-terrorist financing controls: that is, customer due diligence (CDD), suspicious transaction reporting (STR) and the “travel rule”.

The decision to apply the same travel rule on VASPs as on traditional financial institutions was greeted with some dismay in the cryptocurrency world, because it means that the service providers must collect and exchange customer information during transactions. The technically non-binding guidance on how member jurisdictions should regulate their ‘virtual asset’ marketplace included the contentious detail that whenever a user of one exchange sends cryptocurrency worth more than 1,000 dollars or euros to a user of a different exchange, the originating exchange must send identifying information about both the sender and the intended recipient to the beneficiary exchange. The information must also be recorded and made available to “appropriate authorities on request”.

This identifying information, according to the FATF Interpretive Note to Recommendation 16, should include name and account number of the originator and benefactor, the originator’s (physical) address, national identity number (or something similar) or date and place of birth. In essence, this means that personal information will be smeared all over the interweb tubes. My good friend Simon Lelieveldt, who is very well-informed and level-headed about such things, said at the time that this is a “disproportional silly measure by regulators who don’t understand blockchain technology”, which may be a little harsh even if not too far from the truth.

Anyway, some folks from the land of crypto have put together a standard for implementing the travel rule in the hope of spurring interoperability and reducing the costs for all involved. The standard, known as IVMS101, defines a uniform model for data that must be exchanged by virtual asset service providers (VASPs) alongside cryptocurrency transactions. The standard (you can download it here) will identify the senders and receivers of crypto payments, with such information “traveling” alongside the cryptocurrency transactions but along a separate path (that is, the IVMS101 messages do not themselves need the blockchain or any other crypto infrastructure).

(If you are wondering why it’s called IVMS101, it’s because the SWIFT MT101 message is the global standard request for the electronic transfer of funds from one account to another. For those of us in the payments world, MT101 is mother’s milk: mandatory Tag 20 Sender Reference, optional Tag 21 Customer Specified Reference and so on and so on. The MT101 message is used throughout the business world to send bulk payment instructions (ie, a header and multiple payment instructions in a single message). There is also the MT103 message that instructs a single transfer but this is mainly used to move funds between banks and other financial institutions such as money transfer companies.)

IVMS101 is pretty thorough and it sets out in detail what messages should be passed from (eg) one Bitcoin exchange to another, along the lines of:

if the originator is a NaturalPerson then either (
with an addressType value of GEOG or HOME or BIZZ
     and/or customerNumber
     and/or nationalIdentification
     and/or dateAndPlaceOfBirth )
is required.

This sort of thing is needed because there’s no global standard digital identity that could be attached to messages so market participants have to make do with national solutions or proxies. Nevertheless, it’s a good standard (as you’d expect when you see who wrote it) but uncharitable persons might well be asking what the point of it is because law enforcement agencies can already get this information by presenting a warrant. What the travel rule does is to, essentially, automate mass surveillance without a warrant or any other oversight and force personal information on to marketplace intermediaries (where, in my opinion, it doesn’t belong – my date and place of birth is no business of either intermediary exchanges or, indeed, the destination exchange). What’s more, since the travel rule is for value transfers between exchanges, it seems rather unlikely that it will catch any criminal flows at all.

I, for example, have a Coinbase hosted Bitcoin wallet and a Bitcoin wallet on a USB stick. If I want to send money to criminals, I will transfer it from my Coinbase wallet to my USB wallet and then from my USB wallet off via mixers to the criminal’s USB wallet and the travel rule is irrelevant. The uncharitable people mentioned earlier will undoubtedly observe that since the actual travel rule doesn’t seem to have stopped money laundering which is a massive global industry, there’s no obvious reason why the virtual travel rule will stop electronic money laundering on a similar grand scale.

Writing in this month’s Chartwell “Compass” magazine, Omar Magana hits the nail on the head with respect to the travel rule, asking if “the enforcement of a regulation that was created over 20 years ago for a fast-evolving industry, may not be the best approach”. Note that he is not arguing against regulation, he is arguing (as I do) for a form of regulation more appropriate for our age (for which I use the umbrella term “Digital Due Diligence”, or DDD) using artificial intelligence and machine learning to track, trace and connect the dots to find the bad actors.

I am genuinely curious to learn more about whether the travel rule will make the slightest difference to the money launderers, so please do let me know in the comments whether such scepticism is misguided or whether the travel rule will make the world a safer place.

2 thoughts on “What is the point of the “travel rule”?

  1. The article “A world fit for money laundering: the Atlantic alliance’s undermining of organized crime control” provides some evidence that considering the regulations at face value is probably not going to reward the researcher. Instead, one would need to dive in deeper and consider the non-stated objectives of the participants that have influence on the process.

    (On the whole I think the article not only pulled its punches but also made some questionable assumptions which undermined its message. But it seems clear that the original intent of the AML project was clearly undermined from the get-go.)

  2. It depends what model one takes of the regulatory world. If we stand back and look at the actions of the regulators, there appears to be more hidden purpose. Examples are Britain’s consistent anti-blockchain policies as explained in FCA guidance; MFSA shutting down Malta’s blockchain island project; and of course the DNB’s aggressive intervention to create a costly barrier to entry, as reported by Simon L and mentioned above.

    Simon has also pointed out the competition amongst the various national regulators to be better than best class before the Paris Schoolmaster – FATF. Both Switzerland and Britain have announced that is an actual goal.

    Meanwhile, is Libra/China’s CBDC the writing on the wall?

    BIS (as a club) stopped Libra, but could not stop the Chinese CBDC. So are they being forced into doing something they don’t want to do? What happens when the digital renminbi starts being used down the new Silk Road? They were lucky with Libra but will they be lucky a second time?

    Do CBs have to issue their own national units before aggressive foreign entities do it for them?

    If the club has reached the realisation that they have to act, they will also know that they won’t have an easy time to compete with a free/open alternative based on blockchain (whichever your favourite breed). Therefore, while they are advancing their internal projects to prepare for national CBDCs, they have a limited window of opportunity in which to squash the local blockchain ecosystem. Better start now.

    This model speaks to the club as coordinating a shared industrial policy, one which we the plebs aren’t participating in. If we were the unfortunate recipients of a hidden industrial policy, then this would explain the hapless imposition of the travel rule. It’s there to be used, why not?

    This is of course all idle speculation, except for the parts that aren’t.

Leave a Reply