As regulators in South Africa and across the continent move to enforce the Travel Rule, local banks are lagging on implementing the requirements and, if they don’t move quickly, they could face severe, but unnecessary consequences.
The rapid evolution of digital assets and cryptocurrencies has delivered huge opportunities, but it has also added layers of complexity as banks grapple with new regulations designed to combat financial crimes. The latest of which is the Crypto Travel Rule, based on FATF Recommendation 16.
This is a global standard designed to combat money laundering and terrorism financing (AML/CTF). The rule requires Virtual Asset Service Providers (VASPs) and financial institutions handling any virtual asset (VA) transfers to collect and share both sender and recipient details before or during a transaction.
South Africa not alone in its challenges
As of late 2024, 45 FATF member countries have already implemented or are working on implementing the Travel Rule, covering most of the major global financial markets.
“The rule ensures that personal data ‘travels’ with a transaction, whether its crypto or fiat, increasing transparency and traceability. You can think of the Travel Rule as a deep KYC on the sender and the receiver of a virtual asset,” explains Tom Schoon, Sumsub’s head of partnerships for Africa. “Unfortunately, many local and African institutions operate with legacy systems that are not designed to handle the complex, real-time compliance checks required by the new regulation.”
Schoon adds that the financial services landscape in Africa is also highly fragmented, with banks often relying on a patchwork of service providers to meet various compliance needs. This fragmentation leads to inefficiencies, increased costs, and a higher risk of errors or gaps in compliance.
Local banks are lagging
Sergio Barbosa, CEO of banking and payments integration platform, FutureBank warns that the dangers of failing to address the Travel Rule quickly could have long-term implications.
“Banks that don’t comply face the prospect of fines from regulators, as well as the risk of being unable to process virtual asset transactions. This could not only limit their business operations but also drive customers to more agile, compliant competitors. The risk of fraud also looms large, as unverified wallets and transactions create opportunities for bad actors to exploit the system,” he says.
While South Africa’s Financial Intelligence Centre mandated the Travel Rule from 30 April, Schoon says local banks are still not ready to meet the requirements.
“While none of the banks want to be on the wrong side of the regulator, they are notoriously slow to act. What’s more, they don’t have a good track record of building solutions themselves, often going down the DIY route only to realise billions of rands later that they should have worked with external partners,” he shares.
More challenging than many think
Barbosa says the implementation of the Travel Rule presents some serious challenges for African banks.
“The cost and complexity of compliance are serious obstacles. The South African reality is that banks are going to have to make calls to our national identity system at the Department of Home Affairs which, as we know, often experiences downtime. Banks will be sitting with really advanced blockchain technology, operating on top of a legacy bottleneck, trying to access a system that may or may not be available,” he warns.
Privacy and data security concerns also loom large. The Travel Rule requires banks to transmit personally identifiable information (PII) across multiple parties, increasing the risk of data breaches and privacy violations.
While no punitive measures have been taken as yet, non-compliance can result in hefty regulatory fines, loss of banking licenses, and exclusion from international financial networks.
Working around legacy systems
Any solution to the Travel Rule will require innovative ways of using protocols for quick and secure identity verification with messaging that doesn’t need to leave the blockchain ecosystem.
Barbosa and Schoon say the technical solution involves integrating banks’ existing core systems with a compliance platform using an orchestration layer. Pre-built adapters and APIs can connect the bank’s infrastructure to various fintech and compliance services. An all-in-one compliance platform is then used to handle all processes such as KYC/AML checks, sanction screening, and transaction monitoring, in a single system.
This setup allows banks to automate and centralise the verification and monitoring of both senders and receivers in virtual asset transactions, ensuring they meet regulatory requirements efficiently.
“Despite the many challenges, shining a light on the previously opaque world of crypto transfers and making it harder for illicit actors to exploit the system must be welcomed. However, financial institutions don’t have to deal with the extensive complexities by themselves. Expertise in core banking integration and orchestration, along with all-in-one compliance platforms, can help financial institutions to seamlessly implement decentralised finance like crypto and stablecoins, keep them compliant, their users safe, and their shareholders happy,” Barbosa says.