Introducing Notabene Transact: The Next Generation of Transaction Authorization for Complex Crypto Transactions

New York, London, Singapore - July 1, 2025 – Notabene, the trust layer for global money movement, today announced the launch of Notabene Transact, the next evolution in secure, real-time transaction authorization, purpose-built for regulated entities navigating complex digital asset flows. Built on an open network powered by the innovative new Transaction Authorization Protocol (TAP), Notabene Transact transforms transaction authorization from a reactive Travel Rule obligation into a trusted, strategic engine for growth. Designed for how crypto actually moves today, Notabene Transact effortlessly manages the reality of complex multi-party transactions, giving institutions the confidence to scale securely, compliantly, and faster than ever before.

Built for the new rules of crypto

2025 marks a turning point. Regulatory clarity in key markets is accelerating institutional adoption, but with growth comes greater complexity—and compliance is now a baseline expectation. To enable compliant, real-time transaction flows with minimal friction, institutions need powerful authorization infrastructure running in the background, making decisions at the speed of business.

Most transaction authorization tools were built for simple peer-to-peer transfers, not the complexity of today’s digital asset flows. Notabene Transact is purpose-built for the real world, supporting multi-party transactions across intermediaries, custodians, and self-hosted wallets. It automates compliance across jurisdictions and delivers real-time, policy-based decisions—enabling compliant, scalable transactions by design.

A powerful element of Notabene Transact is the combination of two key capabilities: an innovative discovery and verification system that identifies all counterparties in a transaction flow, and a customizable policy engine that automates decisions based on an institution’s risk appetite, regulatory obligations, and trusted business relationships. This system of trust enables faster approvals, lower friction, and increased transaction throughput, unlocking growth across global borders.

“As the leader in Travel Rule compliance, we’ve had a front-row seat to the challenges institutions face as the crypto industry matures,” said Pelle Brændgaard, CEO of Notabene. “We didn’t just build Notabene Transact as a product, we took on the responsibility of building the open infrastructure this industry needs. By working hand-in-hand with customers, regulators, and the wider market, we created a solution that accelerates adoption, lowers risk, and sets the foundation for global growth on an innovative new open messaging protocol. With the Transaction Authorization Protocol (TAP) at its core, Notabene Transact moves the industry into a future defined by trust, openness, speed, and scalability.”

Built on TAP: Open, secure, ready to scale

The Transaction Authorization Protocol (TAP) is the open source, decentralized messaging protocol powering Notabene Transact. Unlike SWIFT and other closed-loop or outdated messaging systems, TAP is purpose-built for today’s multi-party, real-time digital asset economy. It enables secure, policy-based data exchange across any blockchain, asset, or protocol—without locking institutions into closed infrastructure.

TAP’s architecture includes a fully segregated, end-to-end encrypted data model, no central points of control, and seamless interoperability across evolving regulatory and operational environments. Combined with the Notabene Network, the largest ecosystem of regulated crypto institutions, Notabene Transact gives businesses the confidence, visibility, and flexibility to authorize transactions globally, scale across jurisdictions, and future-proof their operations.

Leading with uncompromising security

Notabene Transact delivers industry-leading security by design. Built on TAP’s decentralized, end-to-end encrypted architecture, it ensures that every data exchange is auditable, every authorization decision is traceable, and every workflow is optimized for straight-through processing. This dramatically reduces manual effort and operational risk for high-volume institutions operating at global scale.

“Security and speed aren't trade-offs in our architecture, they're both intrinsic,” Pelle Brændgaard added. “When institutions trust their infrastructure and their counterparties, they can move faster. And when they can move faster with full compliance, they can scale volumes globally without friction.”

With Notabene Transact, institutions now have the infrastructure to move faster, authorize with confidence, and scale across jurisdictions, without compromise. Powered by TAP, Notabene Transact sets the standard for secure, trusted, real-time transaction flows in the global digital asset economy.

Notabene Transact is available now. Learn more here: https://notabene.id/transact

About Notabene

Notabene is the trust layer for global crypto money movement, powering the largest Travel Rule-compliant transaction authorization network for regulated institutions globally. Our platform enables regulated entities across 100+ global jurisdictions to securely and seamlessly verify counterparties, authorize transactions, and comply with regulations—ensuring trust in every transaction.

With SOC-2 certification, ISO27001 compliance, and a strong focus on privacy and user experience, Notabene provides industry-leading tools for real-time transaction authorization, decision-making, counterparty sanctions screening, and self-hosted wallet identification.

Headquartered in New York, Notabene operates globally with a presence in Switzerland, Singapore, Germany, and the United Kingdom. Trusted by over 240 companies, including Copper, Luno, Crypto.com, and Bitstamp, Notabene helps institutions build trust into every transaction while ensuring compliance with evolving regulatory frameworks.

Start for free with the world’s largest VASP Network at Notabene.id.

Connect with us on LinkedIn | Twitter

Media Inquiries

Sacha Lowenthal
[email protected]

Today marks the half-year anniversary of the TFR, a fitting milestone to reflect on its trajectory. As we reach the mid of 2025, it’s worth looking back at the path that shaped today's regulatory reality. The year 2023 was defined by the entry into force of the Travel Rule in the UK. In 2024, the EU followed suit, ushering in its own implementation of the Travel Rule. Now, six months into this new phase, the time is ripe to assess the progress of the TFR, draw comparisons with the UK’s experience, and uncover the lessons that can guide the next steps forward.

What the Data Tells Us

In 2023, our team at Notabene was fully mobilized to prepare the UK crypto industry for the arrival of Travel Rule compliance, set to take effect on September 1, 2023. We engaged across multiple fronts: running testnets with cohorts of VASPs under the FCA's regulatory sandbox, co-chairing the Travel Rule working group within CryptoUK, and participating in numerous industry events, both as hosts and speakers.

By year’s end, true to our usual practice, we started examining the results of our annual State of Crypto Travel Rule Survey. It was one of those gratifying moments when the effort feels justified: the data showed that 100% of UK respondents reported being compliant with the Travel Rule, a clear signal that industry readiness had been achieved.

In 2024, with equal dedication, we turned our focus to supporting the rollout of the Travel Rule across the European Union. Our approach was similarly comprehensive: we published detailed guides, launched an in-depth certification course dedicated to EU Travel Rule requirements, delivered a three-part webinar series covering the regulations, hosted an EU-wide testnet for CASPs and regulators, and ran a series of targeted workshops for our customers.

Yet, when we reviewed the latest survey data, the results were surprising. Despite the significant groundwork, 71.2% of EU respondents indicated they were not yet compliant with the Travel Rule, with 40.4% identifying the first quarter of 2025 as their intended compliance timeline.

These figures stood in contrast to the momentum we observed within our own Network. In the months leading up to the TFR’s enforcement date of December 30th, 2024, we witnessed a marked increase in Travel Rule activation among EU CASPs. Between January 2024 and January 2025, transaction volumes originating from EU entities on the Notabene network surged by 200x—a staggering figure, especially when compared to the 8x growth seen in non-EU originated volumes over the same period. This contrast reflects the significant role the EU Transfer of Funds Regulation has played in catalyzing Travel Rule adoption within our network.

However, looking beyond our immediate ecosystem, it is clear that the UK rollout achieved a higher degree of readiness at an earlier stage. With children, we often say that each develops at their own pace and should not be compared. But with regulatory frameworks, understanding why one implementation advanced more rapidly than another can offer valuable insights.

With that in mind, the following sections explore how the UK and EU approaches diverge. We’ll examine their defining features, points of friction, and attempt to trace the root causes behind the differences in industry readiness.

The Road to Travel Rule Implementation: Centralised in the EU and Industry-led in the UK

🇬🇧 UK

When the UK implemented the Travel Rule on September 1, 2023, it followed a legislative and regulatory process that deliberately placed industry expertise at the centre.

The Money Laundering and Terrorist Financing (Amendment) (No. 2) Regulations 2022 (MLRs) introduced Travel Rule obligations for crypto firms registered with the FCA, covering both inter-cryptoasset transfers and unhosted wallet transactions.

What set the UK approach apart was the collaborative model that followed. The Joint Money Laundering Steering Group (JMLSG)—a private sector body made up of UK financial trade associations—led the drafting of practical guidance for firms. To support the efforts by JMLSG, CryptoUK established a dedicated Travel Rule working group, co-chaired by Notabene, bringing together compliance officers, legal experts, and operational teams to directly work with JMLSG to shape the guidance based on day-to-day implementation realities.

This industry-developed guidance was reviewed and validated by the FCA and HM Treasury, ensuring alignment with regulatory expectations while keeping operational challenges front and centre.

Furthermore, in August 2023—just before the rule took effect—the FCA published targeted guidance to clarify issues raised during the grace period, most notably the “sunrise issue” involving transactions with jurisdictions that had not yet adopted the Travel Rule.

The result was a regulatory framework supported by practical, actionable guidance. 

This collaborative process—combining early regulatory engagement and industry ownership—played a decisive role in the UK achieving high levels of readiness by the time the Travel Rule came into force.

🇪🇺 EU

The EU set out to tackle a far more ambitious task than the UK—introducing uniform Travel Rule obligations across all 27 Member States through a single, binding regulation. This was achieved via the recast of Regulation (EU) 2015/847, better known as the Transfer of Funds Regulation (TFR), which was formally adopted on May 31, 2023 to extend the Travel Rule to crypto transfers.

The creation of detailed implementation guidelines was primarily led by the European Banking Authority (EBA). 

The EBA made several efforts to incorporate industry perspectives. A public consultation on the Travel Rule Guidelines launched on November 24, 2023, alongside public hearings and the formation of Technical Expert Groups (TEGs)—which included industry representatives like Notabene.

However, unlike the UK’s process, where industry actors drafted the practical guidance with regulatory validation, in the EU it was the reverse: regulators drafted the guidelines, and the industry was invited to provide feedback along the way. While this structure provided transparency and some opportunity for dialogue, it inevitably limited the extent to which day-to-day operational challenges of CASPs could shape the final rules.

Takeaway

Guidance developed by industry practitioners—backed by regulatory oversight—delivers the hands‑on, pragmatic advice firms need for readiness. In contrast, a top‑down model can miss key nuances encountered in day‑to‑day operations.

Using Grace Periods Strategically

EU CASPs (Crypto-Asset Service Providers) were granted nearly six additional months to prepare compared to their UK counterparts. A long grace period in the EU was the right approach given the complexity of implementing uniform requirements across 27 Member States.

However, based on our experience, the length of a grace period is far less important than how that time is used. A grace period should serve as structured preparation time for both regulators and industry, particularly with the Travel Rule, which directly affects transaction flows, operational processes, and customer experience.

🇬🇧 UK

The UK offers a textbook example of this. Throughout the 13-month grace period, the FCA worked closely with the industry. This started with the acceptance of Notabene's Travel Rule testnets into the FCA regulatory sandbox. This hands-on engagement allowed the FCA to better understand the technical and operational nuances of implementing Travel Rule programs. The FCA also conducted targeted outreach to VASPs, requesting detailed implementation plans and offering feedback based on insights gained from the testnets. As a result, potential gaps were identified early, and firms had time to adjust—paving the way for the high compliance rates we saw post-deadline.

🇪🇺 EU

It would be unrealistic to expect the same degree of coordinated engagement across the EU, where the regulation had to be rolled out simultaneously across 27 jurisdictions and regulatory bodies. However, the grace period fell short even in resolving fundamental questions—for example, when exactly do Travel Rule obligations start to apply?

Even after the Travel Rule formally entered into force on December 30, 2024, confusion persisted among industry participants regarding the scope and timing of obligations. For example:

• Some CASPs misinterpreted the transitional period outlined in the EBA Guidelines, assuming it postponed Travel Rule obligations entirely until July 2025. In reality, this period only allows temporary technical limitations in solutions, but full compliance with the TFR is expected regardless of technical limitations.
• Others argued that the TFR only applies once a CASP obtains full authorisation under MiCA, meaning firms operating under transitional arrangements were exempt. The EBA explicitly rejected this interpretation in its July 2024 response to public comments, stating:

  "The EBA stresses that non-compliance with Regulation (EU) 2023/1113 is not accepted."

Takeaway

The UK experience offers a clear takeaway: the success of a regulatory rollout is not defined by how long the grace period is, but by how strategically that time is used. The UK's collaborative, proactive use of its grace period - bringing together regulators and industry to stress-test real-world implementation - was instrumental in achieving early, widespread readiness.

Managing Self‑Hosted Wallets: Risk‑Based Principles or Prescriptive Rules?

🇬🇧 UK

The UK has adopted a non-prescriptive, principles-based approach to regulating interactions with self-hosted wallets, built around risk assessments and operational discretion. Under Regulation 64G(2) of the MLRs, crypto-asset businesses (CBs) are required to assess the risks associated with unhosted waltransactions and determine whether collecting additional customer information is appropriate.

The Joint Money Laundering Steering Group (JMLSG) provides further operational guidance through Sector 22, Annex I of its guidelines. This encourages CBs to seek additional information when dealing with self-hosted wallets in higher-risk situations. Factors such as transaction size, frequency, and the overall customer relationship inform these assessments. Where higher risks are identified, CBs are expected to apply enhanced due diligence, which may include verifying control over the self-hosted wallet using mechanisms such as micro-deposits or cryptographic signatures.

Crucially, the UK’s framework avoids imposing rigid or overly prescriptive requirements. This allows CBs to adjust their controls based on risk assessments. As a result, UK market participants have largely maintained the ability to support these types of transactions while remaining compliant and adopting robust risk-mitigation policies.

🇪🇺 EU

The EU has taken a more prescriptive stance toward regulating self-hosted wallets, with obligations set out in the TFR and further operational detail provided by the EBA Travel Rule Guidelines.

Under the TFR, crypto-asset transfers involving self-hosted wallets are subject to escalating requirements based on transaction size. For transactions exceeding €1,000, CASPs must verify that their customer owns or controls the receiving self-hosted wallet. The EBA Guidelines elaborate on this obligation by providing a non-exhaustive list of acceptable verification methods, while also making clear that at least one method must be applied in all applicable cases.

A key source of market friction stems from the disconnect between the TFR’s legislative text and the EBA guidelines in what concerns third-party self-hosted wallet transfers. While the TFR does not explicitly impose verification requirements for transactions involving third-party self-hosted wallets, the EBA Guidelines extend obligations to these transactions, creating expectations for due diligence that many CASPs find impractical or disproportionate to implement. 

The result has been a marked trend toward de-risking within the EU. According to Notabene's 2025 State of Crypto Travel Rule Report, VASPs in the EU are 55% more likely to prohibit transactions with self-hosted wallets compared to the global average, reflecting a significant de-risking trend driven by regulatory uncertainty. Faced with operational uncertainty and the high cost of compliance, 15.4% of EU-based VASPs have implemented complete prohibitions on such transactions, compared to a global average of 9.9%.

Takeaway

In this rapidly evolving industry, prescriptive rules often struggle to keep pace with technological change, leading to unintended consequences such as market exclusion and de-risking. The UK's principles-based, risk-driven approach to regulating self-hosted wallets demonstrates how flexible frameworks can promote compliance without stifling innovation or market participation. By contrast, the EU's more prescriptive model has amplified operational uncertainty, prompting many VASPs to restrict legitimate transactions to avoid having to navigate complex, often impractical requirements. Striking the right balance between risk mitigation and operational feasibility requires regulation that empowers firms to apply proportionate and evolving controls.

Counterparty Due Diligence Obligations: All or Nothing?

🇬🇧 UK

In the UK, Counterparty VASP Due Diligence (CVDD) is not explicitly required under the Travel Rule, nor is it addressed in the JMLSG or FCA guidance. This was a conscious decision by UK regulators, who determined that existing frameworks—such as data privacy laws and sanctions compliance—already provide sufficient oversight. The UK’s approach aims to avoid introducing additional, potentially duplicative obligations that could complicate compliance without clear added benefit.

While this streamlined framework reduces regulatory burden, the lack of specific CVDD guidance may create operational uncertainty for VASPs.

🇪🇺 EU

In contrast, the EU’s TFR amends the 4th Anti-Money Laundering Directive (AMLD4) to expand the definition of correspondent relationships and explicitly include those established for transactions or transfers in crypto-asset (Article 38). Recital 60 further clarifies that relationships between CASPs and third-country entities executing crypto-asset transfers share similarities with correspondent banking relationships and should be subject to enhanced due diligence measures similar in principle to those applied in traditional banking.

The EBA further issued the EBA/GL/2024/01 Guidelines to specify firms’ obligations where the respondent or its customers are providers of services in crypto-assets, other than CASPs authorised under MiCA, or where they are deemed to present an increased ML/TF risk.

Takeaway

The UK's decision to avoid prescriptive Counterparty VASP Due Diligence (CVDD) requirements reflects a desire to avoid duplicating existing oversight mechanisms. However, the absence of explicit CVDD expectations in the Travel Rule context can create operational uncertainty for VASPs navigating cross-border interactions.

Conversely, the EU’s approach imposes comprehensive CVDD obligations rooted in correspondent banking standards. As the FATF itself acknowledges, Travel Rule compliance requires a more proportionate approach. Unlike in the banking sector, many cross-border VASP-to-VASP transfers happen without an established, ongoing relationship—making traditional correspondent banking due diligence ill-suited in this context.

Neither extreme - a complete absence of guidance nor rigid, banking-style obligations - proves effective. Instead, CVDD requirements should be proportionate and aligned with the realities of the crypto-asset sector.

Reporting Non-compliant Counterparties

🇬🇧 UK

Under the finalized framework, beneficiary and intermediary CBs are required to report repeated failures by counterparties to provide required Travel Rule information to the FCA. Reporting must include details of both the non-compliance and the remedial steps taken. The UK applies a risk-based approach, allowing firms to determine what constitutes “repeated failure” based on transaction volumes, size, or frequency.

By the time the Travel Rule regulations came into force, formal processes for reporting non-compliant counterparties had not yet been established by the FCA. These procedures are currently being rolled out in the UK.

🇪🇺 EU

In the EU, Article 17(2) of the TFR mandates that CASPs assess whether non-compliance is repeated, using both quantitative criteria (e.g., percentage of missing data transfers, unanswered follow-ups) and qualitative criteria (e.g., cooperation level, reasons for non-provision).

If repeated non-compliance is identified, CASPs must report repeatedly non-compliant counterparties to the relevant AML/CTF authority within three months. Reports should include details on the VASP’s identity, the nature and frequency of breaches, explanations given, and actions taken.

Similarly to the UK, EU CASPs faced uncertainty as the Travel Rule entered into force without clear reporting processes fully established by regulators. The operationalization of these requirements is now underway in key markets like Germany.

Takeaway

Both the UK and EU frameworks mandate reporting non-compliant counterparties as a key enforcement mechanism. However, the absence of established reporting processes at the regulation’s start created uncertainty for VASPs in both regions. While the UK is now actively rolling out clearer reporting protocols, EU jurisdictions still face fragmented implementation.

According to the Notabene State of Travel Rule Report, only 32.7% of EU respondents are prepared to report non-compliant counterparties, including 26.9% who have set up reporting processes but have yet to use them. Actual reporting is low, at just 5.8%, likely reflecting regulatory ambiguity and operational challenges. Additionally, 15.4% of respondents indicate a lack of clear guidance in their jurisdiction.

This highlights the need for streamlined procedures to enable VASPs to fulfill reporting obligations effectively, thereby strengthening Travel Rule compliance across jurisdictions.

Lessons Learned

As we mark six months since the Travel Rule came into force in the EU and reflect on the UK’s earlier experience, several clear lessons emerge from the comparative rollout of these pivotal regulations:

1. Industry‑Led Operational Guidance Drives Readiness

   Regulatory frameworks grounded in operational realities succeed. Industry practitioners are well positioned to lead the drafting of practical implementation guidelines, with regulators providing validation and oversight. This collaborative model yields actionable, context-sensitive rules that help firms achieve compliance more effectively.

2. Grace Periods Work Only When Used Strategically

   The duration of a grace period is far less important than how the time is utilised. Structured, ongoing engagement between regulators and industry—with mechanisms for testing, feedback, and adaptation—is critical to turning a grace period into a true window of preparation rather than merely a delay.

3. Principles-Based, Risk-Driven Approaches Outperform Rigid Prescription

   In fast-evolving sectors like crypto-assets, flexible, risk-based frameworks outperform one-size-fits-all mandates. Such principles-led approaches enable firms to calibrate controls proportionate to risks, fostering compliance without stifling innovation or excluding legitimate market participants.

4. Feasibility of Implementation Is Key to Compliance

   Regulatory mandates that are operationally impractical—such as overly stringent obligations for third-party self-hosted wallets or unclear procedures for reporting non-compliant counterparties—drive firms toward non-compliance or excessive de-risking. Clear, feasible requirements and well-established processes are essential to avoid unintended consequences that undermine regulatory goals.

A combination of principle-based legislative mandates, industry-crafted operational playbooks, and purposeful, collaborative transition periods is key to building effective frameworks that serve both regulatory goals and industry realities, turning compliance from a challenge into a foundation for sustainable innovation and trust.

On June 26th, 2025, the Financial Action Task Force (FATF) released its sixth targeted review of the implementation of FATF Standards on Virtual Assets (VAs) and Virtual Asset Service Providers (VASPs). This targeted review provides an overview of the global progress on implementing anti-money laundering and counter-terrorism financing (AML/CFT) standards for virtual assets (VAs) and virtual asset service providers (VASPs), especially the FATF’s Recommendation 15 (R.15) as well as a section on market developments and emerging risks.

It is worth noting that one of the FATF’s core tools for tackling money laundering and terrorist financing in the virtual asset space is the Travel Rule. As highlighted in FATF’s 2025 update, threats like North Korean state-sponsored hacks, $51 billion in fraud and scam activity, and cross-border laundering networks are thriving partly due to anonymity and fragmented enforcement. Transaction authorization solutions like what we provide at Notabene help VASPs securely exchange the information required by the Travel Rule, identify potentially risky counterparties, and screen wallets linked to scams or sanctions. By making Travel Rule compliance secure and frictionless, Notabene helps regulated financial institutions close off critical pathways used by illicit actors to move and hide funds—whether it’s scam-as-a-service rings, sanctioned regimes, or terror networks exploiting gaps in the system.

As a reminder, Travel Rule applies the FATF’s payment transparency requirements (Recommendation 16) to the Virtual Asset context. The Travel Rule requires VASPs and financial institutions to obtain, hold, and transmit specific originator and beneficiary information immediately and securely before or during the transfer of virtual assets.

Sunrise Issue Narrows as 99 Jurisdictions Advance Travel Rule Legislation

‍‍Jurisdictions have made continued progress on implementing the Travel Rule. In fact, 73% of respondents (85 of 117 jurisdictions, excluding those that prohibit or plan to prohibit VASPs explicitly) have passed legislation implementing the Travel Rule, up from 69% in 2024.

Although the percentage increase from 2024 is small, the number of jurisdictions that have implemented the Travel Rule grew from 65 in 2024 to 85 in 2025. Additionally, another 14 out of 117 jurisdictions said they are currently working on implementation. This would make it a total of 99 out of 117 jurisdictions that have passed or are in the process of passing travel rule legislation which is ultimately closing the gap on the sunrise issue.

What’s the Sunrise Issue?

The “Sunrise Issue” refers to the period when some jurisdictions have implemented the Travel Rule while others haven’t, creating gaps in compliance. This mismatch can make cross-border transactions tricky, as VASPs in compliant countries may struggle to exchange required information with those in non-compliant ones.

However, it's worth to note that 42 of 205 total jurisdictions did not respond to the FATF survey hence indicating that global implementation is still incomplete.

Enforcement Gap: 60% of Jurisdictions with Travel Rule Laws Have Yet to Act

So what does enforcement look like? Of the 85 jurisdictions that have passed legislation on implementing the Travel Rule, only 35 have issued findings or directive or taken enforcement or other supervisory actions against VASPs focused on Travel Rule compliance. That means 50 jurisdictions (nearly 60%) have yet to take formal enforcement steps. This is likely because many jurisdictions have only recently passed Travel Rule laws and are currently focused on establishing supervision frameworks. Jurisdiction may also have ongoing enforcement cases, or working with VASPs to remediate shortcomings.

The effectiveness of the Travel Rule depends on consistent global enforcement. FATF urges jurisdictions that have introduced the Travel Rule to quickly operationalize it, including through effective supervision and enforcement in case of non-compliance. FATF even published a "Best Practice in Travel Rule Supervision" paper to help with this.

The FATF remains committed to working with jurisdictions to facilitate the implementation of Recommendation 15 and mitigate abuse of Virtual Assets and VASPs by illicit actors.

What is Recommendation 15?

Recommendation 15 is FATF’s standard that requires countries to assess and address the risks of virtual assets and VASPs. It’s the foundation for regulating crypto, making sure these businesses follow anti-money laundering and counter-terrorism rules. Strong implementation of R.15 is key to keeping the financial system safer as crypto adoption grows.

Next Steps from FATF:

As part of its ongoing work, the FATF plans to:

• Release short reports on stablecoins, offshore VASPs, and DeFi between October 2025 and June 2026
• Continue helping countries with key challenges, including conducting risk assessments, determining approaches to virtual assets and VASPs, identifying who runs VASP businesses, and putting the Travel Rule into action
• Find better ways to ensure countries are consistently applying, supervising, and enforcing the Travel Rule
• Publish the next major update in 2026, which will show how countries are progressing on Recommendation 15 and responding to new risks in the virtual asset space. This update will also include a revised public table showing which jurisdictions have large VASP activity.

A Closer Look: Which Countries Are Actually Implementing FATF’s Crypto Standards?

In March 2024, the FATF published a table (known as Annex A) showing how FATF members and 20 key countries with materially important VASP activity were doing in applying its standards. The 2025 update adds 9 more non-FATF countries that now meet the criteria. Together, these jurisdictions make up about 98% of the global virtual asset market, making it especially important that they fully follow the FATF rules.

Materially important jurisdictions are based on:

1. Trading volume (over 0.25% of global trading); and/or
2. Jurisdictions with a large virtual asset user base (top 30 jurisdictions with the highest VA ownership and to VA adoption rate).

In total, 9 new non-FATF countries were added: 4 qualified because of high trading volume, and 5 because they have a large number of virtual asset users.

These insights come from countries' responses to FATF’s 2025 self-reported survey. So, what are the key takeaways?

85% of materially relevant jurisdictions have Travel Rule regulation in place or in progress.  Specifically,  from the 67 jurisdictions mentioned in this year's report, a total of 57 have Travel Rule Regulation in place or in progress.

Of the 9 newly added material jurisdictions:

• 3 of them (Bahrain, Czech Republic, El Salvador) have Travel Rule already in place
• 4 of them (Cambodia, Kenya, Pakistan, Saint Vincent and the Grenadines are in process of having TR in place
• 2 of them (Ethiopia and Morocco) explicitly prohibited VAs/VASPs, aligning with similar restrictions reported last year in China, Egypt, and Saudi Arabia.

Additionally, around 94% of the jurisdictions conducted a risk assessment covering VAs and VASPs, while 80% enacted legislation mandating VASPs' registration or licensing and compliance with AML/CTF requirements. Similarly, 79% conducted supervisory inspections on VASPs.

What’s next?

FATF encourages governments to carefully evaluate how virtual assets (VAs) and virtual asset service providers (VASPs) might be used for money laundering or terrorist financing. These assessments can help inform whether to allow or restrict VAs and VASPs, and highlight the importance of clear policies and robust oversight. It’s also crucial to have proper licensing in place, especially for offshore VASPs and those managing stablecoins. As the landscape evolves, authorities are urged to keep pace with new risks—like DeFi platforms, unhosted wallets, and emerging scam tactics such as AI-driven schemes, pig butchering, and address poisoning—by staying informed and proactive.

For more context on FATF’s recent updates to Recommendation 16, check out this related article that breaks down the key changes and what they mean for compliance teams navigating the evolving regulatory landscape.

Read the full FATF Targeted Update here

*Methodology: FATF and the Global Network consist of 205 jurisdictions in total. 163 jurisdictions responded to the 2025 survey. For jurisdictions that did not respond to the FATF’s survey, the FATF has assumed that they have not yet implemented the requirements. For Figure 1.1 on Travel Rule implementation, the data focuses on the 117 jurisdictions that have neither prohibited VASPs nor announced plans to do so.

The Financial Action Task Force (FATF) has finalized revisions to Recommendation 16 (R16), delivering the a substantial overhaul of international payment transparency standards. These changes address two urgent imperatives: modernizing cross-border payment infrastructure to meet G20 objectives of faster, cheaper, and more inclusive transactions, while simultaneously combating an explosive surge in fraud that now represents the dominant proceeds-generating crime worldwide.

The regulatory shift is immediately apparent in the standards' evolution from "wire transfers" to "payment transparency"—a deliberate expansion signaling FATF's intent to capture all payment methods and value transfer mechanisms in our increasingly digital financial ecosystem.

The fraud crisis driving these changes cannot be understated. FATF's own research, including the 2023 report "Illicit Financial Flows from Cyber-Enabled Fraud," reveals staggering growth in both the frequency and monetary impact of fraudulent schemes. This threat has fundamentally rewritten the financial crime playbook, elevating fraud prevention and detection to primary regulatory objective, now standing alongside traditional anti-money laundering efforts as a core pillar of the revised standards.

What Changes? Key Requirements That Will Transform Payment Flows

The revised Recommendation 16 represents a fundamental shift in cross-border payment compliance. This section outlines the key changes introduced by the revision, evaluates how current industry capabilities measure up to the new standards, and demonstrates how the Transaction Authorization Protocol (TAP) is purpose-built to meet the policy objectives behind the update.

Standardized Information Requirements for Cross-Border Transfers and Mandatory Beneficiary Geographic Information

The revised R16 introduces standardized information requirements for cross-border transfers above specified thresholds:

For Originators:

• Name
• Account number (fallback: unique transaction reference)
• Address (fallback: country and town name or nearest option)
• Date of birth (fallback: year of birth)

For Beneficiaries:

• Name
• Account number or unique transaction reference
• Country and town name (or nearest option)

A significant expansion from current requirements, beneficiary geographic information is now mandatory. Previously, there was no obligation to transmit beneficiary geographic information under R16. With the revisions, country and town name are required minimum fields.

FATF's original proposals would have mandated full geographic addresses for both originators and beneficiaries, but extensive industry feedback, including from Notabene, successfully argued that such requirements would create financial exclusion and unnecessary friction, raise data protection concerns, and provide limited anti-money laundering benefit. The final standards reflect significant wins: For originators the year of birth can be provided as a fallback to full date of birth and country and town serve as acceptable alternatives when full addresses aren't available.  For beneficiaries, only country and town are required.

Mandatory Beneficiary Information Verification

One of the most significant changes is the explicit requirement for beneficiary financial institutions to verify information alignment to mitigate the risk of misdirected payments. Combating fraud is now an explicit objective of R16, acknowledged as a key target predicate offense. Institutions must now implement at least one of these approaches:

1. Post-validation checks - Verify name and account number alignment for each transaction
2. Holistic ongoing monitoring - Conduct risk-based monitoring to identify anomalous accounts and misaligned information
3. Pre-validation mechanisms - Use systems like Confirmation of Payee to verify beneficiary information aligment

🔖 Industry benchmark

VASPs in the Notabene network blocked over $696 million in transactions due to incorrect beneficiary information, demonstrating that the industry is leading the way in implementing pre-transaction beneficiary matching procedures that effectively leverage Travel Rule compliance to prevent fraud.

Positive Requirement for Payment Messages to Enable FI Identification

Information in payment messages must now make it possible for all institutions and authorities to identify which financial institution is servicing originator and beneficiary accounts and in which countries these institutions are located. 

🔖 Industry benchmark

Current implementations of R16 by VASPs rely on wallet addresses that provide no institutional identification as account identifiers, forcing VASPs to use imperfect methods like blockchain analytics and customer input to identify counterparties. 

💡 TAP Solution

TAP solves this by replacing address-based transactions with transfer requests that include complete beneficiary institution identification upfront.
Instead of sharing a blockchain address, recipients create secure transfer requests containing full institutional details—eliminating the guesswork and ensuring R16 compliance from the start.

Cross-Border Cash Withdrawal Requirements

R16 extends beyond wire transfers to include requirements for cross-border cash withdrawals. A targeted framework now requires issuing financial institutions to provide cardholder names  within three business days upon request when suspicious transactions are detected through monitoring systems.

This change addresses a significant transparency gap exploited by money launderers who open accounts in foreign countries, obtain payment cards, then return to their home country to make frequent ATM withdrawals—fragmenting their activity across jurisdictions to avoid detection. The new requirements enable acquiring institutions to request cardholder information when suspicious activity is detected, closing this critical intelligence gap.

Upgrades to Purchase of Goods and Services Exemption

The exemption scope has been clarified: when cards are used to fund other types of payment or value transfer (such as person-to-person transfers), the relevant R16 information requirements will apply. Additionally, card networks must now give financial institutions access to directories containing information on card issuing and merchant acquiring financial institutions.

Enhanced Payment Chain Definition

The revised standards clarify that payment chains begin with the financial institution that receives instructions from the customer and end with the institution that services the beneficiary's account or provides cash to the beneficiary. This definition aims to ensure complete information flows throughout complex cross-border payment chains, preventing the fragmentation that has historically hindered effective monitoring.

💡 TAP Solution

TAP's non-deterministic multi-party authorization flow provides full visibility into complex transaction flows, including all intermediaries. The protocol's non-deterministic approach allows any participant to add or replace agents during the discovery process, ensuring complete transparency before authorization.

This non-deterministic multi-party authorization structure enables the inclusion of all agents in the payment chain.

1. Additionally, the local subsidiary (VASP B UK) uses the services of an Institutional Custody provider to secure its customer funds. Therefore, it add the Institutional Custody provider as an agent (Intermediary VASP).
2. The beneficiary customer has an account with a local subsidiary (VASP B UK) and, hence, the parent entity replaces itself with that local subsidiary (the correct beneficiary agent).

   However, in reality:

For example, in the transaction illustrated below, the parent entity of an exchange (VASP B Global) is identified as the beneficiary VASP.

Revised Net Settlement Conditions

New clarification states that where net settlement results from customer transactions, information about underlying transactions is not required to accompany the net settlement. However, R16 requirements still apply to the underlying individual transactions themselves.

Implementation Timeline and Industry Impact

• Late 2026: Publication of comprehensive guidance paper on payment transparency
• Late 2030: Final deadline for R16 implementation across all jurisdictions
• Application to VASPs: Requirements will apply indirectly through R15, with potential updates to maintain alignment. 

The Broader Context: A Platform Shift in Financial Services

The revised FATF R16 signals a recognition that payment transparency must adapt to the realities of modern financial infrastructure. These regulatory changes occur against the backdrop of a fundamental platform shift in financial services - from legacy rails to programmable, real-time, blockchain-enabled networks.

TAP positions itself at the forefront of this transformation, serving as the critical authorization layer that bridges the robust controls of traditional finance with blockchain efficiency.

As the industry progresses toward the 2030 R.16 implementation deadline, TAP is uniquely positioned to help VASPs lead - not lag - in meeting the new standards. Unlike legacy institutions constrained by decades-old systems, TAP is building from a greenfield. This allows us to innovate without compromise, designing solutions purpose-built for today’s regulatory and technological realities. 

The platform shift is underway. The regulatory framework is evolving. TAP bridges both: meeting compliance demands while unlocking the full potential of blockchains as payment rails.

US lawmakers have introduced long-awaited market structure legislation in the form of the “Digital Asset Market Clarity Act of 2025” or “CLARITY Act of 2025”, for short. US Representative French Hill announced the bi-partisan market structure bill for digital assets on May 29, 2025.

The bill was drafted by the House Committee on Financial Services, who previously penned the FIT21 Act, which passed in the House of Representatives but ultimately failed to clear the Senate. The CLARITY Act follows months of hearings on the matter within the Subcommittee on Digital Assets, Financial Technology, and Artificial Intelligence.

The bill aims to remove longstanding ambiguity related to digital assets oversight by clarifying the roles of both the United States Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC). While much can change from the point of introduction to the ultimate passage of legislation, a comprehensive framework like the CLARITY Act has the potential to reshape crypto regulation entirely by enabling clear pathways for institutional and retail adoption to scale in a legal and compliant way across the entire US market.

The bill gained momentum following a June 4th House Committee hearing titled "American Innovation and the Future of Digital Assets: From Blueprint to a Functional Framework," where industry experts and former regulators debated the legislation's merits and challenges.

“How decentralized is it?” is the new “Is it a security?”

One of the principal innovations of the proposed legislation is that instead of asking "Is crypto a security?" the CLARITY Act asks “How decentralized is this system?”. This is key because the level of decentralization would ultimately determine jurisdiction underneath either the SEC (for early-stage tokens with centralized control designated as "Investment Contract Assets."), or the CFTC (for more mature and fully decentralized blockchain network tokens designated as "Digital Commodities.")

In other words: As assets become more decentralized, they transition from SEC to CFTC jurisdiction. 

Stablecoins are singled out

The emergence of stablecoins as crypto’s killer use case warrants special consideration, as we can see recognized by the creation of a third tier of assets called Permitted Payment Stablecoins. This class of digital asset is subject to light regulation due to the asset being adopted widely by consumers warranting some level of protection.

This creates a three-tier framework for digital asset regulation:

TradFi players can get in the game

One of the biggest unlocks of such a comprehensive market structure bill is a regulatory framework for traditional finance players to get into the crypto game without exposing themselves to unnecessary regulatory and compliance risk.

Under the proposed CLARITY Act, banks would be able to custody crypto without balance sheet liability, as well as trade more complex crypto financial instruments.

Clear pathway for crypto-native companies

The bill provides concrete guidance for crypto companies that have been operating in regulatory limbo. Key provisions include:

• $75 million fundraising exemption with a 4-year maturity timeline
• Founder trading restrictions until networks reach maturity
• Provisional registration pathways allowing companies to operate while agencies develop detailed regulations

For VASPs already operating in our compliance network, these provisions validate the approach we've been advocating for: building robust compliance frameworks from day one, even when regulations are still evolving.

DeFi is clearly addressed

Decentralized finance protocols receive explicit recognition and protection under the CLARITY Act. The bill includes self-custody rights and anti-fraud enforcement while acknowledging that truly decentralized protocols operate differently from traditional financial entities. This recognition is crucial for the DeFi ecosystem's maturation and integration with traditional finance systems.

Hearing insights

Support and skepticism

During the June 4th hearing, we saw both strong support and pointed criticism:

Former SEC Commissioner Elad Roisman called the bill a "significant step forward to providing the needed clarity" to digital markets.

Former CFTC Chairman Rostin Behnam agreed that current federal law has left regulatory gaps, urging Congress to address this void with "targeted legislation."

However, former CFTC Chairman Timothy Massad raised significant concerns, particularly around anti-money laundering provisions. When directly asked if the bill addresses AML adequately, Massad responded "not sufficiently," pointing to critical gaps:

• The bill only applies Bank Secrecy Act requirements to centralized intermediaries
• Crypto assets can be transferred without going through intermediaries, creating enforcement gaps
• Treasury needs more authority over decentralized protocols and foreign platforms
• Stablecoin issuers should be required to monitor suspicious wallet activity

"We've got to give the Treasury Department and other regulators adequate tools to deal with those risks. And I don't think we've done that yet," Massad emphasized, citing examples of Russian smugglers using Tether and Hamas using crypto funding.

The AML challenge: Where traditional frameworks meet DeFi

One of the most contentious aspects of the June 4th hearing centered on anti-money laundering provisions. Democratic members pressed witnesses on whether the CLARITY Act provides adequate safeguards against illicit finance, particularly in decentralized systems.

The Core Challenge: Traditional AML frameworks rely on intermediaries like banks to monitor and report suspicious activity. DeFi protocols, by design, operate without centralized intermediaries, creating what critics see as regulatory blind spots.

Representative Lynch directly asked: "Does this bill address anti-money laundering adequately?" The responses revealed a fundamental split in thinking about crypto compliance.

Industry Perspective: UniSwap's Katherine Minarik argued that blockchain analytics provide superior tools for tracking illicit activity in real-time, claiming traditional BSA requirements are "broken and in many ways dying." She emphasized that sanctions screening requirements still apply to all US companies, and blockchain's transparency offers better visibility than traditional finance.

Regulatory Skepticism: Former regulators expressed doubt that existing frameworks adequately address decentralized systems. The concern isn't just about tracking funds after the fact, it's about preventing illicit activity before it happens.

For institutions operating in our compliance network, this debate highlights why robust Travel Rule implementation is crucial. While regulatory frameworks evolve, institutions with comprehensive compliance programs, including pre-transaction screening and counterparty verification, position themselves ahead of whatever requirements emerge.

Balanced priorities: Innovation, consumer protection, and law enforcement

The CLARITY Act aims to achieve a critical balance of three important priorities:

• Market Innovation: Providing clear pathways for crypto-native businesses to grow and thrive
• Consumer Protection: Establishing safeguards without stifling legitimate innovation
• Law Enforcement Authority: Ensuring regulators have tools to combat illicit activity

However, the hearing revealed this balance remains contentious. Critics argue the bill creates enforcement gaps in DeFi, while supporters contend it improves on the status quo by bringing centralized crypto activities under Bank Secrecy Act coverage.

A critical week ahead: June 10 committee markups

The CLARITY Act faces a pivotal moment on June 10, when both the House Financial Services Committee and House Agriculture Committee are scheduled to hold markups of the legislation. This dual committee approach reflects the bill's comprehensive scope where the Financial Services handling securities and market structure issues, while Agriculture addresses commodity futures aspects.

These markups represent the first major procedural hurdle for the legislation. Success in both committees would provide significant momentum for floor votes and eventual Senate consideration.

What to expect next

While the June 10 markups represent crucial first steps, this is only the beginning of the CLARITY Act's legislative journey. With many procedural hurdles ahead, expect the bill's contents to evolve as it moves through Congress. The June 4th hearing revealed both strong bipartisan support and areas where compromise will be necessary. Expect to see the contents of the bill change shape as it makes its way through Congress, as the finer details and subsequent implementation of the bill will be critical for its long-term potential to reshape the industry in a positive way. 

For years, the US crypto industry has bemoaned the lack of clarity from regulators and displayed an appetite for following the rules if only they existed. This is our collective chance to put those rules in place for an important market in the global crypto economy, and provide the long-awaited opportunity for American crypto companies to remain competitive while ensuring that the regulatory clarity also allows international crypto firms to tap into the growing US market.

The bill's success could provide the long awaited opportunity for American crypto companies to remain competitive while ensuring regulatory clarity allows international firms to tap into the growing US market with confidence.

For institutions already building compliant crypto operations, the CLARITY Act validates the approach of implementing robust compliance frameworks before they're required. Those who've invested in comprehensive Travel Rule compliance, counterparty due diligence, and risk management systems will find themselves ahead of the curve as these requirements become standardized.

At Notabene, we've been building the infrastructure that will support this regulatory future. Our open-loop Transaction Authorization Protocol (TAP) and comprehensive compliance platform are designed for exactly the kind of regulated, interoperable crypto ecosystem that the CLARITY Act envisions.

The CLARITY Act isn't just about providing regulatory certainty, it's about building the foundation for crypto's integration into the broader financial system. For institutions ready to operate in this environment, the opportunity is enormous.

Read the full bill here

New milestone underscores widespread adoption of Notabene's transaction authorization network and the power of network effects in our rapidly growing ecosytem.

NEW YORK, May 22, 2025 — Notabene, the trust layer for global money movement, today announced it has surpassed $1 trillion in transaction volume on its platform. This significant milestone highlights the accelerating adoption of Notabene's transaction authorization infrastructure due to compounding network effects and increasing regulatory clarity across the globe.

The achievement comes as Notabene continues to power the largest Travel Rule-compliant network of regulated crypto institutions worldwide, with transaction volumes growing at an accelerating rate. The company's unique open network, powered by the TAP (Transaction Authorization Protocol) that it helped develop, creates powerful network effects, where each new financial institution that joins the platform increases the value for all participants.

"Reaching $1 trillion in transaction volume isn't just a number—it's a testament to the network effects we've built into our business model," said Alice Nawfal, Co-founder and President of Notabene. "What's most exciting is the acceleration we're seeing. The trust infrastructure we've created becomes exponentially more valuable with each new participant, which is why we're seeing volumes grow at an increasingly rapid pace. While the first $500 billion took took three and a half years, the second happened in just 6 months."

“…the first $500 billion took took three and a half years, the second happened in just 6 months."

Notabene's platform enables financial institutions to verify counterparties, confirm address ownership, and authorize transactions before execution and blockchain settlement. As regulatory requirements for crypto transactions continue to evolve globally, Notabene's pre-transaction verification approach has become essential infrastructure for VASPs and financial institutions engaging with digital assets.

The milestone comes amid growing regulatory focus on cross-border transactions, particularly with the implementation of the European Union's Transfer of Funds Regulation (TFR) and similar frameworks worldwide highlighted in the recently released 2025 State of Crypto Travel Rule Report. Notabene's unique open protocol approach to verifying counterparty trust across all regulated entities and their intermediary parties has positioned it as critical infrastructure for both crypto-native and traditional financial institutions building out their crypto strategies as demand for stablecoin services surges. 

"What makes this milestone particularly meaningful is that it represents real growth in economic activity moving across borders with confidence and trust," added Nawfal. "Each transaction flowing through our platform represents financial institutions that can now facilitate crypto transactions with certainty, unlocking new ways of orchestrating the flow of digital assets - particularly in the stablecoin space."

Notabene continues to expand its capabilities, including enhanced self-hosted wallet verification, multi-protocol support, and automated policy engine technology that enables compliant cross-border transactions at scale.

About Notabene

New York, London, April 23, 2025 — Notabene, a leading provider of Travel Rule compliance infrastructure, today released its annual State of Crypto Travel Rule: 2025 Report, revealing a decisive industry shift: compliance is no longer optional, it is the cost of doing business.

Based on survey data from 91 Virtual Asset Service Providers (VASPs) and 10 regulatory bodies, the report shows that 100% of firms plan to be Travel Rule compliant by the end of 2025. Nearly 9 in 10 expect to meet requirements in the first half of the year, reflecting a broad and urgent move toward regulatory alignment.

Compliance is now directly tied to reaching your counterparties. In the past year, VASPs have become significantly more assertive in their counterparty requirements. The report found a 431% year-over-year increase in VASPs blocking withdrawals until beneficiary information is confirmed, jumping from 2.9% in 2024 to 15.4% today. Additionally, 19.8% of VASPs now return deposits if the originator fails to provide the required Travel Rule data.

In the lead-up to the EU Transfer of Funds Regulation (TFR) enforcement date of December 30, 2024, the Notabene network saw a dramatic surge in activity from EU-based firms. Transaction volumes originating from EU Crypto Asset Service Providers increased by 200x, compared to an 8x increase in non-EU-originated volume during the same period. While 71% of EU Crypto Asset Service Providers missed this deadline, many are catching up fast. One third have implemented processes to identify and report repeat non-compliant counterparties to regulators, creating spillover pressure on global peers.

“This isn’t about checking a regulatory box. It’s about securing your place in the future of crypto finance,” said Pelle Brændgaard, CEO of Notabene. “The network of compliant institutions is growing, and those who aren’t part of it are already being left behind.”

The message from this year’s report is clear: Compliance is no longer a future requirement or a regulatory checkbox. It is now a gatekeeper for business. Firms that fail to meet expectations are being excluded from transactions, losing counterparties, and watching volumes slip away. 

Download the full report here.

ENDS

Media Contact: [email protected]

About Notabene:

Notabene is the trust layer for global money movement, powering the largest Travel Rule-compliant network of regulated crypto institutions. Our mission is to make crypto transactions a part of the everyday economy. We provide a nuanced view of the regulatory landscape by leveraging industry expertise, insights from our annual survey, and extensive research on public sector data. We aim to equip businesses and other industry stakeholders with the knowledge and tools necessary for success in a dynamic environment.

Our platform enables businesses to securely and seamlessly verify counterparties, authorize transactions, identify self-hosted wallets, and comply with global regulations. With SOC-2 certification, ISO27001 compliance, and a strong focus on privacy and user experience, Notabene ensures trust in every transaction.

Headquartered in New York, Notabene operates globally, with a presence in Switzerland, Singapore, Germany, and the United Kingdom. Trusted by over 200 companies, including Copper, Luno, Crypto.com, and Bitstamp, Notabene helps institutions build trust into every transaction while ensuring compliance with evolving regulatory frameworks.

Start for free with the world’s largest transaction authorization network at Notabene.id.

Connect with us: LinkedIn | Twitter

Five years ago today, we began our journey with the founding of Notabene.

At the time, FATF had just introduced the Travel Rule for crypto – the first globally coordinated regulatory framework for digital asset transactions. We immediately realized that the Travel Rule wasn’t just a compliance requirement, but rather the first step in achieving global regulatory clarity. Our experience in crypto gave us the foresight to see that this regulatory clarity would one day be a turning point for the entire industry, allowing crypto to truly scale and become a part of the everyday economy. We knew that for digital assets to move beyond speculation and into real-world utility, they needed the same infrastructure and safeguards that traditional global finance relies on – without losing the openness that makes crypto transformative.

In response to FATF’s Travel Rule, a fragmented ecosystem emerged. Implementation of the Travel Rule was made difficult by multiple competing closed protocols, lack of clarity from various jurisdictions, and mismatched timeframes for the rollout of regional rules – often referred to as the Sunrise Period. While most saw it as an impossible challenge, we saw it for what it was: the unlock for integrating crypto into the global economy. So we leaned in.

Our key innovation in solving the Travel Rule problem was to build open infrastructure to facilitate counterparty trust at scale. We did this with an open protocol (TAP) and a best-in-class pre-transaction authorization platform. By embedding trust into every transaction for our customers, we created the largest active network of regulated crypto institutions in the world, trusted by leading financial institutions at the forefront of crypto, from retail exchanges and on/off ramps, to custody infrastructure providers, and payment service providers across more than 95 jurisdictions across the globe. We’ve supported nearly $1 trillion in Travel-Rule compliant transaction volume and helped define the industry standard for secure, trusted, scalable compliance.

But our ambition was never limited to innovating in the compliance and RegTech space. From the start, we saw the Travel Rule as a gateway — the first step toward the regulatory clarity needed to drive crypto adoption across the entire financial ecosystem.

Fast-forward to today, and our prediction is coming true. Regulatory clarity is finally arriving. In the EU, APAC, Latin America, and now the US, we are seeing true clarity and support emerge from governments and regulators. As predicted, this is building momentum in the industry as traditional financial institutions mature their digital asset strategies, core infrastructure is built, and consumer adoption of stablecoins continues to skyrocket. The building blocks are nearly all in place: regulation, infrastructure, product-market fit. 

Trust is the final missing piece. 

Regulatory compliance is key, but isn’t enough on its own. Counterparties don’t exchange value with each other simply because they are allowed to, they do it because they want to. They do it when they have the confidence to transact with each other in a safe and secure manner. Without real trust between counterparties, nothing scales – not institutional adoption, and not consumer adoption.

The next generation of financial infrastructure isn’t just about speed or scale. It’s about trust.

And so we will continue to evolve — expanding our work beyond compliance to help build the trust layer for global money movement. This will be the core financial infrastructure that enables institutions to verify counterparties, authorize transactions, and unlock new markets — with trust embedded from the start. It’s the foundation that will make our vision a reality.

The building blocks are in place. The opportunity is enormous. And we’re just getting started.

We’re proud of what we’ve built, and even more excited to keep building it alongside our customers and partners.

To everyone who’s helped us get here, thank you.

Here’s to the first five years of Notabene — and to everything ahead.

–Pelle and Alice, Co-Founders, Notabene

At Notabene, we believe compliance shouldn’t come at the expense of innovation. That’s why we’re working closely with global regulators to help shape smarter rules for the future of finance.

Recently, the Financial Action Task Force (FATF) solicited a second round of feedback on proposed revisions to its Recommendation 16 (R16) and the corresponding interpretive note, which covers how financial institutions share information to prevent illicit activity.

On April 15, Notabene’s Regulatory and Compliance team responded with insights based on years of experience helping VASPs comply with the Travel Rule across jurisdictions.

Read our full response here

Here’s a quick breakdown of what’s changing, what it means for the crypto industry, and what we think needs more attention.

Why Requiring Geographic Address is Ineffective 

The FATF wants cross-border payments or value transfers above the applicable threshold to always include the originator's and beneficiary's geographic addresses. Notabene raised concerns in both FATF consultations about mandating geographic addresses in originator and beneficiary data.

In our first response, Notabene argued that addresses are unreliable identifiers, difficult to verify, and not useful for sanction screening. Their inclusion raises privacy concerns and could harm financial inclusion, especially in regions without standardized address systems. Notabene proposed removing the address requirement and instead allowing a risk-based approach to selecting identifiers.

In the second feedback round, the FATF introduced flexibility by allowing country and town as alternatives when full addresses aren't available. While this has been seen as an improvement, Notabene maintained that addresses are still problematic, and suggested that the FATF provide further guidance for cases where even town-level data is unavailable. We also recommended considering more reliable, standardized alternatives like phone numbers.

Virtual Account Numbers Can’t Hide the Source

In response to the FATF’s concerns about virtual IBANs and account identifiers, Notabene initially recommended enforcing accurate country designation. The FATF’s revised proposal improves on this by clarifying that account numbers should not obscure the country of fund origin, placing responsibility on the issuing institution.

In our response, Notabene supported this shift, but pushed for a bigger rethink: it’s time to move away from relying solely on account numbers to track money and promote more transparent models like transfer requests. We recommended recognizing solutions like the Transaction Authorization Protocol (TAP), which enables better counterparty identification—especially critical in complex virtual asset transactions. TAP is a decentralized, pre-transaction messaging system that helps identify counterparties before money moves. TAP gives everyone in the payment chain the information they need before a transaction is finalized, reducing fraud and improving transparency.

Pre-Validation is a Must in Crypto Transfers

Once a transaction hits the blockchain, it’s permanent. That’s why we support the FATF’s emphasis on pre-validation measures like verifying beneficiary info before a transfer goes through.

We also recommended that when a receiving institution detects a mismatch, they should notify their counterparty right away. This small change could go a long way in stopping fraudulent or misdirected transactions before they happen.

Defining the Payment Chain from Start to Finish

The FATF’s new definition of a “payment chain” is clearer than before, but we flagged one potential issue: what happens when the first institution receiving a payment instruction isn’t directly connected to the originator?

To mitigate this, Notabene recommended that the FATF provide guidance for complex scenarios, proposing principles to ensure complete information flow. These include requiring message originators to identify all known parties, and for each agent to add any missing identifiers and resolve compliance gaps through collaboration. This would strengthen the integrity of the payment chain across varied transaction structures.

Roadmap to Full Compliance by 2030

We appreciated the FATF’s proposal for a multi-year rollout of the new standards, with a target end date of 2030.

We recommended a phased approach for the crypto industry, focused first on the highest-risk areas (like verifying beneficiary info), and allowing time for organizations to adapt and improve throughout a learning period where good-faith compliance efforts are recognized before enforcing strict technical requirements.

How do FATF Recommendations Affect You?

Notabene welcomed the FATF’s decision to keep VASPs under the existing Regulation 15 framework while updating its interpretive note to reflect R16’s evolving information requirements. This approach ensures continuity while allowing tailored Travel Rule implementation through the Virtual Assets Contact Group (VACG).

To support this process, Notabene recommended using TAP as a testing ground for R16 application in the virtual asset space.

Leading the Future of Compliant Payments

The FATF’s proposed updates to R16 mark a turning point in global financial compliance. While traditional financial institutions may struggle with the transition due to entrenched systems, VASPs and stablecoin PSPs have a clear advantage. Operating on modern, programmable infrastructure, they are not only better equipped to meet evolving regulatory standards, but also to redefine what compliant, cross-border payments can look like in the digital age. By embracing these changes early and building compliance into their core operations, VASPs and stablecoin PSPs can lead the charge toward a more transparent, efficient, and secure global financial system.

At Notabene, we believe that regulation and innovation can go hand in hand, and that compliance tools should make financial services more accessible, not less.

Schedule time for a free consultation with our regulatory experts to learn more about the FATF’s proposed revision to R16, or about Notabene’s TAP solution for counterparty identification.

AOPP: Constraints, Limitations, and Adoption Challenges

The Address Ownership Proof Protocol (AOPP) emerged as a technical solution for cryptocurrency users to demonstrate wallet address ownership, primarily in response to regulatory requirements. Despite its promising premise, AOPP has struggled to gain widespread adoption across the cryptocurrency wallet ecosystem. This analysis examines why AOPP remains a niche protocol, which wallets have implemented it, and the fundamental limitations that have prevented it from becoming an industry standard.

A Compliance Solution for Self-Hosted Wallets

AOPP emerged as a technical solution designed to automate the process of proving ownership of self-hosted cryptocurrency wallets. By generating cryptographically signed messages without manual intervention, the protocol aimed to streamline compliance with regulations like the Financial Action Task Force's (FATF) Travel Rule. Swiss financial authorities, particularly FINMA, served as the catalyst for AOPP's development, creating a protocol that would theoretically bridge the gap between regulatory demands and cryptocurrency's decentralized nature.

Selective Adoption in a Growing Market

Years after its introduction, AOPP remains implemented in only a small segment of cryptocurrency wallets. Its current footprint in the ecosystem reveals both its niche utility and broader market hesitation:

BitBox02 is one of the protocol’s consistent supporters. This Swiss-developed hardware wallet integrated AOPP early, reflecting geographical alignment with the protocol's origins and the company's compliance-oriented approach.

Specter Wallet, with its focus on privacy and multi-signature implementations, has maintained AOPP support, positioning it as an option for users navigating both security and regulatory requirements.

What's particularly noteworthy is the pattern of reconsideration among several wallet providers. Trezor, a significant player in hardware wallets, initially implemented the protocol but subsequently removed it after user feedback. Blue Wallet and Sparrow Wallet similarly stepped back from AOPP support after community response. These adjustments highlight the complex balance wallet providers must strike between regulatory compliance tools and user preferences.

Self-Hosted Wallet Market Context

Self-hosted (non-custodial) wallets continue to gain popularity as cryptocurrency users prioritize direct control over their assets. The market for these wallets reached approximately $2.5 billion in 2024 and is projected to grow to $15 billion by 2033. Major players in this space include:

• MetaMask: Over 30 million users
• Trust Wallet: More than 60 million downloads
• Ledger: Approximately 6 million devices sold
• Trezor: A significant player in the hardware wallet segment

Notably, none of the market leaders currently support AOPP, significantly limiting its practical utility in the broader ecosystem.

A Solution Without an Audience

AOPP's limited adoption appears to stem from several structural factors that collectively explain its position in the wallet ecosystem.

Regional Orientation in a Global Market

Developed primarily for Switzerland's regulatory environment, AOPP addresses compliance frameworks that aren't universally applicable. For wallet developers serving diverse international jurisdictions, implementing a protocol designed specifically for Swiss compliance presents a challenging value proposition. This regional specificity naturally constrains AOPP's relevance for wallet providers with global user bases operating under different regulatory structures.

Development Resource Considerations

For wallet development teams, AOPP implementation requires specialized message signing and verification processes that introduce additional complexity. This technical requirement creates resource allocation questions, particularly for smaller teams and open-source projects. With limited development bandwidth, many providers have prioritized features with broader user demand over specialized compliance protocols.

User Experience Tradeoffs

Most cryptocurrency wallets already support standard message signing for Web3 interactions, a flexible approach serving multiple purposes beyond compliance. AOPP, while streamlining compliance-related verification, introduces a more structured but less common process. Wallets may prioritize flexibility and user familiarity over integrating a niche compliance-focused protocol.

The Inherent Limitations of AOPP

AOPP's trajectory reveals structural challenges that extend beyond simple market preferences to more fundamental design considerations.

The Adoption Challenge

AOPP faces a circular implementation challenge: its utility as a standard depends significantly on widespread adoption, yet achieving that adoption requires demonstrating consistent utility across use cases. With major wallet providers like MetaMask, Trust Wallet, and Ledger not implementing the protocol, AOPP lacks the critical mass necessary to function as a universal verification standard. This creates practical limitations for users, regulators, and exchanges seeking standardized verification methods.

Technical Scope Considerations

Even where AOPP is implemented, questions remain about its comprehensive effectiveness. The protocol cannot prevent all potential verification workarounds, which leads to questions about its practicality as a compliance tool. These limitations have factored into wallet providers' implementation decisions, particularly when weighing development resources against potential benefits.

Alternative Approaches in the Ecosystem

While AOPP has found limited implementation, the cryptocurrency ecosystem has naturally evolved toward verification approaches that align with both compliance needs and user expectations:

Standard Cryptographic Signatures have emerged as a widely implemented solution. Protocols like EIP-191, BIP-137, and Ed25519 provide similar proof-of-ownership capabilities with broader compatibility across wallet types. Their flexibility allows them to serve multiple purposes beyond regulatory compliance, creating natural incentives for both developers and users.

Extended Public Key Verification offers another approach that addresses regulatory goals through different technical means. By verifying xPubs, platforms can confirm wallet control while maintaining a seamless user experience—a balance that has gained traction across the ecosystem.

Micro-Transaction Verification, also known as the Satoshi Test, has emerged as another alternative that confirms wallet control by having users send specific amounts within designated time windows. This method works with virtually any wallet that can send transactions, providing broader coverage than protocol-specific approaches like AOPP.

Multi-Method Verification Systems have also gained traction, with companies like Notabene offering comprehensive solutions that combine several verification methods. These systems typically include cryptographic signature proofs similar to AOPP's approach, but complement them with alternative verification methods such as micro-transactions, visual verification through screenshots, and self-declaration options. This layered approach provides flexibility for users across different wallet types and technical expertise levels.

The Path Forward: Beyond AOPP

AOPP represents a thoughtful attempt to address the regulatory challenges facing cryptocurrency users and exchanges. However, its limited adoption reflects not just technical considerations but deeper questions about how compliance mechanisms integrate with cryptocurrency's core principles and user expectations.

As the cryptocurrency industry continues to mature, verification solutions will likely evolve along paths that balance regulatory requirements with user experience priorities. While AOPP may maintain relevance in specific regulatory contexts, particularly in Switzerland, the industry appears to be moving swiftly toward more flexible, multi-method approaches to wallet verification.

Companies like Notabene have recognized this need for flexibility by developing verification systems that work across virtually any wallet type, including popular hardware wallets like Ledger and Trezor that don't support AOPP. Their approach demonstrates that compliance and security don't necessarily come at the expense of user experience, particularly when various verification methods are available depending on the specific wallet technology.

The experience with AOPP provides valuable lessons for future protocol development. It demonstrates that successful compliance tools must consider not only regulatory requirements but also technical implementation costs, user experience impacts, and alignment with the diverse expectations of the cryptocurrency community. Looking ahead, the most successful verification approaches will likely be those that provide multiple options rather than requiring wallets to implement specific protocols, ensuring that Travel Rule compliance remains accessible regardless of which wallet technology users prefer.

Notabene, a leading provider of crypto compliance solutions, today announced a new partnership with Mastercard to bring simplicity and enhanced safety to their powerful crypto compliance tools. Through a pilot program with M2, a prominent Abu Dhabi-based virtual assets service provider (VASP) regulated by the Financial Services Regulatory Authority (FSRA) within the Abu Dhabi Global Market (ADGM), Notabene will integrate Mastercard Crypto Credential into its SafeTransact platform, facilitating the secure and privacy-preserving exchange of transaction metadata for M2’s digital asset trading services.

Mastercard Crypto Credential verifies transactions among consumers and businesses using blockchain networks, providing the assurance that a user has met a set of verification standards and confirming that the recipient’s wallet supports the transferred asset. The solution simplifies the consumer experience by allowing crypto exchange users to send and receive digital assets – such as stablecoins being leveraged for remittances, a growing use case – using simple aliases, instead of the typically long and complex blockchain addresses. This empowers people to enjoy peace of mind knowing they are transacting with verified users, while reducing the risk of losing assets due to typos or incompatible assets. It also brings greater trust and certainty to crypto transactions through the exchange of metadata and Travel Rule information.

This integration between Notabene, M2 and Mastercard aims to significantly improve counterparty identification rates, ensuring compliance with the Travel Rule while reducing friction in VASP-to-VASP and cross-border transactions. By employing advanced encryption and data minimization practices, the integration will help ensure that sensitive information is protected while also enabling convenient and compliant transactions. The pilot aims to showcase how VASPs and traditional financial institutions can come together to mitigate risks associated with digital asset transfers while maintaining operational simplicity for institutions and their retail customers.

Pelle Braendgaard, CEO of Notabene, commented on the partnership: "Our collaboration with Mastercard represents a significant leap forward in making crypto transactions as safe and straightforward as traditional financial operations. By combining our expertise in crypto compliance with Mastercard's global reach and digital assets capabilities, we're setting a new standard for consumer trust in crypto payments. This partnership is not just about solving today’s compliance challenges but also lays the groundwork for supporting innovations such as self-hosted wallet integrations, further expanding the scope of secure and trusted crypto transactions."

"As the digital assets ecosystem matures, Mastercard is continuing to innovate to stay ahead while ensuring safe, compliant, and trusted interactions,” said Raj Dhamodharan, executive vice president, Blockchain & Digital Assets at Mastercard. “By integrating Mastercard Crypto Credential with Notabene’s industry-leading compliance solutions, we're enhancing connectivity and trust to foster the adoption and integration of a range of digital assets – from Bitcoin to stablecoins – into the global financial ecosystem. This partnership with Notabene and M2 expands our reach and interoperability across the crypto landscape."

In collaboration with M2, Mastercard and Notabene are demonstrating practical applications of this joint solution. Deepak Garg, Chief Compliance Officer at M2, adds: "As a leading virtual assets service provider, we are committed to staying aligned with global regulatory standards while enhancing the user experience for our customers. By partnering with Notabene and Mastercard, we can bring even more secure and compliant digital asset transactions to a global audience. This approach not only strengthens trust with our customers, but also opens new opportunities for growth by expanding the network of reliable counterparties for safe and secure transactions."

The pilot program is currently limited to select regions, including the United States, Brazil, Mexico, Argentina, and several European countries, with plans for expansion in the near future.

Interested in integrating Mastercard Crypto Credential into your transaction authorization workflow? Visit notabene.id/mastercard to learn more.

Media Contact
Clay Fain, Notabene
[email protected]

About Notabene
Notabene is the crypto industry’s premier platform for pre-transaction authorization and decision-making, empowering customers to detect and prevent high-risk activities before they occur. With SOC-2 and ISO27001 security certification and a strong focus on privacy and user experience, Notabene’s flagship product, SafeTransact, offers a comprehensive suite of features, including real-time authorization, decision-making, counterparty sanctions screening, and self-hosted wallet identification. Headquartered in New York, Notabene operates globally and has a presence in Switzerland, Singapore, Germany, and the United Kingdom.

Trusted by over 200 companies, including Copper, Luno, Crypto.com, and Bitstamp, Notabene offers a full suite of Travel Rule compliance tools to ensure compliance with global and local regulations.
www.notabene.id

About M2
Headquartered in Abu Dhabi, M2 has a mission to drive virtual asset adoption within the UAE by delivering a secure and transparent trading environment for investors. The platform provides investors with a growing suite of virtual asset products while ensuring strict regulatory compliance. Regulated by the Financial Services Regulatory Authority (FSRA) located in the Abu Dhabi Global Market (ADGM), M2 Limited and M2 Custody Limited are committed to ensuring a safe trading experience, upholding the highest standards of regulatory compliance.

www.m2.com

About Mastercard

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re building a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

www.mastercard.com

‍

DORA and the Future of Digital Resilience: What It Means for ICT Providers Like Notabene

As the financial sector becomes increasingly digital, its dependency on resilient infrastructure is under the microscope. Cyber threats are rising, and regulators are responding. The EU’s Digital Operational Resilience Act (DORA), which took effect on January 17, 2025, establishes a new, binding standard for operational security across 20 categories of financial institutions and their third-party ICT (Information and Communications Technology) service providers.

What sets DORA apart is its shift from guidance to obligation. Operational resilience is no longer a best practice—it’s a legal requirement. Systems must be secure, regularly tested, and prepared to withstand real-world attacks and disruptions.

For ICT providers like Notabene, which supports financial institutions and VASPs with compliance infrastructure, the message is clear: trust begins with security, and resilience is now essential.

What DORA Means for ICT Providers

DORA introduces a unified framework that ensures every link in the financial services supply chain is built for resilience. Key requirements include:

• Resilience testing by default: ICT vendors must undergo penetration testing, simulated threat scenarios, and security assessments to demonstrate that they can handle operational disruption.
• Faster, clearer incident reporting: When incidents occur, financial institutions are required to report them promptly. Their ICT partners must support these disclosures with detailed technical input.
• Stricter oversight of third-party vendors: Institutions are expected to evaluate and continuously monitor their ICT providers to ensure alignment with both regulatory and contractual standards.

For companies serving banks, VASPs, and other regulated institutions, meeting these expectations signals more than compliance. It shows preparedness and earns trust.

Notabene’s Security-First Mindset

At Notabene, security isn’t an afterthought or a reactive measure—it has always been foundational. Long before DORA came into effect, we invested in the infrastructure, policies, and safeguards that operational resilience requires.

Here’s how we go beyond the baseline:

Bank-grade due diligence

Our infrastructure undergoes rigorous reviews by global financial institutions. We align with the same standards they apply to their own systems.

Third-party audits and continuous testing

We work with independent security firms to conduct regular penetration tests, vulnerability scans, and compliance checks. These audits help us proactively identify and mitigate risk.

Global compliance alignment

We maintain SOC 2 and ISO 27001 certifications, and follow industry-leading practices in encryption, access controls, and system integrity.

Resilient by design

Our incident response protocols are structured for speed and transparency:

• Real-time threat detection to identify anomalies early
• Streamlined escalation processes to coordinate responses internally and externally
• Client-facing communication tools to share timely updates and mitigation plans

We’ve built these systems not because regulations demanded it, but because our clients do.

Why DORA Compliance Matters for Financial Institutions & VASPs

With DORA now in force, regulated institutions are reevaluating their partnerships. Compliance checklists are no longer enough—they need demonstrable resilience, backed by action and transparency.

This shift will raise expectations across the board. Financial institutions will gravitate toward ICT providers who can prove operational readiness through certifications, audits, and clear governance.

At Notabene, we’re already there. Security and trust are embedded in everything we do. And as compliance becomes a foundational layer of financial infrastructure, we’re proud to support our clients in meeting and exceeding evolving standards.

DORA is reshaping how financial institutions and technology partners think about operational resilience. ICT providers that fail to meet its expectations will be left behind. But for those who embrace it, there’s an opportunity to lead with trust, security, and readiness.

For Notabene, DORA is not a challenge—it’s validation. The systems we’ve built were designed with this level of scrutiny in mind from the very beginning.

Let’s talk about how we can help your institution stay ahead of these expectations and build resilience that lasts.