There is a misconception about crypto and sanctions, mainly the thought that “it’s a wild west and bad actors can evade sanctions through the use of crypto.” Quite the contrary is true; sanctions authorities in many jurisdictions have ensured that relevant legal and regulatory requirements apply comprehensively to crypto assets. Sanctions equip authorities with the necessary enforcement powers to act against breaches of sanctions that may involve crypto assets. 

Recent enforcement actions against crypto companies for breaching sanctions also helped bring this to light. Russian sanctions and the U.S. Treasury’s Office of Foreign Assets Control (OFAC) designations have shown that the crypto industry needs to rethink how they approach sanctions compliance. In 2022 alone, Blender.io, Tornado Cash, Hydra, Garantex, and many others helped criminals carry out ransomware attacks, scams, and money laundering through their services. Chainalysis reported that 44% of 2022’s illicit transaction volume came from activity associated with sanctioned entities–in a year when OFAC launched some of its most ambitious and difficult-to-enforce crypto sanctions yet.

So far, the topic of sanctions compliance has been primarily centered around crypto exchange users. Shall we cut ties with all Russian customers? Are Iranian nationals using our exchange? But, when facilitating transactions on behalf of their customers, another element needs to be considered: who are the counterparties receiving the funds? If virtual asset service providers (VASPs) do not comply with the Financial Action Task Force’s Travel Rule as it continues to be enforced across the globe in different jurisdictions, they are not screening counterparty customers for sanctions, leaving VASPs in the dark about whether they facilitate transactions with sanctioned individuals.

‍

The Rise of Sanctions affecting the Crypto Industry

In April 2022, OFAC sanctioned the crypto exchange Garantex, which accounted for the majority of sanctions-related transaction volume last year. As a Russia-based business, the exchange has been able to operate with impunity. In August 2022, Tornado Cash, an Ethereum-based mixer, was blacklisted by the OFAC. The reason: The Lazarus hacker group linked to North Korea used the mixer to transfer funds. Although Tornado Cash was not the first mixer sanctioned last year, it provoked outrage in the crypto community because Tornado Cash is a noncustodial, open-source tool–a sign of things to come: protocol-level sanction action.

More recently, in January 2023, the United States Department of the Treasury Financial Crimes Enforcement Network (FinCEN) labeled crypto exchange Bizlatzo as a “primary money-laundering concern,” for failing to “effectively implement policies and procedures designed to combat money laundering and illicit finance” pursuant to section 9714(a) of the Combating Russian Money Laundering Act — passed as part of the 2020 National Defense Authorization Act. Five days later, The U.S. Justice Department charged Bitzlato with money laundering, and authorities in France, Spain, Portugal, and Cyprus reportedly seized control of crypto wallets containing more than $19 million in cryptocurrency as part of enforcement actions against crypto firm Bitzlato. 

These examples present an obvious obstacle: VASPs can unknowingly facilitate transactions with sanctioned counterparties. Transactions associated with Garantex, Bizlatzo, or any other sanctioned crypto service represent substantial compliance risk for businesses subject to U.S. jurisdictional regulation and consequences, including fines and potential criminal charges.

VASPs must have the ability to determine if their clients are sending transactions to sanctioned entities, wallets, or jurisdictions by implementing Travel Rule compliance for transaction-level counterparty and sanction insight.

The missing piece of the puzzle: Travel Rule Compliance

Historically, VASPs have solely focused on performing sanction checks on their customers during the onboarding process. VASPs currently leverage blockchain analytics companies to screen and identify sanctioned wallet addresses.  Further, VASPs use various geofencing companies and methods to uncover if any customers are in sanctioned jurisdictions through methods like device fingerprinting, IP and GPS location, etc. However, sanctions compliance should also include screening for counterparty crypto wallet addresses and the beneficiary VASP’s customers–which would enable the VASP to reject transactions from another VASP that may have a potentially sanctioned customer or wallet address– before it comes to your VASP. Major financial regulators worldwide are now addressing this blind spot to manage pre-transaction counterparty sanctions risk.

Regulators are turning their attention to counterparty sanction screening compliance, as noted by the recent developments in the European Union's Transfer of Funds Regulation (TFR). In April, the EU will vote to confirm its crypto-focused legislation, the Markets in Crypto-Assets (MiCA), and the TFR. VASPs registered in all 27 EU member states will have to comply with the Travel Rule once rectified.

The draft text of the TFR requires EU VASPs to have policies and controls in place to screen both their customers and counterparty customers for financial sanctions. This includes screening against national and EU lists of designated persons. The EBA will provide guidelines for these policies and controls.

‍

What does the Travel Rule require VASPs to do?

Created by the United States’ FinCEN for fiat in 1996 and extended to crypto transactions by the Financial Action Task Force in 2019, the crypto Travel Rule requires VASPs and financial institutions to disclose specific customer data when transacting crypto assets. Additionally, the financial institutions must collect information about the counterparty customer, screen the counterparty customer against sanctions lists, and perform due diligence on the counterparty institution. 

A missing piece of the puzzle, which has yet to make the headlines with eye-opening enforcement actions, is counterparty identification. With the exception of those implementing effective Travel Rule programs (and this number is exponentially increasing, especially this year), crypto companies can unknowingly facilitate transactions to sanctioned parties. Travel Rule compliance is a crucial element missing from VASP’s sanctions compliance frameworks. 

‍

‍

An effective sanctions compliance program cannot focus only on customer sanction screening. It also needs to consider the specificities of crypto transactions, including the fact that blacklisting a blockchain address does not automatically mean freezing its money. A sanctioned individual can continue to create and operate through brand new addresses that OFAC cannot immediately tie to their identity. We will have to see the steps OFAC will take around peer-to-peer transactions in the future. Until then, crypto companies must leverage Travel Rule compliance solutions to solve counterparty risk. 

Even during times of economic downturn VASPs are poised to spend more on compliance this year. In its recent Targeted Update on Implementation of Standards, the FATF reports that 29 jurisdictions have crypto Travel Rule legislation in place. In order to close the gap and mitigate risks from jurisdictional arbitrage, regulators are pushing out another wave of enforcement dates in 2023; Hong Kong will enforce the Travel Rule on June 1st, 2023, and the United Kingdom will follow suit on September 1st. 

To protect themselves from potential legal and financial risks from noncompliance as the Travel Rule is rolled out to solve these problems, VASPs must integrate software that enables their compliance team to: 

• Identify suspicious and/or regulated transactions
• Identify and verify the beneficiary customer and institution
• Verify wallet ownership / collect information about the Beneficiary (depending on local requirements)
• Screen the counterparty customer for sanctions
• Verify the counterparty company’s AML/CTF standards
• Apply relevant jurisdictional regulations
• Block transactions to sanctioned individuals
• Securely transmit customer identifying data (during a Travel Rule transaction routed to another VASP).

‍
What can Notabene customers do today to block transactions with sanctioned parties?

Notabene customers can identify sanctioned counterparties and block ensuing transactions effectively by using the features noted in the image below.

To identify counterparty VASPs, perform VASP due diligence, identify counterparty customers, monitor wallet risk scores, and sanction screen at scale, customers can set risk-based rules in our Rule Engine to restrict incoming or outgoing Travel Rule data transfers with VASPs that do not meet their diligence criteria.

By defining these risk-based rules in our Rule Engine to prevent incoming or outgoing Travel Rule data transfers with VASPs that don't fulfill their diligence standards, Compliance Officers can effectively mitigate AML-related counterparty risk by tying this mechanism into the transaction flow.

‍

Our Rule Engine allows you to set comprehensive controls to effectively perform AML-related counterparty risk mitigation. Click here to learn more.

The time to comply is now

In conclusion, counterparty sanctions screening compliance is a critical aspect of sanctions compliance and must be taken seriously. The recent enforcement actions against VASPs for breaching sanctions have highlighted the importance of a robust compliance framework. 

It’s time for the crypto industry to recognize its impact on the world order. Suppose the sector’s scale and maturity allow it to be a de facto competitor to the traditional financial system. In that case, crypto could be instrumentalized as a means to evade sanctions, which would massively affect how the world runs its business. Only an effective sanctions compliance program that includes counterparty sanction screening through Travel Rule compliance can mitigate this looming risk. The time to prioritize Travel Rule compliance is now.

‍

This article was first published on Law360.

The Crypto Industry’s Trust Deficit and the Need for Stronger Security Measures in 2023

With the massive influx of new users entering the crypto space in 2021 and the first half of 2022, exchanges rushed to launch new and innovative products as they competed for users. However, rapid launches of products outpaced internal efforts to build risk controls and proper security practices. This year tested trust with the downfall of Three Arrows Capital, Celsius Network, and FTX, among others. This whirlwind showed us that we still have ways to manage counterparty risks and build trust in cryptocurrency transactions. During the latter part of the year, consumer and investor trust in the industry dwindled as scrutiny from regulators grew.

The shaken trust in the crypto industry did not slow down financial institutions’ roadmaps, with the likes of Bank of New York Mellon, State Street, and Fidelity Digital Assets launching digital asset custody or trading platforms.

Overall, this year saw both crypto-native companies and financial institutions realizing that a substantial competitive advantage lies in providing secure and safe crypto transactions and have invested in building proper security and risk controls. We foresee companies investing more and more resources to ensure transactions go to trusted parties in 2023. We suspect many of these will emerge from the crypto winter as crypto champions. 

‍

Regulatory enforcement is here.

The Russia-Ukraine conflict sparked a significant movement among governments to impose sanctions on Russian individuals and entities. As the world watched, the crypto industry waited with bated breath to see if sanctioned individuals would use cryptocurrencies to evade fiat sanctions. The war became a key catalyst for the enforcement of crypto regulations, with jurisdictions like Estonia implementing the Travel Rule 17 days into the conflict and setting the enforcement date just three months behind on June 15th, 2022, creating the fastest turnaround for Travel Rule enforcement in history. 

Travel Rule compliance is a critical method for transaction risk mitigation, allowing crypto exchanges to identify and block transactions to potentially sanctioned actors. As pointed out in FATF’s Targeted Update on Implementation of FATF’s Standards on VAs and VASPs, published on June 30th, the industry has made significant progress on implementing the travel rule, but there are still many shortcomings. In particular, FATF expects local regulators to move quicker on enforcement and reducing jurisdictional arbitrage. It also has asked the crypto industry to work on interoperability. 

As the regulator’s patience wanes, 2023 will be crucial in rolling out Travel Rule compliance. At Notabene, we have seen momentum rise globally among VASPs to comply with the travel rule and put in place real-time risk assessments of transactions, regardless if the counterparty wallet is hosted or self-hosted. Given this momentum, upcoming regulatory enforcement dates, and the volume of VASPs getting ready today to comply, we predict 70-80% of the industry to go live with implementing the Travel Rule. 

In 2023, regulators will likely implement strict regulations to address consumer protection and transaction identification. We foresee a continued focus on sanctions and implementing beneficial ownership rules in the US, which is part of FinCEN’s AMLA 2020. Furthermore, we also anticipate more enforcement actions to be taken against crypto companies that have inadequate controls.

As we prepare for an eventful year in crypto regulation, we share a few of our company highlights from 2022. Notabene’s 2022 highlights: Rapid network growth, increased transaction volumes, and new features and improvements:

‍

1. Notabene’s transaction volume grew 90x in 2022

Transaction volumes through our Travel Rule solution have risen 90x since December 2021. With a network today of 800+ VASPs, Notabene Network members can send or receive transfers through Notabene, using more than 130 asset types. Our simple integration process and excellent customer support ensured that even small and medium-sized companies could meet strict deadlines.

‍

2. Onboarded 200+ customers to the Sunrise Plan

Our customers’ success is essential; they cannot successfully comply if their counterparties do not have the necessary tools to respond to their data transfer requests. To solve reachability issues during the travel rule sunrise period, we launched the Sunrise Plan to allow all VASPs–not only Notabene members–to respond to pending Travel Rule transactions at no cost. This plan provides compliance officers with access to our compliance dashboard, allowing them to set up automated compliance workflows and use our integrations with blockchain analytics and sanctions screening providers. 

‍

3. Delivered new features launches, integrations, and improvements

Compliant VASPs rely on several RegTech solutions to make confident, comprehensive, and well-informed decisions to manage their AML/CFT risk. Throughout 2022, we launched the following components to make Travel Rule compliance scalable and frictionless.

‍

4. Launched SafePII - the industry’s-first end-to-end encrypted escrow service for safe Travel Rule transactions

Data security and privacy for end users remain one of Notabene’s core values. To protect the personally identifiable information of our client’s customers en route to their transaction counterparty, we’ve introduced three encrypted escrowed PII communication routes to our advanced security infrastructure.

SafePII is a pioneering feature that enables VASPs to securely exchange encrypted personally identifiable information with counterparties while simultaneously managing their encryption keys. This innovative solution is the first of its kind in the industry.

‍

5. Awarded 60+ certificates to participants in our inaugural Travel Rule Training program

Implementing compliance processes and internal controls is crucial for launching compliance with the Travel Rule. As this is a new challenge for Compliance Officers in the crypto industry, we have created the Notabene Travel Rule Training Program to equip our customers with the necessary knowledge and skills to meet this mandate. We’re delighted to share that we’ve issued over 60 certificates for completing the training. 

‍

In the Training program, participants explore different Travel Rule scenarios to gain a deeper understanding of Travel Rule compliance. During the bespoke testing cohort, they practice sending and receiving Travel Rule transfers under the advisory of our Regulatory and Customer Success teams. Keep your eyes peeled in 2023 as we expand this program! 

6. Published the industry’s first State of Travel Rule Compliance Report

Furthering our mission to assist businesses in navigating the changing regulatory landscape for cryptocurrencies, we surveyed compliance officers globally to gauge compliance readiness and understand the main pitfalls of implementing the Travel Rule in the crypto and financial services industries. 

The survey responses informed an industry-first study, The State of Crypto Travel Rule Compliance Report 2022. The Financial Action Task Force cited our report in its recent Targeted Update on Implementation of the FATF Standards on VAs and VASPs.

‍

‍

If you would like to add insight to our upcoming State of Crypto Travel Rule Compliance Report 2023, please reach out to [email protected].

7. Hired amazing talent 

We added vital positions to critical support roles to keep up with our rapid growth and increased focus on the industry. The Notabene Team grew from 17 to 33 this year, including our first Regulatory and Compliance hire, Lana Schwartzman. 

Additionally, our team members racked up many accomplishments this year. NYC Fintech Women recognized Notabene co-founder and COO Alice Nawfal on their 2022 list of Inspiring Females in Fintech. Legal Engineer Catarina Veloso was selected to join the European Banking Authority’s AML Working Group. Lana Schwartzman, Head of Regulatory & Compliance, was nominated for Women in Tech’s Rising Star of the Year. Company-wise, Notabene took home the “Best Solution in Travel Rule Compliance” award at Regulation Asia’s 5th Annual Awards for Excellence. The Financial Conduct Authority (FCA) accepted our Travel Rule solution into the Regulatory Sandbox initiative.

Thank you for joining us on this journey. We can’t wait to see what’s in store for 2023!

‍

Yours,

The Notabene team. 

Notabene is proud to announce that our co-founder and COO, Alice Nawfal, has been honored by NYC Fintech Women on their list of 2022 Inspiring Females in Fintech!

NYC FinTech Women’s mission is to connect, empower and promote women in FinTech. Through their annual Inspiring FinTech Females list, they recognize female professionals who are driving change and advocating for gender equity in their roles. This prestigious honor celebrates the exceptional work and accomplishments of women in fintech and shines a light on their contributions to the field. It's a chance to celebrate and uplift the achievements of these inspiring women and the impact they are making in the industry.

‍

‍

Alice advocates for diversity and inclusion

At Notabene, Alice has played a crucial role in driving our success and pushing the boundaries of what is possible in fintech. Here and in the industry at large, she is a strong spokeswoman for diversity and inclusion.  

Alice believes that a female-inclusive workforce is critical to the crypto industry. “For crypto to go mainstream,” she says, “it needs to be accessible to half the population, the 50% that represents women. And to succeed at serving that population's needs, their representation is important among the people providing the service. We need equal representation of women in crypto - from running teams and building tomorrow's products to interacting with regulators - or else we fail at that goal. The number of great women I meet every day across the Web3 space building, creating, shipping, managing - it gives me a lot of confidence that we are building for a more equitable and inclusive world.” 

Alice’s beliefs are showcased by her work in personally building out Notabene’s team with ambitious, smart, and globally diverse team members, and as of today, a significant portion of Notabene’s senior leadership roles are held by women from all over the world. As their team continues to expand, that number is only expected to grow.

Before entering the blockchain industry, she worked as an associate at The Economist, conducting high-impact, data driven analysis on public policy with an expert focus on gender, unemployment, and labor. There, she participated in the "No Ceilings: The Full Participation Project"​ with the Economist, the Clinton Foundation, and the Gates Foundation, a data-driven approach to gender equality that measured the gains and gaps that women and girls have achieved across more than 190 countries over the past two decades. 

During her career as COO of Notabene, the company has built an industry-leading reputation in global Travel Rule compliance and education. Alice’s management of Notabene’s go-to-market strategy has led to the development of several key aspects to their success, including the global rollout of Notabene’s Travel Rule Solution, an end-to-end FATF compliance solution to identify virtual asset accounts, perform mandated VASP due diligence, and manage global transactions from one dashboard. She is also responsible for launching successful and innovative partnerships to grow the business and enhance product value proposition. 

Alice has a BS in math and economics from MIT, an MPA from Harvard Kennedy School of Government, and an MBA from Wharton. She’s a huge inspiration to our team and our industry.

The Notabene team is grateful to have the opportunity to work alongside such a talented and accomplished individual, and we are looking forward to seeing all the success that Alice will continue to bring to fintech’s women in the future. Congratulations, Alice, on this well-deserved recognition!

We recently sat down with Lana Schwartzman, Notabene’s newly appointed Head of Regulatory & Compliance, who discussed her history in compliance, what led her to transition to the crypto industry, and how Travel Rule compliance will be at the forefront of preventing illicit activity.

Q: What is your history in compliance?

A: Oh, it’s a long one! I have spent 17 years in compliance and AML regulations across Web3, digital assets, fintech, and TradFi. I began my compliance career at Morgan Stanley on the compliance team and eventually moved to Deutsche Bank. I then spent seven years at Grant Thornton’s Regulatory and Compliance Risk Advisory Services practice, where I advised the early crypto adopters (and TradeFi companies) on setting up and implementing compliance programs, helping them think about digital onboarding, as well as managing teams that did the annual independent compliance program reviews, and consent order validation for various cryptocurrency companies, financial institutions, and foreign banking organizations. 

Later, shifting into crypto, I served as Chief Compliance Officer for two crypto companies, the latest being Dapper Labs. Any NFL ALL-Day fans out there? As a CCO, I designed and implemented BSA/AML/Sanctions Compliance programs and led MSB/MTL licensure strategy and process, all while keeping the pulse on the ever-changing regulatory environment.

Q: What drew you to the crypto industry, and why compliance in particular?

A: I always wanted to fight the good fight and make a difference by catching bad actors. Right out of college, I was recruited into the compliance world. While in this world, virtual currencies came to my attention. With my compliance hat, I found it very interesting that one could transfer value from A to B without many regulations (back in the day). I started reading as much as possible on this and slowly became a crypto compliance SME. I’m a techie at heart, and this was the next frontier. 

Q: What do you see as the market opportunity for crypto compliance and Notabene’s part in driving that?

A: Regulation, now more than ever, along with regulatory clarity, is super important for the industry. As a former CCO for various crypto companies, I always craved that certainty. The Travel Rule is one of the industry’s most important rules, which, if the challenges are overcome with time, will be at the forefront of preventing illicit activity if it works in the way it was supposed to. Notabene’s end-to-end platform is Travel Rule messaging protocol agnostic. Additionally, it supports all asset types. Compliance Officers can use the Rules Engine to set smart rules to account for international jurisdictional differences. Thus, it is the premier industry solution for complete compliance with the Travel Rule. 

Q: Why did you decide to join Notabene? Why now?

A: I have been in the crypto compliance space for almost 12 years and have been a CCO at two crypto companies - in the crypto world, that is a lifetime! I wanted to bring my CCO perspective to a vendor product so that it can be built not just by engineers and product development - but with compliance and the Compliance Officers’ journey in mind. I wanted to be the customer voice internally and externally. Further, I think the Notabene team is brilliant and having two female co-founders is a bonus. These incredibly seasoned and educated professionals bring years of experience to build the best platform for Travel Rule compliance.

Q: How do you see your role as Head of Regulatory & Compliance shaping the future of Notabene?

A: I’m joining Notabene at a pivotal moment in the industry as regulators worldwide sharpen their focus on virtual assets. Having an internal voice of CCOs at Notabene, I believe, will play a significant role in shaping our upcoming product features and services. Another goal is to enrich Notabene’s Compliance Officer community with pointed webinars, off-sites, and working groups for VASPs coming to terms with this new regulatory and technological environment. I will also engage with various regulators to ensure they understand our community and product and directly hear what is vital as we evolve. 

Q: What’s keeping you up at night (as a CCO)?  

A: Regulatory uncertainty and lack of clarity. 

Q: Which jurisdictions do you have your eye on as this rolls out, and why? 

A: Of course, the US is the shakiest and needs the most clarity. EU, under MICA, will be an extensive reach with all the changes.‍

Q: Which publications do you read on a weekly/daily basis? 

A: I’m all over Crypto Twitter! But I am a fan of my friend Ari Redbord at TRM Labs and his weekly updates. I’m big on podcasts like:

• “Web3 with a16z crypto” 
• “Empire” by Blockworks 
• “Public Key” by Chainalysis 
• “Unchained” with Laura Shin 
• “Law of Code” by Jacob Robinson 
• “What bitcoin did” by Peter McCormick
• “Decrypt” with Matthew Diemer 
• “Great Women in Compliance” by Corporate Compliance Insights

And many more. I read Coindesk, Cointelegraph, and Morning Brew….and unrelated to work, different cooking/recipes blogs and weekly Torah summaries. 

‍

Want to know more about Lana? Read the press release. Reach out to Lana on Twitter or Linkedin. 

NEW YORK CITY – Notabene, the full-service solution for crypto regulatory compliance with the Travel Rule, has added Lana Schwartzman to its team as Head of Regulatory and Compliance. This step, in conjunction with its recent launch of SafePII as the first escrow service for personally identifiable information (PII), is Notabene’s most recent move to elevate its commitment to Travel Rule compliance for customer data in the crypto space.

Schwartzman previously served as Chief Compliance Officer for two crypto companies, the latest being Dapper Labs. Prior to that, she worked in Grant Thornton’s Regulatory and Compliance Risk Advisory Services practice for seven years, advising early crypto adopters on setting up and implementing compliance programs. She began her role in compliance with Morgan Stanley and then worked at Deutsche Bank.

View the press release on Business Journal.

Schwartzman joins Notabene at a pivotal moment in the company’s launch of risk-mitigation and compliance features for virtual asset service providers (VASPs) as regulators worldwide roll out new requirements to collect and transfer PII. With the United Kingdom just recognized as the world’s largest crypto economy, and as the European Union puts into place the Financial Action Task Force’s standards for anti-money laundering compliance, Schwartzman will have a key role in shaping Notabene’s services for VASPs across an evolving global regulatory landscape. 

Schwartzman has more than 17 years of compliance and regulatory experience in Web3, digital assets, fintech, and TradFi, with a proven track record of successfully designing and implementing BSA/AML/Sanctions Compliance programs, leading MSB/MTL licensure strategy and process, internal audits, independent compliance program reviews, and consent order validation for NFT and cryptocurrency companies, financial institutions, and foreign banking organizations. 

She is an industry thought leader and subject-matter expert in regulations and compliance related to NFTs and cryptocurrency, as well as anti-money-laundering regulations. She frequently speaks at industry conferences, including those of the Association of Certified Anti-Money Laundering Specialists and the Association of Certified Financial Crime Specialists. She discusses related issues in the media, including an appearance on the Law Of Code Podcast.

Schwartzman is a Certified Anti-Money Laundering Specialist and has achieved various crypto certifications, including the Chainalysis Cryptocurrency Fundamentals Certification and the Reactor Certification. She holds a bachelor’s degree in Business Administration, Finance, and Law, from Pace University. 

Notabene is the leading full-service global Travel Rule compliance platform. The firm was created to provide solutions to Travel Rule guidelines, which mandate virtual asset service providers to collect, store and send PII from their users. To mitigate the risk of hacks and data leaks, Notabene’s encrypted SafePII service ensures that only authorized users can access this data.

With Travel Rule implementation deadlines looming in jurisdictions across the globe, the gap is closing between crypto regulations and how VASPs currently manage PII in fiat currency transactions. Today, major crypto exchanges and financial institutions worldwide use Notabene’s platform to send and receive Travel Rule data transfers across a growing network of more than 500 crypto exchanges. 

About Notabene

Notabene is on a mission to make secure and trusted crypto transactions a part of the everyday economy. Using privacy-preserving technology, our full-service software helps virtual asset service providers (VASPs) turn regulatory compliance into a competitive advantage. Notabene’s market-leading Travel Rule compliance solution enables financial institutions, crypto exchanges, and custodians to comply with international AML regulations and guidelines. Notabene is fully SOC 2 security certified. Companies such as Luno, Bitso, Crypto.com, Bitstamp, and others leverage our software to manage regulatory and counterparty risk in virtual asset transactions. Headquartered in New York, Notabene is a global company with offices in Switzerland, Singapore, and the United Kingdom. 

Regulation Asia recently awarded Notabene "Best Solution: Virtual Assets – Travel Rule Compliance" in the 5th Regulation Asia Awards for Excellence 2022 at an in-person ceremony on November 22, 2022.

The judges examined, challenged, and graded dozens of submissions in each category, ensuring a rigorous and equitable process for all applicants. The Awards program also recognizes providers who have helped create the regulatory landscape in Asia-Pacific over the course of the year.

Notabene was recognized for its full-service solution, which simplifies compliance while maintaining the highest compliance standards amid an evolving and increasingly complex regulatory environment.

“Notabene has built a universal Travel Rule protocol gateway to address the current lack of a messaging protocol that is open to all VASPs.This protocol-agnostic approach, as well as a free sunrise plan being offered by Notabene, helps crypto firms come into compliance even in jurisdictions where the Travel Rule is not yet a regulatory requirement.”  - A Regulation Asia awards panel judge. 

Notabene’s solution enables firms to identify transactions that fall under the requirement immediately, automate counterparty due diligence, and seamlessly and securely exchange and store Travel Rule data. Additionally, customers can set risk-based criteria through a rules engine to automate compliance decisions, verify self-hosted wallet ownership, and generate Travel Rule reports. 

We would like to thank Regulation Asia for considering us for this prestigious award. Visit Regulation Asia’s website to read the full press release.

NEW YORK, NY AND SINGAPORE  - Matrixport, one of the world's largest digital assets financial services ecosystems, today announced a partnership with Notabene to implement a protocol-agnostic, end-to-end solution for global Travel Rule compliance. This partnership follows a recently completed Notabene-led testnet and will be implemented in phases, starting with fund flows to and from Hong Kong and Singapore before extending beyond. 

Notabene’s solution provides for automating Matrixport’s counterparty due diligence via risk-based rules to instantly identify and verify business partners, while incorporating country specific Travel Rule compliance standards for anti-money laundering (AML) and counter terrorist financing (CTF). Additionally, personally identifiable information (PII) is safeguarded with the use of SafePII, Notabene’s privacy-preserving technology which significantly minimizes the risk of data loss through hacks or breaches. 

When completed, the integration allows Matrixport to align and comply with the Monetary Authority of Singapore’s (‘MAS’) requirement for crypto Travel Rule, incorporated under the Payment Services Act (Notice PSN02). 

Christopher Liu, Chief Compliance Officer at Matrixport, said “Compliance is a cornerstone of Matrixport’s robust institutional risk management protocols. We are committed to implementing the highest standards and Notabene’s technology enables operational efficiency while ensuring end-to-end compliance with FATF’s Travel Rule and the MAS Payment Services Act. Our compliance roadmap is designed to provide our clients with best-in-class support to enhance secure, transparent and efficient digital asset services.” 

“At Notabene, it is our mission to continuously elevate the level of privacy and security consumers need for their PII and it is a pleasure to partner with VASPs that not only seek to comply with regulations as they unfold, but also to protect their users’ data to the highest standards available for these transactions,” said Pelle Brændgaard, CEO of Notabene. “Matrixport is an excellent example of a market-leading digital assets platform turning regulatory compliance into a competitive advantage.  We are proud to continue to support them in evolving their regtech strategies as VASPs around the world work towards compliance with new and evolving regulatory frameworks.” 

The Crypto Travel Rule, an anti-money-laundering regulation introduced in 2019 by the Financial Action Task Force (FATF), mandates VASPs to disclose, collect, screen, and transmit customer personally identifiable information (PII) when transacting in crypto asset amounts over a particular threshold. The Monetary Authority of Singapore (MAS) has incorporated the Travel Rule as part of its Payment Services Act.

- End -

About Notabene 

Notabene is a reg-tech SaaS solution that turns regulatory compliance into a competitive advantage. Notabene is working to make crypto transactions a part of the everyday economy by providing software, tools, and comprehensive data to manage regulatory and counterparty risks in crypto transactions. Companies leverage our end-to-end FATF Travel Rule solution to identify virtual asset accounts, perform mandated VASP due diligence, and manage global transactions from one dashboard. Trusted by leading exchanges, Luno, Bitso, Crypto.com, and more. Notabene is headquartered in New York with offices in Zug and Santiago de Chile. Download a copy of Notabene’s State of Crypto Travel Rule Compliance Report. To learn more, visit www.notabene.id. Follow us on LinkedIn and Twitter. 

About Matrixport 

Matrixport is one of the world's largest and most trusted digital assets financial services ecosystem. The company's services include prime brokerage, Cactus Custody™, spot OTC, fixed income, structured products, lending as well as asset management. Headquartered in Singapore, Matrixport serves individuals as well as over 500 institutions across Asia and Europe. Visit www.matrixport.com for more information.

‍

Hi there!

We’re excited to share our most recent product release with you. This release brings the launch of SafePII, the first end-to-end Encrypted Escrow Service for personally identifiable information (PII). We’ve also made it easier for you to get a response on your outgoing transactions from counterparty VASPs, as well as to instantly learn the reasons your Counterparty VASP declined data transfer, and much more!

The good news doesn’t stop there. In October, we’re also launching a customer exclusive ‘Product Update Demo’, where our product team will walk you through the features from the latest release and demonstrate how you can benefit from these updates. To sign up for the first demo, click here. 

‍

1. Encrypt End-User Data with Notabene’s SafePII

End-user data security and privacy is one of our fundamental values at Notabene. This is why we’ve added three encrypted escrowed PII transmission methods to our advanced security infrastructure. The protocol-agnostic SafePII service leverages state-of-the-art cryptography to protect PII—every piece of PII data is individually encrypted and stored in a safeguarded, limited-access datastore.

How to access this feature:

The good news is that you don’t actually have to do anything. You are already using SafePII’s hosted encryption flow behind the scenes. To take it a step further and use your own encryption keys, please reach out to the team for guidance.

All customers have access to the Hosted SafePII flow. To encrypt/decrypt customer PII within the dashboard, login to the Notabene App -> Transactions -> Select the Transaction (i) -> Select “Conceal” at the top right hand corner. 

‍

‍

Click here to learn more about SafePII.

‍

2. Get a response on your outgoing transactions from counterparty VASPs, even if they don't yet comply with the Travel Rule

In response to the Sunrise Issue, we’ve created a new transaction response status. With the newly launched “Not ready to respond” status, your counterparty VASPs who don’t yet have a Travel Rule solution in place can easily acknowledge the receipt of your data transfers without taking any further action. This allows you to reduce the number of transactions stuck in the “Sent” status and to make an informed decision on whether to send a blockchain transaction or not. 

When responding, Beneficiary VASPs can indicate the reason for not being able to fully respond at the moment, including: 

Not ready to respond reasons include:

• Currently in the process of implementing the Travel Rule
• Not able to verify the receiving blockchain address
• Travel Rule requirements are not yet in force in my jurisdiction
• Other (free input field, active only when Other selected)

‍

3. Instantly learn why your Counterparty VASP declined data transfers

In this release, we have also introduced a quick and simple way for Beneficiary VASPs to indicate their reason for declining data transfers. This allows you to quickly react and understand what the next steps are required in order to facilitate a compliant transaction.

New declined reasons include:

1. Beneficiary details are incorrect
2. Beneficiary details are missing
3. Potential sanctions hit on the originator
4. Others: Free text field

How to access this feature:

‍

4. Better search filters to easily find VASPs within the Network

We’ve enhanced our filters in the Notabene network so that you can easily navigate through the Network and find the VASPs you’re looking for. 

‍

5. Download all transaction data into a CSV file 

Finally, in this release we have also introduced the ability to "download all transaction data into a CSV file". This update enables Notabene customers to use their transaction data to perform analysis or produce in-house reporting that can be shared with their regulators. 

New York, NY – On a mission to enable secure and trusted crypto transactions, Notabene, the leading full-service global Travel Rule Compliance Platform, announced today the launch of SafePII, the first end-to-end Encrypted Escrow Service for personally identifiable information (PII), created explicitly for Travel Rule compliant transfers. This launch is the latest addition to Notabene’s comprehensive bank-grade protection solution and elevates its continued commitment to privacy and security in protecting consumer data at the highest level. 

SafePII facilitates the secure exchange of PII data by encrypting the data format between parties, eliminating the risk of data loss through hacks or breaches. The feature is already in use in transactions between the several hundred exchanges in Notabene’s network. With this enhanced end-to-end encryption service, Notabene customers can securely facilitate user PII data exchanges while remaining compliant with the Financial Action Task Force’s (FATF) Travel Rule.

Travel Rule guidelines mandate that Virtual Asset Service Providers (VASPs) must collect, store and send PII about the user sending the transaction to the receiving VASP. However, if this information falls into the wrong hands (which has happened in the past via crypto exchange hacks and data leaks), malicious actors could use this data to target these persons of interest—either in the real world or virtually. To mitigate this issue and to comply with General Data Protection Regulation best practices to limit potential exposure of PII, Notabene’s Encrypted PII service ensures that only authorized users have access to this data.

“The crypto industry is reacting to a rapidly changing technological and regulatory landscape globally. Many exchanges are struggling to keep up with product demand while adhering to new and escalating regulatory requirements.” said Pelle Brændgaard, CEO and co-founder of Notabene. “We have seen the need and demand for increased protection as FATF Travel Rule providers facilitating the exchange of user information. Data privacy and security are at the core of everything we do at Notabene, which is why we have always prioritized a safe and privacy-preserving approach to complying with FATF’s guidelines. With our standards-based SafePII solution, Notabene customers can be confident in the security of their users’ PII and in their compliance with the ever more complex global regulatory scope.” 

Notabene’s Encrypted PII solution allows its customers to manage their own encryption keys, view their PII access logs, and monitor how and when a party accessed a particular facet of PII data. This gives institutions complete control of the privacy of their end-customers' PII through enhanced encryption modes, ensuring their information remains protected from potential data breaches. 

With Travel Rule implementation deadlines looming, the gap is closing between crypto regulations and those implemented to regulate fiat currencies. Today, major crypto exchanges and financial institutions worldwide use Notabene’s platform to send and receive Travel Rule data transfers across a growing network of 500+ exchanges. Notabene's continual focus on enterprise-ready security features makes it the number one platform of choice for regulated exchanges and financial institutions alike.

About Notabene

Notabene is on a mission to make secure and trusted crypto transactions a part of the everyday economy. Using privacy-preserving technology, our full-service software helps virtual asset service providers (VASPs) turn regulatory compliance into a competitive advantage. Notabene’s market-leading Travel Rule compliance solution enables financial institutions, crypto exchanges, and custodians to comply with international AML regulations and guidelines. Notabene is fully SOC 2 security certified. Companies such as Luno, Bitso, Crypto.com, Bitstamp, and others leverage our software to manage regulatory and counterparty risk in virtual asset transactions. Headquartered in New York, Notabene is a global company with offices in Switzerland, Singapore, and the United Kingdom. 

Get started today; sign up for our Sunrise Plan to respond to regulated transactions for free using the world's largest VASP Network.

notabene.id

‍

Media Contact: 

Liang Zhao 

[email protected] 

505-720-6933 

‍

Virtual asset service providers (VASPs) want more ownership, control, and security around their users’ data while complying with the FATF’s Crypto Travel Rule. With the Travel Rule regulation, VASPs must send personally identifiable information (PII) about the user sending the transaction to the receiving VASP. Currently, most VASPs use software or services like Notabene to comply with the regulation, which implies sending end-user data back and forth via third-party providers.

Suppose this information falls into the wrong hands, which has happened in the past via crypto exchange hacks and data leaks. In that case, malicious actors could use this data to target these persons of interest–either in the real world or virtually.

‍

Our approach to secure PII transmission

At Notabene, we've always believed that PII must be delivered securely. We were the first solution provider to elect to only release PII when the receiving VASP confirmed ownership of a blockchain address and after risk-based requirements defined by the Originating VASP were met. This was the cornerstone of our first-generation SafePII capability, which has been in production for more than a year.

With end-user data security being one of our fundamental values, we’ve added three encrypted escrowed PII transmission methods to our advanced security infrastructure. The protocol-agnostic SafePII service leverages state-of-the-art cryptography to secure PII–every piece of PII data is individually encrypted and stored in a secure, limited-access datastore.

‍

Introducing Notabene’s SafePII

Notabene adds a new PII service to our Travel Rule nodes. This industry-first feature allows VASPs to manage the secure exchange of encrypted PII to counterparties while simultaneously managing their own encryption keys.

As a separate first-class service run on behalf of our clients, SafePII is next to but complementary to our existing Travel Rule Service API. Separating this critical part of our API will allow VASPs to take a risk-based approach to better implement the Travel Rule from a data protection point of view. The escrow aspect of our service will enable us to perform address ownership and proprietary Notabene rule-based checks before encrypted PII is exchanged with the beneficiary VASP.

Encryption keys are, by default, managed by VASPs themselves. Still, VASPs can elect to utilize our key management infrastructure for some or all aspects of their service, similarly to how VASPs use a combination of local hot wallets and custodial wallet API services today. Unlike wallet API services, we explicitly designed our SafePII service around data encryption.

Regardless of how VASPs choose to use our SafePII service in the future, it is a considerable step up in data security over building your own service to integrate with an existing Travel Rule protocol. It also signals to counterparty exchanges that you take the data protection duties of implementing the Travel Rule very seriously.

How does Notabene’s SafePII service work?

‍

Based on their needs, VASPs can choose between three different options:

1. End-to-End 

End-to-End SafePII brings the most security, as the Originating VASP encrypts PII data so that only they and the Beneficiary VASP can decrypt it. 

In this flow, PII data traveling across the ether will be encrypted, meaning Notabene will never have access to the contents. Even in a hacking case or a leak, the attackers will not be able to decrypt the PII data because it’s simply cryptographically “impossible” – unless they can figure out the decryption key, which is only known by either of the VASPs.

‍

‍

2. Hosted 

During the Hosted SafePII flow, Notabene encrypts all raw Travel Rule transaction data created through our easy-to-use restful API without worrying about local key management. Each VASP has a dedicated encryption key managed by Notabene’s PII service and can be rotated on-demand. 

Our current API customers will automatically be migrated to the Hosted Escrow PII flow without any manual changes. The Hosted flow is beneficial for VASPs using hosted/white-label exchange software and/or VASPs that don’t feel comfortable managing encryption keys by themselves.

‍

3. Hybrid

The Hybrid SafePII mode extends the End-to-End flow, where the Originator VASP further encrypts the PII data selectively using their dedicated Notabene-managed encryption key, allowing Notabene to decrypt the PII (or parts of the PII data) for in-flow pre-transaction name sanction screening.

‍

‍

How to access this feature:

All customers have access to the Hosted SafePII flow. To encrypt/decrypt customer PII, login to the Notabene App -> Transactions -> Select the Transaction (i) -> Select “Conceal” at the top right hand corner. 

‍

‍
Built on best-in-class open crypto native standards

At its core, our new SafePII service is built entirely using open standards and libraries. We believe it is important not to reinvent the wheel, particularly regarding encryption. Our goal is to push some of the learnings we have made here into Travel Rule protocol groups and provide our core encryption libraries as open source.

The Notabene Travel Rule Network is built on top of the W3C standard of Decentralized Identifiers (DIDs), co-authored by two of our Notabene co-founders. Our new SafePII service utilizes the DID-Comm standard for securely exchanging encrypted and authenticated messages between entities such as VASPs.

Click here to learn how Decentralized Identifiers (DIDs) are shaping the Crypto Travel Rule infrastructure.

This set-up, in turn, is based on long-time industry standards for encryption JSON Web Encryption. We use the EdDSA encryption algorithm by default, which is currently recognized as the most secure public key encryption algorithm. We can easily upgrade to newer, better protocols in the future.

When encrypting a data item, an entirely new key is generated and encrypted to VASP’s public keys, encrypts the data, and is discarded. This ensures that even if bad actors could decrypt a single data item using massive national government-grade computing power, they will only be able to crack that specific data item–nothing more.

All data is additionally hashed and only identifiable by a content addressable identifier (CID) which stems from the InterPlanetary File System (IPFS) ecosystem. Knowing a CID is not enough to access the data; the client must be authorized and authenticated by the owner(s) to gain access. Typically the owners are the Originator & Beneficiary VASPs, but it could also be an intermediary such as Notabene. 

CIDs are useful as VASPs can use them as consistent internal identifiers of PII without exposing the risk of actual PII within their own services.

Additional Security considerations: 

• In the End-to-End and Hybrid SafePII flows, VASPs encrypt PII data to each other using their self-managed keys.

• VASPs publish their respective public keys on the Notabene VASP Network for key discovery.

• VASPs can rotate their self-managed keys by generating a new cryptographic key pair and publishing the public key on the Notabene VASP Network.
• PII service-managed keys (during hosted & hybrid flows) can constantly be rotated on-demand.
• Used encryption keys must comply with the new W3C “did:key” spec https://w3c-ccg.github.io/did-method-key/. 

‍

If a client requires more sophisticated encryption, they must utilize our SDK. Learn how to upgrade to End-to-End or Hybrid encryption here.

‍‍Hi there!

We’re excited to share our most recent product release with you. This release brings a mobile version of the wallet identification widget, Merkle Science integration, updating missing originator VASP information, and much more. 

1. Integrate Notabene’s beneficiary identification widget into mobile apps

Notabene’s widget allows you to dynamically collect beneficiary customer information, based upon the particular requirements of your jurisdiction. This ensures the creation of valid travel rule transactions. This update brings the widget to mobile devices.

To access this feature: Download and install the Notabene SDK, then render the widget. Click here for a developer deep-dive.

2. Know when your counterparty’s jurisdictional requirements call for a Travel Rule data transfer

Get notified when a transaction classified as “below threshold” in your jurisdiction is actually above the threshold in your counterparty’s jurisdiction. 

Different jurisdictions have varying “de-minimis” thresholds that trigger Travel Rule compliance. For example, Canadian VASPs must follow the Travel Rule for transactions above CAD 1000 while Estonian VASPs have to send and receive data transfers for all transactions over EUR 0.

From now on, Compliance Officers get alerted when a transaction is “below threshold” in their jurisdiction but “above threshold” in their beneficiary’s jurisdiction. This helps them to decide whether they wish to send additional data to assure that their transaction gets accepted by their counterparty VASP.  

3. Set Rules to send Travel Rule transfers to manual review 

Customers can now set up rules in the dashboard that sends transactions to their inbox for manual review. 

Get more sophisticated with your compliance rules. Specify criteria under which transactions are sent for manual review. 

Access this feature by heading to your Dashboard > VASP Name > Rules > Advanced.

‍

‍

4. Update missing originator VASP information

Customers (Beneficiary VASPs) can now update incoming transactions with Travel Rule data  

When receiving a Travel Rule transaction, Beneficiary VASP might request Travel Rule information about the Originator VASP and customer from their own customer, the Beneficiary. This feature gives them the ability to update the information accordingly within the dashboard.

Access this feature from your Travel Rule Dashboard > Transactions.

‍

‍

5. Merkle Science integration

Customers can now set up rules based on Merkle Science risk scores.

We've added Merkle Science to our marketplace to integrate blockchain cryptocurrency risk and intelligence platforms that our customers request.

This feature assists VASPs in two ways:

• Automatically Determine VASPs based on the blockchain addresses of the counterparty.
• Establish rules to approve or reject transactions based on the risk scores of blockchain addresses.
  
  

Access this feature by navigating to your Notabene Dashboard > Company Profile > Marketplace.

In July, we saw a 7.6% increase in VASPs signed up in the directory to 966 VASPs. The number of in-network VASPs, actively managing their accounts increased by 7% to a total of 240 VASPs. SuperVASPs increased by 13.25% to a total of 94. Activity window: June 25-July 25. 

A few months ago, the Estonian regulator, the Ministry of Finance’s Financial Intelligence Unit (FIU), enacted the Travel Rule on March 15, 2022, soon after the start of the Russian-Ukrainian War, with enforcement three months later, on June 15, 2022, the shortest turnaround in history. In order to help our customers navigate sanctions and for better visibility, we’ve added 30+ Russian VASPs so our customers can automatically restrict transactions with them using our rules engine.

VASP Directory Activity 

Notabene’s global VASP directory aggregates verified business profiles where clients perform counterparty due diligence to establish trusted bilateral relationships. Directory data is available to any VASP that signs up for Notabene as a paid customer or as part of the free Sunrise Plan. 

Below, we share some highlights from July.

1. 966 VASPs are in the directory, and 240 have earned in-network badges

The number of VASPs actively managing their profiles has grown 7.14% since June to 240 VASPs. VASPs with “In-Network” badges have an active administrator and are able to send or receive travel rule transfers.

‍

2. Originator VASPs have sent transactions to 140 Beneficiary VASPs in July

This month, Originator VASPs have sent Travel Rule data transfers to a record number of 148 Beneficiary VASPs. As Originator VASPs ramp up transfers to their counterparties, Beneficiary VASPs can now subscribe to Notabene’s Sunrise Plan and respond to unlimited incoming transfers for free.

‍

‍

3. We’ve added 30+ Russian VASPs to help with VASP identification

With the onset of global sanctions against certain businesses in Russia, we’ve added a list of over 30 Russian VASPs to help our customers with VASP identification and possible blocking of transactions. Russian VASPs exhibit “Russian Federation” as their jurisdiction. From there, Notabene users could set rules in their Rules Engine to automatically review or block transactions going to certain VASPs

‍

Learn how Notabene customers can block transactions to sanctioned individuals today.

4. Ninety-four companies have received a SuperVASP badge.

Since June, the number of SuperVASPs has increased by 13.25% to 94 companies. A "SuperVASP" badge indicates company profiles that are:
✅verified
✅claimed
✅in-network 

‍

Notable new SuperVASPs:

• Zipmex Indonesia 
• Bizonex
• Bit4you
• Luxolo financial
• HAYVN
• HKVAX