With the Transfer of Funds Regulation (TFR) now officially in force, CASPs across Europe are asking the same question: What’s next?
To unpack what this means in practice, Travel Rule solution providers, 21 Analytics sat down with crypto compliance expert Delphine Forma for an in-depth conversation on what CASPs should prioritise next. With 8 years of crypto compliance experience and another decade in traditional finance, Delphine offered clear, practical advice for navigating this new regulatory era.
“Compliance doesn’t end with the TFR going live — that’s when the real work begins. CASPs now need to grapple with immediate implementation, operational changes, and evolving regulatory interpretations.” Delphine Forma
Key Takeaways from the Interview
No Grandfathering Period: Compliance is Immediate
Delphine was quick to stress that the TFR does not include a grace period. Compliance is mandatory from day one, including Title VI of MiCA.
“The regulatory expectations have been clear for years. There’s no room for delay or assumption of leniency,” she told 21 Analytics.
Navigating Regulatory Ambiguity
In the conversation, Delphine highlighted how overlapping frameworks, from MiCA and DORA to PSD3, leave CASPs navigating a landscape still in flux. Regulatory authorities like ESMA are still finalising technical standards, making it essential for CASPs to stay updated and flexible.
Focus on Implementation, Not Just Documentation
“Drafting policies is easy,” Delphine said. “The real challenge is operationalising those policies, integrating them into your systems, processes, and daily business.”
Delphine emphasised that implementation must include:
- Their technology integrates the necessary compliance and risk controls per applicable policies and procedures.
- Policies and procedures are reflected in day-to-day operations.
- Policies and procedures are maintained, tested and updated.
- Systems and procedures operate as planned, requiring constant maintenance and monitoring.
Tech Matters Especially for Self-hosted Wallets
Delphine explained that the TFR puts real pressure on a CASPs’ infrastructure.
Workflows like onboarding and transaction monitoring must be updated to meet compliance standards.
When it comes to proof of ownership for self-hosted wallets, Delphine advised avoiding outdated methods like screenshots or video calls. She recommended solutions like AOPP, which are user-friendly and more reliable.
Choose the Right Travel Rule Vendor
In the discussion with 21 Analytics, Delphine broke down what CASPs should look for in a Travel Rule solution provider:
- Compatibility with their jurisdiction’s specific regulations.
- Technical capabilities, including API integration and operational workflows.
- Compatibility with counterparties.
- Handling of PII and compliance with data privacy laws.
- Self-hosted wallet support, focusing on proof of ownership methods that balance efficiency and customer experience.
- Adherence to open standards and FATF guidelines.
- Certifications like SOC2 and ISO.
- Blockchain agnosticism and the ability to support CASP due diligence (CCDD).
- Data security and privacy measures, especially given that regulations like DORA are set to elevate scrutiny of IT security.
Delphine further advised that vendor evaluation must involve both the tech and security teams.
Privacy and Data Protection
The TFR increases the sensitivity of customer data exchanges, and Delphine emphasised the importance of strong cybersecurity and privacy frameworks, explaining the need to protect CASP customer data.
Build a Culture of Compliance
Finally, Delphine encouraged CASPS to invest in compliance expertise and continuous learning, as crypto compliance isn’t static; it’s evolving fast. She urged compliance officers to stay curious and stay involved.
Join Delphine’s Crypto Compliance & Legal Telegram group to stay connected.
Delphine’s Parting Thoughts to 21 Analytics
“Post-TFR, compliance must become part of your organisation’s DNA. It’s no longer a checkbox exercise, it’s a continuous, strategic advantage for CASPS who do it right.”
About Delphine Forma
Delphine Forma is the Policy Head for Europe at Solidus Labs. She has experience at BitMEX and leading banks in the UK. She holds two master’s degrees in law and graduated from Sciences Po.
She is also the founder of the Crypto Compliance and Legal Telegram group, an advisor to startups across Europe and Switzerland, an ambassador for the Association of Women in Crypto and the Global Blockchain Business Council (GBBC), and the host of the MiCA Masters podcast.