As we work towards our mission of making crypto part of the everyday economy, we continually run into the same challenge over and over again. Trust.

Of course, we talk about trust a lot in the context of our expertise on the Travel Rule and how it builds trust in the ecosystem by working to prevent illicit transactions between virtual asset service providers (VASPs). And based on the exponential growth we’re seeing in transaction volume on the Notabene network, we can see that the market agrees with our position here – that counterparty trust between exchanges, wallet providers, and other digital asset infrastructure player is crucial to unlocking mass adoption of crypto.

What we talk less about is trust with real people. The customers of our customers who are enthusiastically driving the widespread adoption of crypto through skyrocketing activity in stablecoin payments, cross-border remittances, and trading activity on both centralized and decentralized exchanges.

To be sure, there are trust gaps here in the end-user experience that need to be addressed. Particularly the common anxiety around sending assets with confidence, knowing that the recipient on the other end of an abstract string of characters is the intended recipient of your assets. Similar challenges have been solved in other areas (think, Venmo’s recipient confirmation flows in fintech – or even ENS aliases for self-hosted wallets), but a solution has been elusive for the most common of all use cases – users on centralized crypto exchanges.

The need to ensure trust between institutions as well as trust with end-users leaves VASPs with a challenging problem.

How can they efficiently and effectively provide regulatory compliance alongside a payment experience that provides ease of use and peace of mind to the millions of real people sending crypto transactions across the globe on a daily basis?

As of today, it remains an unsolved challenge.

This is the context in which we are so excited to announce our latest innovation, a partnership with payments leader Mastercard that brings the innovative Mastercard Crypto Credential directly to payment flows on crypto exchanges using Notabene’s industry leading Travel Rule solution. A direct integration between the two services aims to bring simplicity and enhanced safety to our already powerful crypto compliance tools.

Through a pilot program with our valued partner M2, a prominent Abu Dhabi-based virtual assets service provider (VASP) regulated by the Financial Services Regulatory Authority (FSRA) within the Abu Dhabi Global Market (ADGM), Notabene will integrate Mastercard Crypto Credential into its SafeTransact platform, facilitating the secure and privacy-preserving exchange of transaction metadata for M2’s digital asset trading services.

If you are not already familiar, Mastercard Crypto Credential verifies transactions among consumers and businesses using blockchain networks, providing the assurance that a user has met a set of verification standards and confirming that the recipient’s wallet supports the transferred asset. The groundbreaking solution simplifies the consumer experience by allowing crypto exchange users to send and receive crypto using simple aliases, instead of the typically long and complex blockchain addresses. And when integrated with Notabene’s SafeTransact, it also brings greater trust and certainty to crypto transactions through the exchange of metadata and Travel Rule information.

So what are our goals with this partnership?

Our success is built upon the success of our valued customers. Our goal with this partnership is to help exchanges like M2 significantly improve counterparty identification rates, ensuring higher compliance with the Travel Rule, and reduce friction in VASP-to-VASP and cross-border transactions. By employing advanced encryption and data minimization practices, this integrated solution will help ensure that sensitive information is protected while also enabling convenient and compliant transactions for M2’s customers.

In short, our aim is to showcase how VASPs and traditional financial institutions can come together to mitigate risks associated with digital asset transfers while maintaining operational simplicity for institutions and their retail customers.

We believe our collaboration with Mastercard represents a significant leap forward in making crypto transactions as safe and straightforward as traditional financial operations. By combining our expertise in crypto compliance with Mastercard's global reach and digital assets capabilities, we're setting a new standard for consumer trust in crypto payments. This partnership is not just about solving today’s compliance challenges but also lays the groundwork for further expanding the scope of secure and trusted crypto transactions.

We’d like to extend a special thank you to our partners at Mastercard and M2 for making this possible for our customers and the industry as a whole.

----

Interested in learning more about our partnership and how you can integrate Mastercard Crypto Credential into your compliant transaction authorization workflow?

Visit notabene.id/mastercard to learn more.

Notabene, a leading provider of crypto compliance solutions, today announced a new partnership with Mastercard to bring simplicity and enhanced safety to their powerful crypto compliance tools. Through a pilot program with M2, a prominent Abu Dhabi-based virtual assets service provider (VASP) regulated by the Financial Services Regulatory Authority (FSRA) within the Abu Dhabi Global Market (ADGM), Notabene will integrate Mastercard Crypto Credential into its SafeTransact platform, facilitating the secure and privacy-preserving exchange of transaction metadata for M2’s digital asset trading services.

Mastercard Crypto Credential verifies transactions among consumers and businesses using blockchain networks, providing the assurance that a user has met a set of verification standards and confirming that the recipient’s wallet supports the transferred asset. The solution simplifies the consumer experience by allowing crypto exchange users to send and receive digital assets – such as stablecoins being leveraged for remittances, a growing use case – using simple aliases, instead of the typically long and complex blockchain addresses. This empowers people to enjoy peace of mind knowing they are transacting with verified users, while reducing the risk of losing assets due to typos or incompatible assets. It also brings greater trust and certainty to crypto transactions through the exchange of metadata and Travel Rule information.

This integration between Notabene, M2 and Mastercard aims to significantly improve counterparty identification rates, ensuring compliance with the Travel Rule while reducing friction in VASP-to-VASP and cross-border transactions. By employing advanced encryption and data minimization practices, the integration will help ensure that sensitive information is protected while also enabling convenient and compliant transactions. The pilot aims to showcase how VASPs and traditional financial institutions can come together to mitigate risks associated with digital asset transfers while maintaining operational simplicity for institutions and their retail customers.

Pelle Braendgaard, CEO of Notabene, commented on the partnership: "Our collaboration with Mastercard represents a significant leap forward in making crypto transactions as safe and straightforward as traditional financial operations. By combining our expertise in crypto compliance with Mastercard's global reach and digital assets capabilities, we're setting a new standard for consumer trust in crypto payments. This partnership is not just about solving today’s compliance challenges but also lays the groundwork for supporting innovations such as self-hosted wallet integrations, further expanding the scope of secure and trusted crypto transactions."

"As the digital assets ecosystem matures, Mastercard is continuing to innovate to stay ahead while ensuring safe, compliant, and trusted interactions,” said Raj Dhamodharan, executive vice president, Blockchain & Digital Assets at Mastercard. “By integrating Mastercard Crypto Credential with Notabene’s industry-leading compliance solutions, we're enhancing connectivity and trust to foster the adoption and integration of a range of digital assets – from Bitcoin to stablecoins – into the global financial ecosystem. This partnership with Notabene and M2 expands our reach and interoperability across the crypto landscape."

In collaboration with M2, Mastercard and Notabene are demonstrating practical applications of this joint solution. Deepak Garg, Chief Compliance Officer at M2, adds: "As a leading virtual assets service provider, we are committed to staying aligned with global regulatory standards while enhancing the user experience for our customers. By partnering with Notabene and Mastercard, we can bring even more secure and compliant digital asset transactions to a global audience. This approach not only strengthens trust with our customers, but also opens new opportunities for growth by expanding the network of reliable counterparties for safe and secure transactions."

The pilot program is currently limited to select regions, including the United States, Brazil, Mexico, Argentina, and several European countries, with plans for expansion in the near future.

Interested in integrating Mastercard Crypto Credential into your transaction authorization workflow? Visit notabene.id/mastercard to learn more.

Media Contact
Clay Fain, Notabene
[email protected]

About Notabene
Notabene is the crypto industry’s premier platform for pre-transaction authorization and decision-making, empowering customers to detect and prevent high-risk activities before they occur. With SOC-2 and ISO27001 security certification and a strong focus on privacy and user experience, Notabene’s flagship product, SafeTransact, offers a comprehensive suite of features, including real-time authorization, decision-making, counterparty sanctions screening, and self-hosted wallet identification. Headquartered in New York, Notabene operates globally and has a presence in Switzerland, Singapore, Germany, and the United Kingdom.

Trusted by over 200 companies, including Copper, Luno, Crypto.com, and Bitstamp, Notabene offers a full suite of Travel Rule compliance tools to ensure compliance with global and local regulations.
www.notabene.id

About M2
Headquartered in Abu Dhabi, M2 has a mission to drive virtual asset adoption within the UAE by delivering a secure and transparent trading environment for investors. The platform provides investors with a growing suite of virtual asset products while ensuring strict regulatory compliance. Regulated by the Financial Services Regulatory Authority (FSRA) located in the Abu Dhabi Global Market (ADGM), M2 Limited and M2 Custody Limited are committed to ensuring a safe trading experience, upholding the highest standards of regulatory compliance.

www.m2.com

About Mastercard

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re building a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

www.mastercard.com

‍

As crypto compliance reaches its tipping point due to key jurisdictions enforcing Travel Rule regulations such as the European Union, Turkey, Seychelles, South Africa, and others – the Travel Rule has become a critical focus for Virtual Asset Service Providers (VASPs). The requirement to securely share and verify sender and recipient information along with crypto transactions is a foundational step toward fostering trust in the ecosystem. However, the methods employed to meet these requirements vary widely—and not all are sustainable.

One approach, the email-based method for data exchange, has gained traction among some platforms and VASPs. While this method might seem efficient on the surface, it faces significant scalability, security, and operational challenges that limit its effectiveness in the long term. 

Why do email-based solutions fall short? And what critical decisions should VASPs make in order to future-proof their compliance operations? 

Let's explore.

Operational Scalability: The Breaking Point

At the heart of the Travel Rule is the exchange of information between originating and beneficiary VASPs. Email-based systems satisfy this basic minimum requirement and typically follow a process like this:

1. The originator VASP sends a notification email to the beneficiary VASP.
2. The beneficiary receives the email, verifies their identity (often through a code or similar mechanism), and accesses the shared information.
3. The information is presented in a downloadable file, such as a JSON object.

While this process may work for VASPs with low transaction volumes, its scalability crumbles under the real-world demands that come with substantial daily transaction volume:

• Manual Verification: Each transaction requires individual attention, from opening emails to entering verification codes. For VASPs handling hundreds or thousands of transactions daily, this approach is operationally infeasible.
• File Processing Overload: Beneficiaries often receive raw data files, leaving them responsible for integrating the information into their systems. This creates additional friction and inefficiency.
• Lack of Automation: Without robust integration options, email-based solutions force compliance teams into repetitive manual workflows, increasing the risk of human error and missed deadlines.

In today’s fast-paced crypto environment, these limitations make it clear that email-based methods cannot support the industry’s growing needs.

Security and Privacy Risks

Another critical challenge for email-based solutions is ensuring data security and privacy—an area of increasing scrutiny in jurisdictions like the EU, where compliance is non-negotiable. Key concerns include:

• Data Exposure: Email, while widely used, is not inherently secure. Even with encrypted attachments, the transmission of sensitive customer information via email introduces vulnerabilities.
• PII Handling: Downloading and storing Personally Identifiable Information (PII) on local machines can lead to unintended breaches. Once the data leaves the secure confines of a system, it’s much harder to track and control.
• End-to-End Encryption: True end-to-end encryption, where data is encrypted from the point of origin to its final destination, is often missing in email-based systems. This leaves a critical gap in protecting sensitive information.

In fact, email-based systems are particularly vulnerable to cyberattacks, making them a less secure option for handling sensitive information. According to a Forbes article, in 2023, more than 94% of organizations reported email security incidents.

Poor User Experience for Beneficiaries

While many email-based systems focus on the needs of the originating VASP, they often neglect the beneficiary’s experience. This creates friction and decreases the likelihood of successful data exchange:

• Cumbersome Processes: Beneficiaries are required to open emails, verify their identity, and process files manually. For smaller VASPs with limited resources, this process can be overwhelming.
• No Response Mechanism: Many email-based systems lack a way for beneficiaries to confirm or reject transactions, leaving originating VASPs in the dark about the status of their requests.
• No process for handling missing information: These systems often fail to address scenarios where information is incomplete or inaccurate. Beneficiaries have no standardized way to request corrections or additional details, further complicating the process and risking regulatory non-compliance. This lack of flexibility increases frustration for compliance teams and hampers successful collaboration between VASPs.

The Path Forward: Scalable Alternatives

To overcome these challenges, VASPs need to embrace solutions designed for scalability, security, and efficiency. Key features of a robust Travel Rule compliance system include:

• Automation: Eliminating manual processes through API integrations and automated workflows reduces friction and increases scalability.
• Real-Time Verification: Direct communication between VASPs enables faster responses and better alignment with regulatory requirements.
• End-to-End Encryption: Protecting data at every stage of the process ensures compliance with GDPR and other privacy regulations.
• Feedback Mechanisms: Allowing beneficiaries to confirm or reject transactions creates a complete compliance loop, enhancing trust and transparency.

The Bottom Line

The crypto industry is at a crossroads. As compliance requirements become more stringent, the need for scalable, secure, and user-friendly solutions is greater than ever. 

Email-based Travel Rule solutions, while functional in limited scenarios, cannot support the industry’s growth or the regulatory demands of tomorrow. 

VASPs must prioritize modern, scalable platforms that address the full range of operational, security, and compliance needs. Now is not a time to settle for the bare minimum in terms of Travel Rule compliance, because security and scalability are not things you settle on. 

By considering needs beyond the most basic check-the-box requirements, VASPs can not only meet today’s compliance obligations but also build a foundation for a more efficient, secure, and compliant future for their business.

It’s official—Turkey has introduced FATF-aligned Travel Rule regulations to its cryptocurrency framework! These updates mark a major milestone for the crypto industry in the region, strengthening transparency and security for digital asset transactions. As leaders in this space, we're here to help you navigate what this means for your organization.

What You Need to Know

Travel Rule in Turkey will be in effect as of February 25, 2025.

Note: This is a summary of the new guidelines. For a full picture of Travel Rule compliance in Turkey, please visit our comprehensive Turkey jurisdiction page, or schedule time for a free consultation with our regulatory experts.

Regulating Body and Regulated Entities

The Financial Crimes Investigation Board (MASAK), under the Ministry of Treasury and Finance, is the primary regulatory authority overseeing cryptocurrency in Turkey. MASAK is responsible for implementing anti-money laundering (AML) and counter-terrorism financing (CTF) regulations, including the enforcement of the FATF-aligned Travel Rule. As such, Virtual Asset Service Providers (VASPs) in Turkey are required to register with MASAK and comply with its AML and CTF framework. Notably, MASAK has expanded the definition of regulated entities to include certain financial transactions and service providers, including e-commerce platforms and large-scale intermediary service providers.

What is the minimum threshold for the Crypto Travel Rule in Turkey?

While the Crypto Travel Rule in Turkey applies to all transfers, there is a wider scope of information that needs to be transmitted for transfers of 15,000 TL or above. Additionally, no information verification is required for transfers below 15,000 TL.

What personally identifiable information is required to be shared for the Crypto Travel Rule in Turkey?

Transfers ≥15,000 TL must include:

Originator:

• Name or entity name
• Wallet address or transaction reference number
• One of the following identifiers:
  • Address
  • Date and place of birth
  • Customer number
  • National identification number (e.g., citizenship number, passport number, or tax identification number)

Beneficiary:

• Name or entity name
• Wallet address or transaction reference number

Transfers <15,000 TL must include:

Originator and Beneficiary:

• Name or entity name
• Wallet address or a transaction reference number

Handling Missing Information

Crypto service providers must request missing details. Transfers with unresolved deficiencies will be returned or rejected, and persistent non-compliance could result in business restrictions.

Risk-Based Measures

VASPs must perform enhanced due diligence for high-risk transactions, collecting additional information and restricting transfers if necessary.

Unregistered Wallets

Transfers to and from unregistered wallets now require a customer declaration, ensuring all transactions comply with AML measures.

Implications for Compliance Teams

Businesses operating in Turkey must prepare for operational changes, such as:

✅ Updating systems to verify sender details for qualifying transactions.

✅ Implementing enhanced due diligence for high-risk transfers.

✅ Collecting declarations for unregistered wallet transactions.

What about VASPs outside of Turkey?

When dealing with foreign providers not obligated to share sender/recipient details, obtain customer declarations with similar identifiers. This means that non-Turkish VASPs will need to be prepared to respond to Travel Rule requests from any customers of Turkish VASPs, even if they are not operating in a regulated jurisdiction, or else face the potential of returned transfers, the rejection of future transactions or termination of business relationships.

Why It Matters

MASAK’s proactive measures create a more transparent and secure ecosystem for virtual assets, enabling trust between service providers and users. But with stricter requirements comes the need for robust compliance solutions.

💡 That’s where Notabene comes in. Our platform offers seamless compliance management, helping VASPs navigate these changes while reducing operational friction.

How is your team preparing for these changes?

To discuss how Notabene can support your compliance journey, schedule time for a free consultation with our regulatory experts

Notabene’s 2024 in Review: Scaling Trust, Compliance, and Innovation

As 2024 comes to a close, we reflect on a year where compliance, trust, and global connectivity reached new heights. From record-setting growth to major strides in regulatory clarity, Notabene helped pave the way for a more secure and compliant crypto ecosystem. While we celebrate this progress, we’re also looking ahead—toward a future where stablecoins and institutional adoption transform global payments.

2024 in Review

Record Platform Growth

In 2024, Notabene eclipsed $500 billion in total transaction volume, representing a 10x growth from the previous year. This includes over 32 million secure and compliant transfers across 85+ jurisdictions, and over 190 customers across the globe. We’re proud of what these numbers mean for us as a business, but just as importantly, they underscore the rapid acceleration of Travel Rule across the globe.

Of course, growth is not a singular measure of success in our space. Delivering on our core promise of helping our customers transact safely, our platform has now proactively identified and prevented over $1 billion in high-risk transactions!

Leadership in Regulatory Engagement

2024 was a pivotal year for advancing regulatory compliance in the virtual assets industry. Notabene played a critical role in supporting stakeholders worldwide by:

• Guiding 60+ customers in achieving readiness for major Travel Rule deadlines, including the EU’s Transfer of Funds Regulation (TFR)
• Facilitating regulatory sandbox sessions with the European Banking Authority (EBA) to explore solutions for compliance hurdles
• Engaging with regulators across 42 meetings in 2024 to foster industry-friendly solutions
• Responding to 14 regulatory consultations, shaping critical frameworks that impact the virtual asset ecosystem
• Producing 16 webinars, 8 conferences, and welcoming 935 new learners into our Notabene Academy Certification programs, bringing industry insights together with actionable industry activation of Travel Rule compliance and FATF guidance
• Supporting customers in making sense of new Travel Rule implementation plans across the globe including Australia, Isle of Man, Kazakhstan, New Zealand, Qatar, Seychelles, South Africa, Turkey, and beyond

Notabene continues to serve as a trusted partner, helping clients and regulators navigate the evolving landscape of compliance with innovative tools and deep expertise.

Inaugural Notabene Summit

This year, we hosted the Notabene Summit in Barcelona, a landmark event that brought together leaders in crypto, traditional finance, and regulation to collaborate on the future of compliant digital payments. The Summit featured in-depth discussions on regulatory frameworks, interoperability, and institutional trust, with insights from partners including Coinbase, Fireblocks, and Circle.

The event underscored the industry’s collective momentum in scaling global compliance solutions and driving adoption of secure, interoperable systems.

We can’t wait to share the details on our 2025 Summit—more information will be announced soon!

Product Innovation in Travel Rule Compliance

At Notabene, we’re continually raising the bar for what’s possible in compliance technology.

Next-Generation Self-Hosted Wallet Solutions
Our enhanced self-hosted wallet verification solutions deliver an unmatched user experience by providing four robust proof methods of verification for infinite self-hosted wallets, to seamlessly manage counterparty risk while providing a smooth user experience for our customer’s users

Introduced SafeTransact for Networks
We announced SafeTransact for Networks to improve network reachability and accelerate Travel Rule adoption by enabling a seamless VASP-to-VASP compliance layer directly on top of existing networks where trusted transactions are already occurring.

Expanded Open Protocols
We built the open-source Transaction Authorization Protocol (TAP) to further accelerate the industry’s movement towards open protocols and, along with the interoperability of our SafeGateway solution, enable more VASPs to easily connect across various protocols and networks.

Strengthened Network Security
We prioritized robust security measures to safeguard data and ensure trust across our platform. Notabene is SOC 2 compliant and ISO27001 certified, adhering to globally recognized standards for information security. Our platform incorporates advanced safeguards, including encryption, firewalls, and multi-factor authentication (MFA), ensuring the highest levels of data protection for our customers and their users.

Looking Ahead: 2025 and Beyond

With our recent $14.5 million Series B funding, led by DRW VC and supported by funds managed by Apollo, Nextblock, Wintermute, Jump Capital, Illuminate Financial, as well as participants from previous rounds, Notabene is poised to accelerate growth and innovation in 2025 and beyond. With this investment, we aim to accelerate our growth while focusing on what we believe will be a few prevailing industry trends in 2025.

Stablecoins have evolved from a niche use case to a critical component of the global payments ecosystem. Institutions and regulators are taking note, with major players entering the space and governments racing to establish clear guidelines.

For institutions, stablecoins offer a unique opportunity: fast, transparent, and cost-efficient cross-border transactions that integrate seamlessly into existing financial systems. However, they also bring new regulatory requirements that businesses must meet to operate confidently in this growing market.

Notabene is leading the way by providing tools that enable institutions to adopt stablecoins with compliance and trust at the core. With features like enhanced transaction monitoring, counterparty validation, and scalable compliance solutions, we’re helping businesses unlock the true potential of stablecoins in global payments.

With the EU’s Transfer of Funds Regulation (TFR) and MiCA taking center stage, 2024 marked a tipping point for regulatory clarity in the crypto space. As these frameworks set the tone for global compliance, momentum is building for 2025 to be a year of rapid progress.

In Europe, the December 30, 2024 enforcement of the TFR will bring uniformity to crypto asset transfers across the EU’s 27 member states (and 3 EEA members), forcing businesses inside and outside of the EU to adapt to stricter compliance requirements. Meanwhile, the U.S. is preparing to expand the Travel Rule to Registered Investment Advisers (RIAs) on January 1, 2026, signaling growing regulatory focus across major jurisdictions.

Beyond the EU and U.S., we anticipate further progress globally as more countries align their frameworks with FATF standards. The industry is entering what we call the “Dawn of the Travel Rule,” where trust and compliance will drive broader adoption of crypto assets on a global scale.

This trend isn’t just about meeting compliance mandates—it’s about unlocking opportunities for businesses operating in regulated environments. By leveraging Notabene’s solutions, companies can stay ahead of these changes, ensuring both compliance and competitive advantage.

We hear from customers all the time about the frustrating and avoidable challenges that result from closed Travel Rule protocols walled off by gatekeepers in the industry. This is why we have invested in developing decentralized protocols like TAP and solutions like SafeTransact for Networks.

Open protocols will increase the one metric that matters most to crypto businesses: reachability—the ability for VASPs and institutions to not only connect, but actually facilitate the exchange of information across different systems and networks. By removing technical and regulatory barriers, open protocols make it easier to transact securely and at scale.

We believe strongly that only open protocols can eliminate these barriers and enable institutions to transact securely and at scale—helping to realize our shared vision of a future where crypto is a part of the everyday economy. We’re beginning to see others follow our lead here towards a truly open future.

Join Us in Shaping the Future

To our customers, partners, and team: thank you for your trust and collaboration. Together, we are paving the way for a world where secure, seamless, and compliant crypto payments unlock new opportunities across borders and industries.

Ready to shape this future together? 

Book a call to learn more about our industry-leading Travel Rule solution

Contact us to learn more about partnership opportunities

Join our team as we hire across multiple departments in 2025

Here’s a roundup of what you need to know from the last week in global crypto regulatory news.

🌎 Americas

🇺🇸 United States

President-elect Trump appoints AI and crypto czar. President-elect Donald Trump has named David Sacks, a venture capitalist and former PayPal executive, as the White House’s artificial intelligence and cryptocurrency czar. Sacks is expected to lead the administration’s policies on AI and digital assets, signaling a proactive approach to emerging technologies.

President-elect Trump shifts SEC leadership. President-elect Donald Trump has nominated Paul Atkins, a former SEC commissioner and advocate for digital assets, to replace Gary Gensler as SEC chair. Atkins is expected to bring a more crypto-friendly approach to regulation.

🌍 EMEA

🇬🇧 United Kingdom

FCA unveils crypto regulation roadmap. The Financial Conduct Authority (FCA) released a detailed plan for comprehensive crypto regulations by 2026. Findings show over 12% of U.K. adults hold crypto, emphasizing the need for clear regulatory frameworks.

🇪🇺 European Union

EBA publishes explainer on AML/CFT in crypto. The European Banking Authority (EBA) released a comprehensive explainer on preventing money laundering and terrorism financing in the EU’s crypto-assets sector. The document highlights key requirements under MiCA and the latest AMLD amendments, including the implications of the grandfathering clause. This resource offers essential insights into the EBA’s efforts to align crypto compliance with EU standards.

💡Go deeper with our recent article on debunking the myth of the Grandfathering Clause for the European Travel Rule.

🇲🇦 Morocco

Morocco drafts crypto regulations. Bank Al-Maghrib introduced regulations developed with World Bank support, focusing on financial inclusion and long-term CBDC exploration.

🌏 APAC

🇹🇼 Taiwan

Taiwan accelerates AML compliance for VASPs. The Financial Supervisory Commission (FSC) moved the AML registration deadline for Virtual Asset Service Providers (VASPs) to November 30, 2024. Updated guidelines include tracking suspicious activities and unusual transactions.

🌐 Global Highlights

Global Blockchain Business Council (GBBC)

GBBC launches GSMI 5.0, mapping blockchain regulation. The latest edition of GSMI 5.0 features global regulatory developments, taxonomy for 391 key terms, and in-depth reports on sustainability, AI convergence, and decentralized finance.

Questions? Contact [email protected]

Verifying self-hosted wallet ownership is a critical step in ensuring regulatory compliance while maintaining user trust and convenience. 

At Notabene, we offer 4 proof methods, each tailored to different needs and scenarios. 

Read on to learn more about these options, how they work, and why a user might choose each method depending on their circumstances.

1. Digital Signature: The Gold Standard for Blockchain Verification

Digital signatures use cryptographic algorithms to prove ownership of a blockchain address directly from the wallet. This method is highly secure, seamless, and widely supported across blockchains. While the specific signature standards vary by blockchain, the overall logic and flow remain similar, ensuring consistent user experience.

Advantages

• Highly secure and proof
• Fully automated for faster verification

Supported Wallets

• EVM-Compatible: MetaMask, WalletConnect, Ledger, Trezor, etc.
• Bitcoin: Electrum, Ledger, Trezor, BlueWallet, etc.
• Solana: Phantom, Solflare, etc.
• Other Blockchains: TronLink (Tron), Daedalus (Cardano)

Digital signatures are the gold standard for wallet ownership proof when security, versatility, and compliance are critical.

2. Microtransaction: Blockchain-Recorded Proof

Microtransaction (often referred to as the Satoshi Test) involves sending a small transaction from the wallet to confirm ownership. This method relies on blockchain records and is particularly useful for wallets that do not support signing messages.

Advantages

• Transparent proof recorded on the blockchain
• Works for any wallet capable of making transactions
• Ideal for cases where digital signature is unavailable

Supported Wallets

• No restrictions, if wallet cable to send transactions :)

Microtransactions provide a robust alternative when digital signatures are unavailable, offering trustless verification through the blockchain.

3. Screenshot: Quick and Visual Proof

The screenshot method involves capturing the wallet interface to visually prove ownership of the wallet. This method is simple and accessible, especially for non-technical users.

Advantages

• Quick and easy to perform
• Works for any wallet with a graphical user interface
• Accessible for less tech-savvy users

Supported Wallets

• Any wallet with a GUI, including mobile and desktop wallets.

4. Self-Declaration: Simple and Declarative Proof

Self-declaration involves a user’s assertion of wallet ownership through a signed checkbox. While less secure than other methods, it’s useful for jurisdictions or cases with no strict compliance requirements

Today, the European Banking Authority (EBA) released an explainer entitled Preventing Money Laundering and Terrorism Financing in the EU’s Crypto-Assets Sector. As the crypto landscape evolves, the EU is tightening its grip on compliance with the introduction of MiCAR (Markets in Crypto-Assets Regulation) and its accompanying AML/CFT rules, including the Transfer of Funds Regulation (TFR).

One common misconception among crypto-asset service providers (CASPs) is that MiCAR includes a “grandfathering” exemption under the new European Travel Rule. 

Let’s set the record straight: this is definitively not the case.

▶︎ Watch this special video message from Lana Schwartzman, Head of Regulatory & Compliance at Notabene, explaining why compliance with TFR is so important, as what consequences may face CASPs that fail to comply.

What Does Article 143(3) of MiCAR Really Say?

The much-discussed Article 143(3) states:

“Crypto-asset service providers that provided their services in accordance with applicable law before 30 December 2024, may continue to do so until 1 July 2026 or until they are granted or refused an authorization pursuant to Article 63, whichever is sooner.”

At first glance, this might appear to grant a blanket reprieve for CASPs operating before the cut-off date. In reality, the provision is far more limited in scope.

What This Provision Actually Means

While this transitional clause provides a limited window for CASPs to continue operating while applying for MiCAR authorization, it is not a free pass to avoid compliance. CASPs operating under existing frameworks—such as AMLD (Anti-Money Laundering Directive) or domestic AML/CFT regimes—must still adhere to all applicable AML/CFT requirements and that includes the Regulation (EU) 2023/1113, also know as the Transfer of Funds Regulation (TFR).

In simple terms:

• Yes, CASPs can keep operating during the transitional period.
• No, this does not exempt them from complying with the updated AML/CFT framework (including TFR).

The same stringent rules that apply to credit and financial institutions also apply to “grandfathered” CASPs.

The Travel Rule is Here to Stay

A major component of these regulations is the European Travel Rule, requiring CASPs to ensure that crypto transfers include comprehensive information about both originators and beneficiaries with the goal of preventing illicit activities like money laundering and terrorist financing in the crypto ecosystem and reporting it. This rule is non-negotiable and applies equally to CASPs during the transitional period.

Furthermore, CASPs engaging in transactions with self-hosted wallets or operating across borders will need to implement robust measures to trace and verify transfers.

Why Compliance Matters Now

While the transitional period may offer some operational flexibility, CASPs that delay in meeting compliance requirements risk jeopardizing their long-term viability. Here’s why:

• Increased Scrutiny: The EBA and upcoming EU AML Authority are tasked with enforcing strict compliance.
• Reputation at Stake: Operating without adherence to AML/CFT standards could harm trust with customers, partners, and regulators. As a matter of fact, we published earlier this year the results of our State of Crypto Travel Rule Report which showed from the survey that 66% of VASPs restrict withdrawals that do not comply with Travel Rule requirements
• Operational Risks: Failure to comply could lead to service suspension, fines, or denial of authorization.

For more on the risks of not complying with TFR, read our recent article on the Consequences of Non-Compliance with EU's Travel Rule After December 30th.

The Path Forward for CASPs

For CASPs looking to thrive under the new regime:

1. Act Now: Begin implementing Travel Rule solutions and robust AML/CFT measures immediately.
2. Understand the Framework: Familiarize yourself with MiCAR, Regulation (EU) 2023/1113, and the EBA Travel Rule Guidelines.
3. Prepare for Licensing: Gather the necessary documentation and establish a compliance-first culture to streamline your MiCAR authorization process.

Debunking the Myth

The takeaway is clear: there is no blanket “grandfathering clause” exempting CASPs from compliance. The transitional provision simply ensures continuity while maintaining full AML/CFT obligations.

As the compliance deadline of December 30, 2024 approaches, proactive measures will separate the leaders from those left scrambling to catch up. The time to act is now—ensure your operations are Travel Rule-ready and compliant with the evolving regulatory landscape.

Let’s work together to build a safe, compliant, and thriving crypto ecosystem in the EU. 🌍

As the EU’s Travel Rule regulations continue to advance, other global regions are beginning to feel the ripple effects. The Transfer of Funds Regulation (TFR), notably Regulation (EU) 1113/2023, sets stringent requirements on crypto asset service providers (CASPs) within the EU to mitigate risks of money laundering, terrorist financing, and other financial crimes. 

Yet, the effects of these rules extend beyond EU borders, influencing jurisdictions worldwide as they adapt to the standards set forth by these robust regulations.

Let’s have a look at some of the ways the EU’s TFR could impact regions globally.

A Surge in Global Compliance Demand

North America

VASPs in the US and Canada are closely observing the EU’s strict stance, with regulators considering updates or FAQs to enhance their own frameworks. The EU’s Travel Rule has set a benchmark, making it difficult for non-compliant entities to serve EU-based customers without adhering to similar standards.

Asia-Pacific

Countries like Singapore and Japan, which have already implemented Travel Rule provisions, are likely to refine their compliance measures further to align with EU requirements. This is especially important as EU-based financial institutions increasingly demand verification of counterparties in these regions.

Strengthening Due Diligence and AML Practices

The EU’s TFR mandates comprehensive due diligence for CASPs, which has led other jurisdictions to adopt or enhance similar anti-money laundering (AML) practices. For instance, LATAM countries, particularly those with high remittance flows, are tightening scrutiny on VASP activities to align with FATF recommendations and TFR influences.

For example, according to Reuters, Argentina’s cryptocurrency transactions have surged to $85.4 billion in the past year, raising concerns about money laundering. In response, the government is implementing new regulations, including a July 2024 fiscal package offering tax amnesty for individuals declaring up to $100,000 in registered crypto assets. This initiative aims to align with Financial Action Task Force (FATF) standards and prevent Argentina from being placed on the FATF’s grey list, which could deter foreign investment and harm the economy. Additionally, the government is amending laws related to money laundering and reporting entities to strengthen oversight of the crypto market. Regionally, the Financial Action Task Force of Latin America (GAFILAT), comprising 18 countries from South, Central, and North America, is enhancing anti-money laundering frameworks to align with global standards.

These efforts ensure that transactions from different regions meet EU standards, thereby reinforcing global AML practices.

Influencing Emerging Economies and Adoption Challenges

For emerging markets, particularly in Africa, the drive toward compliance is becoming essential as EU-based users and entities prefer to transact only with VASPs in compliance with their own regulatory standards. 

This could either foster rapid compliance adoption or limit market access for non-compliant VASPs in these regions. This was also noted in our State of Crypto Travel Rule Report where survey results showed that VASPs are increasingly intolerant towards transacting with counterparties that do not comply with the Travel Rule. In fact, over 66% of VASPs somehow restrict withdrawals that don't comply with Travel Rule requirements.

In Nigeria, a leading African cryptocurrency market, VASPs face pressure to align with international standards to maintain global market access. In December 2023, the Central Bank of Nigeria (CBN) issued guidelines for VASPs, lifting a two-year restriction on financial institutions operating accounts for cryptocurrency service providers or processing crypto-related transactions. However, smaller VASPs often struggle with the financial and operational burdens of compliance, creating a dichotomy:

• Rapid Compliance Adoption: VASPs that can afford necessary compliance measures may gain a competitive advantage by attracting EU-based clients and partners, thereby expanding their market reach.
• Limited Market Access: Conversely, VASPs unable to meet these standards risk exclusion from transactions with EU entities, limiting their growth potential.

This dynamic underscores the importance for African VASPs to invest in compliance infrastructure. While initial costs may be high, the long-term benefits include maintaining access to international markets, fostering trust with global partners, and enhancing the overall credibility of the African cryptocurrency market, which can attract more investors and users.

Increasing Demand for Compliance Technology

As VASPs worldwide aim to meet EU standards, the demand for compliance technology is surging. Many are adopting regtech solutions to streamline KYC, AML, and data-sharing processes, enabling efficient alignment with international standards, particularly for cross-border transactions. This trend is reshaping how global VASPs approach compliance.

The Road Ahead: Potential Challenges and Opportunities

The EU’s TFR is reshaping the regulatory landscape, creating both challenges and opportunities for global VASPs. Increased regulatory pressure may lead to market consolidation, where larger entities excel while smaller players struggle to adapt. However, harmonized regulations promise more secure, trustworthy global transactions, offering users a safer and more navigable digital asset ecosystem.

This evolving environment demands proactive investment in compliance solutions. For VASPs, adapting to these changes is not just a regulatory necessity—it’s an opportunity to enhance credibility, foster innovation, and help standardize the global digital transaction landscape.

If your business is located outside of the EU and you would like to speak with our team about implementing a TFR-compliant Travel Rule program, you can schedule a free demo of our solution at notabene.id/demo

Lately, we’ve been hearing a recurring question from our customers and prospects: Is the EU Transfer of Funds Regulation (TFR) being postponed by six months? Let’s set the record straight.

The short answer: No, the TFR is not being delayed.

Understanding the Source of the Confusion

This misunderstanding likely stems from recent discussions around MiCA (Markets in Crypto-Assets) regulatory technical standards (RTS). As members of BlockchainForEurope, we’ve joined others in addressing concerns about MiCA’s RTS and its implementation timeline. The letter we co-signed with other industry members highlights several key challenges that MiCA introduces, including:

1. Timing and Legal Uncertainty: With less than two months left before MiCA’s application on December 30, 2024, delays in RTS adoption have left both national competent authorities (NCAs) and CASPs scrambling to prepare.
2. Inconsistent Transitional Periods: Divergent “grandfathering” clauses across Member States create a compliance patchwork—5 months in Lithuania versus 18 months in France—undermining the intended harmonization.
3. Foreseeable Delays and Risks: Without coordinated measures, we risk regulatory uncertainty, market disruptions, and reputational harm, detracting from MiCA’s goals.
4. Operational Challenges: CASPs face impractical requirements, such as applying in all Member States, while some states have ceased accepting pre-MiCA applications.
5. Proposed Mitigations: The letter calls for ESMA to issue a “no action” letter to promote consistency among NCAs and extend transitional arrangements.

How Does This Relate to TFR?

It’s crucial to understand that MiCA and TFR are separate regulations. While MiCA includes transitional or “grandfathering” clauses for existing CASPs, the TFR does not.

For TFR, there is no "traditional" transitional period. Under the EBA Travel Rule Guidelines, until July 31, 2025, CASPs may exceptionally use infrastructures or services with technical limitations, but are required to implement additional technical steps to ensure full compliance with the requirements. This does not exempt them from Travel Rule compliance. CASPs using such infrastructures are required to take additional technical steps to ensure full compliance with the Travel Rule during this period. This means that all existing CASPs, regardless of their new status, must fully comply with the TFR requirements by the official application date. Any delays or mitigations proposed under MiCA will not directly impact TFR timelines.

Failing to comply with the TFR by the December 30, 2024, deadline carries serious consequences, including the potential for service disruptions, reputational damage, and regulatory penalties. We recently explored this topic in detail in our article: The Consequences of Non-Compliance with the EU’s Travel Rule After December 30th. If you’re preparing for compliance, it’s worth a read.

At Notabene, we’re committed to helping businesses navigate these regulatory complexities. If you have questions or concerns about preparing for the TFR, we’re here to help. Feel free to reach out to our Regulatory & Compliance team at [email protected] 

Celebrating 25 Million Transfers and $500B in Transaction Volume Processed on the Notabene Network

We’re so proud to announce that Notabene has reached a significant milestone – processing over 25 million transactions and $500B in transaction volume through our secure Travel Rule compliance solution. This achievement underscores our position as the industry’s largest active Travel Rule network, as well as our commitment to facilitating secure and compliant cryptocurrency transactions on a global scale.

As a leader in Travel Rule compliance since 2020, Notabene has been at the forefront of enabling Virtual Asset Service Providers (VASPs) to meet regulatory requirements while maintaining the efficiency and speed that crypto users expect. Our solution has become an integral part of the crypto ecosystem, bridging the gap between traditional financial regulations and the innovative world of digital assets.

Reaching 25 million transactions is not just a number—it's a testament to the scale and impact of our solution in the crypto compliance industry. This milestone has far-reaching implications for the broader crypto ecosystem. It demonstrates that large-scale compliance is not only possible but can be achieved without sacrificing the speed and efficiency that are hallmarks of cryptocurrency transactions. It also shows that the industry is maturing, with VASPs increasingly prioritizing regulatory compliance as part of their operations.

By facilitating 25 million compliant transactions, Notabene has played a crucial role in driving Travel Rule compliance within the crypto industry. This has contributed to increased trust and legitimacy in the eyes of regulators and traditional financial institutions, while enabling our customers to grow their business in a scaleable way.

Our Journey to 25 Million

The path to 25 million transactions has been marked by continuous innovation, strategic partnerships, and overcoming significant challenges in partnership with our valued customer base. Along the way, we have:

• Launched our first Travel Rule solution in 2020
• Expanded our network to include VASPs from over 50 countries
• Implemented support for multiple blockchain protocols and countless crypto wallets
• Launched first of its kind Phased Implementation Plan to aid VASP roll out of Travel Rule
• Launched the first Travel Rule Certification program in the crypto industry
• Engaged extensively with regulators and industry associations to address some of the most complex challenges in implementing the Travel Rule
• Developed and released the Transaction Authorization Protocol (TAP), a decentralized protocol solution for the entire industry
• Launched our innovative SafeTransact for Networks, bringing a layer of compliance to the robust networks where transactions already occur
• Built a best-in-industry self-hosted wallet solution that provides end-users with an elegant UX with a simple and powerful embeddable component

And we’re just getting started.

We will continue to rapidly grow our network volume by adapting to rapidly evolving regulations, ensuring interoperability with various VASP systems, and maintaining the highest standards of data security and privacy.

As we celebrate this milestone, we want to highlight our commitment to being the leading provider of Travel Rule solutions in the cryptocurrency space. This achievement would not have been possible without the trust and collaboration of our partners, clients, and the dedicated Notabene team.

To VASPs not yet on our network, there’s never been a better time. Join the largest and most far-reaching Travel Rule compliance network in the crypto industry.

Contact our team to learn how Notabene can help your organization meet Travel Rule requirements and be part of the next 25 million transactions.

For compliance professionals across Europe, the Transfer of Funds Regulation (TFR) plays a pivotal role in enhancing transparency and combating money laundering and terrorist financing. While its primary objective is to align with the Financial Action Task Force’s (FATF) “Travel Rule” for European Union (EU) member states, it’s equally important—but sometimes overlooked—that it also applies to the European Economic Area (EEA) member states, namely Norway, Iceland, and Liechtenstein. This blog post delves into how the TFR extends to the EEA, ensuring a homogeneous regulatory framework across the region.

TFR in the EEA: Not Just an EU Regulation

The TFR was first established under Regulation (EU) 2015/847*, mandating that financial service providers share information accompanying transfers of funds. This regulation is designed to combat money laundering and terrorist financing by ensuring transparency in financial transactions. When the regulation was introduced, the EEA Joint Committee, responsible for aligning EEA non-EU members with relevant EU regulations, formally incorporated it into the EEA Agreement.

EEA Joint Committee Decision No. 198/2016*, adopted on 30 September 2016, amended Annex IX (Financial Services) of the EEA Agreement to include the TFR, thereby extending its applicability to Iceland, Liechtenstein, and Norway. This decision ensured that non-EU EEA members implement the TFR within their financial systems, thus aligning their AML measures with EU standards.

The Complete List of EEA Countries Impacted by the TFR

Understanding which countries the TFR applies to is key for compliance. Here’s the full list of EEA member states:

EU Member States (27 countries): 

• 🇦🇹 Austria
• 🇧🇪 Belgium
• 🇧🇬 Bulgaria
• 🇭🇷 Croatia
• 🇨🇾 Cyprus
• 🇨🇿 Czech Republic
• 🇩🇰 Denmark
• 🇪🇪 Estonia
• 🇫🇮 Finland
• 🇫🇷 France
• 🇩🇪 Germany
• 🇬🇷 Greece
• 🇭🇺 Hungary
• 🇮🇪 Ireland
• 🇮🇹 Italy
• 🇱🇻 Latvia
• 🇱🇹 Lithuania
• 🇱🇺 Luxembourg
• 🇲🇹 Malta
• 🇳🇱 Netherlands
• 🇵🇱 Poland
• 🇵🇹 Portugal
• 🇷🇴 Romania
• 🇸🇰 Slovakia
• 🇸🇮 Slovenia
• 🇪🇸 Spain
• 🇸🇪 Sweden

EEA EFTA States (3 countries): 

• 🇮🇸 Iceland
• 🇱🇮 Liechtenstein
• 🇳🇴 Norway
  

It’s worth noting that 🇨🇭 Switzerland, although part of the European Free Trade Association (EFTA), is not a member of the EEA and is therefore not directly subject to the TFR.

How the TFR Enhances AML/CFT Measures Across the EEA

The TFR strengthens AML and Counter Financing of Terrorism (CFT) measures by requiring payment service providers to attach detailed payer and payee information to transfers of funds. For the EEA as a whole, this means consistent AML compliance standards for financial institutions across both EU and non-EU EEA states.

When Regulation (EU) 2023/1113* updated the TFR, it further extended these obligations specifically for virtual asset service providers (VASPs), bringing them under the same AML/CFT standards. This update is part of the EU’s broader Markets in Crypto-Assets (MiCA) framework, which aims to regulate cryptocurrency service providers consistently across the EEA.

This update extended obligations to VASPs across the EEA as part of the region’s coordinated AML/CFT strategy and ensured that virtual asset transfers include necessary information about the originator and beneficiary, aligning with the FATF’s Travel Rule.

Implications of the TFR for Financial Institutions and VASPs in the EEA

The TFR’s incorporation into the EEA Agreement means that financial institutions, including VASPs in Iceland, Liechtenstein, and Norway, must now comply with the same AML requirements as those in the EU. This uniformity is essential for:

1. Legal Alignment: Ensuring a homogenous legal framework across all EEA member states.
2. Compliance Requirements: Enforcing the same level of scrutiny for fund transfers within the EEA, enhancing transparency and reducing regulatory disparities.
3. AML/CFT Strengthening: Bolstering defenses against money laundering and terrorism financing across borders, especially in high-risk sectors like virtual assets.

Why Compliance Professionals Shouldn’t Overlook EEA Obligations

For compliance officers, particularly those dealing with cross-border transactions, it’s essential to remember that the TFR’s obligations span the entire EEA. Ignoring the non-EU EEA countries—Norway, Iceland, and Liechtenstein—can lead to gaps in compliance, risking penalties and reputational damage. Every compliance framework and transaction protocol should therefore account for the TFR’s reach across these territories.

The TFR is not just an EU obligation; it applies to the entire EEA, including Iceland, Liechtenstein, and Norway. Its aim is to create a consistent and robust AML framework across Europe, aligning the EEA non-EU members with the EU’s AML/CFT standards. Compliance professionals and financial institutions should ensure that their policies and procedures reflect this broader scope of the TFR, safeguarding against regulatory and operational risks in today’s complex financial landscape.

Where to Find Further Guidance on EEA Compliance

The EFTA Secretariat offers access to legal texts and guidance on implementing EU regulations within the EEA, including the TFR. Additionally, each EEA EFTA state’s financial supervisory authority provides national guidelines to help institutions comply with the regulation’s requirements.

For more detailed information on the TFR’s integration into the EEA, refer to EEA Joint Committee Decision No 198/2016, published in the EEA Supplement to the Official Journal of the European Union. The official EFTA website also provides a repository of EEA-related legislative documents, ensuring that compliance professionals have the resources they need to meet EEA-wide AML standards.

*Sources

Regulation (EU) 2015/847 - https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32015R0847#ntr2-L_2015141EN.01000101-E0002

EEA Joint Committee Decision No. 198/2016 -  https://www.efta.int/sites/default/files/documents/legal-texts/eea/other-legal-documents/adopted-joint-committee-decisions/2016%20-%20English/198-2016.pdf

Regulation (EU) 2023/1113 - 3 https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32023R1113