TFR Regulation and Crypto-Asset Service Providers

As you may have noticed, the European crypto-asset market is currently experiencing significant upheavals that affect many businesses. This spring, the crypto-asset market has been abuzz with discussions about the MiCA regulation, which we have also covered in several articles. MiCA has rightfully been a hot topic, but the regulation on information accompanying transfers of funds and certain crypto-assets, known as the Transfer of Funds Regulation (hereinafter "TFR"), has received less attention in discussions, despite being adopted simultaneously with MiCA.

What is the TFR?

TFR is likely familiar to companies in the payment services sector, as a similar regulation has long been in force for traditional payment services and applied to fiat fund transfers. However, the revised version of the TFR now also includes crypto-asset transfers and will be applicable from 30.12.2024. This article focuses specifically on the new obligations for crypto-asset service providers (hereafter “CASPs”).

In summary, the TFR pertains to the obligation of service providers used by various crypto-asset service users, such as consumers or businesses, to provide certain information about the user when transferring their crypto-assets. The underlying objective of this obligation is to prevent the misuse of the international payment system for money laundering and terrorist financing, which would be facilitated if payment system participants did not provide information about the payer or payee along with the payments.

The TFR is clearly linked to the directive on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (commonly known as the AMLD) and the national anti-money laundering laws enacted under it, such as Finland’s Anti-Money Laundering and Terrorist Financing Act.

Notably, the TFR focuses on imposing obligations on CASPs involved in crypto-asset transfers, specifically those who:

1. Receive and forward a transfer order of crypto-asset (the “originator's CASP”);
2. Receive the crypto-asset transfer on behalf of the beneficiary (the “beneficiary's CASP”); and
3. Act as intermediaries between the aforementioned parties without direct customer contact with the crypto-asset owners.

Obligations Imposed by the TFR on CASPs

With the implementation of the TFR, the key obligations for the aforementioned CASPs include ensuring that crypto-asset transfers include, in summary, the following information about the originator and the beneficiary:

• Names of the originator and the beneficiary
• Blockchain address or crypto-asset account number of the originator and the beneficiary
• Address, country, official personal document number, and customer number of the originator, or alternatively, the originator’s date and place of birth
• Provided the necessary field exists in the message format and the originator has given this identifier to their crypto service provider, the originator’s current legal entity identifier (LEI) or, if unavailable, any other equivalent official identifier of the originator and the beneficiary

CASPs involved in crypto-asset transfers must also consider the AMLD's requirements. According to the TFR, the originator's CASP must verify the accuracy of the aforementioned information using documents and data obtained from a reliable and independent source. The originator's CASP must not permit the initiation or execution of a crypto-asset transfer before ensuring that it has collected, is ready to provide, and has verified all the aforementioned information.

If the beneficiary's CASP detects deficiencies or omissions in the information provided with the transfer, it must, based on risk assessment and without undue delay, deny the transfer or return the transferred crypto-assets to the originator’s crypto-asset account or request the required information about the originator and the beneficiary before making the crypto-assets available to the beneficiary.

In cases where the CASP used by the originator or the beneficiary employs an intermediary crypto-asset service provider to execute the transfer, the intermediary has a duty to consider the completeness or absence of the information regarding the originator or the beneficiary.

What Does the TFR Mean for Unhosted Wallets?

As the TFR imposes obligations on CASPs regarding crypto-asset transfers and their traceability, it is particularly interesting to consider its implications for so-called unhosted wallets or addresses. Unlike the traditional payment system, these are a central feature of the crypto-asset market and blockchain technology. Unhosted wallets do not have a service provider to supply the aforementioned information on behalf of the originator or receive it on behalf of the beneficiary; instead, users manage these wallets independently using blockchain technology.

The TFR defines an unhosted address as a blockchain address that is not associated with a CASP or any other entity operating within the European Union that provides services similar to those of a CASP. For transfers to unhosted addresses under €1,000, the TFR requires the originator's CASP to obtain and retain all the necessary information and ensure that the crypto-asset transfer can be uniquely identified. Similarly, when a beneficiary's CASP receives a transfer under €1,000 from an unhosted address, it must obtain and retain the referenced information and ensure that the transfer can also be uniquely identified.

However, for transfers over €1,000 to or from an unhosted address, the originator's and beneficiary's CASPs must, in addition to the aforementioned obligations, take “appropriate measures” to assess whether the address is owned or controlled by the originator or beneficiary.

As evident, the TFR will make using unhosted addresses, especially for transfers over €1,000, significantly more challenging, as CASPs enabling these transfers must develop new ways to verify the actual ownership and control of the address.

Summary

Upon the implementation of the revised TFR, it will be the responsibility of CASPs and any intermediaries they may use to ensure that crypto-asset transfers comply with the regulation’s requirements. The TFR thus imposes new obligations on CASPs and likely increases administrative work, especially concerning unhosted wallets. Market participants involved in crypto-asset transfers must be ready for these new obligations by 30.12.2024.

At Nordic Law, we have extensive experience assisting various entities in the crypto-asset and payment service markets with legal advice and assessing regulatory obligations. Therefore, if you have any questions regarding the obligations imposed by the TFR, we are here to help!

Our Associate Trainee Charlotta Grandell took part in writing this article.