Travel Rule Compliance for VASPs in Lithuania: A Comprehensive Guide

Lithuania

Lithuania has established itself as a crypto-friendly nation with a rigorous anti-money laundering (AML) and counter-terrorism financing (CTF) framework. The Travel Rule, aligned with Financial Action Task Force (FATF) Recommendation 16, is at the heart of these regulations for Virtual Asset Service Providers (VASPs). The Lithuanian regulatory body, the Financial Crime Investigation Service (FCIS), oversees and enforces the Travel Rule for crypto-asset transactions, creating a compliant and transparent ecosystem.

In this guide, we examine Lithuania’s specific requirements for Travel Rule compliance, focusing on mandated data collection, transaction thresholds, and the responsibilities of CASPs in Lithuania.

Background of Lithuania’s Travel Rule Adoption

In line with the FATF and the EU’s Transfer of Funds Regulation (TFR), Lithuania has implemented the Travel Rule to cover Crypto Asset Service Providers (CASPs). Lithuania’s regulatory approach aims to create a secure and regulated environment for crypto transactions while maintaining alignment with the EU and FATF standards.

The Lithuanian Financial Crime Investigation Service (FCIS) enforces the Travel Rule, requiring CASPs to record, retain, and share specific transaction data, which includes originator and beneficiary information for all qualifying transactions

Scope of the Travel Rule in Lithuania

The Travel Rule requirements in Lithuania apply to all crypto transfers involving a Lithuanian CASP, irrespective of transaction amount, making Lithuania’s compliance standards particularly stringent.

Key components include:

• CASP Obligations: All transactions involving CASPs, whether as originators or beneficiaries, are subject to Travel Rule compliance.
• Inclusion of Self-Hosted Wallets: When a self-hosted wallet is involved in a transaction with a CASP, Lithuanian regulations require ownership verification for high-value transfers.
• No Transaction Threshold: Lithuania mandates compliance for all crypto transactions, regardless of value, ensuring stringent regulatory adherence.

Exemptions to the Travel Rule include:

• Peer-to-peer (P2P) transactions with no CASP involvement.
• Payments to Lithuanian public authorities, such as tax payments or fines.

Information Requirements for Compliance in Lithuania

To comply with Lithuanian Travel Rule standards, CASPs must collect, retain, and transmit comprehensive information about both the originator and beneficiary in crypto transactions. Below is a detailed overview of the required data:

Originator’s Information

• Full Name: Legal name of the transaction initiator.
• Distributed Ledger Address: The blockchain wallet address of the originator.
• Physical Address: Including the country, personal ID number, and Legal Entity Identifier (LEI) for business entities.
• Date of Birth or Place of Birth: Required for individuals engaged in the transaction

Beneficiary’s Information

• Full Name: Legal name of the individual or entity receiving the funds.
• Blockchain Address: Distributed ledger address of the beneficiary.
• Legal Entity Identifier (LEI): Or other official identifiers for businesses and organizations.

Lithuanian regulations mandate that all CASPs ensure data is transferred before or during each transaction, ensuring regulatory compliance and data security.

Record-Keeping Obligations for CASPs in Lithuania

Lithuanian regulations require CASPs to maintain transaction records for a minimum of five years. This record-keeping period allows for audit trails and regulatory investigations, supporting the nation’s commitment to transparency and AML compliance.

The record-keeping requirements include

• Complete Transaction Records: All information on both originators and beneficiaries, especially for transactions involving self-hosted wallets.
• KYC Documentation: Verification records of customers’ identities and beneficial ownership, with extra scrutiny for high-value or cross-border transactions.
• Ownership Proof for Self-Hosted Wallets: Documentation of proof of ownership for self-hosted wallets used in transactions, especially for amounts exceeding EUR 1,000.

Reporting and Suspicious Activity Monitoring for Lithuanian CASPs

To meet Travel Rule requirements, Lithuanian CASPs must implement continuous suspicious activity monitoring and reporting mechanisms. Key components of this compliance responsibility include:

1. Suspicious Activity Reports (SARs): CASPs must file SARs with the FCIS for transactions that raise suspicions of money laundering or terrorist financing.
2. Transaction Monitoring: Real-time monitoring of all transactions for red flags, including abnormal volumes, patterns without economic basis, and connections to high-risk entities.
3. Timely Submission of SARs: All suspicious transactions must be reported to FCIS within the regulatory timeline, ensuring that law enforcement agencies have the information needed for intervention if necessary.

Special Requirements for Self-Hosted Wallets in Lithuania

Lithuania’s Travel Rule compliance mandates specific guidelines for transactions involving self-hosted wallets:

• Verification for High-Value Transfers: For transactions exceeding EUR 1,000 with a self-hosted wallet, CASPs must verify that the customer genuinely owns or controls the wallet in question.
• Data Collection for All Transfers: CASPs must collect basic information for self-hosted wallet transactions, even if they fall below the EUR 1,000 threshold, to ensure regulatory oversight.

This requirement is part of Lithuania’s effort to bring self-hosted wallets within regulatory reach, ensuring that such wallets are not used to circumvent AML protocols.

Key Challenges in Implementing Travel Rule Compliance in Lithuania

Lithuanian CASPs may face several challenges in implementing Travel Rule compliance, especially when conducting business internationally. Key challenges include:

1. Cross-Border Compliance: Lithuania’s strict requirements may pose issues when dealing with non-EU jurisdictions that have different or less stringent requirements for the Travel Rule.
2. Data Privacy Concerns: Lithuanian CASPs must ensure compliance with both the Travel Rule and the General Data Protection Regulation (GDPR), balancing regulatory transparency with privacy obligations.
3. Operational Burdens: The need for real-time monitoring, data verification, and reporting increases the administrative workload for Lithuanian CASPs, particularly smaller firms.

Advanced compliance solutions, such as those that automate data collection, identity verification, and transaction monitoring, can mitigate these challenges by streamlining regulatory tasks.

Role of the Financial Crime Investigation Service (FCIS) in Enforcing Compliance

The Financial Crime Investigation Service (FCIS) in Lithuania plays a central role in enforcing Travel Rule standards, ensuring that CASPs meet all regulatory requirements. FCIS oversees compliance, conducts audits, and guides CASPs on regulatory updates.

FCIS’s responsibilities include:

• Auditing CASPs: Conducting regular audits to ensure CASPs adhere to Lithuania’s strict Travel Rule compliance standards.
• Data Protection Oversight: Working with data protection authorities to ensure that CASPs meet GDPR and data privacy requirements
• Providing Compliance Guidance: FCIS issues additional guidelines and requirements to address evolving AML/CTF risks within the crypto sector.

FCIS also helps CASPs manage compliance challenges when dealing with non-compliant jurisdictions or non-EU counterparties.

Compliance Deadlines and Future Developments in Lithuania

The EU’s TFR, under which Lithuania’s Travel Rule is governed, became legally binding across the EU as of June 29, 2023. All Lithuanian CASPs are expected to be fully compliant by December 30, 2024. FCIS is also expected to provide additional guidelines on handling non-EU counterparties, GDPR compliance, and maintaining secure data practices.

How MarketGuard Supports Lithuanian CASPs in Achieving Travel Rule Compliance

MarketGuard offers a comprehensive compliance platform tailored to meet Lithuania’s Travel Rule requirements for CASPs. Designed to simplify data collection, transaction monitoring, and record-keeping, MarketGuard enables Lithuanian CASPs to meet regulatory standards efficiently

Key MarketGuard features include:

• Automated Data Collection: Efficiently collect and verify all required information on originators and beneficiaries, ensuring compliance with Lithuania’s strict data collection requirements.
• Real-Time Transaction Monitoring: Continuous monitoring for suspicious transactions, with automated alerts for quick reporting to FCIS.
• Self-Hosted Wallet Verification: MarketGuard’s solution verifies ownership of self-hosted wallets for high-value transactions, ensuring compliance with Lithuanian ownership verification mandates.
• GDPR-Compliant Data Protection: Securely handle customer data within GDPR standards, ensuring data privacy while meeting Travel Rule requirements.

With MarketGuard’s support, Lithuanian CASPs can confidently navigate the complexities of Travel Rule compliance, staying aligned with FCIS mandates while focusing on business growth and innovation in the crypto industry.