Inquiry on Applying the Travel Rule with Unhosted Wallets: What are the methods for implementing this rule in situations where one party involves an unhosted digital wallet?
Regulating Unhosted Wallets in Crypto Transfers: A Global Overview
In the world of virtual assets, the use of unhosted wallets can pose significant risks for money laundering and terrorist financing. These wallets, which are not serviced by a regulated financial or virtual asset service provider, operate outside the regulatory regime, making their beneficial ownership often unknown.
However, when one side of a crypto transfer involves an unhosted wallet, regulatory requirements to apply the Travel Rule vary across jurisdictions but generally include enhanced due diligence, information collection, and risk-based controls.
Key Regulatory Requirements Across Jurisdictions
Regulators in different countries have taken various approaches in dealing with unhosted wallets in the context of the Travel Rule. Here's a glimpse into the core requirements for transfers involving unhosted wallets in some key jurisdictions:
- Hong Kong (HKMA): HKMA-licensed stablecoin issuers must collect detailed originator and beneficiary information before transfers with unhosted wallets. Enhanced monitoring and risk assessment are mandatory, and transfers should be limited to pre-vetted unhosted wallets. Transaction limits may be imposed, and continuous screening to block wallets linked to illicit activities or sanctions is expected.
- European Economic Area (EEA): For transfers over €1,000 involving private (unhosted) wallets, collecting full names and verifying ownership is required. All crypto deposits and withdrawals must specify whether counterparties use private wallets or exchange accounts.
- United States (according to GENIUS Act proposals): The GENIUS Act introduces strict compliance requirements for stablecoin issuers, including the application of the Travel Rule to transactions involving unhosted wallets.
Common Themes and Practical Implications
Regardless of the specific details, regulators consistently mandate enhanced controls when unhosted wallets are involved in crypto transfers under the Travel Rule. This includes more rigorous collection of counterparty identity data, ongoing monitoring, risk assessments, and transaction restrictions based on risk levels.
- Information Collection: When either the originator or beneficiary is an unhosted wallet, regulated entities are expected to collect and record comprehensive originator and beneficiary details (names, wallet addresses, identification data).
- Enhanced Due Diligence and Monitoring: Due to higher anonymity and lack of intermediary oversight with unhosted wallets, entities must apply enhanced transaction monitoring, including blockchain analytic tools and screening for suspicious activities or sanctions.
- Pre-vetting and Transaction Limits: Some regimes require restricting transfers to unhosted wallets that have been pre-assessed for reliability and may impose limits on transaction sizes to control risk exposure.
- Verification of Wallet Ownership: In some regions, verification mechanisms such as signature tests are mandatory to confirm control over private wallets for transfers above regulatory thresholds.
Summary
In summary, financial institutions and virtual asset service providers must tailor their compliance frameworks to align with local laws, ensuring that even when interacting with unhosted wallets, the detected and recorded information mitigates illicit finance risks effectively.
References:
- Hong Kong Monetary Authority’s consultations and AML/CFT requirements for stablecoin issuers
- EEA Travel Rule FAQ regarding private (unhosted) wallets and identity verification
- The GENIUS Act and its framework on stablecoin regulation including the Travel Rule in the U.S.
- The complete list of regulatory requirements by jurisdiction can be found separately.
- In the business of virtual assets, key regulators like Hong Kong Monetary Authority (HKMA), the European Economic Area (EEA), and the United States propose strict compliance measures for stablecoin issuers dealing with unhosted wallets, as they pose significant risks for finance and provide anonymity.
- These regulatory requirements across different jurisdictions include information collection, enhanced due diligence, and monitoring, pre-vetting, and verification of wallet ownership, aiming to mitigate illicit finance risks effectively by following the Travel Rule.
