The European Union’s Revised Transfer of Funds Regulation (TFR)

Introduction: Understanding the Impact of Money Laundering and Terrorist Financing

Money laundering and terrorist financing continue to pose significant threats to national economies and global stability in 2024. These illicit activities undermine societal structures and compromise the integrity of international financial systems.

Money laundering involves disguising the origins of illegally obtained funds to make them appear legitimate. This allows criminals to use the proceeds of their unlawful activities without raising suspicion. The integration of “dirty” money into the legitimate economy disrupts financial systems, weakens the credibility of institutions, and erodes public trust, perpetuating cycles of crime and corruption.

Additionally, laundered funds often cross borders, where they can be used to finance terrorism, creating significant risks to global security. These threats demand coordinated global efforts to mitigate their impact.

Governments and international organizations have responded with robust Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) regulations. The European Union (EU) has taken a leading role, implementing directives and standards to harmonize AML/CTF measures across its member states. These regulations aim to protect financial systems, enhance transparency, and strengthen national security.

One of the most recent examples of these efforts is the Revised Transfer of Funds Regulation (TFR). Passed in April 2023 and enforced as of January 2024, it marks a critical step forward in addressing modern challenges like cryptocurrency and cross-border transactions.

What Is The Financial Action Task Force (FATF)?

The Financial Action Task Force (FATF) is an intergovernmental organization that sets global standards for anti-money laundering (AML) and counter-terrorist financing (CTF) measures. Its 40+9 recommendations have become the blueprint for member countries’ regulatory frameworks. Non-compliance with these guidelines can result in significant repercussions, including economic sanctions, reputational harm, and limitations on financial operations.

In 2019, the FATF expanded its guidelines to include virtual assets, cryptocurrencies, and Virtual Asset Service Providers (VASPs) under the scope of AML/CTF regulations. This update ensures that entities dealing with these digital assets are subject to the same regulatory requirements as traditional financial institutions. By doing so, the FATF aims to address emerging risks associated with new technologies and ensure that AML and CTF regulations remain effective in the digital era.

Additionally, the FATF reinforced the Travel Rule, which requires financial entities to share detailed information about both the sender and recipient during wire transfers. This rule has been extended to cover virtual asset transactions, bringing cryptocurrency dealings under the same rigorous regulatory oversight as traditional financial exchanges. By implementing these measures, the FATF seeks to enhance transparency and limit opportunities for misuse in the financial system.

EU’s Response to FATF Recommendations Update

The European Union responded to FATF’s 2019 virtual assets and VASPs guidelines by incorporating these guidelines into its regulatory framework. The EU developed an Action Plan in May 2020 and, in July 2021, published a package of legislative proposals to strengthen its AML/CFT rules. One of those legislative proposals was a recast of the Funds Transfer Regulation (Regulation 2015/847).

Regulation 2015/847 implemented the Travel Rule for wire transfers, requiring financial institutions to share information about the sender and recipient of funds. However, this regulation applied only to traditional financial transactions, including banknotes, coins, scriptural money, and electronic money.

This limitation created a significant regulatory gap, as it excluded crypto assets from its scope. Criminals exploited this gap to launder money and engage in other illicit financial activities. Without oversight of virtual assets, authorities struggled to ensure transparency and traceability, making it challenging to detect and investigate suspicious transactions.

The Revised Transfer of Funds Regulation (TFR)

The Revised Transfer of Funds Regulation (TFR), which came into effect on January 1, 2024, represents the EU’s latest effort to combat money laundering and terrorist financing. This regulation aligns with the Financial Action Task Force’s (FATF) recommendations, particularly Recommendation 16, also known as the Travel Rule.

The TFR expands the scope of the Travel Rule to include crypto assets and Virtual Asset Service Providers (VASPs), closing regulatory gaps and improving the traceability and transparency of transactions involving virtual assets. By doing so, it strengthens the financial framework and ensures that both traditional and virtual financial systems meet rigorous standards to prevent illicit activities.

The regulation also sets clear guidelines for sharing information about parties involved in financial transactions, covering both traditional currencies and virtual assets. Its primary objectives are to increase transparency, promote international cooperation, and address risks posed by emerging technologies like cryptocurrencies. With its mandate for comprehensive data sharing across all transactions, the TFR equips financial institutions with tools to detect and investigate suspicious activities effectively.

MICA and TFR: Strengthening the EU’s Crypto Assets Framework

Building on the foundation laid by the Revised Transfer of Funds Regulation (TFR), the EU introduced the Markets in Crypto Assets (MICA) regulation, a comprehensive framework to regulate crypto assets. Enforced in mid-2024, MICA focuses on establishing safety, fairness, and transparency within the crypto market, addressing the challenges posed by rapid innovation and adoption of digital assets.

While the TFR enhances the traceability and transparency of financial transactions, particularly for virtual assets, MICA tackles broader issues such as consumer protection, market integrity, and legal clarity. Together, these regulations form the cornerstone of the EU’s approach to crypto asset regulation, ensuring that the financial ecosystem remains secure, innovative, and compliant with international standards.

TFR’s Significance in the EU Framework

The TFR plays a critical role in strengthening the EU’s AML/CTF efforts, particularly in the realm of crypto assets. Sweden’s Finance Minister, Elisabeth Svantesson, emphasized the importance of the TFR, stating:

‘’Today’s decision is bad news for those who have misused crypto-assets for their illegal activities, to circumvent EU sanctions, or to finance terrorism and war. Doing so will no longer be possible in Europe without exposure – it is an important step forward in the fight against money laundering.’’

The revised TFR requires Virtual Asset Service Providers (VASPs) or Crypto-Asset Service Providers (CASPs) to collect and share detailed information about the individuals sending and receiving crypto assets through their platforms. By addressing the risks posed by pseudonymity and the decentralized nature of digital assets, the TFR ensures greater oversight and accountability in financial transactions involving new technologies.

Key Definitions in TFR

Understanding key definitions is essential to grasp the scope and impact of the TFR. Below are the terms clarified within the regulation:

1. Payer: An individual with a payment account who either initiates a transfer from that account or orders a transfer without possessing such an account.
2. Payee: The recipient of the funds transfer.
3. Payment Service Provider (PSP):  Entities that offer funds transfer services, including those with special permissions.
4. Intermediary Payment Service Provider: A PSP that isn’t directly linked to either the payer or payee. These entities receive and forward funds on behalf of other PSPs.
5. Crypto assets:  Decentralized digital assets that function as a store of value, means of payment, and medium of exchange. They rely on distributed ledger technology (DLT) and cryptographic techniques for functions like security, ownership verification, and transaction validation. Examples include cryptocurrencies, stablecoins, and tokens.
6. Crypto-Asset Service Provider (CASP): Entities that provide crypto-asset related services.
7. Intermediary Crypto-Asset Service Provider: A CASP that doesn’t directly serve the originator or beneficiary. Instead, it facilitates the transfer of crypto-assets on behalf of other CASPs.
8. Originator: The Originator is the person who holds a crypto-asset account, DLT address, or means of storing crypto-assets and initiates the transfer of crypto-assets.
9. Beneficiary: The person who receives the transferred crypto-assets.
10. Self-hosted addresses: Distributed ledger addresses are not associated with a CASP. They also aren’t linked to entities outside the European Union that provide similar services.

Where Does TFR Apply?

Under the Revised Transfer of Funds Regulation (TFR), all EU service providers are required to gather detailed information for every crypto asset transfer. This applies to all transactions, regardless of the transfer amount, and whether conducted via crypto-ATMs or international transactions. The aim is to prevent criminals from structuring large transactions into smaller amounts to evade traceability. Crypto assets’ pseudo-anonymity and advanced technologies are frequently exploited for these purposes, necessitating stricter oversight.

Crypto-ATMs enable users to send crypto assets to a specified address by depositing cash, often without any customer identification or verification. This anonymity makes them particularly vulnerable to misuse for money laundering and terrorist financing. By accepting cash from untraceable sources, these machines pose significant risks to financial integrity.

Under the TFR, all fund transfers within the EU—regardless of currency—are subject to the regulation. For transfers exceeding EUR 1,000, accurate and verified payment details are mandatory unless associated with other connected transactions that collectively exceed the threshold.

Exceptions Under the TFR

Certain scenarios are exempt from the TFR requirements, including:

• Payment cards and digital devices: Transfers using payment cards, electronic money instruments, or mobile phones for goods or services, where the device number accompanies the transaction, are exempt. This does not apply to non-business-related transfers.
• Data conversion services: Entities that convert paper documents into electronic data on a contractual basis or provide technical support for payment service providers are exempt.
• Cash withdrawals: Transfers of funds involving cash withdrawals from a payer’s payment account are exempt.
• Public authority payments: Transfers to public authorities for taxes or levies within the EU are exempt.
• Inter-provider transfers: Transfers between payment service providers acting on their own behalf are exempt.
• Check image exchanges: Transfers through check image exchanges are not subject to the regulation.
• Crypto-to-crypto transfers: When both the sender and recipient are CASPs acting independently, or for person-to-person (P2P) transfers without CASP involvement, the TFR does not apply.

Guidelines on the Travel Rule in TFR

The TFR requires Payment Service Providers (PSPs) and Crypto-Asset Service Providers (CASPs) to ensure detailed information accompanies fund transfers, including:

Payer’s Details: 

• Name
• Payment account number
• Address (including country), personal document number, or date and place of birth
• Optional: Legal Entity Identifier (LEI) or an equivalent identifier

Payee’s Details: 

• Name
• Payment account number
• Optional: LEI or an equivalent identifier

For transfers without an account number, a unique transaction identifier is mandatory.

PSPs are responsible for verifying the accuracy of payer information before initiating a transfer. Discrepancies or suspicious details may result in the transfer being declined or reported to the Financial Intelligence Unit (FIU). On the receiving end, the payee’s PSP must identify and address missing or incomplete information based on the risk level.

Ensuring Transparency in Crypto-Asset Transfers

For crypto-asset transactions, CASPs must fulfill specific obligations to maintain transparency and security:

1. Mandatory Information Collection:
CASPs must include details about the originator and beneficiary during the transfer:

• Originator Details: Name, distributed ledger (DLT) address or crypto account number, address (including country), personal document number or date and place of birth, and LEI (if applicable).
• Beneficiary Details: Name, DLT address or crypto account number, and LEI (if applicable).

2. Unique Identifiers:
Transfers that do not involve DLT or crypto accounts must include a unique transaction identifier.

3. Self-hosted Wallets:
For transfers exceeding EUR 1,000, ownership of self-hosted wallets must be verified.

4. Batch Transfers:
For batch transfers from a single originator, all transactions must include the same required information, with verification conducted for each transfer.

5. Verification:
CASPs must validate all information before making crypto assets available to beneficiaries, ensuring compliance with regulations.

Other Applicable Measures for PSPs and CASPs

In transactions involving crypto assets, similar to traditional fund transfers, CASPs handling the beneficiary’s assets must verify the accuracy of the information before releasing the crypto assets. The regulation provides clear guidelines for these procedures, as outlined below:

1. Internal Policies for Restrictive Measures: Service providers are required to establish robust internal policies, procedures, and controls to ensure adherence to Union and national restrictive measures. These measures may include freezing specific funds or crypto-assets and imposing restrictions on certain transfers. The European Banking Authority (EBA) finalized guidelines for implementing these measures on December 30, 2024, providing clear directives for compliance.
2. Provision of Information: Providers must respond promptly to inquiries from authorities responsible for preventing money laundering and terrorist financing. These inquiries are essential for ensuring transparency and compliance with the regulation’s requirements.
3. Data Protection: The processing of personal data must comply with the General Data Protection Regulation (GDPR), ensuring that personal data is used solely for preventing money laundering and terrorist financing. Commercial use of personal data is strictly prohibited. Before initiating a business relationship or transaction, clients must receive clear and concise information regarding data processing and their obligations under the regulation.
4. Record Retention: Service providers are obligated to retain information about payers, payees, originators, and beneficiaries for a period of five years. Once this period expires, personal data must be deleted unless national law mandates further retention for anti-money laundering or counter-terrorist financing purposes. This ensures that data retention practices remain proportional and compliant with GDPR.

Implementation, Sanctions, and Monitoring Under TFR

The supervisory body responsible for implementing this regulation for the EU is the European Commission. They work alongside the committee on the prevention of money laundering and terrorist financing. However,

1. Member states must establish rules on administrative sanctions and measures for breaches of this regulation. These sanctions should be effective, proportionate, dissuasive, and published in accordance with relevant directives.
2. They can choose not to establish rules if breaches are already subject to criminal sanctions. However, they must communicate the relevant criminal law provisions to the commission.
3. Member states must require appropriate authorities to actively monitor and ensure compliance with this regulation. Additionally, they should establish mechanisms to encourage the reporting of breaches of this regulation.

Conclusion 

Money laundering and terrorist financing remain significant threats to global stability, but the EU’s proactive approach demonstrates that these challenges can be addressed effectively. Through the Revised Transfer of Funds Regulation (TFR) and the Markets in Crypto Assets (MICA) framework, the EU has set a strong precedent for regulating both traditional and digital financial ecosystems. These measures enhance transparency, traceability, and accountability, closing critical gaps that criminals once exploited.

By integrating advanced technologies like blockchain and extending regulations to include crypto assets, the EU is safeguarding the integrity of financial systems while fostering innovation. These frameworks not only strengthen consumer trust and investor protection but also ensure compliance with rigorous data protection standards, such as GDPR. Though concerns about increased oversight persist, these measures are vital to creating a secure, fair, and resilient financial landscape that can adapt to evolving risks and support long-term global stability.

About Identity.com

One of the procedures for ensuring that criminals are not exploiting the crypto industry is following AML/CFT regulations, including an effective KYC process. The work of Identity.com, as a future-oriented company, is helping many businesses by giving their customers a hassle-free identity verification process.

Our company envisions a user-centric identity where individuals maintain control over their data. This commitment drives Identity.com to actively contribute to this future through innovative identity management systems and protocols.

As members of the World Wide Web Consortium (W3C), we uphold the standards for the World Wide Web and work towards a more secure and user-friendly online experience. Please get in touch for more info about how we can help you take control of your digital identity.