The Financial Intelligence Centre (FIC) recently issued a Draft Directive 9 that will require Accountable Institutions that engage in crypto asset transfers for or on behalf of their clients to implement the so-called travel rule.

Directive 9 applies to both Crypto Asset Service Provider (CASP) and Financial Services Providers as contemplated in items 12 and 22 of Schedule 1 to the Financial Intelligence Centre Act (FICA), and which facilitate or enable the origination or receipt of such crypto asset transfers.

Different travel rule requirements have been directed to CASPs in line with their designation within a crypto transaction in the following manner, Ordering Crypto Asset Service Providers which would be the remitting institution, Intermediary Crypto Asset Service Providers which would be an intermediary within a crypto transaction and Recipient Crypto Asset Service Providers which would be the destination institution for a crypto asset, respectively.

Directive 9 Travel Rule Relating to Crypto Asset Transfers-02

Ordering Crypto Asset Service Providers (OCASPs)

  • OCASPs must transmit to the RCASP the originator’s information which includes, the originator’s full names, ID number for SA citizens/residents, Passport number for non-SA citizens/residents, residential address if available, date and place of birth and their wallet address. This must be done for every qualifying transfer, which term is not yet defined in the Directive.
  • The originator’s information must be verified in line with the FICA processes of the OCASP as outlined within their Risk Management and Compliance Programme (RMCP).
  • All the information pertaining to the wallet that the originator uses as well as the name of the beneficiary of the crypto assets and information pertaining to the destination wallet must be transmitted to the RCASP.
  • For a single cross border transfer of crypto assets valued at less than R5000.00, at the minimum, the OCASP must transmit the full names of the originator, information pertaining to the wallet that the originator uses to transfer the crypto assets, the name of the beneficiary as well as information pertaining to the destination wallet. The required information need not be verified in this instance except if there is a suspicion of money laundering or terrorist financing.
  • The OCASP must identify and conduct due diligence on the RCASP which includes screening for sanctions exposure and determining that the RCASP will protect the confidentiality of the information being transmitted. In terms of the confidentiality requirement, practically how this may be done is not detailed but clarity may be provided in terms of the potential finalised Directive 9 after industry comments and consultation has been conducted.
  • The OCASP must update the RCASP’s information as part of a periodic ongoing due diligence or when money laundering, terrorist financing or proliferation financing risks emerge from the relationship with the RCASP.
  • A OCASP may not execute a crypto asset transfer if it cannot comply with the requirements of Draft Directive 9 and must also explain within its RMCP how it will comply with the requirements of Directive 9.

Intermediary Crypto Asset Service Providers (ICASPs)

  • ICASPs must ensure that all the originator and beneficiary information pertaining to domestic and cross border transfers must be transmitted to the RCASP or another intermediary where relevant.
  • ICASPs must take reasonable measures to identify cross border crypto transfers that lack the required originator details, originator wallet details, beneficiary details and the destination wallet details. These measures must be included in the ICASP’s RMCP.
  • ICASPs must develop, document, maintain and implement effective risk-based policies and procedures for determining when to execute, reject or suspend a cross border crypto transfer that lacks the required information. The follow up actions after such executions, rejections, or suspensions of such crypto transfers must also be outlined in the ICASP’s RMCP.

Recipient Crypto Asset Service Providers (RCASPs)

  • Where there is a single transaction that is an inward cross-border transfer valued at less than R5000.00 from an originator in a high risk or other monitored jurisdiction as listed by the FATF, the RCASPs must in line with FICA and its RMCP verify the accuracy of the beneficiary information.
  • RCASPs must take reasonable measures to identify cross border crypto asset transfers that lack the required information, and such measures may include post-event and real-time monitoring where feasible. These measures must be included in the RCASP’s RMCP.
  • RCASPs must develop, document, maintain and implement effective risk-based policies and procedures for determining when to execute, reject or suspend a cross border crypto transfer that lacks the required information. The follow up actions after such executions, rejections, or suspensions of such crypto transfers must also be outlined in the RCASP’s RMCP.

OCASPs and RCASPs must develop, document, maintain and implement effective risk-based policies and procedures for the treatment of crypto asset transfers that involve unhosted wallets. These policies must outline how further information relating to the unhosted wallets will be obtained in the case where a higher money laundering, terrorist financing or proliferation financing risk is determined, and these processes must be included in the OCASPs’ and RCASPs’ RMCPs.

If you haven't already, sign up to our Newsletter to keep updated with the latest Financial Crime, AML and FICA compliance news.