BLOG
A trusted perspective on regulation, technology, and the future of global finance
In October 2018, the Financial Action Task Force (FATF) announced that it would be recommending member countries apply the Travel Rule — a longstanding compliance requirement for traditional financial institutions — to virtual assets (VAs) and virtual asset service providers (VASPs). While the rule may be implemented differently depending on the jurisdiction, as its core, the Travel Rule requires VASPs to identify the originators and beneficiaries of transfers above a certain threshold and transmit that information to their VASP counterparty, where one exists.
The Travel Rule has presented a novel challenge for the cryptocurrency industry, as blockchains are not inherently conducive to sending personally identifiable information alongside a transaction. To comply with FATF’s Travel Rule Recommendation, VASPs must implement messaging protocols to exchange originator and beneficiary information with other VASPs securely.
Various providers have kicked off several initiatives to build such protocols and end-to-end Travel Rule compliance solutions, including a joint offering from Chainalysis and Notabene to help VASPs meet all compliance requirements. But there are several elements of a successful Travel Rule solution, which VASPs should keep in mind as they search for the right one. With over 30,000 registered VASPs operating in over 190 jurisdictions and all the differences in Travel Rule regulatory frameworks and tech stacks, those numbers imply that interoperability has emerged as a critical factor for compliance officers evaluating Travel Rule solutions in the cryptocurrency industry.
Below, we’ll define what interoperability means in the context of the Travel Rule and explain how to pick a Travel Rule solution that works across all jurisdictions and VASPs.
1. What is Travel Rule interoperability?
Interoperability is generally defined as the capacity for computer systems or software applications to exchange information and fulfill specific tasks based on that information in conjunction with one another. In the context of Travel Rule solutions, interoperability refers to VASPs’ ability to communicate and exchange data with counterparty VASPs using multiple messaging protocols. Interoperability is essential because if VASPs are limited to exchanging information only with VASPs using the same messaging protocol, they’ll be cut off from exchanging information in a compliant manner with other VASPs using different protocols.
2. Why is interoperability important?
With the emergence of multiple Travel Rule messaging protocols domestically and globally, VASPs are faced with the challenge of integrating numerous protocols to achieve full coverage of possible counterparty VASPs. If this excessive fragmentation persists, the cost and complexity of Travel Rule compliance will increase significantly, especially if different jurisdictions begin to adopt varying versions of FATF’s Travel Rule Recommendation.
While existing protocols are adapting and are likely to become more interoperable in the future, they cannot currently “speak” directly to other protocols. Until then, solutions like Notabene can integrate multiple protocols to form an “interoperability bridge” on behalf of VASPs, helping teams circumvent interoperability issues manually and transact compliantly with partners using other protocols.
3. What is a Travel Rule messaging protocol?
A messaging protocol is a set of rules for formatting, processing, and transmitting data. A Travel Rule messaging protocol is a particular set of rules for formatting, processing, and exchanging originator and beneficiary information alongside blockchain transactions, as recommended by FATF.
For comparison, the two most widely used internet standard communication protocols for email transmission are SMTP (Simple Mail Transfer Protocol) and Internet Message Access Protocol (IMAP). Mail servers and other message transfer agents use SMTP and IMAP to send and receive mail messages.
To comply with FATF’s Travel Rule Recommendation, VASPs need similar messaging protocols to exchange originator and beneficiary information.
4. Why are there so many protocols?
Various industry leaders, commercial companies, and working groups took up the task of creating a messaging protocol that VASPs could use to send required PII alongside blockchain transactions. While the industry agreed upon one data messaging format–IVMS 101–there are currently nine Travel Rule Messaging Protocols on the market, leaving VASPs unsure of which solution to choose. Over time, existing protocols may merge or deprecate.
5. Messaging protocols do not provide full Travel Rule compliance.
VASPs must meet five requirements on all transactions they process in order to comply with the Travel Rule Recommendation.
Identify transactions that fall under the Travel Rule.
To pinpoint transactions that fall under the Travel Rule, VASPs need to verify if another VASP hosts their customer’s counterparty address on a given transaction. This is where Chainalysis Know Your Transaction (KYT) comes in. When a transaction meets the monetary value threshold for the Travel Rule, an API call is sent to KYT from the Notabene platform to determine if the wallet is hosted (by a VASP) or unhosted (non-custodial). If the address is hosted by a VASP, VASPs can then identify the counterparty VASP, collect and record missing counterparty data and apply necessary regulatory requirements. Some jurisdictions require additional due diligence requirements for transactions with non-custodial wallets, such as proof of wallet ownership.
Identify and verify the Beneficiary VASP.
VASPs must identify the counterparty VASP in a transaction and confirm wallet ownership with them.
Assess the risk involved with the transaction.
VASPs must analyze the beneficiary risk level through blockchain analysis providers like Chainalysis and leverage sanctions screening integration to identify illicit actors before deciding to allow a Travel Rule transfer to be initiated. This step is essential, as some VASPs appear on sanctions lists, and exchanges must be sure not to send transactions to those entities.
Verify counterparty VASP’s AML/CTF information.
Paragraph 197 of FATF’s Updated Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers requires VASPs to conduct counterparty due diligence before sending Travel Rule information to a counterparty: “Assess a counterparty VASP is an eligible counterparty to send customer data to and to have a business relationship with.”
By leveraging VASP and Crypto Company directories that integrate open-source research, blockchain analysis, and real-time data from regulators and third parties, compliance officers can assess the risk level of their counterparties and determine whether they feel comfortable sending Travel Rule data transfers to their counterparty VASP. Directory information includes regulation status, the level of robustness of their AML/CFT program, a signal of whether they will be able to protect PII with robust cyber security standards, and so forth.
Securely send and receive customer data.
In certain jurisdictions, customer PII falls within the General Data Protection Regulation (GDPR) scope. UK VASPs must uphold the data protection principles outlined in the GDPR when performing Travel Rule transfers.
Messaging protocols only assist with two of the five components needed for an end-to-end Travel Rule solution: sending and receiving customer data and identifying and verifying the Beneficiary VASP. Compliance Officers must look for end-to-end Travel Rule solutions that address all components.
6. Consider the fee schedule for Travel Rule Messaging Protocols.
Travel Rule messaging protocols have varying fee structures; some charge by transaction volume, some by membership fees, and some are free to use. As messaging protocols constitute a small part of compliance, VASPs should consider the usage and membership fees (where applicable), costs involved with direct integration into a protocol, and/or the costs to service providers when choosing the best-fit solution.
7. IVMS 101 is the industry-standard data model for Travel Rule messaging protocols.
In October of 2019, a cross-industry working group of experts from the Chamber of Digital Commerce, Global Digital Finance, and the International Digital Asset Exchange Association developed a technical standard for Travel Rule message formatting known as the interVASP Messaging Standard IVMS 101. IVMS 101 is a universal language for communicating the required originator and beneficiary information between VASPs. FATF and critical regulators such as FinCEN, MAS, the FCA, and the JFSA were kept informed during the development of IVMS 101. On May 6, 2020, IVMS 101 was recommended for adoption at an InterVASP closing plenary. Today, all Travel Rule messaging protocols use IVMS 101, which is an excellent first step toward interoperability.
8. Open network protocols will ensure comprehensive transaction coverage.
Regarding Travel Rule messaging protocols, an open Travel Rule messaging protocol enables any two VASPs to use the protocol without consent or even knowledge of any third party. Users are granted access to closed (proprietary) Travel Rule messaging protocols through a membership process.
Open-network Travel Rule messaging protocols are vital to ensuring comprehensive coverage when facilitating transactions with VASPs across the cryptocurrency community. TRP and OpenVASP are decentralized, secure, scalable, reliable, and globally available protocols with open-source architecture.
9. Travel Rule solution providers (not protocols) should account for jurisdictional differences in threshold applications.
Various jurisdictions have implemented the Travel Rule for cryptocurrency differently, leading to different minimum thresholds, varying PII requirements, further obligations for the originator and beneficiary VASPs, and divergent treatment of transactions with non-custodial wallets. These gaps in implementation and thresholds are critical to note as companies ramp up their Travel Rule compliance plans and test cross-jurisdictional Travel Rule transactions.
Many global regulators chose to adopt FATF’s recommendation that VASPs apply the Travel Rule to any cryptocurrency transaction over 1000 USD/EUR involving another VASP, while in the US, the Travel Rule for cryptocurrency applies at a higher threshold of USD 3000, in keeping with the US’s Travel Rule for fiat wire transfers. Meanwhile, some jurisdictions do not specify any threshold at all. Jurisdictional requirements add an added layer of complexity to complying with regional-specific virtual asset transfers.
Compliance Officers should look to their Travel Rule solution provider to help them account for these differences, as protocols will not solve this complexity. An end-to-end compliance solution that automatically updates its underlying tech to include changes in regional regulatory information while allowing VASPs to send Travel Rule data alongside each transmission over $0 is best.
10. Interoperability between protocols today is very early.
While there have been a few press releases and announcements on interoperability, there hasn’t been much interoperability implementation. Recent FATF guidance calls for cooperation between regulatory authorities and private sector organizations to ensure interoperability of Travel Rule solutions. In their second 12-month review, FATF urged countries to prioritize the Travel Rule implementation and enforcement.
While interoperability is not yet the standard across Travel Rule messaging protocols, FATF does not recognize a lack of interoperability as an excuse for noncompliance. As long as there are working solutions in production, FATF urges countries to implement the Travel Rule and additional robust control measures to interact with VASPs in jurisdictions where the Travel Rule is not yet implemented or has no solution in place. Additionally, early implementation of Travel Rule solutions can ensure operational continuity when regulatory deadlines arise in local jurisdictions. VASPs will benefit from implementing these solutions sooner rather than later.
FATF’s guidance also highlights the importance of cooperation and coordination among supervisory authorities and private sector organizations to ensure the interoperability of Travel Rule solutions adopted by VASPs. Collaboration and coordination are also crucial for the effective adoption of the Travel Rule worldwide.
How the Chainalysis + Notabene integration solves the challenges of the Travel Rule
Notabene provides an end-to-end Travel Rule platform that allows VASPs to manage regulatory and counterparty risks at scale. With its rule-setting tools, compliance officers can automate the exchange of Travel Rule data across the cryptocurrency business’ preferred communication protocols. From data collection and counterparty identification to secure data transmission, Notabene helps companies fully comply with the Travel Rule.
Chainalysis is the blockchain analysis platform trusted by investigators and compliance teams worldwide. Chainalysis KYT (Know Your Transaction) is an AML compliance solution for monitoring cryptocurrency transactions to detect and triage suspicious activity. The software conducts automated funds tracing and generates alerts for suspected high-risk activity, from OFAC sanctioned addresses and darknet markets to scams. KYT allows cryptocurrency businesses to identify Travel Rule transactions in real-time, analyze counterparty wallets, and perform instant due diligence on counterparty VASPs so that they can get the information they need to stay compliant.
Frictionless Compliance at Scale
Chainalysis and Notabene have partnered to provide a solution that allows VASPs to identify transactions that meet the rule’s requirements without compromising user experience. When a Travel Rule scenario is detected, an API call is sent to KYT from the Notabene platform to determine if the wallet is hosted or unhosted and identify the counterparty VASP. Users can leverage this information with real-time verified data about the VASP to conduct due diligence and take the appropriate next steps to stay compliant. Notabene has the widest protocol support, enabling users to transact with any VASP, all in one dashboard.
With our integrated solution, cryptocurrency businesses can automate transactions with trusted counterparties while providing them with the data they need to detect suspicious activity and meet their regulatory requirements, including:
- Collect required Travel Rule data using a user-facing widget and API.
- Identify and verify wallet ownership for non-custodial.
- Automatically detect transactions that meet Travel Rule requirements and get alerts on potentially high-risk activity, all at once.
Counterparty VASP Due Diligence
- Access to verified and up-to-date VASP information to perform informed decisions quickly.
- VASP data includes licensing, incorporation, AML/CFT processes.
- Transact with any VASP with TR:Now’s multi-protocol support.
- Transfers across all protocols are easily managed in the one API dashboard.
- Encrypted and segregated customer data.
Automated Transfers
- Customize, preset, and automate transfer requests using tools for rule-setting.
By adopting both Chainalysis and Notabene, cryptocurrency businesses can immediately signal Travel Rule compliance, putting themselves in a better position with regulators while gaining a market advantage.
As other VASPs become compliant, they may be forced to stop doing business with counterparties if their compliance program isn’t up to par. By meeting Travel Rule requirements now, you can give your customers and partners the confidence to keep working with you, open up new opportunities, and gain an advantage in the market.
If you are interested to know more about how our solutions can help you build a complete Travel Rule solution to meet developing regulatory requirements, contact the Chainalysis or the Notabene team.
You can also schedule a Notabene demo here.
NEW YORK / TORONTO, Ontario , December 3, 2021 - Bitbuy, Canada’s most secure and trusted platform for Bitcoin, Ethereum, and other Cryptocurrencies has implemented Notabene's end-to-end protocol-agnostic solution for crypto regulatory compliance to meet Canada's December 1, 2021 Travel Rule deadline for dealers in virtual currencies.
Notabene will enable Bitbuy to work through the various Travel Rule scenarios taking an industry-leading role in meeting its Canadian and global regulatory requirements. Notabene’s open solution supports integration of multiple protocols, enabling Virtual Asset Service Providers (VASPs) to send and receive counterparty information alongside blockchain transactions to any counterparty that uses the same infrastructure.
Global money-laundering body the Financial Action Task Force (FATF) introduced new guidelines that treat VASPs as regulated financial entities. Going forward, companies that custody and exchange virtual assets on behalf of customers will have to comply with existing regulatory requirements like banks, including the “Travel Rule,” which mandates collaboration to exchange identifying information of customers in transactions over a certain threshold. This is an incredibly difficult task given that blockchains are ill-equipped to transfer personal identifying information in a secure and private manner, in tandem with the exchange of value.
Bitbuy aims to deliver the highest levels of data privacy all while enabling participants to send the required Travel Rule data to the correct counterparty in a safeguarded manner for those VASPs that are participating in one of the networks that Notabene supports.
Joseph Iuso, Chief Anti-Money Laundering Officer, comments:
“With the Notabene implementation, Bitbuy will be able to meet its obligations related to the Travel Rule in a compliant, safe and secure manner”
Pelle Braendgaard, CEO of Notabene, says:
“As one of the leading cryptocurrency exchanges in Canada, Bitbuy is setting best-in-class standards for compliance with the new Travel Rule guidelines, rolling out a robust, yet open compliance system. We look forward to working with the Bitbuy team as they continuously ensure safe and secure access to cryptocurrencies for their customers.
Notabene regularly holds strategic Travel Rule compliance testnets that benefit all stakeholders in the community, including a recent cross-jurisdictional testnet under the observance of the Financial Services Regulatory Authority (FSRA) of Abu Dhabi Global Market (ADGM).
About Bitbuy
Bitbuy Technologies Inc is a Canadian-owned and operated cryptocurrency company. The company’s mission is to provide convenient, dependable, and secure access to Bitcoin and other digital currencies. Bitbuy currently operates out of downtown Toronto, and Halifax, and is registered with FINTRAC as a Money Services Business as a Dealer in Virtual Currencies. Bitbuy was founded in 2016 and is currently one of Canada’s largest cryptocurrency platforms by trading volume. Bitbuy offers crypto trading services to beginners, advanced traders, and corporations.
To learn more, visit www.bitbuy.ca. Follow us on LinkedIn and Twitter.
About Notabene
Notabene is a reg-tech SaaS solution that turns regulatory compliance into a competitive advantage. Notabene is working to make crypto transactions a part of the everyday economy by providing software, tools, and comprehensive data to manage regulatory and counterparty risks in crypto transactions. Companies leverage our end-to-end FATF Travel Rule solution to identify virtual asset accounts, perform mandated VASP due diligence, and manage global transactions from one dashboard. Trusted by leading exchanges, Luno, Bitso, Crypto.com, and more. Notabene is headquartered in New York with offices in Zug and Santiago de Chile.
To learn more, visit www.notabene.id. Follow us on LinkedIn and Twitter.
Media contacts
Binu Koshy
Bitbuy Technologies Inc.
Alice Nawfal, COO, Notabene
SAN FRANCISCO / AUSTIN, Texas / NEW YORK, Nov. 15, 2021 - Three market leaders in the global digital asset regulatory and compliance space have formed a partnership to create a one-stop solution for firms across the digital asset ecosystem, solving for cryptocurrency anti-money laundering (AML), trade surveillance, as well as Travel Rule compliance for Virtual Asset Service Providers (VASPs).
TRM Labs, a blockchain analytics provider, Eventus Systems, global provider of digital asset trade surveillance solutions, and end-to-end Travel Rule solution provider Notabene today announced the formation of “Project TEN,” which will provide the marketplace with a comprehensive offering to address a host of risk management and compliance challenges facing firms in the digital asset space.
With the launch of Project TEN, crypto-native firms as well as traditional financial institutions moving into virtual assets will benefit from a joint service designed to help maximize the efficiency of regulatory compliance operations. The offering will feature Eventus’ trade surveillance and market risk applications; TRM Labs’ transaction monitoring, wallet screening and forensics tools; and Notabene’s counterparty risk management and Travel Rule compliance software.
Esteban Castaño, Co-founder and CEO of TRM Labs, comments:
“Organizations operating in the crypto space are tasked with managing a complex regulatory landscape in a rapidly evolving market. Project TEN helps organizations address this complexity by bringing distinct areas of risk management expertise into one comprehensive offering.”
Eventus CEO Travis Schwab said:
“We’re delighted to join forces with two other market leaders in the global digital asset space to introduce efficiencies and make lives easier for crypto firms striving to hold themselves to the highest standards, both to attract investment flows and meet regulatory obligations. Powered in part by our Validus trade surveillance platform, the Project TEN partnership offers a compelling solution to a wide cross-section of participants, including traditional financial institutions looking to enter the digital asset space while ensuring they have the same robust processes in place that they apply to other asset classes.”
Pelle Brændgaard, CEO of Notabene, adds:
“There are many distinct tasks that must be addressed by any institution offering digital asset services. Project TEN creates a comprehensive compliance solution for firms across the rapidly growing global digital asset space. Partnerships are critical as many complex components must work together to manage overall compliance risk. We’re thrilled to embed our privacy-preserving Travel Rule solution into Project TEN, the first comprehensive offering allowing institutional clients to enter the crypto space in a regulatory-compliant manner.”
For more information on Project TEN, visit https://info.eventussystems.com/project-ten.
About TRM Labs
TRM Labs provides blockchain intelligence to organizations that need to monitor, detect and investigate crypto-related fraud and financial crime. Trusted by financial institutions, crypto businesses and government agencies across the globe, TRM’s platform includes tools for crypto wallet screening, transaction monitoring, VASP due diligence and investigative tracing. www.trmlabs.com.
About Eventus Systems
Eventus Systems is a leading global provider of multi-asset class trade surveillance and market risk solutions. Its powerful, award-winning Validus platform is easy to deploy, customize and operate across equities, options, futures, foreign exchange (FX), fixed income and digital asset markets. Validus is proven in the most complex, high-volume and real-time environments of tier-1 banks, broker-dealers, futures commission merchants (FCMs), proprietary trading groups, market centers, buy-side institutions, energy and commodity trading firms, and regulators. The company’s rapidly growing client base relies on Validus and Eventus’ responsive support and product development teams to overcome its most pressing regulatory challenges. For more, visit www.eventussystems.com.
About Notabene
Notabene is a reg-tech Software-as-a-Service solution that turns regulatory compliance into a competitive advantage. Notabene is working to make crypto transactions a part of the everyday economy by providing software, tools, and comprehensive data to manage regulatory and counterparty risks in crypto transactions. Companies leverage our end-to-end FATF Travel Rule solution to identify virtual asset accounts, perform mandated VASP due diligence, and manage global transactions from one dashboard. Trusted by leading exchanges, Luno, Bitso, Crypto.com, and more. Notabene is headquartered in New York with offices in Zug and Santiago de Chile. To learn more, visit www.notabene.id.
Media Contacts:
TRM Labs:
Sutherland Gold for TRM Labs
Eventus:
Ellen G. Resnick
Crystal Clear Communications
+773-929-9292; +312-399-9295 (mobile)
Notabene:
Alice Nawfal, COO, Notabene
Many crypto users around the world go through similar trepidation when sending funds, “Is this the correct address?” “Have my funds arrived?” Seasoned crypto users eventually overcome this trepidation, but the general obscurity around counterparties creates an even greater risk of money laundering and terrorist financing.
For instance, crypto exchanges verify their user’s identities and check them against various lists of known terrorists the same way banks do, yet, a terrorist can create a brand new bitcoin address. The exchange currently does not have any way of blocking transactions to it.
To close the loophole, the global Anti-Money Laundering regulatory watchdog FATF and national regulators like US’s FinCEN and Germany’s BaFin now require crypto exchanges to know with whom they are interacting on behalf of their customers. This recommendation is named the “Travel Rule,” as the customer’s private information “travels” along with the payment. Implementing Travel Rule requirements is very difficult for exchanges, as public blockchains–unlike bank payment networks–do not have a built-in method of transmitting identity information along with the transaction by design.
My co-founders Alice, Ania, Andrés, and I, came from uPort, where we built the first decentralized identity protocol built on and for public blockchains. We designed uPort to allow parties to transactions or smart contracts to understand with whom they are transacting in the most privacy-preserving way possible.
In early 2020, we co-found Notabene to solve the compliance headache that exchanges now face.
To solve Travel Rule compliance for the entire financial services industry, we began building a trusted data layer to blockchain transactions for protocol-agnostic communication. Now, more than 20+ businesses use our holistic software to manage counterparty risk with 50+ counterparties without impeding their customer’s transaction flow.
Since we began, we’ve run testnets in cooperation with the Financial Services Regulatory Authority of Abu Dhabi Global Market (FSRA ADGM). We have global stablecoins like USDT and leading digital token trading platforms testing our solution. We set up monthly collaborative environments for firms to test cross-jurisdictional Travel Rule transactions in a low-risk environment as they gear up to comply with impending regulations.
But that’s just the beginning.
Notabene is on a path to remove global regulatory compliance complexity to cement crypto’s role in mainstream transactions. Ultimately our mission is to allow more people to transact on public blockchains. We are actively working on bringing both businesses and their end-users better, safer, and more privacy-preserving approaches to managing risk around crypto interactions.
Our now 17-person strong team has built considerable traction around our Travel Rule solution that allows VASPs to identify virtual asset accounts, perform mandated VASP due diligence, and manage regulatory and counterparty risks from one holistic dashboard. We believe implementing the Travel Rule is foundational for blockchain technology; compliance will benefit the ultimate end users of crypto and will push crypto into much broader use cases than we’ve seen today.
We are very excited to announce our A round, which Jump Capital and F-Prime co-led. They were joined by Illuminate Financial, Fenbushi Capital, CMT Digital, and institutions like Gemini Frontier Fund, BlockFI, Luno, and BitSo. Our existing investors who believed in our mission from day one, Castle Island Ventures, Green Visor, and Signature Ventures, continued to grow their investment.
This round lets us expand on this to help us reach even more exchanges and financial institutions. If you’d like to join us on this quest, check out our Careers page. We have open roles across various departments.
We look forward to hearing from you!
- Pelle Brændgaard.
November 8, 2021-- Notabene, an end-to-end solution for crypto regulatory compliance and collaboration, announced a $10.2 million Series A funding round co-led by F-Prime Capital and Jump Capital. Peter Johnson from Jump Capital will serve on Notabene’s board of directors.
Existing customers Luno & Bitso extended a vote of confidence to Notabene by investing. Gemini Frontier Fund and the VC arm of global operator BlockFi also participated. Additional support came from Illuminate Financial, CMT Digital, Fenbushi Capital, and ComplyAdvantage’s CEO Charlie Delingpole alongside existing investors, Castle Island Ventures, Green Visor Capital and Signature Ventures.
The new injection of funding will be used for product development, meeting the demand of crypto companies applying for operating licenses, and developing crypto counterparty risk management solutions more broadly.
CEO Pelle Braendgaard comments:
“We are on a mission to allow crypto native companies to comply with the travel rule today and keep their doors open. The majority of crypto companies find themselves at a pivotal moment as regulators around the globe set forth long-awaited regulatory requirements. Conversely, the nature of permissionless blockchains makes it challenging to fulfill the technical requirements. Complying with new regulatory requirements will enable crypto companies to unlock trillions of institutional dollars, establish banking relationships, launch new products and bring trust to the industry.”
In 2019, global money-laundering watchdog the Financial Action Task Force (FATF) introduced new guidelines that treat crypto companies as regulated financial entities. Going forward, companies that custody and exchange virtual assets on behalf of customers must register with their local regulator and be licensed to operate in most jurisdictions. Additionally, crypto companies will have to comply with existing regulatory requirements similar to banks, including the “Travel Rule,”––which mandates collaboration to verify each other’s customers for transactions over a certain threshold. Regulators, including the US’s FinCEN, the UK’s Financial Conduct Authority, and Singapore’s Monetary Authority, now expect all companies providing crypto products to be fully compliant within the year. Germany’s BaFin expects compliance within the month.
Adding counterparty information to a blockchain transaction doesn’t just benefit exchanges and their regulators; it also allows consumers to trust to whom they are sending funds. The FTC reports that Americans lost over $80 million in cryptocurrency scams between October 2020 and April 2021.
Currently, it is impossible to transfer personally identifiable information through the blockchain and equally improbable to tell with a high level of certainty if an institution is on the other side of the transaction. Additionally, the speed with which regulations are being enforced is not on par with industry readiness.
Notabene leverages decentralized identity protocols to create a Trust Framework that allows companies to become Travel Rule compliant today. Notabene’s offering comprises a suite of protocol-agnostic tools, software, and comprehensive data that enables crypto companies to manage counterparty risk securely and exchange customer data with any counterparty in a privacy-preserving way.
Peter Johnson, Partner at Jump Capital.
“At Jump, we believe crypto will be the defining technological innovation of our age and look to invest in companies that move the industry forward. Notabene is well-positioned to be a leader in enabling mainstream crypto adoption by ensuring regulatory compliance for crypto-native companies and financial institutions worldwide. We are proud to support Notabene and look forward to working closely with its team.”
Notabene is the first-to-market end-to-end Travel Rule compliance solution with 20+ customers on their platform, including global exchanges like Luno, Bitso, Paxful, Crypto.com. Notabene’s Travel Rule compliance solution has enabled 50+ exchanges to process Travel Rule transactions between counterparties.
About Notabene
Notabene is a reg-tech compliance SaaS solution that connects the traditional financial industry and crypto industry. We are working to make crypto transactions a part of the everyday economy by providing software, tools, and comprehensive data to manage regulatory and counterparty risks in crypto transactions. Using privacy-preserving technology, strategic partnerships, and commitment, our first-to-market FATF Travel Rule solution helps financial institutions, crypto exchanges, and businesses turn compliance into a competitive advantage. Key investors include Jump Capital, F-Prime Capital, Castle Island, Green Visor Capital, Illuminate Financial, CMT Digital, and a cadre of top-tier angel investors. Trusted by leading exchanges, Luno, Bitso, Crypto.com, and more.
Notabene is headquartered in New York with offices in Zug and Santiago de Chile. To learn more, visit www.notabene.id. Follow us on LinkedIn and Twitter.
****
Media Contact
Alice Nawfal, Notabene COO
On October 28, 2021, the Financial Action Task Force (FATF) released its first fully updated guidance for a risk-based approach for Virtual Assets and Virtual Asset Service Providers since 2019. This document updates its draft guidance released in March. Read our comments on that release here. This guidance offers recommendations on how member jurisdictions should regulate cryptocurrency businesses.
The key theme is FATF’s focus on regulating cryptocurrency businesses as VASPs based on their function and business model, rather than their underlying technology, self-described business category, or custodial status. Below, we’ve summarized the top 12 key takeaways from the updated guidance and tell you how Notabene can help you meet your compliance obligations.
Click here to watch the webinar summary. Access the slides.
1. FATF states that Stablecoins could be considered higher risk due to their potential for mass adoption
§104
As with VAs, it is important that ML/TF risks of stablecoins, particularly those with potential for mass-adoption and that can be used for P2P transactions, are analysed in an ongoing and forward-looking manner. In developing new products, VASPs and other obliged entities should assess the ML/TF risks before bringing them to market and put in place mitigation measures before launch.
What this means: The FATF recognizes that all VAs have a potential for widespread adoption yet denotes that stablecoin projects have a greater potential for mass adoption, which can heighten ML/TF risks. FATF recommends that stablecoin providers employ potential mitigation measures to ensure AML/CFT obligations are fulfilled. Expect more VASPs to start building compliance into new stablecoin products.
2. FATF calls on Public-Private collaboration to create new risk-mitigation tools for P2P transactions
§105 P2P transactions
As set out in Section 2, countries should also seek to understand the ML/TF risks related to P2P transactions and how they are being used in their jurisdiction. (...)
§106
Depending on the assessed risks associated with P2P transactions, or certain types of P2P transactions, countries may consider and implement as appropriate options to mitigate these risks at a national level.
What this means: FATF is firming its stance on P2P transactions or transactions from VASPs to unhosted wallets.
Currently, the FATF places the AML/CTF burden on intermediaries and, for the time being, this will continue to be the case.In the second annual review of the Guidance, which took place in June 2021, the FATF decided it was not yet time for a paradigm shift because, first, the available data on the P2P market was deemed not yet not reliable enough to make an informed decision, and second, intermediaries continue to have a predominant presence in the crypto market. However, the FATF admits that the standards might need to be adapted in the future in case the industry shifts to disintermediated transactions. Furthermore, the FATF recognizes that P2P transactions could pose specific ML/TF risks, as they can potentially be used to avoid AML/CFT controls in the FATF Standards. For that reason, in the latest Guidance the FATF lists a number of measures that members can adopt to mitigate the risks associated with P2P transactions. In particular, the FATF already recognizes the possibility of restricting VASPs to only transact with other VASPs as a means to mitigate risks.
3. Every virtual asset for payment or investment should be subject to obligations applicable either as a VA or another type of financial asset
§51
The FATF does not intend for an asset to be both a VA and a financial asset at the same time. (...) When determining if a new digital asset should qualify as a financial asset or a VA, authorities should consider whether their existing regime governing financial assets or their regime for VAs can be appropriately applied to the new digital assets in question.
§52
In instances where characterization proves difficult, jurisdictions should assess their regulatory systems and decide which designation will best mitigate and manage the risk of the product or service. Consistent with the technology-neutral approach, a blockchain-based asset that is defined as a financial asset would likely not fall under this VA-focused Guidance. (...) RBA. Nonetheless, every asset for payment or investment should be subject to obligations applicable either as a VA or another type of financial asset.
What this means: FATF places the onus on jurisdictions to determine if a VA is a financial asset or a virtual asset. Jurisdictions could consider the commonly accepted asset usage (payment or investment) and what type of regulatory regime offers the best fit. What is key is that, regardless of the framework that jurisdictions decide to apply, all assets used for payment or investment purposes are subject to obligations consistent with the FATF recommendations, either as a VA or as other type of financial asset. It is also worth mentioning that the underlying technology of the asset is not a deciding factor in determining the applicable framework to the asset at issue. For example, a blockchain-based asset defined as a financial asset would likely not fall under the FATF VA-focused Guidance.
4. The guidance now includes clarifications around #DeFi developers, stablecoin developers, and multi-sig custodial APIs
§64
The definition of VASP covers any service allowing users to transfer ownership, or control of a VA to another user or to transfer VAs between VA addresses or accounts held by the same user. (...) If a new party has custody or ownership of the VA, has the ability to pass control of the VA to others, or has the ability to benefit from its use, then transfer has likely occurred. This control does not necessarily have to be unilateral and multi-signature processes are not inherently exempt (see limb (iv) below), where a VASP undertakes the activity as a business on behalf of another natural or legal person.
§73
The term “control” should be understood as the ability to hold, trade, transfer or spend the VA. (...) The existence of a multi-signature model or models in which multiple parties must use keys for a transaction to happen does not mean a particular entity does not maintain control, depending on the extent of the influence it may have over the VAs.
§67
A DeFi application (i.e. the software program) is not a VASP under the FATF standards, as the Standards do not apply to underlying software or technology (see paragraph 82 below). However, creators, owners and operators or some other persons who maintain control or sufficient influence in the DeFi arrangements, even if those arrangements seem decentralized, may fall under the FATF definition of a VASP where they are providing or actively facilitating VASP services. For example, there may be control or sufficient influence(...) even if this is exercised through a smart contract or in some cases voting protocols. Countries may wish to consider other factors as well, such as whether any party profits from the service or has the ability to set or change parameters to identify the owner/operator of a DeFi arrangement.
§68
While this Guidance aims to provide direction, countries will need to evaluate the facts and circumstances of each individual situation to determine whether there is an identifiable person(s), whether legal or natural, providing a covered service. Marketing terms or self-identification as a DeFi is not determinative, nor is the specific technology involved in determining if its owner or operator is a VASP. (...)Countries should be guided by the principle that the FATF intends to cover natural or legal persons who conduct the financial services covered in the definition as a business. (...) In cases where a person can purchase governance tokens of a VASP, the VASP should retain the responsibility for satisfying AML/CFT obligations. An individual token holder in such a scenario does not have such responsibility if the holder does not exercise control or sufficient influence over the VASP activities undertaken as a business on behalf of others.
What this means: Multi-Sig Custodial APIs are not outside of the VASP scope, as they control keys/credentials held by others. Central developers of governance bodies of stablecoins are, in general, considered VASPs. For stablecoins without a readily identifiable central body, the party that develops and launches its arrangement likely carries out VASP functions and would be covered under the VASP definition. DeFi developers, owners, and operators may fall under the FATF definition of a VASP provided that they maintain control or sufficient influence in the DeFi arrangements, even if the operations seem automated and decentralized. However, DeFi governance token holders do not have VASP responsibilities, so long as they do not have control or sufficient influence over VASP activities. As DeFi projects rapidly expand in number, countries will need to evaluate the facts of each particular situation to determine how to proceed. We strongly recommend that the industry pushes a unified interpretation of the rules to national regulators.
5. This updated guidance changes the scope of application of the Travel Rule to include unhosted wallets
§179
The requirements of Recommendation 16 apply to VASPs whenever their transactions, whether in fiat currency or VA, involve: (a) a traditional wire transfer, (b) a VA transfer between a VASP and another obliged entity (e.g., between two VASPs or between a VASP and another obliged entity, such as a bank or other FI), or (c) a VA transfer between a VASP and a non-obliged entity (i.e., an unhosted wallet). The full requirements of Recommendation 16 apply to (a) and (b) but not (c), as set out below.
What this means: In the June 2019 Guidance (§113), VA transfers between VASP and non-obliged entities were not within the scope of TR requirements. From now on, Travel Rule requirements apply to transactions with non-obliged entities (such as unhosted wallets), but with adaptations. This means that for VASPs to apply the right process, they need to determine whether the transaction is with a VASP or with an unhosted wallet in the first place. Notabene’s fully-customizable Wallet Identification tool can help VASP determine their counterparties.
Now, when a transaction originating from a VASP to a non-obliged entity, FATF expects VASPs to:
- Obtain the originator and beneficiary information from VASP’s customer when originating or receiving a VA transfer
- Enforce AML/CTF obligations (e.g., transaction monitoring, sanctions compliance)
FATF does not expect VASP to:
- Send required information to non-obliged entities
6. This guidance updates the de-minimis threshold and information required for a Travel Rule transaction.
§191
Countries may choose to adopt a de minimis threshold for VA transfers of USD/EUR 1 000 in line with the FATF Standards, having regard to the risks associated with various VAs and covered VA activities. (...) For VA transfers under the threshold, countries should require that VASPs collect:
a. the name of the originator and the beneficiary; and
b. the VA wallet address for each or a unique transaction reference number.
§192
Such information does not need to be verified unless there are suspicious circumstances related to ML/TF, in which case information pertaining to the customer should be verified.
What this means: Many jurisdictions adopted Travel Rule requirements only for VA transfers above certain thresholds. VA transfers below the threshold VASPs should still be required to collect (but not verify, unless there is an ML/TF suspicion) the beneficiary and originator: (i) name (ii) wallet address / TX identifier.
7. FATF provides options for risk-mitigation when interacting with unhosted wallets
§297
A VASP may choose to impose additional limitations, controls, or prohibitions on transactions with unhosted wallets in line with their risk analysis. Potential measures include:
a. enhancing existing risk-based control framework to account for specific risks posed by transactions with unhosted wallets (e.g., accounting for specific users, patterns of observed conduct, local and regional risks, and information from regulators and law enforcement); and b. studying the feasibility of accepting transactions only from/to VASPs and other obliged entities, and/or unhosted wallets that the VASP has assessed to be reliable.
What this means: The FATF now provides options for risk mitigation, including VASPS limiting transactions to only other VASPs or whitelisted accounts only. FATF clarifies the scope and obligations intermediaries when it comes to Travel Rule requirements
Footnote 50
To clarify, when a VASP, FI or other intermediary obliged entity facilitates a VA transfers as an intermediate element in a chain of VA transfers, and the certain activity/business has been classified as a VASP in this Guidance, then they would be classified as an “intermediary VASP”.
§202
(...)Just as a traditional intermediary FI processing a traditional fiat cross-border wire transfer must ensure that all required originator and beneficiary information that accompanies a wire transfer is retained with it, so too must an intermediary VASP or other comparable intermediary institution that facilitates VA transfers ensure that the required information is transmitted along the chain of VA transfers, as well as maintaining necessary records and making the information available to appropriate authorities upon request. (...)Intermediary institutions involved in VA transfers also have general obligations to identify suspicious transactions, take freezing actions, and prohibit transactions with designated persons and entities—just like ordering and beneficiary VASPs (or other ordering or beneficiary obliged entities that facilitate VA transfers).
What this means: Intermediary VASPs are entities that sit somewhere in the chain of a virtual asset transfer and facilitate the transfer from the originating VASP to the beneficiary VASP by providing a service that qualifies as a virtual asset service under the Guidance.
According to the FATF's guidance, Intermediaries only pass information along, so they aren’t required to verify originating or beneficiary information, but they are nevertheless subject to record keeping obligations and are required to carry out sanctions screening. Since intermediaries are not required to verify originator and beneficiary information, requiring intermediaries to also screen the parties to the transaction against sanction lists is potentially not the most effective approach. Relying on the VASP that knows more about each party to perform this function is preferable.
VASP <> VASP reliance for sanction screening is a more effective solution. Industry cooperation will be essential to implementing a standard compliance flow for intermediaries.
Criteria to qualify as an intermediary VASP:
- Facilitates a VA transfer as an intermediate element in a chain of VA transfers
- That activity qualifies as a virtual asset service under the Guidance
Obligations of intermediary VASPs:
- Transmit required information along the chain of VA transfers
- Record keeping
- Identify suspicious transactions
- Take freezing actions
- Prohibit transactions with designated persons or entities
8. A phased risk-based approach applied to business models should help VASPs get around the Sunrise issue.
§200
The FATF expects countries to implement paragraph 7(b) of INR.15 as soon as possible. Countries may wish to take a staged approach to enforcement of travel rule requirements to ensure that their VASPs have sufficient time to implement the necessary systems, but should continue to ensure that VASPs have alternative measures in place to suitably mitigate the ML/TF risks arising from VA transfers in the interim. (...) This means that some jurisdictions will require their VASPs to comply with the travel rule prior to other jurisdictions (i.e., the ‘sunrise issue’). This can be a challenge for VASPs regarding what approach they should take in dealing with VASPs located in jurisdictions where the travel rule is not yet in force. Regardless of the lack of regulation in the beneficiary jurisdiction, originating entities can require travel rule compliance from beneficiaries by contract or business practice.
§201
(...)Regardless of the regulation in a certain country, a VASP may implement robust control measures to comply with the travel rule requirements. Examples include VASPs restricting VA transfers to within their customer base (i.e., internal transfers of VAs within the same VASP), only allowing confirmed first-party transfers outside of their customer base (i.e., the originator and the beneficiary are confirmed to be the same person) and enhanced monitoring of transactions.
What this means: In this Guidance the FATF makes it very clear that the time for compliance is now. The FATF acknowledges the need for this staged approach to compliance with the Travel Rule. But, at the same time, the FATF requires countries to enforce interim risk mitigation measures that enable tackling the ML/TF risks associated with VA transfers now.
The sunrise period - period during which Travel Rule requirements are not in force in all jurisdictions - causes a lot of practical problems due to crypto being inherently international. VASPs in countries where Travel Rule requirements are already being enforced will have a hard time complying if they want to keep interacting with VASPs based in countries where the Travel Rule is not yet being enforced.
But what the FATF says in the new Guidance is that this issue should not preclude VASPs from already complying with the Travel Rule. And in this context, the FATF suggests a number of measures that VASPs could implement to circumvent the sunrise issue. Most of them entail substantial limitations to the VASPs' transaction volume.
In some instances, VASPs could avoid the business impact of Travel Rule compliance through policy coordination. Although the sunrise period is the #1 hindrance to compliance with the Travel Rule, FATF claims that it should not preclude VASPs from complying and offers the following risk-mitigating measures to circumvent the effect of the sunrise issue.
- Require counterparty to comply
- Restricting TXs to within customer base
- Allowing only first-party transactions
- Enhanced monitoring
9. FATF recognizes that conducting counterparty due diligence is a challenge. Provides guidance on how counterparty due diligence could be undertaken.
§197.
The best way to conduct counterparty due diligence in a timely and secure manner is a challenge. There are broadly three phases in this process. These are not intended as prescriptive actions that VASPs must take, but guidance on how counterparty due diligence could be undertaken:
a. Phase 1: Determine whether the VA transfer is with a counterparty VASP. A person may wish to transfer VAs to another VASP (e.g., a beneficiary with a hosted wallet) or they may wish to transfer VAs to an unhosted wallet. The originator VASP must therefore determine whether they will be transacting with another VASP. This determination process is not purely an AML/CFT requirement, but rather arises from the technology underpinning VAs. To date, the FATF is not aware of any technically proven means of identifying the VASP that manages the beneficiary wallet exhaustively, precisely, and accurately in all circumstances and from the VA address alone;
b. Phase 2: Identify the counterparty VASP, as a VASP only knows the “name” of the counterparty VASP following the previous phase. A VASP may identify a counterparty VASP themselves using a reliable database in line with any guidelines from a country on when to rely on such data; and
c. Phase 3: Assess whether the counterparty VASP is an eligible counterparty to send customer data to and to have a business relationship with (see Recommendation 16 in Section IV for further information on counterparty VASP due diligence and Recommendation 11 on record-keeping to appropriately store and manage that customer data).
§193
Countries should require both ordering and beneficiary institutions to take freezing actions and prohibit transactions with designated persons and entities (i.e., screening and required information relating to VA transfers in order to comply with their targeted financial sanctions obligations). The ordering institution should have the required information about its customer, the originator, and the beneficiary institution should have the required information about its customer, the beneficiary, in line with the CDD requirements set forth in Recommendation 10. The ordering and beneficiary institutions should have screened their customer’s name for compliance with targeted financial sanctions obligations at the time of onboarding their respective (and upon name changes). They must then screen the names of the other party (the originator or the beneficiary) when they conduct the VA transfer (see Table 1 above).
§198
To clarify the scope of this Guidance, competent authorities should require VASPs to implement preventive measures in ‘Phase 3’ to assess the counterparty VASP, where VASPs first have a business relationship, and then review the results of the due diligence periodically. Countries should also maintain reliable, independent sources of information for ‘Phase 2’ to assist VASPs in their efforts to identify the counterparty VASP. This could include regulated institutions lists, such as VASP lists where available, registries of beneficial ownership where available and other examples mentioned in the BCBS Guideline.49 For the benefit of effective and efficient counterparty due diligence, a regulated institutions list may include but should not be limited to contains the VASP name and registered VASP address. Considering the increased usage of digitalized processes in the financial industry, countries should be encouraged to use a format that is machine-readable. A country need not impose a separate licensing or registration system for VASPs with respect to natural or legal persons already licensed or registered as FIs (as defined by the FATF Recommendations) within that country. Countries that have such frameworks may clarify to their private sector that such FIs might not be on the designated VASPs lists, or even not under the supervision of the same regulator, to avoid unnecessary de-risking.
§194
Countries should require VASPs or other obliged entities to implement an effective control framework to ensure that they can comply with their targeted financial sanction obligations. This framework should take into account the nature of VA transfers. Because the required information identifying the originator and beneficiary can be held separately to the VA transfer system (e.g., the blockchain), the VA transfer can be completed even with such information missing or without screening the transfer to identify suspicious and prohibited transactions. Therefore, VASPs or other obliged entities should screen required VA transfer information separately to such direct settlement. Thus, VASPs may need to consider mitigation measures that fit their business process and the technical nature of VAs. Although blockchain technology is ever-changing, examples of controls that a VASP or other obliged entity could implement include:
a. putting a wallet on hold until screening is completed and confirmed that no concern is raised; and
b. arranging to receive a VA transfer with a provider’s wallet that links to a customer’s wallet and moving the transferred VA to their customer’s wallet only after the screening is completed and has confirmed no concern is raised.
What this means: The first thing VASPs should ask themselves when complying with the Travel Rule in the context of a VA transfer is whether they are transacting with a counterparty VASP, as this will influence the rules that apply to the transfer. This continues to be a relevant pain point and, in the Guidance, the FATF acknowledges that today it is not always possible to determine, securely, whether a VASP is managing the wallet on the other side.
In cases where the VA transfer is with a VASP, the goal is to make sure that such counterparty VASP can be trusted before transacting. For that purpose, VASPs need to undertake appropriate due diligence and look at several aspects such as the
- robustness of the counterparty's data security framework
- whether the counterparty is complying with the travel rule
- and whether the counterparty is under supervision of relevant authorities
All of this needs to happen before transacting.
Identifying and conducting due diligence on counterparty VASPs is the first pain point and the first stage in implementing the Travel Rule. FATF recommends the Wolfsberg questionnaire as a starting point for a potential framework in the VASP counterparty due-diligence context.
10. FATF outlines data requirements for ordering and beneficiary VASPs in the Travel Rule
Table 1: Data requirements for ordering and beneficiary VASPs in the travel rule (pg 59)
Notabene’s Takeaway: An important component of complying with the Travel Rule is the exchange of originator and beneficiary information between VASPs. The table above, included in the Guidance, provides an excellent summary of all the data exchange requirements and their purpose.
- The ordering VASP, which in most cases has a business relationship with the VA transfer originator, is required to transmit accurate information about the originator to the Beneficiary VASP.
- In turn, the Beneficiary VASP does not need to confirm the accuracy of the originator information, but needs to run the received information against sanction lists.
- Then, in contrast, the ordering VASP needs to send the beneficiary information collected from their customer to the Beneficiary VASP but does not need to confirm the accuracy of such data. The ordering VASP should use this data to screen the beneficiary user against sanction lists.
- The Beneficiary VASP (who verifies the identity of the beneficiary of the VA transfer upon establishing a business relationship with them), is required to confirm if the received beneficiary information is consistent with their records.
It is worth noting that in the updated Guidance the FATF recognizes that, when VASPs reasonably conclude that their counterparty does not handle PII securely, they can proceed with the blockchain transfer without sending PII to their counterparty VASP, provided that:
- AML / CTF risks are acceptable and
- That the VASP adopts alternative procedures.
11. FATF recommends VASPs to take freezing actions and prohibit transactions with designated persons/entities
§193
Countries should require both ordering and beneficiary institutions to take freezing actions and prohibit transactions with designated persons and entities (...) The ordering and beneficiary institutions should have screened their customer’s name for compliance with targeted financial sanctions obligations at the time of onboarding their respective (and upon name changes). They must then screen the names of the other party (the originator or the beneficiary) when they conduct the VA transfer.
§194
(...) Because the required information identifying the originator and beneficiary can be held separately to the VA transfer system (e.g., the blockchain), the VA transfer can be completed even with such information missing or without screening the transfer to identify suspicious and prohibited transactions. (...) Thus, VASPs may need to consider mitigation measures that fit their business process and the technical nature of VAs.
What this means: The goal of the sanction screening obligations imposed on VASPs is to prevent transactions with designated entities and allow VASPs to take freezing actions when such transactions occurs. For these purposes, VASPs are required to screen the names of their own customers and also of the counterparty to any transactions against sanction lists. Additionally, VASPs must take measures to mitigate the risk of settling the blockchain TX before the screening is completed, such as putting a wallet on hold until screening is completed and confirming that no concern is raised.
How Notabene helps VASPs meet FATF obligations
Notabene is a reg-tech SaaS solution that turns regulatory compliance into a competitive advantage. We are working to make crypto transactions a part of the everyday economy by providing software, tools, and comprehensive data to manage regulatory and counterparty risks in crypto transactions. Companies leverage our end-to-end FATF Travel Rule solution to identify virtual asset accounts, perform mandated VASP due diligence, and manage global transactions from one dashboard. We currently process transactions between more than 50 crypto native companies. Trusted by leading exchanges, Luno, Bitso, Crypto.com, and more. If you’d like to learn more about how we can help, please contact us here.
ROAD TOWN, British Virgin Islands, October 22 2021 - Bitfinex, a state-of-the-art digital token trading platform will begin testing Notabene's end-to-end protocol-agnostic solution for crypto regulatory compliance.
Notabene will enable Bitfinex to test complex Travel Rule transactions in a low-risk, collaborative environment as the exchange prepares for the new rules and takes an industry leading role in meeting global regulatory requirements. Notabene’s open solution supports integration to multiple protocols, enabling Virtual Asset Service Providers (VASPs) to send and receive counterparty information alongside blockchain transactions to any counterparty that uses the same infrastructure.
Global money-laundering watchdog the Financial Action Task Force (FATF) introduced new guidelines that treat crypto companies as regulated financial entities. Going forward, companies that custody and exchange virtual assets on behalf of customers will have to comply with existing regulatory requirements similar to banks, including the “Travel Rule,” which mandates collaboration to exchange identifying information of customers in transactions over a certain threshold. This is a daunting task as blockchains are ill-equipped to transfer personal identifying information in a secure and private manner, in tandem with the exchange of value.
After successful integration of Notabene’s Travel Rule solution, Bitfinex aims to deliver the highest levels of data privacy while enabling participants to send the required Travel Rule data to the correct counterparty in a safeguarded manner.
Paolo Ardoino, CTO of Bitfinex, comments:
“As the preeminent, leading exchange in the trading of bitcoin, Bitfinex has always taken a leading role in meeting new global regulatory requirements. We chose to trial Notabene’s best-in-class solution as it delivers a seamless compliance process without any compromise to the user experience.”
Pelle Braendgaard, CEO of Notabene, says:
“Bitfinex has been an integral part of the crypto currency community for many years now. They share our vision for a continued open crypto currency ecosystem. We are excited to help work with them implementing the Travel Rule, a key part of the latest guidelines for Virtual Asset Service Providers from FATF. Travel Rule testnets are the best way for companies to collaborate on the approach to roll out Travel Rule compliance.”
Notabene regularly holds strategic Travel Rule compliance testnets that substantially benefit all stakeholders in the community, including a recent cross-jurisdictional testnet, under the observance of the Financial Services Regulatory Authority (FSRA) of Abu Dhabi Global Market (ADGM).
##
About Bitfinex
Founded in 2012, Bitfinex is a digital token trading platform offering state-of-the-art services for traders and global liquidity providers. In addition to a suite of advanced trading features and charting tools, Bitfinex provides access to peer-to-peer financing, an OTC market and margin trading for a wide selection of digital tokens. Bitfinex's strategy focuses on providing unparalleled support, tools, and innovation for experienced traders and liquidity providers around the world. Visit www.bitfinex.com to learn more.
About Notabene
Notabene is a reg-tech SaaS solution that turns regulatory compliance into a competitive advantage. We are working to make crypto transactions a part of the everyday economy by providing software, tools, and comprehensive data to manage regulatory and counterparty risks in crypto transactions. Companies leverage our end-to-end FATF Travel Rule solution to identify virtual asset accounts, perform mandated VASP due diligence, and manage global transactions from one dashboard. Trusted by leading exchanges, Luno, Bitso, Crypto.com, and more.
Notabene is headquartered in New York with offices in Zug and Santiago de Chile. To learn more, visit www.notabene.id. Follow us on LinkedIn and X.
Media contacts
Joe Morgan, Senior PR Manager, Bitfinex
Alice Nawfal, COO, Notabene
British Virgin Islands, October 20, 2021, 12:00 PM BST - Tether Operations Limited (“Tether”), the company operating the blockchain-enabled platform Tether.To that powers the largest stablecoin by market capitalization, announced today that it will be utilizing Notabene, an end-to-end solution for crypto regulatory compliance. It will begin testing its protocol-agnostic solution for Travel Rule compliance in order to bring transparency to cross-border transactions.
Notabene will enable Tether to test complex Travel Rule transactions in a collaborative, low-risk environment as the stablecoin issuer prepares for new regulations. In order to ensure customer protection, specifically as it pertains to transactions made by Virtual Asset Service Providers (VASPs), Tether will use Notabene’s solution to share, send and receive counterparty information alongside blockchain transactions to counterparties that use the same infrastructure.
Global money-laundering watchdog the Financial Action Task Force (FATF) has issued guidelines holding crypto companies to similar standards as regulated financial entities. The “Travel Rule” recommends that VASPs dealing with virtual assets should transmit specific customer data between counterparties for transactions over a certain threshold. The updated guidelines describe the FATF’s recommendations in key areas, including how the FATF standards should be applied to stablecoins. These practices are intended to assist countries and service providers to combat money laundering, terrorist financing, and abide by Sanctions measures.
Paolo Ardoino, CTO of Tether.
“It's important that we work with regulators to build this industry from the ground up as pioneers of blockchain technology and leaders in transparency, we are dedicated to not only keeping up with new rules but helping shape them. Because the Travel Rule also applies to traditional financial institutions we see this as an opportune moment to foster cooperation across traditional and digital channels in order to create better services for customers globally. We are proud to lead the charge on behalf of all stablecoins in order to make a positive change towards protecting our clients.”
Pelle Braendgaard, CEO of Notabene, comments:
“Tether’s stablecoin has rightfully cemented its role as a core part of the global crypto industry. Notabene is excited to help Tether bring out FATF Travel Rule compliance across its global network, leading to a safer and more regulatory compliant crypto world.”
By bringing a trusted data layer to blockchain transactions, Notabene’s design will assist Tether in managing counterparty risk and deliver a best-in-class payment experience to its customers while maintaining GDPR compliance and user data protection.
With the successful integration of Notabene’s solution, Tether aims to maintain its reign as a leader in transparency and in getting information to the community as well as its stakeholders, while demonstrating full compliance with regulatory requirements. To learn more about Tether, please visit, https://tether.to/.
##
About Tether
Tether is the preeminent stablecoin with the biggest market capitalization, surpassing that of all rival offerings combined. Created in October 2014, Tether has grown to become the most traded cryptocurrency. Tether is disrupting the legacy financial system by offering a more modern approach to money. By introducing fiat currency denominated-digital cash to the Bitcoin, Ethereum, EOS, Liquid Network, Omni, Tron, Algorand, and Solana blockchains, Tether makes a significant contribution to a more connected ecosystem. Tether combines digital currency benefits, such as instant global transactions, with traditional currency benefits, such as price stability. With a commitment to transparency and compliance, Tether is a fast and low-cost way to transact with money.
About Notabene
Notabene is a reg-tech SaaS solution that turns regulatory compliance into a competitive advantage. We are working to make crypto transactions a part of the everyday economy by providing software, tools, and comprehensive data to manage regulatory and counterparty risks in crypto transactions. Companies leverage our end-to-end FATF Travel Rule solution to identify virtual asset accounts, perform mandated VASP due diligence, and manage global transactions from one dashboard. Trusted by leading exchanges, Luno, Bitso, Crypto.com, and more.
Notabene is headquartered in New York with offices in Zug and Santiago de Chile. To learn more, visit www.notabene.id. Follow us on LinkedIn and Twitter.
Media contact
Alice Nawfal, COO, Notabene
We recently released a survey inviting the responses of VASPs of various sizes worldwide to compile the findings into the State of Crypto Travel Rule Compliance Report. The upcoming report will demonstrate a transparent understanding of Travel Rule compliance readiness levels and pain points. Today we present a preliminary analysis of this data. Thank you to all of you who completed the survey.
What we’ve noticed: Regulators will have a significant role to play in the smooth, global implementation of Travel Rule compliance. Most of the issues that VASPs are facing are due to a lack of regulatory clarity. Regulators could help with coordination and further guidance.
Learn more below.
1. 95% of respondents have an internal compliance/legal department.
78% of those say these teams are a key pillar of the company with enough power to ensure that the business adheres to external rules and internal controls.
2. 72% of the respondents are already Travel Rule compliant or are on track to becoming fully compliant soon. [Q3/Q4 2021 - Q1/Q2 2022]
3. 100% of respondents that report full Travel Rule compliance are in Singapore.
4. 56% of respondents name the sunrise period and legal uncertainty as the two most relevant hindrances to adoption.
- Managing data privacy risks, UX impact, and interactions with non-custodial wallets are at the bottom of the list of adoption hindrances.
5. Potentially due to the sunrise period, VASPs are in very different stages of compliance.
VASPs that are looking to comply with Travel Rule requirements are all in very different stages of the process. The distribution of VASPs across the research, planning, implementation and finalized phase is fairly equal. This is possibly connected to the "sunrise issue," resulting in VASPs having very different levels of regulatory pressure to go live with the Travel Rule.
6. 18% of VASPs report to have suspended all transactions until they are ready to comply with the Travel Rule.
We will provide more information, including a deeper analysis, VASP interviews, and Regulator insights in the upcoming State of Crypto Travel Rule Compliance Report in December. Stay tuned to this and other regulatory news by signing up for our newsletters.
As the report aims to demonstrate a transparent understanding of compliance readiness levels and pain points, gathering responses and insights from a diverse group of VASPs is crucial. If your firm qualifies as a VASP, please feel free to submit your answers.
If you have any questions about the survey, please feel free to reach out to [email protected] or [email protected].
Enter your information below to download the State of Crypto Travel Rule Compliance Report 2022.
AMSTERDAM & NEW YORK -- Notabene, a Financial Action Task Force (FATF) Travel Rule solution provider has announced a partnership with Crystal Blockchain, a Netherlands-based blockchain investigative tool. The collaboration is meant to enable Virtual Asset Service Providers (VASPs) to comply with the FATF’s Travel Rule identification, data exchange, and reporting process from beginning to end.
Crystal Blockchain powers regional and global AML compliance and operational continuity by enabling best-in-class blockchain transaction risk assessment. Notabene is a regtech SaaS solution that allows companies to leverage their end-to-end FATF Travel Rule solution to identify virtual asset accounts, perform mandated VASP due diligence, and manage global transactions from one dashboard.
- Alice Nawfal, COO of Notabene says
“Industry partnerships are the key to FATF Crypto Travel Rule compliance. Working with Crystal Blockchain allows us to embed blockchain compliance security into our product offering, providing the best end-to-end Travel Rule compliance solution in the space.”
Marina Khaustova, CEO at Crystal Blockchain, comments
“Crystal’s latest partnership with travel rule solutions aggregator Notabene allows us to bring the best of blockchain compliance security to our customers as we and Notabene work towards a safer and more risk-averse blockchain future.” --- Marina Khaustova, CEO at Crystal Blockchain
Read more in PAYPERS about the latest partnership between Crystal and Notabene
About Notabene
Notabene is a reg-tech SaaS solution that turns regulatory compliance into a competitive advantage. We are working to make crypto transactions a part of the everyday economy by providing software, tools, and comprehensive data to manage regulatory and counterparty risks in crypto transactions. Companies leverage our end-to-end FATF Travel Rule solution to identify virtual asset accounts, perform mandated VASP due diligence, and manage global transactions from one dashboard. Trusted by leading exchanges, Luno, Bitso, Crypto.com, and more. Notabene is headquartered in New York with offices in Zug and Santiago de Chile. Notabene is headquartered in New York with offices in Zug and Santiago de Chile. To learn more, visit www.notabene.id. Follow us on LinkedIn and Twitter.
About Crystal Blockchain
Crystal is the world-leading all-in-one blockchain analytics tool for crypto AML compliance, providing blockchain analytics and crypto transaction monitoring for thousands of cryptocurrencies in real-time. Crystal works globally with customers in the digital asset industry, the banking, and FI sectors. We help streamline their Know Your Transaction (KYT) and Anti-Money Laundering (AML) procedures for meeting international compliance standards. Available as a free demo version, SaaS, API, and on-premise installation. Engineered by Bitfury.
Media contacts
Ana Diundina, Crystal Blockchain
+380977371660
Alice Nawfal, COO, Notabene
NEW YORK -- Notabene, the leading FATF Travel Rule solution provider, has announced the successful completion of a Travel Rule testnet in cooperation with the Financial Services Regulatory Authority (FSRA) of Abu Dhabi Global Market (ADGM).
Notabene set up a collaborative environment for seven companies to test cross-jurisdictional Travel Rule transactions in a low-risk environment as they gear up to comply with impending regulations. Four ADGM-licensed firms, Matrix, Aarna Capital, DEX, and MidChains, tested sending transactions with companies applying for their Singaporean digital payment token (DPT) license–Amber Group, Liquid, and Zipmex.
New anti-money laundering (AML) rules, commonly known as the “Travel Rule,” require crypto companies to share personal customer information alongside a transaction. As enforcement deadlines approach, financial institutions rush to implement new compliance tools, train compliance teams to implement new processes and understand what actions to take across various scenarios.
ADGM’s FSRA cooperated with Notabene to establish the testnet so that companies could perform simulated travel rule transactions between each other, collaborate on compliance approaches, while permitting the regulator to clarify their interpretation of the rules.
The participating firms tested six real-life scenarios, including interactions with firms operating cross-jurisdictionally where thresholds and requirements vary.
Other scenarios tested included:
- Rejecting transfers when data didn’t match internal records.
- Interacting with companies who are not Notabene customers and may not be live with Travel Rule.
- Requesting missing travel rule transfers from counterparties.
Alice Nawfal, COO of Notabene, says:
“The industry is signaling to regulators that they can adapt to the intricacies of new regulations, including varying cross-jurisdictional rules. Notabene’s software ensures that firms complying with the various regulations do not have to limit transaction flow.”
Wai Lum Kwok, Senior Executive Director – Authorisation of the FSRA, comments:
“We are pleased to see that the industry is actively collaborating to use technology to facilitate compliance. Such collaborations let participants better understand regulatory requirements and improve their processes. Further, appropriate use of technology can lead to more efficient and effective compliance outcomes. The cross-border nature of this collaboration is a good signal that the industry is increasingly able to deal with the global nature of compliance for virtual assets.”
Participating exchanges expressed excitement to trial Travel Rule transactions through Notabene with regulator participation.
Pav Gill, Chief Legal Officer at Zipmex, adds:
“It has been a pleasure to be granted the opportunity to work with ADGM. Throughout this experience, we have seen the positives of how these solutions will help in the fight against financial crimes within the digital assets industry. While there is an appreciation of the intentions behind the regulation, significant practical challenges remain in terms of implementation in order to ensure a seamless customer experience that matches the power of the underlying technology. We look forward to continuing to work with regulators during these exciting times.”
Vasja Zupan, President of Matrix, comments:
“We are thrilled to take part in a global effort to test Travel Rule transactions. As a regulated trading platform that prioritizes security, we see Notabene’s testnet as a responsible and resourceful step for testing customer transactions.”
Seth Melamed, COO, Liquid, comments:
"At Liquid, putting clients at the center of all that we do is core to how we operate. Adherence to AML regulations is an important part of our client-centric approach. In our collaboration with Notabene, Liquid is proactively working with other crypto entities, regulators, and solution providers to adapt the principles of Funds Travel Rule to a blockchain context."
This testnet presents an excellent opportunity for the participating firms to learn collaboratively. Going forward, Notabene will continue to facilitate further testing, provide integration support, and moderate compliance team discussions, as well as publishing ‘blueprint’ compliance flows to the industry. Sign up for the next testnet here.
About Notabene
Notabene is a reg-tech compliance SaaS solution that connects the traditional financial industry and crypto industry. We are working to make crypto transactions a part of the everyday economy by providing software, tools, and comprehensive data to manage regulatory and counterparty risks in crypto transactions. Using privacy-preserving technology, strategic partnerships, and commitment, our first-to-market FATF Travel Rule solution helps financial institutions, crypto exchanges, and businesses turn compliance into a competitive advantage. Key investors include Castle Island, Green Visor Capital, Illuminate Financial, CMT Digital, and a cadre of top-tier angel investors. Trusted by leading exchanges, Luno, Bitso, Crypto.com, and more.
Notabene is headquartered in New York with offices in Zug and Santiago de Chile. To learn more, visit www.notabene.id. Follow us on LinkedIn and Twitter.
Today, Germany published the Crypto Asset Transfer Regulation - KryptoWTransferV, implementing FATF's travel rule in the country. We will review this in the next few days and update our Germany jurisdiction page.
Until then, we share the highlights:
1. The Crypto Travel Rule regulation comes into force in Germany on October 1st, 2021.
KryptoWTransferV § 7 (1) Entry into force, expiry:
"This Ordinance shall come into force on October 1, 2021."
2. The regulation subsumes to the preexisting Money Transfer Ordinance framework.
KryptoWTransferV § 3 (1): Duty to survey, Storage and transmission of data during transfers between crypto value service providers
“For obliged entities making a transfer on behalf of the payer, the rules on obligations of the payment service provider of the payer under Articles 4 and 6 of the Funds Transfer Regulation shall apply mutatis mutandis if only crypto value service providers are involved in the transfer on behalf of the payer and the payee.
3. German VASPs must collect, store, and verify the name and addresses of non-custodial beneficiary and originators.
KryptoWTransferV § 4 (3): Duty to Collection and storage of data during transfers, in which not exclusively Crypto value service providers are involved
“For the purposes of paragraphs 1 and 2, risk-adequate measures are measures which correspond to the identified money laundering and terrorist financing risk of the transfer and which ensure the traceability of the transfer. In particular, a risk-appropriate measure is the collection, storage and verification of the name and address of the beneficiary or the principal for whom no crypto service provider is acting in the transfer and who is not a contractual partner of the obliged party.”
4. Companies that are unable to comply immediately must notify competent supervisory authorities by November 30, 2021.
Companies that cannot comply immediately with travel rule obligations must notify competent supervisory authorities by November 30th, 2021. They must further include the reasons for the impediment, the measures taken to remove it, and the timeline for the removal by December 31st, 2021. The stated reasons will be subject to the assessment of the supervisory authority, who may decide whether or not an exemption period should be granted to the VASP.
KryptoWTransferV § 5 (1) Transitional provisions:
“Obligated persons who, at the time of entry into force of this Ordinance, conduct banking transactions within the meaning of section 1(1) sentence 2 of the German Banking Act, provide financial services within the meaning of section 1(1a) sentence 2 of the German Banking Act or securities services within the meaning of section 2(2) to (4) of the German Securities Institutions Act in relation to crypto securities, and who are unable to comply with the obligations under sections 3 and 4 on a permanent basis or at all for reasons for which they are not responsible, shall notify the competent supervisory authority in accordance with section 50 number 1 of the German Money Laundering Act by 30 November 2021 and provide reasons for this by 31 December 2021. If obliged entities commence such banking transactions, financial services or investment services for the first time after the entry into force of this Ordinance, sentence 1 shall apply subject to the proviso that the notification, including the justification, must be made upon commencement. “
5. VASPs must ensure Travel Rule compliance within 12 months.
Under certain circumstances, a single extension of this period for additional 12 months may be granted.
KryptoWTransferV § 5 (2) Transitional provisions:
“The justification referred to in paragraph 1 shall include information on the reason for the impediment and on the measures taken to remove the impediment. In addition, the period of time in which the removal of the reason for the impediment is expected to take place shall be indicated, and it shall be specified which other risk-appropriate measures will be taken during the implementation of transfers. The period specified in accordance with the first sentence may not exceed twelve months. A single extension of this period by a further twelve months shall be permissible if a reasoned notice of extension is submitted before the expiry of the first twelve-month period and if the reason for the impediment continues to exist.”
Relevant links:
- BaFIN | Banking Act (Kreditwesengesetz - KWG)
- Bundesminister der Finanzen | Kryptowertetransferverordnung – KryptoWTransferV
- The Federal Minister of Finance | Regulation on enhanced due diligence requirements for the transfer of crypto assets (Crypto Asset Transfer Regulation - KryptoWTransferV) translated to English.