Travel Rule Compliance for VASPs in Switzerland

Switzerland

Switzerland is recognized for its forward-thinking approach in the cryptocurrency sector, particularly through its early implementation of Travel Rule compliance standards for Virtual Asset Service Providers (VASPs). The Swiss Financial Market Supervisory Authority (FINMA) has mandated rigorous regulations to ensure that VASPs operate within the framework of anti-money laundering (AML) and counter-terrorism financing (CTF) measures. In this guide, we will outline the specific requirements for Swiss VASPs under the Travel Rule, particularly as it applies to self-hosted wallets and AML compliance protocols.

Overview of Swiss Travel Rule Requirements

Since 2019, Switzerland has applied the FATF’s Travel Rule recommendations strictly, with FINMA Guidance 02/2019 highlighting compliance standards for VASPs. Under Swiss regulations, VASPs must collect and transfer originator and beneficiary information for all crypto transfers, irrespective of value. Unlike some jurisdictions, Switzerland does not impose a transaction threshold for compliance; all crypto transactions are in scope.

Key requirements include:

• Threshold for Compliance: CHF 0 (meaning all transactions require compliance).
• Immediate Compliance: VASPs in Switzerland must comply with the Travel Rule without delay.
• Supervisory Bodies: FINMA and Self-Regulatory Organizations (SROs) oversee Travel Rule compliance in Switzerland.

Specific Compliance Requirements for Swiss VASPs

Information Collection and Verification

In Switzerland, VASPs must collect detailed information about both the originator and the beneficiary in each transaction:

• Originator Information: Full name, account number, mailing address, and other identifiers.
• Beneficiary Information: Full name, account number, specific identifiers if required, and mailing address.

Additionally, Swiss VASPs, called "blockchain service providers" by FINMA, are required to:

• Verify Customer Identity: This includes establishing the identity of customers and beneficial owners and performing a risk-based approach to monitor business relationships.
• File Suspicious Activity Reports (SARs): Any suspicious transactions or potential money laundering activities must be reported to the Money Laundering Reporting Office Switzerland (MROS).

Self-Hosted Wallets

Self-hosted wallets are in scope under Switzerland’s Travel Rule regulations, and specific measures are required for compliance:

• Ownership Proofs: For transfers involving self-hosted wallets, VASPs must verify wallet ownership using suitable technical methods before processing the transfer.
• Transfers to External Wallets: When dealing with transfers to or from external wallets, VASPs must first verify the identity of the wallet owner, establish the beneficial owner, and prove the external wallet’s ownership.
• Client’s Own Wallets: Transfers are allowed between a VASP and a client’s self-hosted wallet if the VASP verifies that the wallet is owned and controlled by the client.

Exchange Transactions Involving Self-Hosted Wallets

For transactions where a customer is conducting an exchange (fiat-to-crypto, crypto-to-fiat, or crypto-to-crypto), Swiss regulations mandate that:

• Ownership of External Wallets Must Be Verified: This verification must be conducted through suitable technical means before the transaction can proceed.

Regulatory Supervision and Reporting

The Swiss Financial Market Supervisory Authority (FINMA) and Self-Regulatory Organizations (SROs), such as the Financial Services Standards Association (VQF), oversee Travel Rule compliance. Most Swiss VASPs are members of an SRO, which means that they must adhere to both FINMA’s guidance and SRO-specific regulations, including those outlined in the Anti-Money Laundering Act (AMLA) and the Anti Money Laundering Ordinance-FINMA (AMLO-FINMA).

Record-Keeping Requirements

Swiss regulations mandate that VASPs maintain transaction records for a minimum of five years. This includes detailed information on all crypto transactions, including customer and wallet information for self-hosted wallets. Such record-keeping requirements are essential for audit and compliance purposes, allowing regulators to monitor compliance with Travel Rule standards effectively.

Who Must Comply with the Swiss Travel Rule?

According to AMLO-FINMA, a VASP is required to comply with Travel Rule requirements if it:

1. Achieves Gross Revenue Above CHF 50,000: Annually, a VASP earning over this amount must adhere to Travel Rule regulations.
2. Maintains Business Relationships with Over 20 Contractual Parties: VASPs with significant customer bases are subject to compliance measures.
3. Manages Third-Party Funds Over CHF 5 Million: VASPs with substantial control over client funds must comply.
4. Performs Transactions Over CHF 2 Million Annually: Large transaction volumes also require adherence to compliance measures.

These criteria ensure that Travel Rule regulations apply comprehensively to major VASPs operating within Switzerland’s borders.

Switzerland’s Regulatory Interpretation of the Travel Rule

Switzerland’s strict interpretation of the Travel Rule is driven by FINMA’s approach, as outlined in FINMA Guidance 02/2019. This guidance mandates Swiss-regulated entities to implement robust compliance measures for transactions involving self-hosted wallets and external wallets.

Some key points of FINMA’s interpretation include:

• Self-Hosted Wallets: Payment transactions to and from external wallets are only permitted if the wallets are owned by a member’s client. Client authority over these wallets must be verified using technical measures, and any transaction involving an unverified external wallet is prohibited.
• Blockchain Payment Transactions: FINMA’s guidance emphasizes that payments on the blockchain must follow AML protocols, including the Travel Rule. This includes providing proof of the customer’s ownership over any external wallets involved.

These measures position Switzerland as one of the most stringent jurisdictions for VASPs, ensuring that compliance is enforced consistently across the sector.

Example Use Cases for Swiss Travel Rule Compliance

To better understand the Swiss Travel Rule requirements, let’s look at a few practical examples:

Example 1: Transfer Between VASPs and Self-Hosted Wallets

A Swiss VASP client wishes to transfer crypto assets from their account to a self-hosted wallet they control. In this case, the VASP must verify the customer’s control over the self-hosted wallet before allowing the transaction to proceed. Verification may involve using specific technical solutions to validate ownership.

Example 2: Crypto Exchange Involving External Wallets

A customer exchanges CHF for Bitcoin through a VASP and wants the Bitcoin transferred to an external wallet not hosted by the VASP. The VASP must first verify the ownership of the external wallet, and the customer must provide ownership proof through technically sound methods before the transaction is completed

Example 3: Transfer Between Swiss and Non-Swiss VASPs

For a transfer involving a Swiss VASP and a non-Swiss VASP, the Swiss VASP must adhere to FINMA’s Travel Rule standards, regardless of the recipient VASP’s regulatory framework. This requires the Swiss VASP to verify both the originator’s and beneficiary’s details and communicate them with the non-Swiss VASP to ensure transparency.

Additional Compliance Considerations for Swiss VASPs

1. Compliance with FINMA and SROs: Swiss VASPs must follow all relevant FINMA guidelines, as well as specific requirements from SROs, especially if they are VQF members.
2. Comprehensive KYC and Risk Assessment Procedures: Given the low transaction threshold, VASPs must adopt thorough KYC and risk assessment protocols for each transaction, regardless of the amount involved.
3. Ensuring Privacy and Data Protection: Compliance with Swiss privacy laws and the General Data Protection Regulation (GDPR) is essential when processing personal data, especially during data collection for Travel Rule purposes.
4. Regular Updates on AMLA and AMLO-FINMA: Swiss VASPs should stay informed of any amendments to AMLA or AMLO-FINMA that may impact compliance requirements.

How MarketGuard Supports Swiss VASPs in Achieving Travel Rule Compliance

MarketGuard provides Swiss VASPs with a fully automated solution for meeting Travel Rule requirements. By offering a secure, plug-and-play AML and KYC compliance platform, MarketGuard allows VASPs to meet FINMA and SRO guidelines effectively. Key features include:

• Real-Time Customer Verification: Automatically verify customer identities and confirm ownership of self-hosted wallets using advanced technical methods.
• Transaction Monitoring and Reporting: Track transactions in real-time, generate suspicious activity reports (SARs) as needed, and maintain comprehensive records for audit purposes.
• Data Privacy and Security: MarketGuard’s platform adheres to both Swiss privacy standards and GDPR regulations, ensuring compliance while protecting customer data.

MarketGuard’s solutions are designed to reduce the operational burdens of compliance, helping VASPs in Switzerland maintain regulatory adherence while focusing on growth and innovation.

By following the guidelines set out by FINMA, SROs, and MarketGuard, VASPs in Switzerland can confidently navigate the regulatory complexities of the Travel Rule, ensuring compliance and security within the evolving landscape of digital assets.