GIBRALTAR & NEW YORK, October 13, 2021-- Notabene, the leading FATF Travel Rule solution provider, has partnered with VASPnet, the assured source of VASP regulatory data.

This collaboration solves a crucial yet overlooked challenge presented by FATF’s anti-money laundering standards on virtual assets which mandate that Virtual Asset Service Providers carry out due diligence on their counterpart VASPs before engaging in a business relationship with them. Additionally, if a counterpart VASP’s regulatory status cannot be determined as regulated, the originating VASP may deem it high risk and restrict all transaction flow.

With Notabene’s integration of VASPnet’s reference data, firms can confidently make comprehensive and well-informed risk-based decisions to help manage their AML/CTF risk using real-time, high-quality data directly sourced from regulators.

VASPdata is the world’s largest dataset of up-to-date authoritative regulatory data on 28,000 service providers authorised to conduct virtual asset activities. VASPdata will support Notabene’s mission to remove regulatory complexity by adding transparency to firms’ transaction flows. Armed with VASPdata, Notabene will enhance how firms comply with FATF’s Recommendation 16. 

Notabene benefits from data that is assured by the VASPnet Verified freshness seal, ensuring Notabene’s customers receive only up-to-date and accurate regulatory information. With VASPdata and Notabene’s proprietary Rules Engine, Notabene’s customers can set robust regulatory rules into place, and scale ‘safe’ flows to regulated VASPs.

Quote from Notabene’s CEO Pelle Braendgaard: 

“Implementing the Travel Rule requires you to trust that your counterparty exchange has properly verified their customers. Performing manual due diligence on the often 100s of counterparty exchanges that an average exchange interacts with will lead to loss of business or increased risk of fines. Notabene’s partnership with VASPnet is the first service allowing exchanges to continue to transact with thousands of counterparties, while at the same time managing their own risk appetite.”

Quote from VASPnet Executive Chair Siân Jones: 

“Counterpart due diligence is a cornerstone requirement in FATF’s VASP-to-VASP value transfer standards. With real-time access to VASPdata’s authoritative regulatory information on licensed VASPs around the world, Notabene’s customers will be one step closer meeting their AML compliance obligations.” 
‍

About VASPnet:

VASPnet is the assured source of VASP regulatory data. VASPnet provides the authoritative data to confidently make well-informed, risk-based decisions and help meet AML/CTF obligations. VASPnet Ltd, an XReg company, is headquartered in Gibraltar, a leading cryptoasset jurisdiction. Visit www.vaspnet.com to find out more. Follow us on LinkedIn. 

About Notabene

Notabene is a reg-tech compliance SaaS solution that connects the traditional financial industry and crypto industry. We are working to make crypto transactions a part of the everyday economy by providing software, tools, and comprehensive data to manage regulatory and counterparty risks in crypto transactions. Using privacy-preserving technology, strategic partnerships and commitment, our first-to-market FATF Travel Rule solution helps financial institutions, crypto exchanges, and businesses turn compliance into a competitive advantage. Trusted by leading exchanges, Luno, Bitso, Crypto.com and more.

Notabene is headquartered in New York with offices in Zug and Santiago de Chile. To learn more, visit www.notabene.id. Follow us on LinkedIn and Twitter.

• Notabene and Elliptic launch a ready-to-use solution that complies with FATF Recommendations to virtual asset service providers (VASPs) and financial institutions (FIs)
• VASPs and FIs can automate the exchange of counterparty information during cryptoasset transactions securely and privately

LONDON, NEW YORK – June 16, 2021: Notabene, a fast-growing FATF Travel Rule solution provider, has integrated with Elliptic, the global leader in cryptoasset risk management and blockchain analytics. 

The intergovernmental FATF Travel Rule requires virtual asset service providers (VASPs) to exchange counterparty information when cryptoasset transactions exceed certain limits for all their customers. 

Countries that have implemented the Travel Rule include the United States, Switzerland, and Singapore. Other jurisdictions are not far behind in enforcing these rules over the next 12 months.

With Notabene and Elliptic’s integrated solution, VASPs can automate transactions with trusted counterparties while providing them with the data they need to detect suspicious activity and meet their regulatory requirements. 

In April, three crypto companies in Singapore completed the testing of automated Travel Rule transfers using Notabene. This made them some of the first VASPs ready to roll out full Travel Rule compliance at scale on their platforms.

Alice Nawfal, Chief Operating Officer of Notabene, comments:

“When it comes to compliance with the Travel Rule, VASPs are now in a rush to implement scalable solutions and come live. We expect the next six to twelve months will be a pivotal time for the crypto industry as VASPs overcome outstanding challenges and determine how to collaborate with each other effectively. We are excited to partner with Elliptic so that VASPs can have access to rich transaction data when performing Travel Rule transfers. This helps them make smarter compliance decisions.”

‍

Elsa Said-Armanet, Director of Partnerships at Elliptic, said:

“Crypto companies are increasingly expecting counterparties to be Travel Rule compliant, or they will not do business with them. Now we can offer Notabene alongside Elliptic’s crypto risk monitoring solutions to help VASPs comply to the Travel Rule today, wherever they are, and transact with any counterparty, even if they didn’t implement a solution on their side yet.”

Notabene provides top crypto businesses and financial institutions with software and tools to manage risk in crypto transactions. Notabene’s customers are able to assess whether counterparties are safe to transact with and perform any regulatory actions required.  Notabene offers the most secure Travel Rule fulfillment solution while simultaneously providing the broadest network coverage of compliant VASPs.  

Elliptic is the go-to provider of enterprise-grade crypto compliance solutions for fintechs, crypto exchanges, and traditional financial institutions. Elliptic’s customers can assess risk on transactions across more than 100 different assets - including cryptocurrencies, stablecoins, and tokens. This represents the broadest coverage of any crypto transaction screening solution, with support for over 97% of all cryptoassets by trading volume.

#

Media Contact

Alice Nawfal 

[email protected]

Sacha Lowenthal

[email protected]

About Notabene

Notabene helps crypto businesses and financial institutions manage regulatory and counterparty risks around crypto transactions. Notabene provides software, tools, and comprehensive data that helps businesses implement the new requirements of the FATF guidelines including the Travel Rule and identification of virtual asset accounts. They use Notabene to manage risk and deliver a best-in-class payment experience to their customers. Notabene is headquartered in New York with offices in Zug and Santiago de Chile.  To learn more, visit www.notabene.id and follow us on LinkedIn and Twitter.

About Elliptic

Elliptic is the global leader in cryptoasset risk management for crypto businesses and financial institutions worldwide. A WEF Technology Pioneer, Elliptic is backed by investors including Wells Fargo Strategic Capital, SBI Group, and Santander Innoventures, and has assessed risk on transactions worth several trillion dollars, uncovering activities related to money laundering, terrorist fundraising, fraud, and other financial crimes. Elliptic is headquartered in London with offices in New York, Singapore, and Tokyo. To learn more, visit www.elliptic.co and follow us on LinkedIn, Medium, and Twitter.

• With many protocols on the market, Notabene simplifies travel rule compliance by integrating multiple messaging layers into one platform.
• In response to the sunrise period, Notabene offers a ready-to-use solution today - TRNow. You can exchange data transfers with any VASP, even if they didn’t implement a solution on their side yet. No need for them to sign up for or integrate with Notabene either!
  

Notabene lets you securely exchange Travel Rule data with any counterparty VASP. Yes, really.

Notabene’s multi-protocol approach helps you comply with the Travel Rule without hindering your transaction flow. Our goal is to instantly and securely connect you with all of your transaction counterparty VASPs despite regulatory complexity. The Travel Rule shouldn’t stop you from sending or receiving funds from certain businesses just because you two use different messaging protocols. Avoid spending time and efforts trying to convince all of your counterparties to sign up for the same network, or worse, joining multiple ones yourself!

‍

1. How do I send a travel rule transfer to a counterparty VASP if... 

1.1. I don’t know which protocol they use?

You don’t need to! We integrate the most widely adopted and ready-for-deployment protocols into our platform, so you don’t have to.  There is no need to involve your dev team to support multiple protocols, run necessary blockchain nodes, and stay abreast of technical changes. We handle it all! You can think of Notabene’s solution as a switch on top of protocols. This means no more worrying about which protocol to choose for the broadest possible coverage. 

Once your Travel Rule transfer is ready to send, our system automatically checks against all integrated protocols, the messaging channel you have in common with the Beneficiary VASP.

1.2. They don’t have any Travel Rule solution in place yet?

This is where our in-house solution, TR:Now, comes into play. It lets you send a Travel Rule transfer to any counterparty, even if they don’t have any solution in place yet! After a counterparty VASP is identified, a Travel Rule transfer is created and sent, the Beneficiary VASP receives an email notification. Once they verify that the address belongs to them, they can access the transfer in their browser securely. For security reasons, their access to the transfer information expires 72h after they open it. 

Don’t know your Beneficiary VASP’s designated travel rule email address? Leave it to us! Notabene will help you determine the correct contact information for the Beneficiary VASP.

1.3. Notabene doesn’t support the protocol they use?

You can still meet your compliance requirements and send a Travel Rule transfer. Just like the previous example, Notabene enables transfers to any counterparty VASP, regardless of their protocol usage. See the steps described in 1b above for more.  

2. How to receive a travel rule transfer from a counterparty VASP if... 

2.1. They don’t know which protocol I use?

• If your counterparty VASP wants to send you a data transfer related to an incoming transaction, all they need to do is visit your company’s public profile at Notabene. At the bottom of your profile page, they’ll see all of your supported travel rule protocols with their respective identifiers. The list of available protocols is automatically updated as we integrate new protocols into our platform.

2.2. They don’t have any solution in place yet?

• If your counterparty doesn’t have any solution in place but you need them to send you a Travel Rule transfer, simply share with them a link to your company’s public profile on Notabene. From there, after authenticating themselves, they will be able to access a simple form and fill in all of the data required by the Travel Rule and send it straight to your Notabene dashboard.
• 
  

2.3. Notabene doesn’t support the protocol they use?

• You can still meet your compliance requirements and receive a Travel Rule transfer. Following the same process as 2b above, Notabene enables transfers to and from any counterparty VASP, protocol or not! 
  

3. How do I verify my counterparty VASPs?

Each company, regardless of the solution they use, can join Notabene’s public VASP directory for free. They create a profile by providing their license and incorporation information along with any respective supporting documents. This allows us to verify their business listing and issue a “Verified by Notabene” badge. After they have created a verified profile, they will be able to share additional information (e.g., AML/CFT processes) securely with you during the due diligence process.

If you’d like us to verify your counterparty, ask them to create their profile here.

4. How do I manage my transfers?

With Notabene, you have access to a secure, all-in-one dashboard where you can manage and monitor all of your transfers, regardless of the protocol over which they were sent. We make it easy and efficient for your compliance team to manage travel rule transfers from one place, and not have to worry about any underlying protocol complexity.

5. What if my company spans multiple jurisdictions?

If you closely monitor the travel rule implementation trends (because we do!), you might have noticed that some protocols get broader adoption in particular jurisdictions. But, have no fear! This doesn’t mean that you’ll have to sign up for different solutions just because your business is global. Notabene ensures coverage with all VASPs and regions, and offers multi-entity support so you can use one platform for seamless compliance and transaction flows, even if the rules differ from country to country.

Have more questions?

Great, we’ve got answers! To learn more about Notabene’s Travel Rule solution and how it can help you comply with the travel rule, book a demo today!

We’re excited to share that a select group of our Singaporean customers, Luno, Crypto.com, and Xfers, have successfully completed the second phase of Notabene’s Travel Rule testnet.

‍This makes them one of the first VASPs ready to roll out full Travel Rule compliance at scale on their platforms.

In various real-world scenarios, participants exchanged automated Travel Rule transfers that allowed instant counterparty VASP verification and Beneficiary’s VASP blockchain address confirmation. This phase also demonstrated the Notabene’s protocol-agnostic approach by using both TRNow, Notabene’s in-house solution, and TRP, an open-source, industry-led protocol, as messaging channels.

Phase 1 - Counterparty verification and secure data exchange

In the first phase, companies exchanged Travel Rule transfers using Notabene’s manual solution. This was an excellent opportunity for participants to tackle practical challenges in verifying a counterparty and securely performing data transfers. 

As a result, participants developed the know-how and exchanged best-practices to improve their internal transaction flows to address Travel Rule requirements. 

Phase 1 of the testnet also led to the creation of a testnet working group. Members of compliance, product, and dev teams from the participating VASPs now meet bi-weekly to collaborate on various challenges and agree on best practices for solutions.    

Phase 2 - Automating the Travel Rule flow full-scale compliance   

The goal of the second phase was to test: 

• The automation and scalability of Travel Rule compliance processes using Notabene’s API  
• The instant counterparty VASP verification using client-defined whitelists
• Increased customer data protection through blockchain address confirmation for beneficiary VASPs
• The ability to connect, regardless of protocol, with any VASP by using TRNow and TRP 
  

Automatically generated Travel Rule transfers

For this exercise, participants exchanged automatically generated and verified Travel Rule transfers. With simple API integration, data transfers are created seamlessly by collecting Beneficiary’s and Originator’s information from VASPs’ internal systems, the moment a user initiates a transaction. 

Did you know? Notabene’s pre-built user interface components instantly identify the wallet type and counterparties involved in a transaction and help collect any missing data from users. This feature was not part of the testnet but is a core part of Notabene’s Travel Rule offering. Learn more here.

‍Instant counterparty VASP verification

Notabene’s “Trust this company” functionality enabled testnet participants to easily verify and whitelist counterparties. This way, every transfer sent to a trusted VASP is automatically approved, allowing compliance officers to focus only on high-risk transactions.

Did you know? Notabene built a VASP directory that allows any company to create a public profile for free. Create your profile today and reduce the burden of business-to-business verification, a necessary but time intensive step to ensure the secure exchange of Travel Rule information.

Beneficiary VASP’s blockchain address confirmation

To prevent customers’ personal data from being sent to the wrong VASP, Notabene adds an extra layer of trust ensuring that a customers’ data always reaches the intended counterparty. Before a data exchange occurred, participants receiving a transfer were able to automatically confirm that the Beneficiary’s blockchain address belongs to them. 

Sending Travel Rule transfers to VASPs outside of the Notabene Network

Notabene enables its customers to work with any VASP, regardless of protocol. The testnet allowed companies to send and receive transfers from a set of mock/simulated counterparties that lacked any Travel Rule solution. With much of the industry still early in its Travel Rule implementation, this capability is critical while different jurisdictions are developing at various speeds. 

Participating VASPs also seamlessly exchanged customer data over an external protocol, TRP. As the proliferation and adoption of various Travel Rule protocols grows, Notabene will be adding them to its platform, allowing its customers to reach the most extensive number of counterparties possible.    

Meeting FATF requirements without hindering business growth

These three scenarios were critical to test the implementation of the FATF and MAS requirements in a real-world business environment. 

This evaluation allowed our customers to better understand what adjustments they need to make within their compliance and transaction flows to roll out a fully scalable Travel Rule solution without hindering business growth.

This is just the beginning

The implementation of the Travel Rule doesn’t happen overnight and will impact user experience, product, and compliance across the entire transaction flow. This is why it’s important to start testing and assessing its impact on existing systems as soon as possible. We’re committed to constantly supporting our customers along this journey from start  through post full-deployment. Our bi-weekly meetings and deep-dive sessions will continue, and we hope the group of participants will only grow as we launch the next editions of the testnet.

Call for submission!

If you constantly hear about the Travel Rule but aren’t sure where to start, we’re here to help! We’re currently inviting VASPs interested in participating in the next edition of a global, cross-jurisdiction Travel Rule testnet. Apply here!

It’s been one year since we started Notabene, and what a crazy ride it has been!

Last April, as the world was going into lockdown, pushing the economy further into the unknown, we got together to work on a big challenge. We believed that crypto transactions should be a larger part of the everyday economy. To make this happen, transacting with crypto first had to become safer and easier to use.

And so, we started Notabene. What lay ahead of us was uncertain, but we bet on three things.

First, increasing global uncertainty will push people and businesses to more quickly adopt digital assets and cryptocurrencies. 

Second, regulators will not budge on the deadlines set for crypto businesses to comply with new requirements. If anything, they may even put on more pressure to limit access to illicit finance as the financial world becomes more globally connected. 

Finally, our confidence that we have the best team possible to tackle these challenges.

Fast forward to today, and what a year it has been! Our three bets have already started to pay off and there’s even more to look forward to than before.

Crypto is here to stay, paving a path for every financial institution to get into the space

We were bullish on crypto, but the speed of global adoption has shocked even us. From Visa launching a settlement layer with USDC, Paypal rolling out crypto for its 370M users, to Defi’s exploding innovation, crypto has roared onto the scene in a big way. Regulators like the OCC have made it possible for any financial institution to start offering crypto products. Momentum is high now, but this is still just the beginning. Tens of thousands of traditional financial companies will be entering the space over the next 5 years. Not to mention the thousands of new companies that have yet to even be created.

Regulators are keeping close watch on crypto

Cryptocurrency’s market impact makes it impossible for regulators to ignore any longer. The compliance landscape has been fast-moving. Local regulators have been enforcing the travel rule and other requirements to prevent the flow of illicit finance. The industry has also increasingly been working alongside, providing feedback and commentary to ensure that innovation can continue to prosper.

Our team built a strong foundation, and we’re ready for what’s next

This past year, we have created a rock solid team. We learned how to adjust to the new realities of a pandemic lockdown and work together remotely. We are proud of the culture we built and the principles we stand by: we are idealistic and ethically driven in how we build, but we are also pragmatic and keep one foot on the ground.

With this mindset, we launched our product just 4 months after starting Notabene. We’ve been releasing features continuously since, making sure our customers have access to the latest compliance requirements as well as best-in-class features.

Today, we serve crypto companies across 4 continents, including some of the largest exchanges like Luno and Crypto.com. We have partnered with companies like Chainalysis to tackle the evolving regulatory landscape together. It has been a pleasure to work closely with and learn from our clients and partners.

Finally, the support we have received this past year has been incredible. From the Y-Combinator partner and founder community, to our investors, advisors and mentors, you have all been an incredible source of support. To our first employees, we are excited to have you. Thank you all for joining our vision!

But this is just the beginning. We are beyond excited for the road ahead, and here's to many more years to come!

- Alice, Ania, Andres and Pelle

At a time where crypto companies and financial institutions are pressing the pedal to grow and meet large-scale retail and institutional demand, they also need to fulfill immediate regulatory obligations and manage risk around transactions. We started Notabene last year to make transacting with cryptocurrencies safer and easier for businesses and individuals alike. Only then, can crypto transactions become part of the everyday economy. 

We provide companies with the software and tools to manage counterparty risk and perform regulatory compliant transactions at scale. However, our role does not end there: We also help companies make sense of a fast-moving regulatory landscape and engage regulators on their behalf. As companies look to introduce comprehensive compliance policies, we need to continue investing in our role as a trusted partner who can support our clients along the way. 

Today, we are excited to welcome Rebecca Macieira-Kaufmann and Charles “Chuck” V. Senatore to the Notabene team as our advisors. As a seasoned CEO, Rebecca has scaled financial service businesses to exponential revenue while overseeing the implementation of strong regulatory and risk management controls. While leading global compliance programs at major financial institutions, Chuck worked closely with management teams to align compliance and business goals. He also spent years as a regulator at the SEC. Together, their decades of experience working with complex financial and risk issues will be instrumental in helping Notabene build a best-in-class product and support our community of customers during this critical time.

Rebecca spent more than 11 years at Citigroup serving in a range of CEO, President, and General Manager roles. In her last role as Head of Citigroup’s International Personal Bank, Rebecca managed a full P&L line of business serving the offshore wealth needs of multinational clients in more than 100 countries. Rebecca was brought into multiple businesses as the transformation leader to bring a culture of risk management, control and regulatory compliance to the forefront. She remediated issues, simplified operations and digitized the customer experience—all while meeting regulatory standards and growing the business exponentially—leaving them strong and financially secure. 

Previously, Rebecca served as President and CEO of Banamex USA, where she turned the business around by remediating a Consent Order while simultaneously meeting the cross-border needs of Mexican businesses and high-net-worth individuals. Today, Rebecca is a member of Revolut’s US board and advises CEOs of start-ups in all phases of growth. 

In her role as an advisor of Notabene, Rebecca will support us becoming more effective leaders as we scale our business in this fast-moving market. She will help us better understand our customers and build the right tools for them. She is a big advocate of making compliance a part of the culture of a financial institution. We will continue to leverage her hands-on experience to support our customers as they look to grow their businesses responsibly.

“It is exciting and deeply gratifying to be a part of Notabene at the ground floor as they help clients grow and operate with the right regulatory controls in the digital asset space”, says Rebecca about joining Notabene as an advisor.

Chuck brings decades of experience in compliance, risk and regulatory affairs for financial services and, in more recent years, digital assets. He is a board member and audit committee chair of Fidelity Digital Asset Services, LLC. Most recently, Chuck was Head of Risk Oversight for Fidelity Investments’ Devonshire Investors unit. Before that, he led Fidelity’s global compliance and ethics function and served as the firm’s head of regulatory coordination and strategy. Prior to joining Fidelity, Chuck was Co-Head of Global Compliance at Merrill Lynch, and led the firm’s Regulatory Affairs Group. During his time leading compliance functions, he was instrumental in helping his compliance teams get a seat at the management table and be part of decision-making. 

Chuck is also a former regulator. He was the SEC’s Southeast Regional Director, and prior to that an Assistant U.S. Attorney and Chief of the Public Corruption Section in the Southern District of Florida. 

More recently, he teaches Compliance and Regulatory Strategy at the University of Chicago Law School, and is a Senior Fellow at New York University's Program on Corporate Compliance and Enforcement. He also founded the Boston Regtech Meetup, and is a member of the Massachusetts Secretary of State's Fintech Advisory Working Group.

In his advisory role at Notabene, Chuck will provide insight on how we can engage regulators constructively and advocate for digital assets and the unique opportunities they bring to the financial markets. He will also be helping us build products that empower compliance teams to meet regulators’ expectations and become more effective decision-makers in their companies. With regulators moving fast to introduce crypto regulations, Chuck believes this is a critical moment for the crypto industry.

He believes that “Digital assets and blockchain use cases are maturing rapidly, and Notabene is poised to make an important contribution to the industry's rapid evolution. I am pleased to have the opportunity to help guide Notabene's very talented team and be part of its effort to lead positive, responsible and innovative change.”

The whole Notabene team is looking forward to working closely with Rebecca and Chuck going forward. Their insights have already helped us and our customers. Please join me in welcoming Rebecca and Chuck to the Notabene team!

Best regards,

Pelle Braendgaard

Singapore, New York – Luno, a leading global cryptocurrency company based in London with over 7 million customers in 40 countries, has partnered with Notabene, the end-to-end Travel Rule compliance platform. With Notabene’s help, Luno is rolling out Travel Rule compliance starting with Singapore. 

Luno is using Notabene’s services to manage counterparty risks related to crypto transactions and to meet the latest anti-money laundering (AML) requirements as defined in Singapore’s Payment Services Act 2019 (the PSA). By integrating our solution, the Luno team can now perform Travel Rule transactions securely and at scale. 

As consumer demand for cryptocurrency grows across global markets, regulators are introducing requirements to protect consumers and mitigate the risk of money laundering. One of these requirements is the Travel Rule, and it requires that cryptocurrency platforms like Luno share customer data related to a crypto transaction securely with the counterpart exchange. 

Besides regulatory compliance, Luno believes that the Travel Rule can promote customer confidence in crypto transactions. When customers are requested to input information about recipients and checks are performed, the risk of a transaction going to the wrong recipient decreases. 

Notabene’s solution helps Luno’s team manage counterparty risks. With our rule-setting tools and due diligence service, their compliance officers can now automate the transfers of Travel Rule data with trusted exchanges. 

Sherry Goh, Country Manager of Luno Singapore, says:

“We are delighted to partner with Notabene for Luno’s Travel Rule roll out in Singapore. We were impressed with Notabene’s protocol agnostic approach and the decision to build a platform aimed at end-to-end compliance with the Travel Rule. We are confident that the integration with Notabene will mean that our customers’ Luno experience will remain as smooth as ever.”

Pelle Braendgaard, CEO of Notabene, comments:

“With Luno’s continued commitment to compliance, it has brought safe crypto products to millions of consumers worldwide. We are excited to see how our product can help Luno continue on their mission to upgrade the world to a better financial system.”

Luno is also a participant in Notabene’s recently launched Singapore testnet. It is testing travel rule transfers alongside other cryptocurrency platforms. 

Are you interested in learning more about our travel rule solution and how we help with managing counterparty risk? Reach out to us at [email protected].

‍

Media Contact

Alice Nawfal: [email protected] 

About Notabene

Notabene helps crypto businesses manage regulatory and counterparty risks around transactions. Notabene provides software, tools, and comprehensive data that helps their customers implement the new requirements of the FATF guidelines including the Travel Rule and identification of virtual asset accounts. 

Notabene is a Y Combinator company and has offices in New York, Zürich, and Santiago de Chile. 

Find out more here: https://www.notabene.id

About Luno 

Luno is a leading global cryptocurrency company on a mission to upgrade the world to a better financial system. 

Co-founded by CEO Marcus Swanepoel and CTO Timothy Stranex, Luno launched in 2013 and has built a team of nearly 400 with its headquarters in London with regional hubs in Singapore and Cape Town. With over 7 million customers spanning in over 40 countries, Luno’s products and services make it safe and easy to buy, sell, store and learn about cryptocurrencies like Bitcoin and Ethereum. 

Luno has been backed by some of the world’s leading investors including Balderton Capital, RMI, Naspers and Venturra, before recently having been acquired by Digital Currency Group (DCG).

Find out more here: https://www.luno.com

Summary: In FATF’s latest guidance, it broadly defines DeFi operators as VASPs that have to deal with AML/CFT obligations. On the Travel Rule, the big news is that FATF expands these requirements to include all financial institutions (FIs) who deal with virtual assets. FATF also clarified many outstanding questions by adding new requirements such as sanction-screening of counterparties and collection of beneficiary names, even with unhosted wallets. VASPs will need to move quickly on the Travel Rule or risk not receiving licenses for operation and being outcompeted by FIs entering the market today with strong compliance expertise.

On March 19th, 2021, the Financial Action Task Force (FATF) released its updated guidance on the risk-based approach for virtual assets (VAs) and virtual asset service providers (VASPs). 

The original guidance was published in June 2019, placing anti-money laundering and countering the financing of terrorism (AML/CFT) obligations on VAs and VASPs. It also extended Recommendation 16 to VASPs, commonly known as the “travel rule”. 

Following the publication of this revised guidance, there is a 4 week public consultation period in which private sector participants will provide feedback and commentary. Notabene will be providing input directly to FATF as part of the FATF Virtual Asset Contact Group (VACG) and indirectly through its participation in various forums like the Global Digital Finance (GDF) and the Chamber of Digital Commerce.

With this revised guidance, FATF aims to achieve two goals:

• Level the playing field for VASPs in line with existing standards applicable to financial institutions and other AML/CFT-obligated entities
• Minimize the opportunity for regulatory arbitrage across financial sectors and jurisdictions
  

We describe below FATF's general approach as well as summarize the main takeaways. We supplement the sections with our assessment of how this may impact the crypto industry.

1. Virtual assets is not higher risk than other financial service sectors, but some aspects of it are deemed riskier 

FATF maintains a technology neutral approach to virtual assets. 

FATF states that VASPs should be regulated similarly to financial institutions (FIs) that provide functionally similar services with similar ML/TF risks. In addition, FATF requirements should apply to all VAs and VASPs regardless of the underlying technology.

“The FATF Standards are intended to be technology neutral. As such, the FATF does not seek to regulate the technology that underlies VAs or VASP activities, but rather the natural or legal persons behind such technology or software applications that facilitate financial activity or conduct as a business the aforementioned VA activities on behalf of another natural or legal person.” (Section 68, Page 26)

Our assessment: FATF would like to maintain its view on technology neutrality and that VAs are not treated differently from other financial sectors of similar risk. However, they also apply this argument within the crypto sector - with what some may consider as direct jabs at ‘decentralized’ projects who may not be completely decentralized and for all intents and purposes would be considered VASPs. 

FATF provides recommendations to local regulators to treat certain aspects of VAs as higher risk.

FATF recommends that jurisdictions manage rather than avoid risk, and thus should not ban VAs completely. They should assess the risk introduced by VA activity and whether they can manage that risk. If they cannot manage it effectively, then they can take actions to limit or restrict certain activities.‍

“The FATF recommendations do not prejudge any sector as higher risk. … however the overall risk at a national level should be determined by individual jurisdictions through an assessment of the sector - in this case, the VASP sector.”  (Section 28, Page 12)
‍

Our assessment: FATF is giving the green light to local jurisdictions to implement stricter rules. We expect some regulators over the next year will deem certain activities such as transactions with unhosted wallets as higher risk.‍

VASPs are expected to "build compliance into their product".‍

FATF recommends that VASPs build sufficient AML/CFT controls into the design of their product before they launch it.‍

"Authorities may also require that appropriate AML/CFT mitigations must be built into products and services before they are brought to market, as it is much more difficult to do so later. (...) Once licensing and registration has taken place, AML/CFT mitigations which are built into products and services should be maintained and be the subject of active supervision." (Section 119, Page 43)‍

Our assessment: Regulators will increasingly expect products to have built-in compliance. This should not be an after-thought, and VASPs need to make compliance an integral part of their product design and development.

2. FATF plans to regulate certain Defi protocols, stablecoin platforms and multi-signature providers

No financial asset should ever fall outside of FATF standards.

FATF broadens both the VA and VASP definitions. It would like to ensure that every financial asset is either a VA or a traditional financial asset. 

It defines VAs as the following:

“ VAs must be digital, and must themselves be digitally traded or transferred and be capable of being used for payment or investment purposes.” (Section 38, Page 18)

This excludes digital representations of fiat currencies such as central bank issued digital currencies (CBDCs). 

With regards to VASPs, FATF did not update the definition from its 2019 guidance, but instead provided more examples as to what is considered a VASP and guidelines for regulators. 

Our assessment: FATF is looking to close the loop here on what is considered under its purview and who should be regulated. Previously unregulated segments of the crypto industry will find themselves under additional scrutiny. 

FATF believes that in the majority of crypto protocols a VASP is involved at some stage. 

In a direct jab at the decentralized community, FATF cautions regulators from buying into the “marketing terms and innovative business models”, and instead separating the function of a VASP from the underlying technologies. 

The VASP definition is expanded to potentially include multisig and MPC service providers:

“Where custodians need keys held by others to carry out transactions, these custodians still have control of the asset. A user, for example, who owns a VA, but cannot send it without the participation of others in a multisignature transaction, likely still controls it for the purposes of this definition. Service providers who cannot complete transactions without a key held by another party are not disqualified from falling under the definition of a VASP, regardless of the numbers, controlling power and any other properties of the involved.” (Section 55, Page 22)

FATF’s standards do not apply to underlying software (e.g. a DApp or software program), but the owner/operator of a DApp or a person conducting business development for a DApp are considered VASPs. (Section 57, Page 23)

Likewise, in stablecoin issuance, the developers building the platform are not VASPs unless they use it to engage as a business in conducting financial activities. Persons forming the governance body could also be considered VASPs, depending on the amount of influence and control they have. (Section 72, Page 27)

Non-custodial wallet providers are excluded from being VASPs. So are network participants and service providers solely engaging in the operation of a VA network (e.g. miners and validators). (Section 69, Page 26)

A company launching a business that could fall under VASP definition and then gives up control after launching it may still qualify as a VASP. 

“The FATF takes an expansive view of the definitions of VA and VASP and considers most arrangements currently in operation, even if they self-categorize as P2P platforms, may have at least some party involved at some stage of the product’s development and launch that constitutes a VASP.” (Section 75, Page 29)

“The use of an automated process such as a smart contract to carry out VASP functions does not relieve the controlling party of responsibility for VASP obligations. For purposes of determining VASP status, launching a self-propelling infrastructure to offer VASP services is the same as offering them, and similarly commissioning others to build the elements of an infrastructure, is the same as building them.” (Section 79, Page 30)

Our assessment: FATF is clearly taking a more rigid stance at projects in the crypto space who may market themselves as decentralized but in fact maintain power or control over financial activities (and are profiting from them). We expect lots of pushback from the industry here, but also projects to go one way or another: either launch fully decentralized or get regulated.

 3. Regulators will introduce stricter crypto rules in their jurisdictions

FATF leaves regulators to take a risk-based approach with regards to P2P transactions.

If a jurisdiction deems the risks associated with P2P transactions too high, then it needs to limit its exposure to them. FATF provides examples of measures it can take for VASPs who transact with unhosted wallets, including introducing reporting requirements similar to currency transaction reports (CTRs), enhanced recordkeeping and due diligence requirements, guiding VASPs in applying a risk-based approach, or even denying them licensing. (Section 91, Page 37)

Virtual Assets in non-compliant jurisdictions or with decentralized governance structures are also considered at higher risk. 

Our assessment: We expect that multiple jurisdictions will take this as a green light to pass more stringent rules on unhosted wallets. We caution regulators to take the time to learn about why unhosted wallets do not pose necessarily more risk, and also recommend that the industry educate regulators so they do not take the easy way out and ban them.‍

Regulators are responsible for introducing a regulatory regime, but have flexibility in picking the approach.

FATF is not prescriptive, but recommends that countries do not outright ban virtual assets as that can lead to higher ML/TF risks (e.g. crypto users move to offshore exchanges). Instead, they should introduce registration and licensing regimes. Regulators can ask VASPs to introduce enhanced due diligence measures and devote more resources to AML/CFT compliance.

They should require VASPs to conduct CDD for transactions above USD/EUR 1000 and perform the travel rule. The rest of the recommendations more or less apply similarly as they do with FIs.‍

Our assessment: This is consistent with FATF’s general approach. Many jurisdictions who have not allocated resources as yet to regulating VAs may find it difficult over the next few years as they look to close the gap.

4. FATF adds additional clarity and requirements to the Travel Rule

VASPs must now perform sanctions screening on originators and beneficiaries.

We summarize the new requirements for VASPs:

Originating VASP must:

• Verify originator information (e.g. their own KYC process)
• Collect beneficiary information but not verify it
• Perform sanctions screen
• Be prepared to freeze and prohibit transactions
  

Beneficiary VASP must:

• Not verify originator information provided
• Detect if the required originator or beneficiary data is missing
• Verify provided beneficiary information with their own KYC’d information
• Perform sanctions screen
• Be prepared to freeze and prohibit transactions
  

Our assessment: Adding a sanction screening requirement is not a surprise, but in this case it could lead to many false positives. There is a lot of gray area here that can lead to a big burden on compliance teams today as they manually need to address issues that come up in transactions.

Originator VASPs must collect beneficiary names for all transactions.

It does not matter if a transaction is under the travel rule threshold  (Section 167, Page 56) or going to an unhosted wallet (Section 180, Page 60). In fact, FATF calls out that the travel rule applies to transfers between a VASP and an unhosted wallet, and that unhosted wallets could be treated as higher risk.

Our assessment: We expect pushback from the industry regarding end-user privacy and treating unhosted wallets as higher risk. 

Travel Rule data transfers must be immediate and secure.

They should be done at the same time (or presumably before) performing the underlying VA transaction. It does not have to be attached to the blockchain transaction itself. Batching is allowed as long as it is submitted immediately.

Our assessment: We expect the implementation to be a challenge in the sunrise period for some VASPs as they grapple with insufficient data, timely identification of counterparty VASP, and determining what travel rule solution they support.‍

Intermediaries have record-keeping and sanction-screening requirements.

Intermediaries only pass information along, so they aren’t required to verify originating or beneficiary customer information. However, they are required to perform record keeping and sanctions checks.

Our assessment: We expect a standard travel rule compliance flow for intermediaries to emerge in the industry in the next 6 months. Today, there have been some individual efforts, but industry cooperation will be important here to implement a standard flow across the industry.

5. VASP due diligence is a core requirement of the Travel Rule

VASPs are required to conduct counterparty VASP diligence before initiating a transfer.

A VASP should consider treating a counterparty VASP as a correspondent banking relationship and conduct thorough due diligence on the counterparty VASP. (Section 146, Page 50)

It can collect information directly from the VASP, but it must be verified. Beyond that, the VASP should assess the level of risk in the jurisdiction (e..g. AML/CFT laws of the jurisdiction, country assessment reports) as well as the counterparty VASP’s AML/CFT controls. After an initial due diligence, the VASP should periodically refresh it or have mechanisms in place to identify if a new risk emerges. 

FATF recognizes due diligence is a challenge and summarizes it in a 3 phase approach:

Our assessment: Conducting thorough due diligence at scale can be a challenge. Platforms like Notabene will provide solutions to help streamline the data collection and verification, as well as facilitate the relationship between the VASPs. However, regulators will also have to provide databases of verified information about VASPs.

Sunrise period is a challenge but not an excuse.

VASPs who want to interact with counterparty VASPs in a jurisdiction where the travel rule is not yet implemented could require them to implement it. 

“This can be a challenge for VASPs regarding what approach they should take in dealing with VASPs located in jurisdictions where the travel rule is not yet in force. Regardless of the lack of regulation in the beneficiary jurisdiction, originating entities can require travel rule compliance from beneficiaries by contract or business practice.“ (Section 176, Page 59)

VASPs who want to be compliant can consider taking additional robust control measures:

“Examples include VASPs restricting VA transfers to within their customer base (i.e., internal transfers of VAs within the same VASP), only allowing confirmed first-party transfers outside of their customer base (i.e., the originator and the beneficiary are confirmed to be the same person) and enhanced monitoring of transactions. The absence of relevant regulations in one country does not necessarily preclude the effectiveness of measures introduced by a VASP on its own.”  (Section 177, Page 59)

Our assessment: In the latter part of 2021, many VASPs will adopt the travel rule for business reasons - mainly that their counterparty VASPs already require it. 

Are you interested in learning more about how we can help you comply with the latest crypto compliance rules? Reach out to us at [email protected].‍

Over the past year, the crypto Travel Rule has become a critical issue for many crypto businesses. Throughout 2020, companies focused on finding a solution that would allow them to transmit their customers’ data to other crypto businesses in a secure and privacy-preserving way. 

However, when you take a closer look at the Travel Rule and how its implementation impacts day-to-day business processes, being compliant requires a lot more than just data transmission.

A complete compliance solution seamlessly integrated into your product

To help crypto companies fully comply with the Travel Rule, we’re launching today a set of new tools for data collection and wallet identification. This enables businesses to integrate the Travel Rule solution seamlessly into their products.

Rather than introducing standalone, disjointed compliance measures, we offer a comprehensive tool, that allows you to comply automatically and at scale. When compliance stops being an afterthought and catch-up game and becomes an inherent part of your product, it turns into a business asset.

‍

Immediately identify which transactions fall under the Travel Rule

The Travel Rule is required only for transactions between custodial wallets. However, it’s impossible to determine the account type and owner just from a blockchain address. 

Existing blockchain analytics services can identify some of this information. Unfortunately, their research-based approach is probabilistic and can sometimes take weeks before identifying address types. This is time that compliance teams don’t have when assessing transactions, leaving room for many Travel Rule transactions to fall through the cracks.

With Notabene’s pre-built user interface components, you can collect the missing data from your users, as they initiate a payment. This lets you instantly identify the wallet type and counterparties involved in the transaction and apply necessary regulatory requirements. 

Easily collect and store data without adding friction to user experience

Until recently, most crypto businesses didn’t need to collect and store beneficiary data. The Travel Rule has changed that. This brings up many user experience, security, and data privacy concerns.

Companies must now run a complex process of analyzing every transaction that goes through their system. Then they have to ensure they gather from their customers only the minimum personally identifiable data required to satisfy regulatory rules. 

With our dynamic, data collection form, you request only the information required by relevant regulations, based on the jurisdiction, transaction threshold, and wallet type that cannot be retrieved from other sources (blockchain analytics services, etc). This not only minimizes the amount of PII businesses collect, store, and share but also helps you become compliant without sacrificing user experience.

Generate Travel Rule transfers automatically and comply at scale

After identifying relevant transactions and collecting the necessary data, Notabene creates Travel Rule transfers and automatically sends them to intended counterparty institutions. This way, most of the data transfers are generated seamlessly and in the background, freeing up your compliance officers to focus only on edge cases (which are also flagged by Notabene’s system, but that’s a different topic for another blog post :)). 

Save valuable time and resources 

New compliance requirements often create additional resource burdens on product and dev teams. For this reason, we built our data collection and wallet verification tool with developers in mind! An easy integration that’s also fully customizable gives dev teams time back, which would otherwise go towards designing, building, and testing an in-house compliance solution.

If you still want to build your own UI components (we get it!), our API allows for seamless integration directly into your front-end. 

Interested in learning more?

Book a demo today!

View the original article

Cryptocurrency businesses are working hard to meet new regulatory requirements regarding counterparty risk. Perhaps the most notable of these requirements is the Travel Rule, which is relevant to nearly all cryptocurrency businesses operating in FATF jurisdictions. The Travel Rule dictates that Virtual Asset Service Providers (VASPs), such as exchanges, must identify the originators and beneficiaries of cryptocurrency transactions initiated by their users above a certain size. In cases where the counterparty of those transactions is also a VASP, the original VASP must then transmit that user information to the second VASP.

In order to comply, VASPs need simple tools that allow them to identify transactions that meet the rule’s requirements, pull users’ KYC information, and send it to VASP counterparties as the transactions are completed. All of this needs to happen instantly to avoid compromising user experience, which is no easy task for cryptocurrency businesses processing thousands of transactions per day.

Today, we’re excited to announce that we’ve partnered with Notabene to provide a frictionless, scalable tool that does exactly that. With our integrated solution, cryptocurrency businesses can automate transactions with trusted counterparties, while providing them with the data they need to detect suspicious activity and meet their regulatory requirements. By adopting now, cryptocurrency businesses can start complying with the Travel Rule immediately, put themselves in a better position with regulators, and gain a market advantage.

Additionally, Notabene's partnership with Chainalysis has been named one of Fast Company's top 10 most innovative joint ventures of 2022! Click here to learn more.

‍

1. The Travel Rule’s requirements and challenges

The Travel Rule is meant to help cryptocurrency businesses mitigate counterparty risk and establish a source of funds for cryptocurrency received by their users. While some jurisdictions have implemented the rule differently, the version recommended by FATF says that VASPs must exchange counterparty information with one another on cryptocurrency transactions valued above $1,000 or €1,000. Specifically, the originator and beneficiary VASPs must provide each other the following:

At first glance, the Travel Rule appears to be a simple matter of transmitting counterparty information between two VASPs. But in reality, the Travel Rule requires end-to-end changes to existing compliance processes, as VASPs must identify and take action on all transactions that meet the rule’s threshold in real time. This presents significant technical challenges, especially to implement at scale, as blockchain analysis shows that roughly 12% of all VASP transactions in February 2021 — roughly 2 million transfers overall — would qualify under the current FATF recommended threshold of $1000. We lay out the technical challenges introduced by the Travel Rule below.

- Challenge 1: Identifying a Travel Rule transaction

When a customer initiates a transaction, the originating VASP needs to automatically determine whether or not the transaction meets Travel Rule requirements. That means they must:

• Determine if the transaction amount meets the Travel Rule threshold in the relevant jurisdiction(s)
• Identify whether the counterparty wallet is hosted by another VASP
• Collect any missing counterparty information
  

All of this needs to happen instantaneously.

- Challenge 2: Performing due diligence on the counterparty VASP

Once the originating VASP has determined that a transaction meets Travel Rule requirements, it must then:

• Identify the counterparty VASP
• Assess the counterparty VASP’s risk level to determine whether it’s safe to share users’ personally identifiable information (PII)
  

In assessing counterparty risk, the originating VASP must take into account the counterparty VASP’s reputation, compliance program quality, security practices, and exposure to risky entities.

- Challenge 3: Initiating and completing the travel rule transfer

Finally, the originating VASP must have an appropriate communication channel to conduct a secure data transfer with the counterparty VASP. Both VASPs must have a secure means of storing the data they each receive in order to protect customers’ privacy and prevent internal misuse of that data.  

That leaves us with two questions: Can all of these challenges be met at scale with minimal impact on transaction flow? And how can VASPs comply without introducing unnecessary friction for users?

2. With Chainalysis data and Notabene’s compliance platform, cryptocurrency businesses can follow the Travel Rule frictionlessly and at scale

Notabene and Chainalysis have partnered to help VASPs meet the challenges outlined above and comply with the Travel Rule at scale.

Here’s what we each bring to the table.

Notabene provides an end-to-end travel rule platform that allows VASPs to manage regulatory and counterparty risks at scale. With its rule-setting tools, compliance officers can automate the exchange of Travel Rule data across the cryptocurrency business’s preferred communication protocols.

Chainalysis is the blockchain analysis platform trusted by investigators and compliance teams around the world. Our platform allows cryptocurrency businesses to identify Travel Rule transactions in real time, analyze counterparty wallets, and perform instant due diligence on counterparty VASPs so that they can get the information they need to stay compliant.  

Through this partnership, Notabene customers can now use Chainalysis’s powerful blockchain analytics data to make smart decisions and set rules based on their own risk-based approach.

“Notabene’s platform provides a comprehensive, seamless, accessible offering that meets and exceeds the unique requirements of VASPs around the world,” said Chainalysis Chief Government Affairs Officer Jesse Spiro. “Through this integration, VASPs will have an additional tool for regulatory compliance, risk mitigation and data-driven decisioning.”

Users can view counterparty blockchain addresses identified by Chainalysis — including wallet type, hosting VASP, and risk score — directly on the Notabene dashboard. In addition, with Notabene’s API integration, they can automatically send or receive Travel Rule transfers based on data supplied by Chainalysis, allowing them to be Travel Rule-compliant at scale.

The Chainalysis-Notabene integration enables VASPs to meet all of the challenges necessary for Travel Rule compliance.

3. Why you should start meeting Travel Rule requirements today

Getting an early start on Travel Rule compliance signals to regulators that your cryptocurrency business is taking regulations seriously. That helps ensure your business receives its licenses on time without disrupting go-to-market strategy.

Further, as other VASPs become Travel Rule compliant, they may be forced to stop doing business with you if your compliance program isn’t up to par. By meeting Travel Rule requirements now, you can give your customers and partners the confidence to keep working with you, open up new opportunities, and gain an advantage in the market.

"In a fast-growing and increasingly competitive industry, we are seeing that crypto companies who view regulatory compliance as a market advantage are performing better. By taking action on requirements like the Travel Rule on time, they are able to unlock new opportunities: build the next suite of regulatory compliant financial products, receive licenses to operate in the biggest financial hubs, and expand their reach into new customer segments”, said Pelle Braendgaard, CEO of Notabene. “We are excited to play a pivotal role in helping companies achieve their growth plans. Through our partnership with Chainalysis, we provide crypto companies with a full solution to do compliance at scale."

Want to learn more about the Notabene-Chainalysis Travel Rule integration? Join us Monday, March 29 at 11am ET for a webinar in which we’ll explain in-depth how the integration works and show a live demo.

Want to start using the integration right away? Contact the Notabene team at [email protected].

Participating virtual asset service providers (VASPs) are preparing to roll-out compliance with the Travel Rule for the Singapore market as early as April 2021.

Notabene is excited to announce the launch of our Singapore Testnet, a testing environment created for a select group of our customers to perform Travel Rule transfers using the Notabene service. The participating companies consist of Crypto.com, Luno, Xfers, Onchain Custodian and Sparrow Tech Pte Ltd.

New anti-money laundering (AML) rules, commonly known as the “Travel Rule”, require crypto companies to share personal customer information with each other as part of a transaction. Jurisdictions around the world are implementing these rules as a prerequisite to granting operating licenses. Singapore’s MAS has been at the forefront of this. As companies rush to comply, they are faced with some practical challenges on how to trust counterparty exchanges and perform these data transfers securely and at scale. With an end-to-end Travel Rule platform, Notabene can help. With our rule-setting tools and VASP diligence service, compliance officers can now automate the exchange of Travel Rule data with trusted counterparties. 

The Testnet is running for 6 weeks, starting the beginning of March 2021. Participant VASPs have already successfully completed a first phase of testing on March 5th, 2021.

Pelle Braendgaard, CEO of Notabene, says:

‍Through this Testnet, participating VASPs are paving the path for the broader crypto industry. We are very happy to be working closely with their teams. They are setting a great example for companies faced with questions on how to best implement these new requirements while minimizing impact on day-to-day business. Their learnings will have a big impact ultimately on how the Travel Rule gets rolled out more widely.

The Testnet consists of simulations that mimic real-time scenarios between the participants, as well as with companies that are not part of this network. This allows VASPs to assess what new processes they need to introduce and how to deal with more complex scenarios. 

As a trusted derivatives platform and member of the FinTech community, Sparrow aims to ensure we meet regulatory compliance standards. Notabene's Testnet has given us valuable insights into implementing the Travel Rule while helping us design robust internal processes to meet regulatory requirements,

affirms Kenneth Yeo, the CEO of Sparrow.

The Testnet allows participants to perform rigorous testing of different cases. This includes performing diligence on new VASPs and setting rules to automate secure transfers between trusted parties. The goal by the end of the Testnet is for companies to be ready to roll out the Travel Rule to their Singapore operations.

Antonio Alvarez, Chief Compliance Officer at Crypto.com said:

We are thrilled to be a part of testing and implementing cutting edge compliance technology that will resonate globally. We look forward to testing how this can be scaled up in our systems with fellow VASPs.

For many companies including those participating in our Testnet, the Travel Rule extends beyond the compliance department. They recognize that the Travel Rule adds a new layer of trust to crypto transactions by lowering counterparty risk. This presents an opportunity to launch new regulatory compliant products to their customers. 

Aymeric Salley, Head of StraitsX at Xfers, says:

At Xfers and with our group of Singapore based partners, we are excited to take global leadership in providing the world's first Travel Rule compliant settlement network for Digital Assets, starting with our native token, the digital Singapore Dollar XSGD.

Apart from the established custody solution that we provide to our clients, Onchain Custodian is also actively working with the industry participants to fulfil Travel Rule requirements. As the industry grows rapidly, a secure, interoperable and efficient Travel Rule solution is vital for every participant including custodians,

comments El Lee, Chief Operating Officer of Onchain Custodian.

For the participating VASPs, Singapore is a great market to roll-out the Travel Rule first. MAS’s clear guidance and exemption periods have provided a safe environment for companies to make a head start on compliance before global roll-out. 

Sherry Goh, Country Manager of Singapore at Luno, says,

Operating in a well-regulated financial centre like Singapore has given us the opportunity to be forerunners in Travel Rule compliance. Industry cooperation is critical to its successful roll out here, and we are glad to have found like-minded partners to embark on this journey together. We look forward to seeing how the key learnings of this exercise could pave the way for an effective and consistent regulatory landscape for crypto players globally.

If you are interested in learning more about the Testnet or would like to implement the Travel Rule, please reach out to us at [email protected]. 

TL;DR - To comply with new AML/CTF requirements, crypto companies in Singapore are partnering with compliance companies like Notabene. We are deeply committed to data security and privacy, and as such, we have taken significant steps to meet MAS’s new requirements for technology service providers. We have also successfully completed an Independent Assessment from ACCESS and are working on a SOC2 Audit. Our efforts will help companies streamline the vendor assessment process and allow them to start implementing the Travel Rule quicker.

Singapore’s financial regulator, the Monetary Authority of Singapore (MAS), has been at the forefront globally in implementing a regulatory framework for crypto companies operating in the country. In short, crypto companies will need to follow similar AML/CTF requirements to traditional financial institutions. They also have to apply for a Payment Service Provider Licence (activity type: digital payment token service) under the Payment Services Act (PSA) to continue operations.

Once the first licenses are issued, it will be a boon for these businesses as it allows them to expand services to the traditional financial world. We are seeing many international crypto companies applying for licenses in Singapore to take advantage of these benefits.

Most of the focus has been on the new AML/CTF processes that licensees will have to implement such as the Travel Rule and non-custodial wallet identification. We are working closely with many Singaporean PSA license applicants to solve these issues.

There is a lot more to it than AML though. Data security, privacy, and customer protection are equally important. 

In particular, MAS requires licensees to implement the following:

• Personal Data Protection
• Outsourcing Guidelines
• Technology Risk Management

Most of these requirements are about protecting customers’ data and financial transactions. The Outsourcing Guidelines specifically deal with how regulated financial institutions in Singapore have to deal with service providers like Notabene. 

The Technology Risk Management Guidelines are a new set of guidelines issued on January 18th, 2021, and require financial institutions to assess whether third party vendors employ a high standard of care and diligence in protecting data confidentiality and integrity as well as ensuring system resilience.

Financial institutions need to assess whether technology vendors can fulfill their security obligations, and then ensure that this is reflected in legal agreements with them. During a time when companies are looking to quickly adopt new AML/CTF tools quickly, we understand that this can be a challenge and delay the procurement process.

To make this process more seamless for our Singaporean customers, we have taken the following steps:

First, ACCESS completed an Independent Assessment of our service

The report contains an assessment of various aspects of our business as required by the outsourcing guidelines, including data security and business continuity processes. Per their assessment of both the Notabene product as well as these guidelines, we satisfy the requirements put forth by MAS. 

ACCESS also engaged an external vendor  to  conduct a rigorous cybersecurity assessment of the Notabene product using the Gray Box Testing Method and then benchmarked against Open  Web Applications Security Project (OWASP) standards. The objective was to uncover vulnerabilities in our API by setting up a rogue VASP with malicious intent. No vulnerabilities were identified.

The report has been shared with MAS, FATF and IDAXA. If you are an ACCESS member, you can purchase the report here. We are able to provide a limited amount of codes that will allow you to download it at no cost. Please reach out to us for a code.

Second, we are fully SOC 2 certified

Notabene has achieved a clean SOC 2 Type II report, underscoring our adherence to top-tier security standards through robust information security measures. This accolade, coupled with AICPA's three-month evaluation affirming our compliance with key service and system standards, highlights our commitment to security and privacy. Supported by Vanta's compliance platform and our dedicated team, we ensure our product's integrity, with our SOC 2 audit report available to customers upon request.

Finally, we are one of the first third-party vendors to meet the new Technology Risk Management guidelines put forth by MAS

‍This is now reflected in a special version of our commercial agreement, which includes specific addendums surrounding personal data protection, outsourcing guidelines, and technology risk management. We are offering this as an option to Singaporean companies.

Has your company applied for the Digital Payment Token Service License in Singapore, or are you considering it? With our end-to-end Travel Rule solution, we can help you meet the latest requirements. You can reach out to us at [email protected].