– reviewer and authored by Slade van Rooyen – Candidate Attorney

The Financial Intelligence Centre (“FIC“) on 15 November 2024 published “Directive 9 concerning the implementation of the ‘Travel Rule’ relating to crypto asset transfers in accordance with the Financial Action Task Force Recommendations” (“Directive 9“). The directive, which enters into force on 30 April 2025, seeks to ensure that crypto asset service providers (“CASPs“), in carrying out crypto asset transfers, implement the requirements of Recommendation 16 of the Financial Action Task Force (“FATF“).

Directive 9 applies to all accountable institutions listed in items 12 and 22 of Schedule 1 of the Financial Intelligence Centre Act 38 of 2001 (“FIC Act“) that are ordering, intermediary or recipient CASPs and “facilitate or enable the origination or receipt of domestic and cross-border transfers of crypto assets” or “act as an intermediary in receiving or transmitting the crypto assets for or on behalf of a client”.

Directive 9 sets out separate obligations in respect of –

• ordering CASPs, which initiate transfers of crypto assets upon receipt of a request from or on behalf of an originator;

• intermediary CASPs, which receive and transmit crypto assets on behalf of another CASP with which they do not have a business relationship; and

• recipient CASPs, which receive crypto assets and make them available to a beneficiary.

Prior to executing a transfer, an ordering CASP is required to transmit to the recipient CASP certain identifying information concerning both the originator and beneficiary of the transfer, including its distributed ledger address associated with the transfer and crypto asset account number, if applicable. Directive 9 places an obligation on ordering CASPs to conduct due diligence in respect of the originator (subject to certain exceptions), and any counterpart CASP to which it transmits information.

An intermediary CASP must ensure that all originator and beneficiary information pertaining to a transfer is transmitted to the next CASP in the transaction chain, whilst a recipient CASP is required to verify the identity of the beneficiary. In respect of cross-border transfers, intermediary and recipient CASPs must (i) take reasonable measures to identify transfers that lack the requisite information, and (ii) “develop, document, maintain and implement effective risk-based policies and procedures” for determining when to execute, suspend execution or return a transfer that lacks such information.

Ordering and intermediary CASPs must transmit the requisite information prior to or simultaneously with the crypto asset transfer itself, and must transmit and store this information in a secure manner. Ordering and recipient CASPs must “develop, document, maintain and implement effective risk-based policies and procedures” for the treatment of transfers involving “unhosted wallets”, being crypto wallets “where the user has exclusive control of the private keys”.

The relevant measures, policies and procedures which CASPs are required to implement in terms of Directive 9 must be included in the CASP’s risk management and compliance programme. Given that failure to comply with Directive 9 could lead to the imposition of administrative sanctions, CASPs would be well advised to seek legal advice in respect of their obligations under the FIC Act, and Directive 9 in particular, to ensure compliance.