BLOG
A couple of thoughts on the crypto market, regulations and all in between
SAN FRANCISCO / AUSTIN, Texas / NEW YORK, Nov. 15, 2021 - Three market leaders in the global digital asset regulatory and compliance space have formed a partnership to create a one-stop solution for firms across the digital asset ecosystem, solving for cryptocurrency anti-money laundering (AML), trade surveillance, as well as Travel Rule compliance for Virtual Asset Service Providers (VASPs).
TRM Labs, a blockchain analytics provider, Eventus Systems, global provider of digital asset trade surveillance solutions, and end-to-end Travel Rule solution provider Notabene today announced the formation of âProject TEN,â which will provide the marketplace with a comprehensive offering to address a host of risk management and compliance challenges facing firms in the digital asset space.
With the launch of Project TEN, crypto-native firms as well as traditional financial institutions moving into virtual assets will benefit from a joint service designed to help maximize the efficiency of regulatory compliance operations. The offering will feature Eventusâ trade surveillance and market risk applications; TRM Labsâ transaction monitoring, wallet screening and forensics tools; and Notabeneâs counterparty risk management and Travel Rule compliance software.
Esteban Castaño, Co-founder and CEO of TRM Labs, comments:
âOrganizations operating in the crypto space are tasked with managing a complex regulatory landscape in a rapidly evolving market. Project TEN helps organizations address this complexity by bringing distinct areas of risk management expertise into one comprehensive offering.â
Eventus CEO Travis Schwab said:
âWeâre delighted to join forces with two other market leaders in the global digital asset space to introduce efficiencies and make lives easier for crypto firms striving to hold themselves to the highest standards, both to attract investment flows and meet regulatory obligations. Powered in part by our Validus trade surveillance platform, the Project TEN partnership offers a compelling solution to a wide cross-section of participants, including traditional financial institutions looking to enter the digital asset space while ensuring they have the same robust processes in place that they apply to other asset classes.â
Pelle BrĂŠndgaard, CEO of Notabene, adds:
âThere are many distinct tasks that must be addressed by any institution offering digital asset services. Project TEN creates a comprehensive compliance solution for firms across the rapidly growing global digital asset space. Partnerships are critical as many complex components must work together to manage overall compliance risk. Weâre thrilled to embed our privacy-preserving Travel Rule solution into Project TEN, the first comprehensive offering allowing institutional clients to enter the crypto space in a regulatory-compliant manner.â
For more information on Project TEN, visit https://info.eventussystems.com/project-ten.
About TRM Labs
TRM Labs provides blockchain intelligence to organizations that need to monitor, detect and investigate crypto-related fraud and financial crime. Trusted by financial institutions, crypto businesses and government agencies across the globe, TRMâs platform includes tools for crypto wallet screening, transaction monitoring, VASP due diligence and investigative tracing. Â www.trmlabs.com.
About Eventus Systems
Eventus Systems is a leading global provider of multi-asset class trade surveillance and market risk solutions. Its powerful, award-winning Validus platform is easy to deploy, customize and operate across equities, options, futures, foreign exchange (FX), fixed income and digital asset markets. Validus is proven in the most complex, high-volume and real-time environments of tier-1 banks, broker-dealers, futures commission merchants (FCMs), proprietary trading groups, market centers, buy-side institutions, energy and commodity trading firms, and regulators. The companyâs rapidly growing client base relies on Validus and Eventusâ responsive support and product development teams to overcome its most pressing regulatory challenges. For more, visit www.eventussystems.com.
About Notabene
Notabene is a reg-tech Software-as-a-Service solution that turns regulatory compliance into a competitive advantage. Notabene is working to make crypto transactions a part of the everyday economy by providing software, tools, and comprehensive data to manage regulatory and counterparty risks in crypto transactions. Companies leverage our end-to-end FATF Travel Rule solution to identify virtual asset accounts, perform mandated VASP due diligence, and manage global transactions from one dashboard. Trusted by leading exchanges, Luno, Bitso, Crypto.com, and more. Notabene is headquartered in New York with offices in Zug and Santiago de Chile. To learn more, visit www.notabene.id.
Media Contacts:
TRM Labs:
Sutherland Gold for TRM Labs
Eventus:
Ellen G. Resnick
Crystal Clear Communications
+773-929-9292; +312-399-9295 (mobile)
Notabene:
Alice Nawfal, COO, Notabene
Many crypto users around the world go through similar trepidation when sending funds, âIs this the correct address?â âHave my funds arrived?â Seasoned crypto users eventually overcome this trepidation, but the general obscurity around counterparties creates an even greater risk of money laundering and terrorist financing.
For instance, crypto exchanges verify their userâs identities and check them against various lists of known terrorists the same way banks do, yet, a terrorist can create a brand new bitcoin address. The exchange currently does not have any way of blocking transactions to it.Â
To close the loophole, the global Anti-Money Laundering regulatory watchdog FATF and national regulators like USâs FinCEN and Germanyâs BaFin now require crypto exchanges to know with whom they are interacting on behalf of their customers. This recommendation is named the âTravel Rule,â as the customerâs private information âtravelsâ along with the payment. Implementing Travel Rule requirements is very difficult for exchanges, as public blockchainsâunlike bank payment networksâdo not have a built-in method of transmitting identity information along with the transaction by design.Â
My co-founders Alice, Ania, Andrés, and I, came from uPort, where we built the first decentralized identity protocol built on and for public blockchains. We designed uPort to allow parties to transactions or smart contracts to understand with whom they are transacting in the most privacy-preserving way possible.

In early 2020, we co-found Notabene to solve the compliance headache that exchanges now face.Â
To solve Travel Rule compliance for the entire financial services industry, we began building a trusted data layer to blockchain transactions for protocol-agnostic communication. Now, more than 20+ businesses use our holistic software to manage counterparty risk with 50+ counterparties without impeding their customerâs transaction flow.Â
Since we began, weâve run testnets in cooperation with the Financial Services Regulatory Authority of Abu Dhabi Global Market (FSRA ADGM). We have global stablecoins like USDT and leading digital token trading platforms testing our solution. We set up monthly collaborative environments for firms to test cross-jurisdictional Travel Rule transactions in a low-risk environment as they gear up to comply with impending regulations.
But thatâs just the beginning.
Notabene is on a path to remove global regulatory compliance complexity to cement cryptoâs role in mainstream transactions. Ultimately our mission is to allow more people to transact on public blockchains. We are actively working on bringing both businesses and their end-users better, safer, and more privacy-preserving approaches to managing risk around crypto interactions.Â
Our now 17-person strong team has built considerable traction around our Travel Rule solution that allows VASPs to identify virtual asset accounts, perform mandated VASP due diligence, and manage regulatory and counterparty risks from one holistic dashboard. We believe implementing the Travel Rule is foundational for blockchain technology; compliance will benefit the ultimate end users of crypto and will push crypto into much broader use cases than weâve seen today.
We are very excited to announce our A round, which Jump Capital and F-Prime co-led. They were joined by Illuminate Financial, Fenbushi Capital, CMT Digital, and institutions like Gemini Frontier Fund, BlockFI, Luno, and BitSo. Our existing investors who believed in our mission from day one, Castle Island Ventures, Green Visor, and Signature Ventures, continued to grow their investment.
This round lets us expand on this to help us reach even more exchanges and financial institutions. If youâd like to join us on this quest, check out our Careers page. We have open roles across various departments.
We look forward to hearing from you!
- Pelle BrĂŠndgaard.
November 8, 2021-- Notabene, an end-to-end solution for crypto regulatory compliance and collaboration, announced a $10.2 million Series A funding round co-led by F-Prime Capital and Jump Capital. Peter Johnson from Jump Capital will serve on Notabeneâs board of directors.
Existing customers Luno & Bitso extended a vote of confidence to Notabene by investing. Gemini Frontier Fund and the VC arm of global operator BlockFi also participated. Additional support came from Illuminate Financial, CMT Digital, Fenbushi Capital, and ComplyAdvantageâs CEO Charlie Delingpole alongside existing investors, Castle Island Ventures, Green Visor Capital and Signature Ventures.Â
The new injection of funding will be used for product development, meeting the demand of crypto companies applying for operating licenses, and developing crypto counterparty risk management solutions more broadly.
CEO Pelle Braendgaard comments:
âWe are on a mission to allow crypto native companies to comply with the travel rule today and keep their doors open. The majority of crypto companies find themselves at a pivotal moment as regulators around the globe set forth long-awaited regulatory requirements. Conversely, the nature of permissionless blockchains makes it challenging to fulfill the technical requirements. Complying with new regulatory requirements will enable crypto companies to unlock trillions of institutional dollars, establish banking relationships, launch new products and bring trust to the industry.âÂ
In 2019, global money-laundering watchdog the Financial Action Task Force (FATF) introduced new guidelines that treat crypto companies as regulated financial entities. Going forward, companies that custody and exchange virtual assets on behalf of customers must register with their local regulator and be licensed to operate in most jurisdictions. Additionally, crypto companies will have to comply with existing regulatory requirements similar to banks, including the âTravel Rule,âââwhich mandates collaboration to verify each otherâs customers for transactions over a certain threshold. Regulators, including the USâs FinCEN, the UKâs Financial Conduct Authority, and Singaporeâs Monetary Authority, now expect all companies providing crypto products to be fully compliant within the year. Germanyâs BaFin expects compliance within the month. Â
Adding counterparty information to a blockchain transaction doesnât just benefit exchanges and their regulators; it also allows consumers to trust to whom they are sending funds. The FTC reports that Americans lost over $80 million in cryptocurrency scams between October 2020 and April 2021.
Currently, it is impossible to transfer personally identifiable information through the blockchain and equally improbable to tell with a high level of certainty if an institution is on the other side of the transaction. Additionally, the speed with which regulations are being enforced is not on par with industry readiness.Â
Notabene leverages decentralized identity protocols to create a Trust Framework that allows companies to become Travel Rule compliant today. Notabeneâs offering comprises a suite of protocol-agnostic tools, software, and comprehensive data that enables crypto companies to manage counterparty risk securely and exchange customer data with any counterparty in a privacy-preserving way. Â
Peter Johnson, Partner at Jump Capital.
âAt Jump, we believe crypto will be the defining technological innovation of our age and look to invest in companies that move the industry forward. Notabene is well-positioned to be a leader in enabling mainstream crypto adoption by ensuring regulatory compliance for crypto-native companies and financial institutions worldwide. We are proud to support Notabene and look forward to working closely with its team.â
Notabene is the first-to-market end-to-end Travel Rule compliance solution with 20+ customers on their platform, including global exchanges like Luno, Bitso, Paxful, Crypto.com. Notabeneâs Travel Rule compliance solution has enabled 50+ exchanges to process Travel Rule transactions between counterparties.Â
About Notabene
Notabene is a reg-tech compliance SaaS solution that connects the traditional financial industry and crypto industry. We are working to make crypto transactions a part of the everyday economy by providing software, tools, and comprehensive data to manage regulatory and counterparty risks in crypto transactions. Using privacy-preserving technology, strategic partnerships, and commitment, our first-to-market FATF Travel Rule solution helps financial institutions, crypto exchanges, and businesses turn compliance into a competitive advantage. Key investors include Jump Capital, F-Prime Capital, Castle Island, Green Visor Capital, Illuminate Financial, CMT Digital, and a cadre of top-tier angel investors. Trusted by leading exchanges, Luno, Bitso, Crypto.com, and more.
Notabene is headquartered in New York with offices in Zug and Santiago de Chile. To learn more, visit www.notabene.id. Follow us on LinkedIn and Twitter.
Â
****Â
Â
Media Contact
Alice Nawfal, Notabene COO
alice@notabene.id
On October 28, 2021, the Financial Action Task Force (FATF) released its first fully updated guidance for a risk-based approach for Virtual Assets and Virtual Asset Service Providers since 2019. This document updates its draft guidance released in March. Read our comments on that release here. This guidance offers recommendations on how member jurisdictions should regulate cryptocurrency businesses.Â
The key theme is FATFâs focus on regulating cryptocurrency businesses as VASPs based on their function and business model, rather than their underlying technology, self-described business category, or custodial status. Below, weâve summarized the top 12 key takeaways from the updated guidance and tell you how Notabene can help you meet your compliance obligations.
âClick here to watch the webinar summary. Access the slides.

1. FATF states that Stablecoins could be considered higher risk due to their potential for mass adoptionÂ
§104Â
As with VAs, it is important that ML/TF risks of stablecoins, particularly those with potential for mass-adoption and that can be used for P2P transactions, are analysed in an ongoing and forward-looking manner. In developing new products, VASPs and other obliged entities should assess the ML/TF risks before bringing them to market and put in place mitigation measures before launch.Â
What this means: The FATF recognizes that all VAs have a potential for widespread adoption yet denotes that stablecoin projects have a greater potential for mass adoption, which can heighten ML/TF risks. FATF recommends that stablecoin providers employ potential mitigation measures to ensure AML/CFT obligations are fulfilled. Expect more VASPs to start building compliance into new stablecoin products.Â
2. FATF calls on Public-Private collaboration to create new risk-mitigation tools for P2P transactions
§105 P2P transactions
As set out in Section 2, countries should also seek to understand the ML/TF risks related to P2P transactions and how they are being used in their jurisdiction. (...)Â
§106
Depending on the assessed risks associated with P2P transactions, or certain types of P2P transactions, countries may consider and implement as appropriate options to mitigate these risks at a national level.Â
What this means: FATF is firming its stance on P2P transactions or transactions from VASPs to unhosted wallets.
Currently, the FATF places the AML/CTF burden on intermediaries and, for the time being, this will continue to be the case.In the second annual review of the Guidance, which took place in June 2021, the FATF decided it was not yet time for a paradigm shift because, first, the available data on the P2P market was deemed not yet not reliable enough to make an informed decision, and second, intermediaries continue to have a predominant presence in the crypto market. However, the FATF admits that the standards might need to be adapted in the future in case the industry shifts to disintermediated transactions. Furthermore, the FATF recognizes that P2P transactions could pose specific ML/TF risks, as they can potentially be used to avoid AML/CFT controls in the FATF Standards. For that reason, in the latest Guidance the FATF lists a number of measures that members can adopt to mitigate the risks associated with P2P transactions. In particular, the FATF already recognizes the possibility of restricting VASPs to only transact with other VASPs as a means to mitigate risks.Â
3. Every virtual asset for payment or investment should be subject to obligations applicable either as a VA or another type of financial asset
§51
The FATF does not intend for an asset to be both a VA and a financial asset at the same time. (...)Â When determining if a new digital asset should qualify as a financial asset or a VA, authorities should consider whether their existing regime governing financial assets or their regime for VAs can be appropriately applied to the new digital assets in question.Â
§52
In instances where characterization proves difficult, jurisdictions should assess their regulatory systems and decide which designation will best mitigate and manage the risk of the product or service. Consistent with the technology-neutral approach, a blockchain-based asset that is defined as a financial asset would likely not fall under this VA-focused Guidance. (...) RBA. Nonetheless, every asset for payment or investment should be subject to obligations applicable either as a VA or another type of financial asset.Â
What this means:Â FATF places the onus on jurisdictions to determine if a VA is a financial asset or a virtual asset. Jurisdictions could consider the commonly accepted asset usage (payment or investment) and what type of regulatory regime offers the best fit. What is key is that, regardless of the framework that jurisdictions decide to apply, all assets used for payment or investment purposes are subject to obligations consistent with the FATF recommendations, either as a VA or as other type of financial asset. It is also worth mentioning that the underlying technology of the asset is not a deciding factor in determining the applicable framework to the asset at issue. For example, a blockchain-based asset defined as a financial asset would likely not fall under the FATF VA-focused Guidance.
â
4. The guidance now includes clarifications around #DeFi developers, stablecoin developers, and multi-sig custodial APIs
§64
The definition of VASP covers any service allowing users to transfer ownership, or control of a VA to another user or to transfer VAs between VA addresses or accounts held by the same user. (...) If a new party has custody or ownership of the VA, has the ability to pass control of the VA to others, or has the ability to benefit from its use, then transfer has likely occurred. This control does not necessarily have to be unilateral and multi-signature  processes are not inherently exempt (see limb (iv) below), where a VASP undertakes the activity as a business on behalf of another natural or legal person.Â
§73
The term âcontrolâ should be understood as the ability to hold, trade, transfer or spend the VA. (...) The existence of a multi-signature model or models in which multiple parties must use keys for a transaction to happen does not mean a particular entity does not maintain control, depending on the extent of the influence it may have over the VAs.
§67
A DeFi application (i.e. the software program) is not a VASP under the FATF standards, as the Standards do not apply to underlying software or technology (see paragraph 82 below). However, creators, owners and operators or some other persons who maintain control or sufficient influence in the DeFi arrangements, even if those arrangements seem decentralized, may fall under the FATF definition of a VASP where they are providing or actively facilitating VASP services. For example, there may be control or sufficient influence(...) even if this is exercised through a smart contract or in some cases voting protocols. Countries may wish to consider other factors as well, such as whether any party profits from the service or has the ability to set or change parameters to identify the owner/operator of a DeFi arrangement.Â
§68
While this Guidance aims to provide direction, countries will need to evaluate the facts and circumstances of each individual situation to determine whether there is an identifiable person(s), whether legal or natural, providing a covered service. Marketing terms or self-identification as a DeFi is not determinative, nor is the specific technology involved in determining if its owner or operator is a VASP. (...)Countries should be guided by the principle that the FATF intends to cover natural or legal persons who conduct the financial services covered in the definition as a business. (...) In cases where a person can purchase governance tokens of a VASP, the VASP should retain the responsibility for satisfying AML/CFT obligations. An individual token holder in such a scenario does not have such responsibility if the holder does not exercise control or sufficient influence over the VASP activities undertaken as a business on behalf of others.Â
What this means: Multi-Sig Custodial APIs are not outside of the VASP scope, as they control keys/credentials held by others. Central developers of governance bodies of stablecoins are, in general, considered VASPs. For stablecoins without a readily identifiable central body, the party that develops and launches its arrangement likely carries out VASP functions and would be covered under the VASP definition. DeFi developers, owners, and operators may fall under the FATF definition of a VASP provided that they maintain control or sufficient influence in the DeFi arrangements, even if the operations seem automated and decentralized. However, DeFi governance token holders do not have VASP responsibilities, so long as they do not have control or sufficient influence over VASP activities. As DeFi projects rapidly expand in number, countries will need to evaluate the facts of each particular situation to determine how to proceed. We strongly recommend that the industry pushes a unified interpretation of the rules to national regulators.Â
5. This updated guidance changes the scope of application of the Travel Rule to include unhosted wallets
§179
The requirements of Recommendation 16 apply to VASPs whenever their transactions, whether in fiat currency or VA, involve: (a) a traditional wire transfer, (b) a VA transfer between a VASP and another obliged entity (e.g., between two VASPs or between a VASP and another obliged entity, such as a bank or other FI), or (c) a VA transfer between a VASP and a non-obliged entity (i.e., an unhosted wallet). The full requirements of Recommendation 16 apply to (a) and (b) but not (c), as set out below.Â
What this means: In the June 2019 Guidance (§113), VA transfers between VASP and non-obliged entities were not within the scope of TR requirements. From now on, Travel Rule requirements apply to transactions with non-obliged entities (such as unhosted wallets), but with adaptations. This means that for VASPs to apply the right process, they need to determine whether the transaction is with a VASP or with an unhosted wallet in the first place. Notabeneâs fully-customizable Wallet Identification tool can help VASP determine their counterparties.Â
Now, when a transaction originating from a VASP to a non-obliged entity, FATF expects VASPs to:
- Obtain the originator and beneficiary information from VASPâs customer when originating or receiving a VA transfer
- Enforce AML/CTF obligations (e.g., transaction monitoring, sanctions compliance)
FATF does not expect VASP to:
- Send required information to non-obliged entities
â
6. This guidance updates the de-minimis threshold and information required for a Travel Rule transaction.
§191
Countries may choose to adopt a de minimis threshold for VA transfers of USD/EUR 1 000 in line with the FATF Standards, having regard to the risks associated with various VAs and covered VA activities. (...) For VA transfers under the threshold, countries should require that VASPs collect:Â
a. the name of the originator and the beneficiary; andÂ
b. the VA wallet address for each or a unique transaction reference number.
§192
Such information does not need to be verified unless there are suspicious circumstances related to ML/TF, in which case information pertaining to the customer should be verified.
What this means: Many jurisdictions adopted Travel Rule requirements only for VA transfers above certain thresholds. VA transfers below the threshold VASPs should still be required to collect (but not verify, unless there is an ML/TF suspicion) the beneficiary and originator: (i) name (ii) wallet address / TX identifier.Â
7. FATF provides options for risk-mitigation when interacting with unhosted wallets
§297
â
A VASP may choose to impose additional limitations, controls, or prohibitions on transactions with unhosted wallets in line with their risk analysis. Potential measures include:Â
a. enhancing existing risk-based control framework to account for specific risks posed by transactions with unhosted wallets (e.g., accounting for specific users, patterns of observed conduct, local and regional risks, and information from regulators and law enforcement); and b. studying the feasibility of accepting transactions only from/to VASPs and other obliged entities, and/or unhosted wallets that the VASP has assessed to be reliable.Â
What this means: The FATF now provides options for risk mitigation, including VASPS limiting transactions to only other VASPs or whitelisted accounts only. Â FATF clarifies the scope and obligations intermediaries when it comes to Travel Rule requirements
Footnote 50
To clarify, when a VASP, FI or other intermediary obliged entity facilitates a VA transfers as an intermediate element in a chain of VA transfers, and the certain activity/business has been classified as a VASP in this Guidance, then they would be classified as an âintermediary VASPâ. Â
§202
(...)Just as a traditional intermediary FI processing a traditional fiat cross-border wire transfer must ensure that all required originator and beneficiary information that accompanies a wire transfer is retained with it, so too must an intermediary VASP or other comparable intermediary institution that facilitates VA transfers ensure that the required information is transmitted along the chain of VA transfers, as well as maintaining necessary records and making the information available to appropriate authorities upon request. (...)Intermediary institutions involved in VA transfers also have general obligations to identify suspicious transactions, take freezing actions, and prohibit transactions with designated persons and entitiesâjust like ordering and beneficiary VASPs (or other ordering or beneficiary obliged entities that facilitate VA transfers).Â
What this means: Intermediary VASPs are entities that sit somewhere in the chain of a virtual asset transfer and facilitate the transfer from the originating VASP to the beneficiary VASP by providing a service that qualifies as a virtual asset service under the Guidance.Â
According to the FATF's guidance, Intermediaries only pass information along, so they arenât required to verify originating or beneficiary information, but they are nevertheless subject to record keeping obligations and are required to carry out sanctions screening. Since intermediaries are not required to verify originator and beneficiary information, requiring intermediaries to also screen the parties to the transaction against sanction lists is potentially not the most effective approach. Relying on the VASP that knows more about each party to perform this function is preferable.
VASP <> VASP reliance for sanction screening is a more effective solution. Industry cooperation will be essential to implementing a standard compliance flow for intermediaries.Â
Criteria to qualify as an intermediary VASP:
- Facilitates a VA transfer as an intermediate element in a chain of VA transfers
- That activity qualifies as a virtual asset service under the Guidance
Obligations of intermediary VASPs:
- Transmit required information along the chain of VA transfers
- Record keeping
- Identify suspicious transactions
- Take freezing actions
- Prohibit transactions with designated persons or entities
8. A phased risk-based approach applied to business models should help VASPs get around the Sunrise issue.Â
§200
The FATF expects countries to implement paragraph 7(b) of INR.15 as soon as possible. Countries may wish to take a staged approach to enforcement of travel rule requirements to ensure that their VASPs have sufficient time to implement the necessary systems, but should continue to ensure that VASPs have alternative measures in place to suitably mitigate the ML/TF risks arising from VA transfers in the interim. (...) This means that some jurisdictions will require their VASPs to comply with the travel rule prior to other jurisdictions (i.e., the âsunrise issueâ). This can be a challenge for VASPs regarding what approach they should take in dealing with VASPs located in jurisdictions where the travel rule is not yet in force. Regardless of the lack of regulation in the beneficiary jurisdiction, originating entities can require travel rule compliance from beneficiaries by contract or business practice.
§201
(...)Regardless of the regulation in a certain country, a VASP may implement robust control measures to comply with the travel rule requirements. Examples include VASPs restricting VA transfers to within their customer base (i.e., internal transfers of VAs within the same VASP), only allowing confirmed first-party transfers outside of their customer base (i.e., the originator and the beneficiary are confirmed to be the same person) and enhanced monitoring of transactions.
What this means: In this Guidance the FATF makes it very clear that the time for compliance is now. The FATF acknowledges the need for this staged approach to compliance with the Travel Rule. But, at the same time, the FATF requires countries to enforce interim risk mitigation measures that enable tackling the ML/TF risks associated with VA transfers now.Â
The sunrise period - period during which Travel Rule requirements are not in force in all jurisdictions - causes a lot of practical problems due to crypto being inherently international. VASPs in countries where Travel Rule requirements are already being enforced will have a hard time complying if they want to keep interacting with VASPs based in countries where the Travel Rule is not yet being enforced.Â
But what the FATF says in the new Guidance is that this issue should not preclude VASPs from already complying with the Travel Rule. And in this context, the FATF suggests a number of measures that VASPs could implement to circumvent the sunrise issue. Most of them entail substantial limitations to the VASPs' transaction volume.
In some instances, VASPs could avoid the business impact of Travel Rule compliance through policy coordination. Although the sunrise period is the #1 hindrance to compliance with the Travel Rule, FATF claims that it should not preclude VASPs from complying and offers the following risk-mitigating measures to circumvent the effect of the sunrise issue.Â
- Require counterparty to comply
- Restricting TXs to within customer base
- Allowing only first-party transactions
- Enhanced monitoring
9. FATF recognizes that conducting counterparty due diligence is a challenge. Provides guidance on how counterparty due diligence could be undertaken.
§197.
The best way to conduct counterparty due diligence in a timely and secure manner is a challenge. There are broadly three phases in this process. These are not intended as prescriptive actions that VASPs must take, but guidance on how counterparty due diligence could be undertaken:Â
a. Phase 1: Determine whether the VA transfer is with a counterparty VASP. A person may wish to transfer VAs to another VASP (e.g., a beneficiary with a hosted wallet) or they may wish to transfer VAs to an unhosted wallet. The originator VASP must therefore determine whether they will be transacting with another VASP. This determination process is not purely an AML/CFT requirement, but rather arises from the technology underpinning VAs. To date, the FATF is not aware of any technically proven means of identifying the VASP that manages the beneficiary wallet exhaustively, precisely, and accurately in all circumstances and from the VA address alone;Â
b. Phase 2: Identify the counterparty VASP, as a VASP only knows the ânameâ of the counterparty VASP following the previous phase. A VASP may identify a counterparty VASP themselves using a reliable database in line with any guidelines from a country on when to rely on such data; andÂ
c. Phase 3: Assess whether the counterparty VASP is an eligible counterparty to send customer data to and to have a business relationship with (see Recommendation 16 in Section IV for further information on counterparty VASP due diligence and Recommendation 11 on record-keeping to appropriately store and manage that customer data).Â
§193
Countries should require both ordering and beneficiary institutions to take freezing actions and prohibit transactions with designated persons and entities (i.e., screening and required information relating to VA transfers in order to comply with their targeted financial sanctions obligations). The ordering institution should have the required information about its customer, the originator, and the beneficiary institution should have the required information about its customer, the beneficiary, in line with the CDD requirements set forth in Recommendation 10. The ordering and beneficiary institutions should have screened their customerâs name for compliance with targeted financial sanctions obligations at the time of onboarding their respective (and upon name changes). They must then screen the names of the other party (the originator or the beneficiary) when they conduct the VA transfer (see Table 1 above).Â
§198
To clarify the scope of this Guidance, competent authorities should require VASPs to implement preventive measures in âPhase 3â to assess the counterparty VASP, where VASPs first have a business relationship, and then review the results of the due diligence periodically. Countries should also maintain reliable, independent sources of information for âPhase 2â to assist VASPs in their efforts to identify the counterparty VASP. This could include regulated institutions lists, such as VASP lists where available, registries of beneficial ownership where available and other examples mentioned in the BCBS Guideline.49 For the benefit of effective and efficient counterparty due diligence, a regulated institutions list may include but should not be limited to contains the VASP name and registered VASP address. Considering the increased usage of digitalized processes in the financial industry, countries should be encouraged to use a format that is machine-readable. A country need not impose a separate licensing or registration system for VASPs with respect to natural or legal persons already licensed or registered as FIs (as defined by the FATF Recommendations) within that country. Countries that have such frameworks may clarify to their private sector that such FIs might not be on the designated VASPs lists, or even not under the supervision of the same regulator, to avoid unnecessary de-risking.Â
§194
Countries should require VASPs or other obliged entities to implement an effective control framework to ensure that they can comply with their targeted financial sanction obligations. This framework should take into account the nature of VA transfers. Because the required information identifying the originator and beneficiary can be held separately to the VA transfer system (e.g., the blockchain), the VA transfer can be completed even with such information missing or without screening the transfer to identify suspicious and prohibited transactions. Therefore, VASPs or other obliged entities should screen required VA transfer information separately to such direct settlement. Thus, VASPs may need to consider mitigation measures that fit their business process and the technical nature of VAs. Although blockchain technology is ever-changing, examples of controls that a VASP or other obliged entity could implement include:Â
a. putting a wallet on hold until screening is completed and confirmed that no concern is raised; andÂ
b. arranging to receive a VA transfer with a providerâs wallet that links to a customerâs wallet and moving the transferred VA to their customerâs wallet only after the screening is completed and has confirmed no concern is raised.Â
What this means: The first thing VASPs should ask themselves when complying with the Travel Rule in the context of a VA transfer is whether they are transacting with a counterparty VASP, as this will influence the rules that apply to the transfer. This continues to be a relevant pain point and, in the Guidance, the FATF acknowledges that today it is not always possible to determine, securely, whether a VASP is managing the wallet on the other side.
In cases where the VA transfer is with a VASP, the goal is to make sure that such counterparty VASP can be trusted before transacting. For that purpose, VASPs need to undertake appropriate due diligence and look at several aspects such as the
- robustness of the counterparty's data security framework
- whether the counterparty is complying with the travel rule
- and whether the counterparty is under supervision of relevant authorities
All of this needs to happen before transacting.Â
Identifying and conducting due diligence on counterparty VASPs is the first pain point and the first stage in implementing the Travel Rule. FATF recommends the Wolfsberg questionnaire as a starting point for a potential framework in the VASP counterparty due-diligence context.Â
10. FATF outlines data requirements for ordering and beneficiary VASPs in the Travel Rule
Table 1: Data requirements for ordering and beneficiary VASPs in the travel rule (pg 59)

Notabeneâs Takeaway: An important component of complying with the Travel Rule is the exchange of originator and beneficiary information between VASPs. The table above, included in the Guidance, provides an excellent summary of all the data exchange requirements and their purpose.
- The ordering VASP, which in most cases has a business relationship with the VA transfer originator, is required to transmit accurate information about the originator to the Beneficiary VASP.
- In turn, the Beneficiary VASP does not need to confirm the accuracy of the originator information, but needs to run the received information against sanction lists.
- Then, in contrast, the ordering VASP needs to send the beneficiary information collected from their customer to the Beneficiary VASP but does not need to confirm the accuracy of such data. The ordering VASP should use this data to screen the beneficiary user against sanction lists.
- The Beneficiary VASP (who verifies the identity of the beneficiary of the VA transfer upon establishing a business relationship with them), is required to confirm if the received beneficiary information is consistent with their records.
It is worth noting that in the updated Guidance the FATF recognizes that, when VASPs reasonably conclude that their counterparty does not handle PII securely, they can proceed with the blockchain transfer without sending PII to their counterparty VASP, provided that:
- AML / CTF risks are acceptable and
- That the VASP adopts alternative procedures.
11. FATF recommends VASPs to take freezing actions and prohibit transactions with designated persons/entities
§193
âCountries should require both ordering and beneficiary institutions to take freezing actions and prohibit transactions with designated persons and entities (...)Â The ordering and beneficiary institutions should have screened their customerâs name for compliance with targeted financial sanctions obligations at the time of onboarding their respective (and upon name changes). They must then screen the names of the other party (the originator or the beneficiary) when they conduct the VA transfer.Â
§194
(...) Â Because the required information identifying the originator and beneficiary can be held separately to the VA transfer system (e.g., the blockchain), the VA transfer can be completed even with such information missing or without screening the transfer to identify suspicious and prohibited transactions. (...) Thus, VASPs may need to consider mitigation measures that fit their business process and the technical nature of VAs.Â
What this means: The goal of the sanction screening obligations imposed on VASPs is to prevent transactions with designated entities and allow VASPs to take freezing actions when such transactions occurs. For these purposes, VASPs are required to screen the names of their own customers and also of the counterparty to any transactions against sanction lists. Additionally, VASPs must take measures to mitigate the risk of settling the blockchain TX before the screening is completed, such as putting a wallet on hold until screening is completed and confirming that no concern is raised.
How Notabene helps VASPs meet FATF obligations
Notabene is a reg-tech SaaS solution that turns regulatory compliance into a competitive advantage. We are working to make crypto transactions a part of the everyday economy by providing software, tools, and comprehensive data to manage regulatory and counterparty risks in crypto transactions. Companies leverage our end-to-end FATF Travel Rule solution to identify virtual asset accounts, perform mandated VASP due diligence, and manage global transactions from one dashboard. We currently process transactions between more than 50 crypto native companies. Trusted by leading exchanges, Luno, Bitso, Crypto.com, and more. If youâd like to learn more about how we can help, please contact us here.
ROAD TOWN, British Virgin Islands, October 22 2021 - Bitfinex, a state-of-the-art digital token trading platform will begin testing Notabene's end-to-end protocol-agnostic solution for crypto regulatory compliance.
Notabene will enable Bitfinex to test complex Travel Rule transactions in a low-risk, collaborative environment as the exchange prepares for the new rules and takes an industry leading role in meeting global regulatory requirements. Notabeneâs open solution supports integration to multiple protocols, enabling Virtual Asset Service Providers (VASPs) to send and receive counterparty information alongside blockchain transactions to any counterparty that uses the same infrastructure.
Global money-laundering watchdog the Financial Action Task Force (FATF) introduced new guidelines that treat crypto companies as regulated financial entities. Going forward, companies that custody and exchange virtual assets on behalf of customers will have to comply with existing regulatory requirements similar to banks, including the âTravel Rule,â which mandates collaboration to exchange identifying information of customers in transactions over a certain threshold. This is a daunting task as blockchains are ill-equipped to transfer personal identifying information in a secure and private manner, in tandem with the exchange of value.Â
After successful integration of Notabeneâs Travel Rule solution, Bitfinex aims to deliver the highest levels of data privacy while enabling participants to send the required Travel Rule data to the correct counterparty in a safeguarded manner.
Paolo Ardoino, CTO of Bitfinex, comments:
âAs the preeminent, leading exchange in the trading of bitcoin, Bitfinex has always taken a leading role in meeting new global regulatory requirements. We chose to trial Notabeneâs best-in-class solution as it delivers a seamless compliance process without any compromise to the user experience.â
Pelle Braendgaard, CEO of Notabene, says:
ââBitfinex has been an integral part of the crypto currency community for many years now. They share our vision for a continued open crypto currency ecosystem. We are excited to help work with them implementing the Travel Rule, a key part of the latest guidelines for Virtual Asset Service Providers from FATF. Travel Rule testnets are the best way for companies to collaborate on the approach to roll out Travel Rule compliance.â
â
Notabene regularly holds strategic Travel Rule compliance testnets that substantially benefit all stakeholders in the community, including a recent cross-jurisdictional testnet, under the observance of the Financial Services Regulatory Authority (FSRA) of Abu Dhabi Global Market (ADGM).Â
â
##
â
About Bitfinex
Founded in 2012, Bitfinex is a digital token trading platform offering state-of-the-art services for traders and global liquidity providers. In addition to a suite of advanced trading features and charting tools, Bitfinex provides access to peer-to-peer financing, an OTC market and margin trading for a wide selection of digital tokens. Bitfinex's strategy focuses on providing unparalleled support, tools, and innovation for experienced traders and liquidity providers around the world. Visit www.bitfinex.com to learn more.
â
About Notabene
Notabene is a reg-tech SaaS solution that turns regulatory compliance into a competitive advantage. We are working to make crypto transactions a part of the everyday economy by providing software, tools, and comprehensive data to manage regulatory and counterparty risks in crypto transactions. Companies leverage our end-to-end FATF Travel Rule solution to identify virtual asset accounts, perform mandated VASP due diligence, and manage global transactions from one dashboard. Trusted by leading exchanges, Luno, Bitso, Crypto.com, and more.
Notabene is headquartered in New York with offices in Zug and Santiago de Chile. To learn more, visit www.notabene.id. Follow us on LinkedIn and X.
â
Media contacts
Joe Morgan, Senior PR Manager, Bitfinex
Alice Nawfal, COO, Notabene
alice@notabene.id
British Virgin Islands, October 20, 2021, 12:00 PM BST - Tether Operations Limited (âTetherâ), the company operating the blockchain-enabled platform Tether.To that powers the largest stablecoin by market capitalization, announced today that it will be utilizing Notabene, an end-to-end solution for crypto regulatory compliance. It will begin testing its protocol-agnostic solution for Travel Rule compliance in order to bring transparency to cross-border transactions.Â
Notabene will enable Tether to test complex Travel Rule transactions in a collaborative, low-risk environment as the stablecoin issuer prepares for new regulations. In order to ensure customer protection, specifically as it pertains to transactions made by Virtual Asset Service Providers (VASPs), Tether will use Notabeneâs solution to share, send and receive counterparty information alongside blockchain transactions to counterparties that use the same infrastructure.
Global money-laundering watchdog the Financial Action Task Force (FATF) has issued guidelines holding crypto companies to similar standards as regulated financial entities. The âTravel Ruleâ recommends that VASPs dealing with virtual assets should transmit specific customer data between counterparties for transactions over a certain threshold. The updated guidelines describe the FATFâs recommendations in key areas, including how the FATF standards should be applied to stablecoins. These practices are intended to assist countries and service providers to combat money laundering, terrorist financing, and abide by Sanctions measures.Â
â
Paolo Ardoino, CTO of Tether.
âIt's important that we work with regulators to build this industry from the ground up as pioneers of blockchain technology and leaders in transparency, we are dedicated to not only keeping up with new rules but helping shape them. Because the Travel Rule also applies to traditional financial institutions we see this as an opportune moment to foster cooperation across traditional and digital channels in order to create better services for customers globally. We are proud to lead the charge on behalf of all stablecoins in order to make a positive change towards protecting our clients.âÂ
Pelle Braendgaard, CEO of Notabene, comments:
âTetherâs stablecoin has rightfully cemented its role as a core part of the global crypto industry. Notabene is excited to help Tether bring out FATF Travel Rule compliance across its global network, leading to a safer and more regulatory compliant crypto world.â
â
By bringing a trusted data layer to blockchain transactions, Notabeneâs design will assist Tether in managing counterparty risk and deliver a best-in-class payment experience to its customers while maintaining GDPR compliance and user data protection.
With the successful integration of Notabeneâs solution, Tether aims to maintain its reign as a leader in transparency and in getting information to the community as well as its stakeholders, while demonstrating full compliance with regulatory requirements. To learn more about Tether, please visit, https://tether.to/.Â
##
About Tether
Tether is the preeminent stablecoin with the biggest market capitalization, surpassing that of all rival offerings combined. Created in October 2014, Tether has grown to become the most traded cryptocurrency. Tether is disrupting the legacy financial system by offering a more modern approach to money. By introducing fiat currency denominated-digital cash to the Bitcoin, Ethereum, EOS, Liquid Network, Omni, Tron, Algorand, and Solana blockchains, Tether makes a significant contribution to a more connected ecosystem. Tether combines digital currency benefits, such as instant global transactions, with traditional currency benefits, such as price stability. With a commitment to transparency and compliance, Tether is a fast and low-cost way to transact with money.
â
About Notabene
Notabene is a reg-tech SaaS solution that turns regulatory compliance into a competitive advantage. We are working to make crypto transactions a part of the everyday economy by providing software, tools, and comprehensive data to manage regulatory and counterparty risks in crypto transactions. Companies leverage our end-to-end FATF Travel Rule solution to identify virtual asset accounts, perform mandated VASP due diligence, and manage global transactions from one dashboard. Trusted by leading exchanges, Luno, Bitso, Crypto.com, and more.
Notabene is headquartered in New York with offices in Zug and Santiago de Chile. To learn more, visit www.notabene.id. Follow us on LinkedIn and Twitter.
â
Media contact
Alice Nawfal, COO, Notabene
alice@notabene.id
We recently released a survey inviting the responses of VASPs of various sizes worldwide to compile the findings into the State of Crypto Travel Rule Compliance Report. The upcoming report will demonstrate a transparent understanding of Travel Rule compliance readiness levels and pain points. Today we present a preliminary analysis of this data. Thank you to all of you who completed the survey.
What weâve noticed: Regulators will have a significant role to play in the smooth, global implementation of Travel Rule compliance. Most of the issues that VASPs are facing are due to a lack of regulatory clarity. Regulators could help with coordination and further guidance.
Learn more below.

1. 95% of respondents have an internal compliance/legal department.Â
78% of those say these teams are a key pillar of the company with enough power to ensure that the business adheres to external rules and internal controls.

2. 72% of the respondents are already Travel Rule compliant or are on track to becoming fully compliant soon. [Q3/Q4 2021 - Q1/Q2 2022]

3. 100% of respondents that report full Travel Rule compliance are in Singapore.

4. 56% of respondents name the sunrise period and legal uncertainty as the two most relevant hindrances to adoption.
- Managing data privacy risks, UX impact, and interactions with non-custodial wallets are at the bottom of the list of adoption hindrances.
â
5. Potentially due to the sunrise period, VASPs are in very different stages of compliance.
VASPs that are looking to comply with Travel Rule requirements are all in very different stages of the process. The distribution of VASPs across the research, planning, implementation and finalized phase is fairly equal. This is possibly connected to the "sunrise issue," resulting in VASPs having very different levels of regulatory pressure to go live with the Travel Rule.Â

6. 18% of VASPs report to have suspended all transactions until they are ready to comply with the Travel Rule.
We will provide more information, including a deeper analysis, VASP interviews, and Regulator insights in the upcoming State of Crypto Travel Rule Compliance Report in December. Stay tuned to this and other regulatory news by signing up for our newsletters.
As the report aims to demonstrate a transparent understanding of compliance readiness levels and pain points, gathering responses and insights from a diverse group of VASPs is crucial. If your firm qualifies as a VASP, please feel free to submit your answers.
If you have any questions about the survey, please feel free to reach out to catarina@notabene.id or lesa@notabene.id.
â
Enter your information below to download the State of Crypto Travel Rule Compliance Report 2022.
AMSTERDAM & NEW YORK -- Notabene, a Financial Action Task Force (FATF) Travel Rule solution provider has announced a partnership with Crystal Blockchain, a Netherlands-based blockchain investigative tool. The collaboration is meant to enable Virtual Asset Service Providers (VASPs) to comply with the FATFâs Travel Rule identification, data exchange, and reporting process from beginning to end.
Crystal Blockchain powers regional and global AML compliance and operational continuity by enabling best-in-class blockchain transaction risk assessment. Notabene is a regtech SaaS solution that allows companies to leverage their end-to-end FATF Travel Rule solution to identify virtual asset accounts, perform mandated VASP due diligence, and manage global transactions from one dashboard.
â
- Alice Nawfal, COO of Notabene says
âIndustry partnerships are the key to FATF Crypto Travel Rule compliance. Working with Crystal Blockchain allows us to embed blockchain compliance security into our product offering, providing the best end-to-end Travel Rule compliance solution in the space.â
â
Marina Khaustova, CEO at Crystal Blockchain, comments
âCrystalâs latest partnership with travel rule solutions aggregator Notabene allows us to bring the best of blockchain compliance security to our customers as we and Notabene work towards a safer and more risk-averse blockchain future.â --- Marina Khaustova, CEO at Crystal Blockchain
â
Read more in PAYPERS about the latest partnership between Crystal and Notabene
About Notabene
Notabene is a reg-tech SaaS solution that turns regulatory compliance into a competitive advantage. We are working to make crypto transactions a part of the everyday economy by providing software, tools, and comprehensive data to manage regulatory and counterparty risks in crypto transactions. Companies leverage our end-to-end FATF Travel Rule solution to identify virtual asset accounts, perform mandated VASP due diligence, and manage global transactions from one dashboard. Trusted by leading exchanges, Luno, Bitso, Crypto.com, and more. Notabene is headquartered in New York with offices in Zug and Santiago de Chile. Notabene is headquartered in New York with offices in Zug and Santiago de Chile. To learn more, visit www.notabene.id. Follow us on LinkedIn and Twitter.
About Crystal Blockchain
Crystal is the world-leading all-in-one blockchain analytics tool for crypto AML compliance, providing blockchain analytics and crypto transaction monitoring for thousands of cryptocurrencies in real-time. Crystal works globally with customers in the digital asset industry, the banking, and FI sectors. We help streamline their Know Your Transaction (KYT) and Anti-Money Laundering (AML) procedures for meeting international compliance standards. Available as a free demo version, SaaS, API, and on-premise installation. Engineered by Bitfury.
Media contacts
Ana Diundina, Crystal Blockchain
anastasiia.diundina@crystalblockchain.com
+380977371660
Alice Nawfal, COO, Notabene
alice@notabene.id
NEW YORK -- Notabene, the leading FATF Travel Rule solution provider, has announced the successful completion of a Travel Rule testnet in cooperation with the Financial Services Regulatory Authority (FSRA) of Abu Dhabi Global Market (ADGM).Â
Notabene set up a collaborative environment for seven companies to test cross-jurisdictional Travel Rule transactions in a low-risk environment as they gear up to comply with impending regulations. Four ADGM-licensed firms, Matrix, Aarna Capital, DEX, and MidChains, tested sending transactions with companies applying for their Singaporean digital payment token (DPT) licenseâAmber Group, Liquid, and Zipmex.
New anti-money laundering (AML) rules, commonly known as the âTravel Rule,â require crypto companies to share personal customer information alongside a transaction. As enforcement deadlines approach, financial institutions rush to implement new compliance tools, train compliance teams to implement new processes and understand what actions to take across various scenarios.Â
ADGMâs FSRA cooperated with Notabene to establish the testnet so that companies could perform simulated travel rule transactions between each other, collaborate on compliance approaches, while permitting the regulator to clarify their interpretation of the rules.Â
The participating firms tested six real-life scenarios, including interactions with firms operating cross-jurisdictionally where thresholds and requirements vary.Â
Other scenarios tested included:
- Rejecting transfers when data didnât match internal records.
- Interacting with companies who are not Notabene customers and may not be live with Travel Rule.
- Requesting missing travel rule transfers from counterparties.Â
Alice Nawfal, COO of Notabene, says:
ââThe industry is signaling to regulators that they can adapt to the intricacies of new regulations, including varying cross-jurisdictional rules. Notabeneâs software ensures that firms complying with the various regulations do not have to limit transaction flow.â
Wai Lum Kwok, Senior Executive Director â Authorisation of the FSRA, comments:
âWe are pleased to see that the industry is actively collaborating to use technology to facilitate compliance. Such collaborations let participants better understand regulatory requirements and improve their processes. Further, appropriate use of technology can lead to more efficient and effective compliance outcomes. The cross-border nature of this collaboration is a good signal that the industry is increasingly able to deal with the global nature of compliance for virtual assets.â Â
Participating exchanges expressed excitement to trial Travel Rule transactions through Notabene with regulator participation.
Pav Gill, Chief Legal Officer at Zipmex, adds:
âIt has been a pleasure to be granted the opportunity to work with ADGM. Throughout this experience, we have seen the positives of how these solutions will help in the fight against financial crimes within the digital assets industry. While there is an appreciation of the intentions behind the regulation, significant practical challenges remain in terms of implementation in order to ensure a seamless customer experience that matches the power of the underlying technology. We look forward to continuing to work with regulators during these exciting times.ââ
Vasja Zupan, President of Matrix, comments:
âWe are thrilled to take part in a global effort to test Travel Rule transactions. As a regulated trading platform that prioritizes security, we see Notabeneâs testnet as a responsible and resourceful step for testing customer transactions.â
Seth Melamed, COO, Liquid, comments:
"At Liquid, putting clients at the center of all that we do is core to how we operate. Adherence to AML regulations is an important part of our client-centric approach. In our collaboration with Notabene, Liquid is proactively working with other crypto entities, regulators, and solution providers to adapt the principles of Funds Travel Rule to a blockchain context."
This testnet presents an excellent opportunity for the participating firms to learn collaboratively. Going forward, Notabene will continue to facilitate further testing, provide integration support, and moderate compliance team discussions, as well as publishing âblueprintâ compliance flows to the industry. Sign up for the next testnet here.
About Notabene
Notabene is a reg-tech compliance SaaS solution that connects the traditional financial industry and crypto industry. We are working to make crypto transactions a part of the everyday economy by providing software, tools, and comprehensive data to manage regulatory and counterparty risks in crypto transactions. Using privacy-preserving technology, strategic partnerships, and commitment, our first-to-market FATF Travel Rule solution helps financial institutions, crypto exchanges, and businesses turn compliance into a competitive advantage. Key investors include Castle Island, Green Visor Capital, Illuminate Financial, CMT Digital, and a cadre of top-tier angel investors. Trusted by leading exchanges, Luno, Bitso, Crypto.com, and more.
Notabene is headquartered in New York with offices in Zug and Santiago de Chile. To learn more, visit www.notabene.id. Follow us on LinkedIn and Twitter.
Today, Germany published the Crypto Asset Transfer Regulation - KryptoWTransferV, implementing FATF's travel rule in the country. We will review this in the next few days and update our Germany jurisdiction page.
Until then, we share the highlights:
1. The Crypto Travel Rule regulation comes into force in Germany on October 1st, 2021.
KryptoWTransferV § 7 (1) Entry into force, expiry: â
"This Ordinance shall come into force on October 1, 2021."
2. The regulation subsumes to the preexisting Money Transfer Ordinance framework.
KryptoWTransferV § 3 (1): Duty to survey, Storage and transmission of data during transfers between crypto value service providersÂ
âFor obliged entities making a transfer on behalf of the payer, the rules on obligations of the payment service provider of the payer under Articles 4 and 6 of the Funds Transfer Regulation shall apply mutatis mutandis if only crypto value service providers are involved in the transfer on behalf of the payer and the payee.
3. German VASPs must collect, store, and verify the name and addresses of non-custodial beneficiary and originators.
KryptoWTransferV § 4 (3): Duty to Collection and storage of data during transfers, in which not exclusively Crypto value service providers are involved
âFor the purposes of paragraphs 1 and 2, risk-adequate measures are measures which correspond to the identified money laundering and terrorist financing risk of the transfer and which ensure the traceability of the transfer. In particular, a risk-appropriate measure is the collection, storage and verification of the name and address of the beneficiary or the principal for whom no crypto service provider is acting in the transfer and who is not a contractual partner of the obliged party.â
4. Companies that are unable to comply immediately must notify competent supervisory authorities by November 30, 2021.
Companies that cannot comply immediately with travel rule obligations must notify competent supervisory authorities by November 30th, 2021. They must further include the reasons for the impediment, the measures taken to remove it, and the timeline for the removal by December 31st, 2021. The stated reasons will be subject to the assessment of the supervisory authority, who may decide whether or not an exemption period should be granted to the VASP.
KryptoWTransferV § 5 (1) Transitional provisions:Â
âObligated persons who, at the time of entry into force of this Ordinance, conduct banking transactions within the meaning of section 1(1) sentence 2 of the German Banking Act, provide financial services within the meaning of section 1(1a) sentence 2 of the German Banking Act or securities services within the meaning of section 2(2) to (4) of the German Securities Institutions Act in relation to crypto securities, and who are unable to comply with the obligations under sections 3 and 4 on a permanent basis or at all for reasons for which they are not responsible, shall notify the competent supervisory authority in accordance with section 50 number 1 of the German Money Laundering Act by 30 November 2021 and provide reasons for this by 31 December 2021. If obliged entities commence such banking transactions, financial services or investment services for the first time after the entry into force of this Ordinance, sentence 1 shall apply subject to the proviso that the notification, including the justification, must be made upon commencement. â
5. VASPs must ensure Travel Rule compliance within 12 months.Â
Under certain circumstances, a single extension of this period for additional 12 months may be granted.
KryptoWTransferV § 5 (2) Transitional provisions:Â
âThe justification referred to in paragraph 1 shall include information on the reason for the impediment and on the measures taken to remove the impediment. In addition, the period of time in which the removal of the reason for the impediment is expected to take place shall be indicated, and it shall be specified which other risk-appropriate measures will be taken during the implementation of transfers. The period specified in accordance with the first sentence may not exceed twelve months. A single extension of this period by a further twelve months shall be permissible if a reasoned notice of extension is submitted before the expiry of the first twelve-month period and if the reason for the impediment continues to exist.â
Relevant links:
- BaFIN | Banking Act (Kreditwesengesetz - KWG)
- Bundesminister der Finanzen | Kryptowertetransferverordnung â KryptoWTransferV
- The Federal Minister of Finance | Regulation on enhanced due diligence requirements for the transfer of crypto assets (Crypto Asset Transfer Regulation - KryptoWTransferV) translated to English.
Charles V. Senatore, former Director of the Southeast Region of the US SEC, shares his essential insights for crypto compliance officers. Senatore has over 36 years of industry experience; as a trial lawyer, a federal prosecutor, a law firm partner, and a senior regulator at the SEC. He then went on to lead global compliance functions at Merrill Lynch and Fidelity.
Weâve created a post with the top 10 takeaways from his conversation with our co-founder and CEO, Pelle BrĂŠndgaard.
1. Regulators have developed timeless principles they care about, and compliance officers should implement policies to address them.
The compliance team must keep in mind the timeless principles the regulators care about. If they look back to the essence of what regulators tend to think about, then they can provide input on how these principles may need to apply to new crypto products.
2. Crypto firms should do three things to encourage regulators to continue taking a risk-based approach with crypto to achieve desired regulatory outcomes:
- Remember that it is your responsibility to become compliant. You are accountable for outcomes and must prepare adequate controls.
- Work as a community to achieve herd compliance.
- Engage with regulators responsibly.
3. Mandating technology doesnât end well.
The danger of mandating a technology is that the technology changes, yet the regulation stays set to a specific point in time. Itâs hard to unwind firm regulations, which creates all sorts of inefficiencies.
4. A healthy regulatory relationship can benefit the industry.
Regulators, as public servants, have an interest in the integrity of their markets. Accordingly, many regulators are eager to engage and learnâkeeping up to speed is crucial for carrying out their mission.
5. Companies that view compliance as an opportunity for differentiation will have a competitive advantage over their competitors.
Businesses that do not take the proper steps to handle consumer assets well will lose ground to firms with strong and effective compliance programs.
6. Want a compliant product? Involve compliance officers during the ideation process.
âNew product ideas will have better outcomes if compliance officers successfully integrate themselves from the start. Nothing is more frustrating than having an excellent idea for a use case shot down by a compliance officer. Involving a compliance officer during step one mitigates future disappointment.
7. Compliance officers should consider aligning themselves with business goals and growth.â
To forge a one-on-one connection with business leaders, compliance officers should search for compliant ways to realize business goals instead of reflexively saying âno.â With that mindset in place the compliance team will  eventually advance from being seen as the âanti-business departmentâ to being appreciated as part of the solution to help the business grow.
8. Compliance officers are in a great position to have a seat at the leadership table. â
Once business leaders realize that the compliance team is a part of the solution to help the business grow, an opportunity for compliance officers to be a respected part of leadership soon follows.
9. Most compliance principles fall into two major categories: binary âyesâ or ânoâ decisions or risk-based considerations. â
Use cases without specific binary regulatory requirements are where compliance officers can work their magic and show their value by applying time-tested risk-based principles to get a high level of comfort. Appropriately assess risk, and propose mitigation steps, and create that new product.Â
10. Talent that understands both tech and regulatory principles will be key to success in this industry. â
As we head into uncharted waters, having people who understand the tech and how these regulatory principles apply to it will be crucial ingredients. The teams with these capabilities will be best suited to nimbly and quickly adapt as new use cases emerge. It will take collaboration among different teams and working seamlessly together to reduce friction and allow innovation to flourish.
On July 22, 2021, HM Treasury released Amendments to the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 Statutory Instrument 2022, a consultation that included an entire chapter on the transfers of crypto assets. Chapter 6 laid forth provisions poised to implement the FATFâs Crypto Travel Rule into UK law.
Below are our important takeaways:
1. HM Treasury proposes to update the Money Laundering Regulations (MLRs) rather than pass primary legislation needed to amend the Funds Transfers Regulations (FTRs)
6.7: The use of the Money Laundering Regulations
As it is retained EU law, the government does not have the ability to easily amend the FTR, except to remove deficiencies caused by EU exit. More substantial amendments of the kind necessary to apply R.16 to cryptoassets would require primary legislation. The government therefore proposes to use its powers to amend the MLRs, which will also ensure that AML legislation for the cryptoasset sector is consolidated in one place, and is therefore easier to navigate.Â
Notabene Takeaway: Acknowledging the urgency with which HM Treasury wants to roll out the Travel Rule, they propose to update existing MLRs rather than attempt to amend the EU FTR laws. This will make it easier and faster to implement, and also has the benefit of ensuring all AML regulation for cryptoassets is kept within the MLRs.Â
2. HM Treasury offers an unspecified grace period for compliance solution integration
6.8: Timing
The government acknowledges that the process of integrating these requirements into a firmâs business practices may take time. It is important that new regulations are introduced in a proportionate way, striking the right balance between reducing the harms of illicit finance and supporting innovation that benefits consumers and the economy. It is therefore proposed that firms will be allowed a grace period after the amendments to the MLRs are made, to allow the integration of compliance solutions.Â

Notabene Takeaway: The HM Treasury acknowledges that introducing new compliance measures is a cost and needs to be balanced with their support for innovation. It will offer a grace period and calls on critical industry playersâ responses to create evidence-based policy decisions. You can submit your feedback to this email Anti-MoneyLaunderingBranch@hmtreasury.gov.uk by October 14, 2021. Notabene will also provide a response.
3. Full Travel Rule data transfer requirements will apply to all VASP-to-VASP transfers over ÂŁ1,000
Meanwhile, transfers below ÂŁ1,000 will still require the collection of less PII.Â
6.12:
In line with INR.16 and the approach taken in the FTR, the government proposes that the following information should be required to be sent with a transfer of cryptoassets.Â

These requirements are the minimum information which should accompany a transfer of cryptoassets; there is nothing to prevent a cryptoasset service provider providing additional information with the transfer (such as, for example, providing full beneficiary and originator information, if the sending cryptoasset sevice provider does not know the jurisdiction in which the receiving cryptoasset service provider is based).Â
Notabene Takeaway: Notably, HM Treasury will require travel rule transfers below the threshold, similar to the EU requirements. Also, it is worth noting that while some jurisdictions have deemed all crypto transfers to be treated as âcross-border transfers, the UK makes an exception here by allowing transfers between UK-based VASPs not to include PII.
4. PII received, transmitted, or retained is within the scope of the UK GDPR
6.22:
Personal data received, transmitted or retained pursuant to these provisions is within scope of the UK General Data Protection Regulation (GDPR), and crypto asset service providers will therefore need to process it in line with the requirements in that legislation.Â
Notabene Takeaway: UK VASPs must uphold GDPR when performing Travel Rule transfers. This is not unexpected, but some questions arise on whether they will oblige their counterparties who are not in the EU or UK to also abide by GDPR.
5. HM Treasury invites comments/feedback on unhosted wallet transfers
6.27: Treatment of unhosted wallets
Obligations under R.16 only fall on cryptoasset service providers, not on private individuals using unhosted wallets. Although FATF are reviewing the treatment of unhosted wallets within scope of the recommendations, current FATF Guidance states that, where a beneficiaryâs cryptoassets service provider receives a transfer from an unhosted wallet, it should obtain the required originator information from its own customer that receives the cryptoassets transfer. This requirement does not extend to the verification of said originator information. Where a transfer is being made from a cryptoassets service provider to an unhosted wallet, the originating provider is not expected to send information to an unhosted wallet, though it should still collect information on the intended beneficiary.

Notabene Takeaway: HM Treasury is hinting that it would only require obtaining the counterparty information and not its verification if it were to roll out requirements around unhosted wallets. This is in line with what FATF recommends now, but it is encouraging that they invite commentary from the industry. Regardless, companies must be prepared to implement a risk-based approach concerning unhosted wallets.