Directives 10
Draft Directive 9 – Travel rule relating to crypto asset transfers
1 April 2024
Document
For consultation purposes only
FIC
Financial Intelligence Centre
DIRECTIVE 9
concerning the implementation of the "Travel Rule" relating to crypto asset transfers in accordance with the Financial Action Task Force Recommendations
18 April 2024
Directive 9 concerning the implementation of the "Travel Rule" relating to crypto asset transfers in accordance with the Financial Action Task Force Recommendations
For consultation purposes only
Directive No 9 of 2024
1. PURPOSE
1.1 This Directive is issued by the Financial Intelligence Centre (Centre) in terms of section 43A(2) of the Financial Intelligence Centre Act, 2001 (Act 38 of 2001).
1.2 The purpose of this Directive is to ensure that such accountable institutions that provide or engage in activities of crypto asset transfers, implement the requirements of Recommendation 16 of the Financial Action Task Force (FATF) in the context of crypto asset transfers.
2. DEFINITIONS
2.1 In this Directive the "FIC Act" means the Financial Intelligence Centre Act, 2001 (Act 38 of 2001) and includes any regulation or Directive made under the Act, and, unless the context otherwise indicates, any word or expression in this Directive to which a meaning has been assigned in the Act has that meaning, and
2.1.1 'beneficiary' means a person or entity that is identified by the originator as the receiver of a crypto asset associated with a transfer of crypto assets;
2.1.2 'cross-border crypto asset transfer' means a transfer where either the ordering crypto asset service provider or the receiving crypto asset service provider is located outside the Republic of South Africa;
2.1.3 'domestic crypto asset transfer' – means a transfer where the ordering crypto asset service provider and receiving crypto asset service provider are both located in the Republic;
2.1.4 'FATF' means the Financial Action Task Force;
2.1.5 'intermediary crypto asset service provider' means a crypto asset service provider that receives and transmits crypto assets on behalf of an ordering crypto asset service provider or beneficiary crypto asset service provider or another intermediary crypto asset service provider and where the intermediary crypto asset service provider does not have a business relationship with either the originator or beneficiary;
Directive 9 concerning the implementation of the "Travel Rule" relating to crypto asset transfers in accordance with the Financial Action Task Force Recommendations
Page 2 of 8
Directive 9 concerning the implementation of the "Travel Rule" relating to crypto asset transfers in accordance with the Financial Action Task Force Recommendations
Page 3 of 8
For consultation purposes only
2.1.6 'ordering crypto asset service provider' means an accountable institution listed in items 12 and 22 of Schedule 1 to the FIC Act that initiates a transfer and transfers the associated crypto asset upon receiving the request for the transfer from or on behalf of the originator;
2.1.7 'originator' means a person or entity that initiates an instruction to the ordering crypto asset service provider to execute the transfer of crypto assets; and
2.1.8 'recipient crypto asset service provider' means an accountable institution listed in items 12 and 22 of Schedule 1 to the FIC Act that receives a crypto asset from an originator crypto asset service provider, directly or through an intermediary crypto asset service provider or financial institution, and makes the crypto asset associated with the transfer available to the beneficiary.
3. SCOPE OF THIS DIRECTIVE
This Directive applies to those accountable institutions listed in items 12 and 22 of Schedule 1 to the FIC Act that facilitate or enable the origination or receipt of domestic and cross-border transfers of crypto assets or act as an intermediary in receiving or transmitting the crypto assets for or on behalf of a client.
4. OBLIGATIONS OF ORDERING CRYPTO ASSET SERVICE PROVIDERS
4.1 An ordering crypto asset service provider must, subject to paragraphs 4.5 to 4.11 below, transmit to the recipient crypto asset service provider the following information concerning the originator of a qualifying transfer:
4.1.1 the full name of the originator;
4.1.2 the originator's:
4.1.2.1 identity number, if the originator is a South African citizen or resident; or
4.1.2.2 passport number if the originator is not a South African citizen or resident; and
4.1.3 the originator's:
4.1.3.1 residential address, if such an address is readily available; or
4.1.3.2 date and place of birth; and
4.1.3.3 the wallet address.
For consultation purposes only
4.2 An originator of a crypto asset transfer is the client of the ordering crypto asset service provider, as contemplated in the FIC Act, for the purposes of the execution of the transfer. The information relating to originator that is transmitted to the recipient crypto asset service provider in accordance with paragraph 4.1 above, must be obtained and verified in accordance with the FIC Act and the Risk Management and Compliance Programme that the ordering crypto asset service provider is required to develop, document, maintain and implement in accordance with section 42 of the FIC Act.
4.3 An ordering crypto asset service provider must transmit to the recipient crypto asset service provider all information pertaining to the wallet that the originator of a crypto asset transfer uses as the source of the crypto asset to be transferred.
4.4 An ordering crypto asset service provider must transmit the name of the beneficiary to the recipient crypto asset service provider.
4.5 An ordering crypto asset service provider must transmit to the recipient crypto asset service provider all information pertaining to the wallet that is the destination for the transfer.
4.6 In respect of a cross-border transfer that is a single transaction of less than R5 000, the ordering crypto asset service provider must transmit to the recipient crypto asset service provider the following information, at a minimum:
4.6.1 the full name of the originator referred to in paragraph 4.1.1 above;
4.6.2 the information pertaining to the wallet that the originator of a crypto asset transfer uses as the source of the crypto asset to be transferred, referred to in paragraph 4.3 above;
4.6.3 the name of the beneficiary referred to in paragraph 4.4 above; and
4.6.4 the information pertaining to the wallet that is the destination for the transfer, referred to in paragraph 4.5 above.
4.7 An ordering crypto asset service provider need not verify the information referred to in paragraph 4.6 in respect of a cross-border transfer that is a single transaction valued at less than R5 000 for accuracy, unless there is a suspicion of money laundering or terrorist financing, in which case, the ordering crypto asset service provider must verify the information pertaining to the originator.
Directive 9 concerning the implementation of the "Travel Rule" relating to crypto asset transfers in accordance with the Financial Action Task Force Recommendations
For consultation purposes only
4.8 When an ordering crypto asset service provider will be transmitting the information referred to in paragraphs 4.1, 4.3, 4.4 and 4.5 above to another crypto asset service provider, the ordering crypto asset service provider must, before it transfers the information in question-
4.8.1 identify the counterpart crypto asset service provider to which it will transmit the information in question;
4.8.2 conduct due diligence on that counterpart crypto asset service provider-
4.8.2.1 to determine whether the counterpart can reasonably be expected to protect the confidentiality of information transmitted to it; and
4.8.2.2 to avoid dealing with an illicit actor or an entity that is identified pursuant to a Resolution of the United Nations Security Council and that is announced in a notice referred to in section 26A (3) of the FIC Act,
on the understanding that an ordering crypto asset service provider does not have to undertake the due diligence referred to in subparagraphs 4.8.2.1 and 4.8.2.2 above for each transfer of a crypto asset when dealing with a counterpart crypto asset service provider for which it has previously conducted this due diligence,
on the understanding further that an ordering crypto asset service provider must conduct the due diligence referred to in subparagraphs 4.8.2.1 and 4.8.2.2 above whenever there is a suspicion of money laundering, terrorist financing or proliferation financing, and
4.8.3 update the due diligence referred to in subparagraph 4.8.2 above which it has previously conducted for a counterpart crypto asset service provider periodically or when it identifies that money laundering, terrorist financing or proliferation financing risk emerges from the relationship with a counterpart crypto asset service provider.
4.9 An ordering crypto asset service provider may not execute a crypto asset transfer if it cannot comply with the requirements referred to in paragraphs 4.1 to 4.8 above.
4.10 An ordering crypto asset service provider must provide for the manner in which and the processes by which it will implement measures to comply with the requirements of paragraphs 4.1 to 4.9 above, in the Risk Management and Compliance Programme that the ordering crypto asset service provider is required to develop, document, maintain and implement in accordance with section 42 of the FIC Act.
Directive 9 concerning the implementation of the "Travel Rule" relating to crypto asset transfers in accordance with the Financial Action Task Force Recommendations
For consultation purposes only
5. OBLIGATIONS OF INTERMEDIARY CRYPTO ASSET SERVICE PROVIDERS
5.1 An intermediary crypto asset service provider must ensure that all originator and beneficiary information that pertains to a cross-border or domestic crypto asset transfer, is transmitted to the recipient crypto asset service provider, or another intermediary crypto asset service provider in a transaction chain, as the case may be.
5.2 An intermediary crypto asset service provider must take reasonable measures to identify cross-border crypto asset transfers that lack the required information referred to in paragraphs 4.1, 4.3, 4.4 and 4.5 above.
5.3 An intermediary crypto asset service provider must develop, document, maintain and implement effective risk-based policies and procedures for determining:
5.3.1 when to execute, reject or suspend a cross-border crypto asset transfer that lack any of the required information referred to in paragraphs 4.1, 4.3, 4.4 and 4.5 above; and
5.3.2 the appropriate follow-up action that the intermediary crypto asset service provider will take in each instance where it executes, rejects or suspends a cross-border crypto asset transfer referred to in paragraph 5.3.1 above.
5.4 The measures referred to in paragraph 5.2 above and the policies and procedures referred to in paragraph 5.3 above, must be included in the Risk Management and Compliance Programme that the intermediary crypto asset service provider is required to develop, document, maintain and implement in accordance with section 42 of the FIC Act.
6. OBLIGATIONS OF RECIPIENT CRYPTO ASSET SERVICE PROVIDERS
6.1 A beneficiary of a crypto asset transfer is the client of the recipient crypto asset service provider, as contemplated in the FIC Act, for the purposes of the execution of the transfer. A recipient crypto asset service provider must, subject to paragraph 6.2, comply with the requirements relating to the verification of the beneficiary's identity of the FIC Act and the Risk Management and Compliance Programme that the recipient crypto asset service provider is required to develop, document, maintain and implement in accordance with section 42 of the Act.
Directive 9 concerning the implementation of the "Travel Rule" relating to crypto asset transfers in accordance with the Financial Action Task Force Recommendations
Directive 9 concerning the implementation of the "Travel Rule" relating to crypto asset transfers in accordance with the Financial Action Task Force Recommendations
Page 7 of 8
For consultation purposes only
6.2 In respect of an inward cross-border transfer that is a single transaction valued at less than R5 000 from an originator in a high risk or other monitored jurisdiction as listed by the FATF, a beneficiary crypto asset service provider must verify the accuracy of the beneficiary information.
6.3 A recipient crypto asset service provider must take reasonable measures, which may include post-event monitoring or real-time monitoring where feasible, to identify cross-border crypto asset transfers that lack the required information referred to in paragraphs 4.1, 4.3, 4.4 and 4.5 above.
6.4 A recipient crypto asset service provider must develop, document, maintain and implement effective risk-based policies and procedures for determining:
6.4.1 when to execute, reject or suspend a cross-border crypto asset transfer that lack any of the required information referred to in paragraphs 4.1, 4.3, 4.4 and 4.5 above; and
6.4.2 the appropriate follow-up action that the intermediary crypto asset service provider will take in each instance where it executes, rejects or suspends a cross-border crypto asset transfer referred to in paragraph 6.4.1 above.
6.5 The measures referred to in paragraph 6.3 above and the policies and procedures referred to in paragraph 6.4 above, must be included in the Risk Management and Compliance Programme that the recipient crypto asset service provider is required to develop, document, maintain and implement in accordance with section 42 of the FIC Act.
7. IMMEDIATE AND SECURE TRANSMISSION OF ORIGINATOR AND BENEFICIARY INFORMATION
7.1 Originator and intermediary crypto asset service providers must transmit the required information referred to in paragraphs 4.1, 4.3, 4.4 and 4.5 above prior to, or simultaneously with the transfer itself to the recipient crypto asset service provider or intermediary crypto asset service provider, as the case may be.
7.2 Originator and intermediary crypto asset service providers may transmit the required information referred to in paragraphs 4.1, 4.3, 4.4 and 4.5 above in batches, but must comply with paragraph 7.1 nonetheless. Post facto transmission of the required information is not permitted.
For consultation purposes only
7.3 Originator and intermediary crypto asset service providers must transmit and store the required information referred to in paragraphs 4.1, 4.3, 4.4 and 4.5 above in a secure manner and protect the integrity and availability of the required information to facilitate record keeping and to protect it from unauthorised disclosure.
8. UNHOSTED WALLET TRANSFERS
8.1 Ordering and recipient crypto asset service providers must develop, document, maintain and implement effective risk-based policies and procedures for the treatment of crypto asset transfers that involve unhosted wallets.
8.2 The policies and procedures referred to in paragraph 8.1 above must include the manner in which and the processes by which further information on the unhosted wallet is obtained in the case where the crypto asset service provider determines that there is a higher money laundering, terrorist financing or proliferation financing risk.
8.3 The policies and procedures referred to in paragraph 8.1 above, must be included in the Risk Management and Compliance Programme that the ordering and recipient crypto asset service providers are required to develop, document, maintain and implement in accordance with section 42 of the FIC Act.
9. EFFECTIVE DATE AND NON-COMPLIANCE
9.1 This Directive becomes effective on the date of publication in the Gazette.
9.2 A crypto asset service provider that fails to comply with a provision of this Directive is non-compliant and is subject to an administrative sanction in accordance with section 45C of the FIC Act.
MR P SMIT
ACTING DIRECTOR
FINANCIAL INTELLIGENCE CENTRE
Directive 9 concerning the implementation of the "Travel Rule" relating to crypto asset transfers in accordance with the Financial Action Task Force Recommendations