Over the past year, the crypto Travel Rule has become a critical issue for many crypto businesses. Throughout 2020, companies focused on finding a solution that would allow them to transmit their customers’ data to other crypto businesses in a secure and privacy-preserving way. 

However, when you take a closer look at the Travel Rule and how its implementation impacts day-to-day business processes, being compliant requires a lot more than just data transmission.

A complete compliance solution seamlessly integrated into your product

To help crypto companies fully comply with the Travel Rule, we’re launching today a set of new tools for data collection and wallet identification. This enables businesses to integrate the Travel Rule solution seamlessly into their products.

Rather than introducing standalone, disjointed compliance measures, we offer a comprehensive tool, that allows you to comply automatically and at scale. When compliance stops being an afterthought and catch-up game and becomes an inherent part of your product, it turns into a business asset.

‍

Immediately identify which transactions fall under the Travel Rule

The Travel Rule is required only for transactions between custodial wallets. However, it’s impossible to determine the account type and owner just from a blockchain address. 

Existing blockchain analytics services can identify some of this information. Unfortunately, their research-based approach is probabilistic and can sometimes take weeks before identifying address types. This is time that compliance teams don’t have when assessing transactions, leaving room for many Travel Rule transactions to fall through the cracks.

With Notabene’s pre-built user interface components, you can collect the missing data from your users, as they initiate a payment. This lets you instantly identify the wallet type and counterparties involved in the transaction and apply necessary regulatory requirements. 

Easily collect and store data without adding friction to user experience

Until recently, most crypto businesses didn’t need to collect and store beneficiary data. The Travel Rule has changed that. This brings up many user experience, security, and data privacy concerns.

Companies must now run a complex process of analyzing every transaction that goes through their system. Then they have to ensure they gather from their customers only the minimum personally identifiable data required to satisfy regulatory rules. 

With our dynamic, data collection form, you request only the information required by relevant regulations, based on the jurisdiction, transaction threshold, and wallet type that cannot be retrieved from other sources (blockchain analytics services, etc). This not only minimizes the amount of PII businesses collect, store, and share but also helps you become compliant without sacrificing user experience.

Generate Travel Rule transfers automatically and comply at scale

After identifying relevant transactions and collecting the necessary data, Notabene creates Travel Rule transfers and automatically sends them to intended counterparty institutions. This way, most of the data transfers are generated seamlessly and in the background, freeing up your compliance officers to focus only on edge cases (which are also flagged by Notabene’s system, but that’s a different topic for another blog post :)). 

Save valuable time and resources 

New compliance requirements often create additional resource burdens on product and dev teams. For this reason, we built our data collection and wallet verification tool with developers in mind! An easy integration that’s also fully customizable gives dev teams time back, which would otherwise go towards designing, building, and testing an in-house compliance solution.

If you still want to build your own UI components (we get it!), our API allows for seamless integration directly into your front-end. 

Interested in learning more?

Book a demo today!

View the original article

Cryptocurrency businesses are working hard to meet new regulatory requirements regarding counterparty risk. Perhaps the most notable of these requirements is the Travel Rule, which is relevant to nearly all cryptocurrency businesses operating in FATF jurisdictions. The Travel Rule dictates that Virtual Asset Service Providers (VASPs), such as exchanges, must identify the originators and beneficiaries of cryptocurrency transactions initiated by their users above a certain size. In cases where the counterparty of those transactions is also a VASP, the original VASP must then transmit that user information to the second VASP.

In order to comply, VASPs need simple tools that allow them to identify transactions that meet the rule’s requirements, pull users’ KYC information, and send it to VASP counterparties as the transactions are completed. All of this needs to happen instantly to avoid compromising user experience, which is no easy task for cryptocurrency businesses processing thousands of transactions per day.

Today, we’re excited to announce that we’ve partnered with Notabene to provide a frictionless, scalable tool that does exactly that. With our integrated solution, cryptocurrency businesses can automate transactions with trusted counterparties, while providing them with the data they need to detect suspicious activity and meet their regulatory requirements. By adopting now, cryptocurrency businesses can start complying with the Travel Rule immediately, put themselves in a better position with regulators, and gain a market advantage.

Additionally, Notabene's partnership with Chainalysis has been named one of Fast Company's top 10 most innovative joint ventures of 2022! Click here to learn more.

‍

1. The Travel Rule’s requirements and challenges

The Travel Rule is meant to help cryptocurrency businesses mitigate counterparty risk and establish a source of funds for cryptocurrency received by their users. While some jurisdictions have implemented the rule differently, the version recommended by FATF says that VASPs must exchange counterparty information with one another on cryptocurrency transactions valued above $1,000 or €1,000. Specifically, the originator and beneficiary VASPs must provide each other the following:

At first glance, the Travel Rule appears to be a simple matter of transmitting counterparty information between two VASPs. But in reality, the Travel Rule requires end-to-end changes to existing compliance processes, as VASPs must identify and take action on all transactions that meet the rule’s threshold in real time. This presents significant technical challenges, especially to implement at scale, as blockchain analysis shows that roughly 12% of all VASP transactions in February 2021 — roughly 2 million transfers overall — would qualify under the current FATF recommended threshold of $1000. We lay out the technical challenges introduced by the Travel Rule below.

- Challenge 1: Identifying a Travel Rule transaction

When a customer initiates a transaction, the originating VASP needs to automatically determine whether or not the transaction meets Travel Rule requirements. That means they must:

• Determine if the transaction amount meets the Travel Rule threshold in the relevant jurisdiction(s)
• Identify whether the counterparty wallet is hosted by another VASP
• Collect any missing counterparty information
  

All of this needs to happen instantaneously.

- Challenge 2: Performing due diligence on the counterparty VASP

Once the originating VASP has determined that a transaction meets Travel Rule requirements, it must then:

• Identify the counterparty VASP
• Assess the counterparty VASP’s risk level to determine whether it’s safe to share users’ personally identifiable information (PII)
  

In assessing counterparty risk, the originating VASP must take into account the counterparty VASP’s reputation, compliance program quality, security practices, and exposure to risky entities.

- Challenge 3: Initiating and completing the travel rule transfer

Finally, the originating VASP must have an appropriate communication channel to conduct a secure data transfer with the counterparty VASP. Both VASPs must have a secure means of storing the data they each receive in order to protect customers’ privacy and prevent internal misuse of that data.  

That leaves us with two questions: Can all of these challenges be met at scale with minimal impact on transaction flow? And how can VASPs comply without introducing unnecessary friction for users?

2. With Chainalysis data and Notabene’s compliance platform, cryptocurrency businesses can follow the Travel Rule frictionlessly and at scale

Notabene and Chainalysis have partnered to help VASPs meet the challenges outlined above and comply with the Travel Rule at scale.

Here’s what we each bring to the table.

Notabene provides an end-to-end travel rule platform that allows VASPs to manage regulatory and counterparty risks at scale. With its rule-setting tools, compliance officers can automate the exchange of Travel Rule data across the cryptocurrency business’s preferred communication protocols.

Chainalysis is the blockchain analysis platform trusted by investigators and compliance teams around the world. Our platform allows cryptocurrency businesses to identify Travel Rule transactions in real time, analyze counterparty wallets, and perform instant due diligence on counterparty VASPs so that they can get the information they need to stay compliant.  

Through this partnership, Notabene customers can now use Chainalysis’s powerful blockchain analytics data to make smart decisions and set rules based on their own risk-based approach.

“Notabene’s platform provides a comprehensive, seamless, accessible offering that meets and exceeds the unique requirements of VASPs around the world,” said Chainalysis Chief Government Affairs Officer Jesse Spiro. “Through this integration, VASPs will have an additional tool for regulatory compliance, risk mitigation and data-driven decisioning.”

Users can view counterparty blockchain addresses identified by Chainalysis — including wallet type, hosting VASP, and risk score — directly on the Notabene dashboard. In addition, with Notabene’s API integration, they can automatically send or receive Travel Rule transfers based on data supplied by Chainalysis, allowing them to be Travel Rule-compliant at scale.

The Chainalysis-Notabene integration enables VASPs to meet all of the challenges necessary for Travel Rule compliance.

3. Why you should start meeting Travel Rule requirements today

Getting an early start on Travel Rule compliance signals to regulators that your cryptocurrency business is taking regulations seriously. That helps ensure your business receives its licenses on time without disrupting go-to-market strategy.

Further, as other VASPs become Travel Rule compliant, they may be forced to stop doing business with you if your compliance program isn’t up to par. By meeting Travel Rule requirements now, you can give your customers and partners the confidence to keep working with you, open up new opportunities, and gain an advantage in the market.

"In a fast-growing and increasingly competitive industry, we are seeing that crypto companies who view regulatory compliance as a market advantage are performing better. By taking action on requirements like the Travel Rule on time, they are able to unlock new opportunities: build the next suite of regulatory compliant financial products, receive licenses to operate in the biggest financial hubs, and expand their reach into new customer segments”, said Pelle Braendgaard, CEO of Notabene. “We are excited to play a pivotal role in helping companies achieve their growth plans. Through our partnership with Chainalysis, we provide crypto companies with a full solution to do compliance at scale."

Want to learn more about the Notabene-Chainalysis Travel Rule integration? Join us Monday, March 29 at 11am ET for a webinar in which we’ll explain in-depth how the integration works and show a live demo.

Want to start using the integration right away? Contact the Notabene team at hello@notabene.id.

Participating virtual asset service providers (VASPs) are preparing to roll-out compliance with the Travel Rule for the Singapore market as early as April 2021.

Notabene is excited to announce the launch of our Singapore Testnet, a testing environment created for a select group of our customers to perform Travel Rule transfers using the Notabene service. The participating companies consist of Crypto.com, Luno, Xfers, Onchain Custodian and Sparrow Tech Pte Ltd.

New anti-money laundering (AML) rules, commonly known as the “Travel Rule”, require crypto companies to share personal customer information with each other as part of a transaction. Jurisdictions around the world are implementing these rules as a prerequisite to granting operating licenses. Singapore’s MAS has been at the forefront of this. As companies rush to comply, they are faced with some practical challenges on how to trust counterparty exchanges and perform these data transfers securely and at scale. With an end-to-end Travel Rule platform, Notabene can help. With our rule-setting tools and VASP diligence service, compliance officers can now automate the exchange of Travel Rule data with trusted counterparties. 

The Testnet is running for 6 weeks, starting the beginning of March 2021. Participant VASPs have already successfully completed a first phase of testing on March 5th, 2021.

Pelle Braendgaard, CEO of Notabene, says:

‍Through this Testnet, participating VASPs are paving the path for the broader crypto industry. We are very happy to be working closely with their teams. They are setting a great example for companies faced with questions on how to best implement these new requirements while minimizing impact on day-to-day business. Their learnings will have a big impact ultimately on how the Travel Rule gets rolled out more widely.

The Testnet consists of simulations that mimic real-time scenarios between the participants, as well as with companies that are not part of this network. This allows VASPs to assess what new processes they need to introduce and how to deal with more complex scenarios. 

As a trusted derivatives platform and member of the FinTech community, Sparrow aims to ensure we meet regulatory compliance standards. Notabene's Testnet has given us valuable insights into implementing the Travel Rule while helping us design robust internal processes to meet regulatory requirements,

affirms Kenneth Yeo, the CEO of Sparrow.

The Testnet allows participants to perform rigorous testing of different cases. This includes performing diligence on new VASPs and setting rules to automate secure transfers between trusted parties. The goal by the end of the Testnet is for companies to be ready to roll out the Travel Rule to their Singapore operations.

Antonio Alvarez, Chief Compliance Officer at Crypto.com said:

We are thrilled to be a part of testing and implementing cutting edge compliance technology that will resonate globally. We look forward to testing how this can be scaled up in our systems with fellow VASPs.

For many companies including those participating in our Testnet, the Travel Rule extends beyond the compliance department. They recognize that the Travel Rule adds a new layer of trust to crypto transactions by lowering counterparty risk. This presents an opportunity to launch new regulatory compliant products to their customers. 

Aymeric Salley, Head of StraitsX at Xfers, says:

At Xfers and with our group of Singapore based partners, we are excited to take global leadership in providing the world's first Travel Rule compliant settlement network for Digital Assets, starting with our native token, the digital Singapore Dollar XSGD.

Apart from the established custody solution that we provide to our clients, Onchain Custodian is also actively working with the industry participants to fulfil Travel Rule requirements. As the industry grows rapidly, a secure, interoperable and efficient Travel Rule solution is vital for every participant including custodians,

comments El Lee, Chief Operating Officer of Onchain Custodian.

For the participating VASPs, Singapore is a great market to roll-out the Travel Rule first. MAS’s clear guidance and exemption periods have provided a safe environment for companies to make a head start on compliance before global roll-out. 

Sherry Goh, Country Manager of Singapore at Luno, says,

Operating in a well-regulated financial centre like Singapore has given us the opportunity to be forerunners in Travel Rule compliance. Industry cooperation is critical to its successful roll out here, and we are glad to have found like-minded partners to embark on this journey together. We look forward to seeing how the key learnings of this exercise could pave the way for an effective and consistent regulatory landscape for crypto players globally.

If you are interested in learning more about the Testnet or would like to implement the Travel Rule, please reach out to us at hello@notabene.id. 

TL;DR - To comply with new AML/CTF requirements, crypto companies in Singapore are partnering with compliance companies like Notabene. We are deeply committed to data security and privacy, and as such, we have taken significant steps to meet MAS’s new requirements for technology service providers. We have also successfully completed an Independent Assessment from ACCESS and are working on a SOC2 Audit. Our efforts will help companies streamline the vendor assessment process and allow them to start implementing the Travel Rule quicker.

Singapore’s financial regulator, the Monetary Authority of Singapore (MAS), has been at the forefront globally in implementing a regulatory framework for crypto companies operating in the country. In short, crypto companies will need to follow similar AML/CTF requirements to traditional financial institutions. They also have to apply for a Payment Service Provider Licence (activity type: digital payment token service) under the Payment Services Act (PSA) to continue operations.

Once the first licenses are issued, it will be a boon for these businesses as it allows them to expand services to the traditional financial world. We are seeing many international crypto companies applying for licenses in Singapore to take advantage of these benefits.

Most of the focus has been on the new AML/CTF processes that licensees will have to implement such as the Travel Rule and non-custodial wallet identification. We are working closely with many Singaporean PSA license applicants to solve these issues.

There is a lot more to it than AML though. Data security, privacy, and customer protection are equally important. 

In particular, MAS requires licensees to implement the following:

• Personal Data Protection
• Outsourcing Guidelines
• Technology Risk Management

Most of these requirements are about protecting customers’ data and financial transactions. The Outsourcing Guidelines specifically deal with how regulated financial institutions in Singapore have to deal with service providers like Notabene. 

The Technology Risk Management Guidelines are a new set of guidelines issued on January 18th, 2021, and require financial institutions to assess whether third party vendors employ a high standard of care and diligence in protecting data confidentiality and integrity as well as ensuring system resilience.

Financial institutions need to assess whether technology vendors can fulfill their security obligations, and then ensure that this is reflected in legal agreements with them. During a time when companies are looking to quickly adopt new AML/CTF tools quickly, we understand that this can be a challenge and delay the procurement process.

To make this process more seamless for our Singaporean customers, we have taken the following steps:

First, ACCESS completed an Independent Assessment of our service

The report contains an assessment of various aspects of our business as required by the outsourcing guidelines, including data security and business continuity processes. Per their assessment of both the Notabene product as well as these guidelines, we satisfy the requirements put forth by MAS. 

ACCESS also engaged an external vendor  to  conduct a rigorous cybersecurity assessment of the Notabene product using the Gray Box Testing Method and then benchmarked against Open  Web Applications Security Project (OWASP) standards. The objective was to uncover vulnerabilities in our API by setting up a rogue VASP with malicious intent. No vulnerabilities were identified.

The report has been shared with MAS, FATF and IDAXA. If you are an ACCESS member, you can purchase the report here. We are able to provide a limited amount of codes that will allow you to download it at no cost. Please reach out to us for a code.

Second, we are fully SOC 2 certified

Notabene has achieved a clean SOC 2 Type II report, underscoring our adherence to top-tier security standards through robust information security measures. This accolade, coupled with AICPA's three-month evaluation affirming our compliance with key service and system standards, highlights our commitment to security and privacy. Supported by Vanta's compliance platform and our dedicated team, we ensure our product's integrity, with our SOC 2 audit report available to customers upon request.

Finally, we are one of the first third-party vendors to meet the new Technology Risk Management guidelines put forth by MAS

‍This is now reflected in a special version of our commercial agreement, which includes specific addendums surrounding personal data protection, outsourcing guidelines, and technology risk management. We are offering this as an option to Singaporean companies.

Has your company applied for the Digital Payment Token Service License in Singapore, or are you considering it? With our end-to-end Travel Rule solution, we can help you meet the latest requirements. You can reach out to us at hello@notabene.id.

In the light of our recent fundraising round, I wanted to share some thoughts on Notabene today and on our future to help mark this important milestone for our team.

1. Our mission is to give everyone the confidence to perform crypto transactions

My co-founders and I are all big believers in the underlying mission of cryptocurrencies, DeFi, and their underlying blockchain protocols. The permissionless nature of these protocols is a requirement for them to function correctly. It also allows developers and startups to create groundbreaking new innovative products that just would not be possible in a permissioned world.

However, it is easy to forget that behind each transaction flowing through these protocols are real people and businesses. They do need to be able to make educated decisions if they want to perform a transaction or not.

I firmly believe that one of the biggest problems affecting the adoption of crypto is that most people and businesses are still finding it difficult to trust the counterparties to a transaction:

• Who sent me this BTC?
• How do I know I’m sending my ETH to the correct DeFi address?
• Is my customer who is withdrawing funds sending it to themselves, or am I inadvertently interacting with someone from a sanctions list?
• Who do I reach out to if I sent the funds to the wrong address?

For some, such as end-users, it is primarily about the risk of losing funds. Will I lose money sending a transaction to the wrong address or a fraudulent business? As someone who sent his first Bitcoin transaction in 2010, I am still worried every time I send a crypto transaction.

Regulated companies like banks and crypto exchanges also have a regulatory requirement to know with whom they are transacting, which increases the risk of doing business. This risk is present regardless of whether they send funds to their customer’s Ledger Nano or send funds to another exchange.

Sending or receiving funds to another exchange adds multiple parties to the transaction, thus substantially raising the risk. Not managing these risks can have very extreme consequences for a regulated company like an exchange. There may be fines involved, but you could also lose your license or go to jail in some severe cases.

We started Notabene specifically to help regulated companies have the confidence to send and receive more transactions on behalf of their customers. I believe this will ultimately allow broader adoption of crypto and DeFi by everybody and push the technology into mainstream usage.

This year we have seen a remarkable resurgence in Bitcoin and an incredible amount of innovation in DeFi. These two technologies, together with stablecoins, are now no longer just the talk of crypto Twitter. They have reached the top of mind for central bankers, regulators, investors, and bankers. The main reason is that the value proposition of these protocols has become so much clearer to them.

There has never been a more important time to grow the amount of value transferred through these decentralized protocols. Not just by 2x or 10x. Let’s shoot higher to 100x and 1000x.

As an early Bitcoiner, I have never felt more confident in us reaching the broad and inclusive adoption goals that we have been speaking about at conferences and on podcasts for the last ten years.

2. New global regulations are challenging for the crypto industry

Last year the global Anti Money Laundering watchdog FATF laid down a new global framework for regulating crypto businesses based on applying their existing recommendations to crypto businesses. In 2013 the US was the first country to apply its existing regulatory framework to crypto businesses. Now regulators from most major economies are figuring out how to implement this framework.

Unfortunately, in many jurisdictions, such as Singapore and the Netherlands, established companies struggle to fulfill the new licensing requirements required to continue operating.

Since its start, the crypto industry has had a problem with regulation. Regulation seems antithetical to the technology’s permissionless aspect. Also, when it comes to a decentralized protocol like Bitcoin, whom do you regulate? I, like many others, joined the space because of this promise of permissionless innovation.

3. Lack of access to financial institutions

Lacking access to the traditional financial system ended up being one of the most significant issues for many startups working with crypto. After all, how can I sell Bitcoin if my customers can’t pay for it?

Our CTO Andrés Junge launched the first Bitcoin brokerage, Yaykuy, in Chile back in 2012. The banks shut off access to Yaykuy one by one since they did not know how to manage the risk of having an unlicensed crypto exchange as a customer. They finally had to shut down. I went through something similar in Kenya with my old startup Kipochi when mPesa shut down our operational account within a week of our press launch.

In both of these cases, it wasn’t the regulators closing these startups down. It was traditional financial institutions shutting them out since they had no clear path towards regulation. More importantly, they couldn’t prove the source of funds for our customers’ transactions.

“Derisking” is the term usually used for this process of banks shutting off access. Without access to the correct tools, there is a real risk that well-regulated exchanges start derisking away transactions to less well-regulated ones.

When the last significant change in regulation happened in the US in 2013, it became a competitive advantage to actively seek out and manage relationships with both regulators and banking connections.

4. The Travel Rule gives companies the tools to manage risk

The most controversial part of the FATF framework for crypto regulation has to be the “Travel Rule,” which many saw as impossible to implement for blockchain applications.

The Travel Rule comes into effect when a regulated financial institution sends funds on behalf of a customer to an account at another regulated institution. The rule requires the sending institution to transmit information about its customer to the receiving institution, who have to take this information into account when managing the risk of the transaction.

One of the main reasons regulators require companies to implement the Travel Rule is to perform better sanctions list checking. Governments, the EU, the UN, and others create sanctions lists to list known terrorists, corrupt politicians, and organized crime members. In some cases, they include known blockchain addresses of sanctioned people, but checking only for sanctioned addresses is insufficient for compliance.

If an institution accidentally facilitates a transaction with someone on one of these lists, it can lead to fines. A lawyer friend who has advised companies accused of this calls it an extinction-level event for many unprepared companies. Defending it becomes a case of proving you have set up correct processes to avoid it.

Sanctions list checking is a requirement for both the sending and the receiving institution. Doing so based solely on public data from blockchains is impossible, so the Travel Rule sets up a new layer on top of the underlying blockchains enabling them to do so correctly.

In reality, the Travel Rule is not new, and most traditional payment systems such as SWIFT have implemented it since the 90s. When banks say they can’t trust the source of funds for crypto companies, they are typically referring to the lack of the Travel Rule.

5. How are we helping crypto businesses today?

Notabene takes a very holistic view of managing the regulatory risk of crypto transactions. Our current offering consists of a unified API and dashboard helping compliance officers within crypto businesses manage risk for both Travel Rule and regular non-custodial transactions in a single place.

While the Travel Rule is used to help regulated institutions manage risk, we also see it as an excellent way to give their end-users the confidence to transact more. We provide innovative companies with the tools to help use the travel rule to increase their transaction volume and, ultimately, revenue.

There are currently many protocols for solving the Travel Rule today. All of them help businesses involved in a particular transaction to exchange information about their customers. They also require every transacting party to be on the same protocol. This lack of a clear winner amongst all of the protocols has made it even more difficult for crypto businesses to pick just a single protocol.

From talking with leadership and compliance staff at countless crypto companies, I believe this has only caused confusion and slowed the industry’s overall implementation. Notabene provides a switch on top of them and even allows our customers to continue transacting with exchanges that aren’t yet actively implementing the Travel Rule. Our Travel Rule switch gives our customers access to by far the broadest amount of crypto businesses.

Since we launched in August, over a dozen companies, have started using Notabene for Travel Rule compliance. Ania Lipinska, our head of product, has personally had deep dives with compliance teams at over 100 different crypto businesses this year. Our team’s strong focus on their needs has made us the default choice for most exchanges looking to implement the Travel Rule. By the end of 2021, I expect the majority of exchange to exchange transactions globally to have their risk managed at least partially through Notabene.

6. Privacy concerns

Data privacy and surveillance are always subjects that rightly come up when thinking about KYC and AML. There is also a fundamental paradox between the transparent public aspects of blockchains and the goals of privacy.

Notabene helps our customers manage sensitive data about their internal business operations, including identity data about their customers. Being part of this process is a big responsibility that we take very seriously.

We designed our core architecture around privacy-preserving identity data to ensure the privacy and integrity of our customers’ data and the privacy of their end-users. We do not and will not ever maintain a global identity graph as Facebook or Google do around financial data.

My entire team is very passionate about this data privacy. We all worked together to build the framework for privacy-preserving user-centric identity at ConsenSys’ uPort project. Many of the architectural decisions we have made were specifically to ensure privacy also made our platform much more difficult to develop. We will share more about our approach to data privacy in future posts.

7. A unique international family

My incredible co-founders Alice Nawfal, Ania Lipinska, Andrés Junge, and I worked together before at ConsenSys. There we built the foundational decentralized identity platform, uPort. The technology and ideas that we pioneered at uPort now form the basis for many sizable regional identity initiatives such as the EU’s eIDAS SSI bridge, Spain’s Alastria, and the Inter-American Development Bank’s groundbreaking LACChain project.

Early this year, right before COVID-19 hit the world, the four of us decided we wanted to use our unique experience and knowledge to solve fundamental problems the crypto industry has been facing pretty much since its inception. With its seven nationalities (several dual), our five-member team is global, just like our customers. We are based in New York, Santiago de Chile, Switzerland, and Zoom.

8. We only just started on our mission

The crypto industry is continually changing. DeFi and stablecoins have shown regulators and the financial world that the basic building blocks are soon ready to replace traditional financial products.

Regulators are anxious about money laundering and fraud in these platforms and are already discussing how to apply existing rules to this technology. At the recent V20 event, FATF agreed that they have to work closely with the industry. I spend a lot of time with regulators and industry groups to help solve their concerns in ways that don’t halt innovation.

There is a lot to do if we want to enable everybody to perform crypto transactions with confidence, particularly in an industry as innovative and fast-moving as ours. We are looking for new team members who share our mission to help us get there. In particular, we are looking for technical and operational roles.

Thank you so much to our customers and investors for placing their trust in us and our mission.

We are thrilled to announce a significant milestone for Notabene — we have raised $1.765 million in venture capital led by Castle Island Ventures, joined by Green Visor Capital, Lynett Capital, Dialectic, Pardon Makumbe, and more. 

This seed round brings our total funding to date to $2.3 million with some of our early supporters including Y Combinator, Signature Ventures, Joachim Sonne, and others.

We are also excited to welcome Matt Walsh of Castle Island Ventures to the Notabene Board of Directors. Matt explains why they invested in us:

Regulatory compliance has been a barrier to entry to public blockchain assets for most financial services firms. The Notabene team has built a best in class solution that is the safest and most convenient way to immediately address these compliance requirements.

Lou Forster from Green Visor Capital adds:

Green Visor believes that compliance in the entire cryptocurrency ecosystem will be a growth area. As cryptocurrency and blockchain solutions are developed for more and more use cases, regulatory authorities will focus keenly on the sector and will demand guardrails, disclosure and oversight. Notabene is well-positioned to develop tools to address the regulatory concerns whilst influencing the regulatory process itself.

We are incredibly excited to work with these great investors and have already benefited from the great insight and experience they bring.

1. The promise of regulatory clarity is opening crypto to the world

This year, we have seen a remarkable resurgence of interest in virtual assets by central bankers, regulators, and institutional investors. Despite that interest, adoption is still only just starting to happen more broadly. Traditional-finance actors have most often noted a lack of regulatory clarity and trust in transactions preventing broader and faster adoption.  

The global Anti-Money Laundering watchdog, FATF, recently started to change this by introducing the first global regulatory framework for crypto assets. It consists of extending existing rules for financial service firms to the crypto industry. Major economies are currently implementing these rules locally by introducing new licensing regimes for crypto businesses. 

One of the most challenging requirements is the “Travel Rule”, which requires businesses to exchange customer information when performing transfers between an originator and beneficiary customer. 

The Travel Rule is not new and has been a foundation of most traditional payment systems such as SWIFT since the 90s. Implementing it will not only allow crypto businesses to receive operating licenses but will also open up banking relations with traditional financial service firms. This can have a serious positive business impact.  

Complying with these new rules is quickly becoming a major competitive advantage. One of our clients, Wirex, is the first crypto native platform to have received MasterCard principal member status. Wirex CEO Pavel Matveev says: 

One of Wirex's key value propositions to customers is remaining secure and compliant with any regulatory changes, including the Travel Rule. The simple fact is that Travel Rule compliance will be a must for companies like Wirex going forward. In Singapore, it's already a requirement and we are working with local providers to integrate Travel Rule compliance there. Likewise in the US, Wirex is regulated as a Money Service Business with Fincen, and we are exploring solutions to ensure compliance with Fincen rules. Regulatory compliance is a top priority for us, as ultimately it ensures we can continue to provide quality services to our customers.

2. How we are helping crypto businesses today

We started Notabene with a mission to give people and businesses more confidence in crypto transactions. Our CEO, Pelle Braendgaard, explores our mission and product vision in this blog post. 

We take a holistic view of managing the regulatory risk of crypto transactions. Our current offering consists of a unified API and dashboard helping compliance officers within crypto businesses to manage risk for both Travel Rule and non-custodial transactions. We provide our customers with access to the widest reach of crypto businesses for them to interact with. Notabene does more than simplify compliance for them. We also bring more confidence to transactions on their platforms - ultimately helping them grow the number of their transactions and, thus, revenue. 

We believe in the importance of data privacy and are deeply committed to it, just like our customers. Our founding team has worked together before at uPort (ConsenSys) to build the framework for privacy-preserving, user-centric identity. We started Notabene bringing this prior knowledge and expertise to help the crypto industry solve these new regulatory burdens the right way - without compromising privacy. We have built our core architecture around privacy-preserving identity data, and customer data is always segregated and encrypted.

Since we launched our product in August, over a dozen companies have started using Notabene for Travel Rule compliance. We have had deep dives with compliance teams at over 100 crypto businesses. This strong focus on their needs is quickly making us the default choice for exchanges looking to implement the Travel Rule. By the end of 2021, we expect a significant portion of exchange-to-exchange transactions to be managed through Notabene.

3. What is next for Notabene

The crypto industry is rapidly evolving, and innovation must be allowed to continue as it already has. However, we need to channel this innovation into safe products that can be used by everyone. 

With our current momentum and this new funding, we’re excited to continue simplifying compliance for the crypto industry. The new investment will help us grow our traction among crypto businesses and extend our market to meet the needs of traditional financial institutions. We will also introduce an offering for service providers operating with Defi and layer 2 technologies, as they develop increasingly acute risk management needs.

As we continue to build out our platform, we will be growing our team. 

Thank you to our investors, customers and partners for joining us on this journey. It is only the beginning!

Merkle Science, a leading provider of blockchain transaction monitoring and intelligence solutions, has partnered with Notabene to help companies dealing with cryptocurrencies comply with the Travel Rule. Notabene is a compliance platform designed to bridge crypto markets with traditional financial systems. The company helps financial service companies comply with new crypto regulations coming into effect such as the Financial Action Task Force’s (FATF) Travel Rule for virtual asset service providers (VASPs). 

What’s the Travel Rule

FATF, a global intergovernmental organization to combat money laundering and terrorism financing, announced in June 2019 that its Recommendation 16 — which relates to the inclusion of sender and beneficiary information during wire transfers — would also apply to Virtual Asset Service Providers on cryptocurrency transactions. This guideline is commonly referred to as the crypto Travel Rule and is currently being implemented and enforced locally by the FATF’s members in their jurisdictions. For instance, the Monetary Authority of Singapore (MAS) has enacted this rule as part of its Payment Services Act, which went into effect on January 28, 2020. VASPs are required to be compliant with this new rule or face consequences including not receiving a license for continued operations in a jurisdiction, receiving fines, or being shut down. To comply, VASPs need to solve for multiple technical and operational challenges:

• Identifying who’s behind a blockchain address, and assessing the risk associated with the transaction.
• If it is a custodial address, performing due diligence on the counterparty VASP.
• Sharing customer information with the counterparty in a secure way.

Why the Merkle Science and Notabene Partnership is Crucial for VASPs

Merkle Science and Notabene have partnered to help VASPs comply with the Travel Rule and local anti-money laundering regulation. Notabene provides a comprehensive travel rule solution for VAPSs, allowing them to easily perform due diligence on counterparties and securely share customer information. Through a product integration with Merkle Science, compliance officers at VASPs who use both services will be able to better assess the risks of counterparty VASPs and blockchain wallets. They would be able to view risk scores in the Notabene platform and set rules to manage these transactions accordingly.

“Complying with local as well as international crypto crime prevention regulations is now a mandatory criterion for VASPs. Our partnership with Notabene is aimed at making regulatory compliance seamless for VASPs and financial institutions. The joint platform will enable organizations to effectively manage high-risk transactions, customize transaction monitoring rules according to local laws, seamlessly download and file STR/SAR reports, and comply with stringent regulatory requirements,” said Mriganka Pattnaik, Co-founder and CEO of Merkle Science, on the occasion.

“Juggling regulatory compliance while enabling growth into new markets is quickly becoming a competitive advantage among VASPs. The new global regulatory framework from FATF is becoming not only a requirement to do business, but also opens up a wider segment of retail and institutional customers. We believe that holistically managing risk around crypto transactions will end up enabling businesses to increase their transaction volume. We are excited to work together with Merkle Science on helping our customers manage regulatory requirements and transaction risk,” explained Pelle Braendgaard, Co-founder and CEO of Notabene, about the potentials of the partnership.‍

About Merkle Science ‍

Merkle Science provides blockchain transaction monitoring and intelligence solutions for cryptoasset service providers, financial institutions and government agencies to detect, investigate and prevent the use of cryptocurrency for money laundering, terrorist financing, and other criminal activities. Merkle Science is headquartered in Singapore with offices in Bengaluru, Seoul, and Tokyo and backed by Digital Currency Group, Kenetic, SGInnovate, and LuneX.‍

About Notabene‍

Notabene helps crypto asset service providers and other financial institutions manage risks around transactions by intelligently combining identity data around their customers and financial counterparties. This allows their customers to implement the new requirements of the FATF Virtual Assets guidelines including the Travel Rule and ownership proofs of blockchain accounts. Notabene is a Y Combinator company and has offices in New York, Zürich, and Santiago de Chile.

FATF's Recommendation 16, informally called the Travel Rule, requires VASPs (Virtual Asset Service Providers) that transact with each other to exchange relevant customer information. However, before they can even begin transferring data and funds, they first have to identify and perform due diligence on each other.

In response to the new regulations, multiple industry groups are building different protocols that focus on secure VASP-to-VASP information-sharing. While much needed, these protocols work under the assumption that all companies will be using the same protocol. We can already see that this single-protocol future is still a long way off, if at all ever possible. 

1. Companies are forced to implement multiple protocols to operate in a truly global fashion and interact with any VASP. 

Even then, the lack of an overreaching cross-protocol framework still poses critical challenges:

Let’s suppose an Originator VASP wants to send customer information to a Beneficiary VASP.

• ‍How does the Originator know which protocol(s) the Beneficiary supports?

To exchange customer information, the Originator VASP must first figure out if they and the Beneficiary VASP support any common protocols. If they do, then they have to determine each others’ unique VASP identifiers. These are created to enable VASP-to-VASP discovery and establish a secure communication channel. The challenge is that there is not a universal VASP identifier, and protocol-specific identifiers work only within their particular network. 

• ‍How does the Originator verify a Beneficiary? 

Even when the VASPs find a common protocol and identify each other within that network, to fully comply with the Travel Rule, they’re still required to due diligence each other. Such business-to-business verification often results in a burdensome back and forth between compliance officers that can take up to 6 weeks.  

2. Notabene created a free, public-data network for all VASPs, regardless of which Travel Rule protocol they support. 

The Notabene Network allows companies to search for counterparties and easily determine which, if any, Travel Rule protocol they are using. It also provides access to relevant business information, helping counterparties build trusted relationships and take first steps towards Travel Rule compliance.

Using Notabene's VASP Network, companies can:

• Create their VASP profile, so it's easily discovered by counterparties 
• Search for other VASPs and view their incorporation, licensing and registration information 
• Determine which Travel Rule solutions counterparties are using  
  

3. First steps towards Travel Rule compliance with VASP verification

Many businesses worry (and rightfully so!) that complying with the Travel Rule will significantly slow down both incoming and outgoing transactions. 

Currently, it takes time and resources to identify and get in touch with a Beneficiary VASP. And after that, compliance officers on both sides are still wrapped up in an endless back and forth to gather the necessary information for accurate risk assessment.

With Notabene's public network, a compliance officer can simply look up a business and quickly access verified information about them. To help perform due diligence even faster, we introduced three verification levels:

• Verified by Notabene: Every VASP that creates or claims their profile has their business details vetted by the Notabene team. After ensuring data accuracy, the VASP receives a "Verified by Notabene" badge. Remember though, while we can verify information about a VASP, it is always up to a VASP to make the decision if they want to do business with them.
  

We will be adding third-party providers specializing in business identity verification. Contact us if you're interested in this type of partnership. 

• Pending Verification: After a VASP creates or claims their profile, we confirm its accuracy. During this time, the VASP has a "Pending Verification" status. If there are any questions or issues, they must be resolved before we provide the "Verified by Notabene" badge.
  

• Not Verified: This designates a VASP profile that we created based on publicly available data. Because this profile is unclaimed and Notabene cannot fully verify its accuracy, "Not Verified" provides some information but is not at the same level as a fully vetted profile with the "Verified by Notabene" badge.
  

4. Travel Rule protocols directory

When VASPs create or claim a profile, we also ask them to provide a list of Travel Rule protocols they use and relevant VASP identifiers. This way, an Originator VASP can easily determine which protocol they should use to transfer customer data to a Beneficiary VASP securely.

5. The goal of the free and open VASP directory is to address the challenges of multiple Travel Rule protocols and to build a trusted network of verified crypto businesses. 

We hope to bring the community together in efforts of making compliance easier, regardless of the technical solutions each individual company supports.  

As the extension of that mission, Notabene’s Travel Rule compliance platform enables a seamless cross-protocol data exchange between VASPs by supporting all major protocols. This allows our customers to not be limited by any one protocol, and send / receive transfer requests with all their counterparties. In addition, companies using Notabene can streamline their counterparty due diligence process even further, beyond the public business information available in the directory. Our platform allows VASPs to securely share private data with each other for further diligence and quickly establish bilateral relationships for Travel Rule transactions.

6. Notabene’s directory is a community-driven initiative. 

As you create your profile, contact us with any input or suggestions you may have. We’re looking forward to hearing how we can make it better for you and your business partners.

We invite organizations from the space to partner with us to build a truly global network of crypto companies. Interested? Contact us. 

We're excited to announce that Notabene is a part of Y Combinator's Summer 2020 batch! 🎉

At Notabene, we help financial companies comply with the latest crypto regulations that came into effect in June. The urgency in the market and participation at YC made the last three months quite a ride! 

Y Combinator is a Silicon Valley-based,  globally-known fund that invests twice a year in early-stage startups. Besides financial support, YC offers its portfolio companies advice and resources to help them go from "great idea" to "market-leading business." It's a recipe that's worked well for alumni like Stripe, AirBnB and Dropbox.  

These last three months at YC have been invaluable and highly rewarding. We learned first-hand from the founders of top companies like Stripe and Brex, as well as leading investors, marketers, and YC partners. We're beyond grateful for the opportunity and will remember this as a time full of incredible lessons and advice from our group partners: Tim Brady, Aaron Epstein, and Kevin Lin.

During our time at YC, we launched our first commercial product and onboarded key customers - compliance officers at crypto companies. Thanks to our unique technology solution, users are able to comply with the most pressing regulation in the space, the Travel Rule, from day one. Notabene enables digital asset providers to save time and money on complex technical integrations and multi-protocol interoperability challenges. The financial sector spends today $180B on compliance costs. As crypto building blocks continue to gain adoption in the financial sector, we aim to serve the market's compliance needs.

We’ve received great initial feedback from our users and are excited to continue building a platform that helps companies transfer crypto assets in a compliant way. We believe this will fuel the growth of the industry and bring crypto to the world's financial markets.   

YC has been a special experience and with a clear roadmap ahead, we’re excited to see what the future brings 💚.

It’s been a year since the FATF (Financial Action Task Force) released comprehensive guidelines for crypto companies to implement anti money-laundering processes for virtual asset transactions. In July 2020, FATF recognized in its annual review (we summarized it for you here) that many companies have demonstrated willingness and effort to implement the Travel Rule into their day-to-day business.

1. Travel Rule brings many challenges into the crypto world.

While the crypto industry has made significant stride toward proposing technical solutions for the Travel Rule, crypto companies still face many challenges when it comes to implementation of the guidelines:

• ‍Lack of interoperability between protocols: Multiple Travel Rule protocols lead to interoperability issues where one VASP (Virtual Asset Service Provider) cannot transact with another because they’re supporting different protocols.‍
• Time spent on integration: Companies need to spare weeks of development effort to integrate with a protocol and maintain it over time. As a consequence of the issue mentioned above, many companies might be forced to implement more than one protocol. This leads to a lot of development resources spent on compliance, which otherwise could have been spent building the core business product.‍
• Change of internal processes and user flows: In many cases, Travel Rule implementation forces companies to introduce significant changes to their user flows. Until there are Travel Rule solutions broadly adopted, it’s difficult to predict at this point how seriously those changes will impact businesses’ internal processes and user experience. ‍
• Waiting on the sidelines: High implementation costs lead to a situation where VASPs are waiting on the sidelines to see which solution other VASPs will choose. Obviously, no one wants to invest in implementing a protocol that no one else uses. This is an issue because it delays compliance with the Travel Rule.‍
• Pressure from local regulators: The challenges above are causing delays in adoption. Local regulators in multiple jurisdictions are starting to pressure companies to move forward with integrations and prove that they are working towards Travel Rule compliance.
  

2. Notabene’s TR:Now as a jumpstart towards compliance

To help companies overcome challenges related to implementation of the Travel Rule, Notabene built TR:Now, a lightweight email-based solution that helps VASPs comply from day one.

TR:Now consists of sending Travel Rule requests to any VASP via email, regardless if they have implemented the Travel Rule or not. The counterparty VASP can then access IVMS-101 Originating Customer information via a secure dashboard. We built TR:Now based on demand from compliance teams to start testing Travel Rule flows within their systems and to show regulators that they are taking steps toward compliance.

This lightweight solution has the following benefits:                

• ‍No need to decide on a protocol yet‍

TR:Now does not require companies to be on a protocol yet, so it solves the chicken/egg problem of implementing the Travel Rule. VASPs can start securely exchanging data between each other regardless of which protocol they use or if they don’t use any protocol.          

• ‍Easy jumpstart to future protocol integrations 

The originating and beneficiary customer data is stored in IVMS101 format (industry technical standard), and securely saved on the dashboard. This solution acts as a bridge to the TRP protocol and OpenVASP.

• ‍Fast onboarding, no technical work required 

To use TR:Now, compliance officers just need to create their VASP’s profile and they're ready to go. There is no need to involve developers to implement APIs into the backend or make changes to existing user flows.

• ‍First step towards compliance

TR:Now allows compliance officers to test and learn about the potential impact of the Travel Rule on their daily operations and user flows. It already comes with built-in counterparty verification, helping compliance teams perform due diligence on other VASPs. By using TR:Light, they familiarize themselves with these new processes and can start planning ahead how to create more seamless flows for their business. In addition, this could serve as proof to local regulators that a VASP is taking its first steps towards Travel Rule compliance.    

If the challenges above sound familiar, contact us to learn more about TR:Now.

In June 2019, the Financial Action Task Force (FATF) released a global regulatory framework for the crypto industry. One year later, on July 7th 2020, FATF released a report containing a 12-month review and assessment that measures implementation of these guidelines by jurisdictions and the private sector.

This report highlights a number of issues that regulators and representatives from the private sector have raised during implementation and asked for greater clarity and guidance on them. We have summarized these issues below. To shed more light on these issues and how to resolve, FATF is likely to introduce additional guidance by October 2020. 

1. Definitions in the FATF guidelines

• Increased guidance on the definition of virtual assets - For example, stablecoins can be categorized as traditional financial assets but built with virtual asset technologies. Under which AML/CFT regime should they be regulated? 
• Clarification on the scope of VASP activities (eg safekeeping and/or administration of virtual assets) - This can help increase consistency across jurisdictions in terms of which companies are regulated as VASPs.

2. Transacting with non-custodial wallets

• Gap in tracing illicit flows of crypto - Some jurisdictions raised concerns that if non-custodial wallets remain unregulated, they may represent “a leak in tracing illicit flows of virtual assets”. However, FATF has reported that currently there isn’t sufficient evidence that they present a lot of risk and will continue to not cover them for the time-being.
• Anonymous P2P transactions are a concern - If a ‘privacy coin’ gains wide mass adoption, then FATF will study the prevalence of non-custodial wallets associated with it and reassess whether this constitutes a threat to existing ML/TF regimes.

3. Identifying VASPs for registration and licensing

• Many jurisdictions are requiring the regulation of VASPs not only incorporated in their countries but also operating there or selling services to their citizens. Some jurisdictions have reported challenges identifying which VASPs should be regulated and by whom. 
• In particular, they are interested in what approach they should take with VASPs operating from overseas but selling to their citizens. They are interested in identifying who the ‘right’ regulatory authority is for these VASPs, especially if they were decentralized and had no home country. 

4. Travel rule implementation

• Identifying counterparty VASPs and performing due diligence in a timely manner remains a challenge. In particular, concern has been raised about difficulty in identifying if a VASP is registered / licensed by a jurisdiction with adequate AML/CFT regimes. A proposed way forward is a ‘global list of VASPs’, but in theory is difficult to implement due to a number of reasons, including maintaining accurate and secure information and who governs and supervises this list.
• Concerns with how to deal with transactions with non-custodial wallets - There are challenges identifying whether a wallet is non-custodial. VASPs would like more clarity on whether they are allowed to transact with non-custodials, and what AML/CFT requirements they should put in place to mitigate risks.
• Guidance on frequency and timeliness of travel rule information sharing - Some VASPs requested whether they can do batch data submission of transfers, submit travel rule data at a later time (end of day, in 5-6 days) instead of immediately, and whether they have to do travel rule for past transfers.
• Interoperability of travel rule solutions - Common messaging standards will need to have built-in flexibility to accommodate for changes in privacy or AML/CFT standards across jurisdictions
• Sunrise issue - VASPs are not sure yet how to deal with VASPs in jurisdictions that do not yet mandate travel rule guidelines.

In June 2019, the Financial Action Task Force (FATF) released a global regulatory framework for the crypto industry. One year later, on July 7th 2020, FATF released a report containing a 12-month review and assessment that measures implementation of these guidelines by jurisdictions and the private sector.

To read a summary of the report, check our blog post: “Time is running out to implement the travel rule, says FATF in its 12-month review”.

In this review, FATF found that there has been substantial progress made by jurisdictions in implementing the revised FATF standards. It is important to note that these assessments are based on members’ self-assessment and not any official FATF assessment. It also found that the private sector has made progress in working on the travel rule, but will need to focus on implementation and interoperability going forward.

Marked progress by jurisdictions 

35 out of 54 reporting jurisdictions have now implemented the revised FATF standards. Of these, 3 jurisdictions have prohibited VASP operations altogether. Meanwhile, 19 jurisdictions have not yet implemented a regime, and wide variation exists in terms of progress. 2 out of the 19 plan to prohibit VASP operations, and 4 are still undecided. The below chart outlines the state of implementation across jurisdictions.

Among the 32 jurisdictions who decided to regulate VASPs, it is noteworthy to point out that implementations vary across:

• A majority introduced new legislation for virtual assets. However, a smaller number of jurisdictions decided to extend current existing AML/CFT guidance to cover VASPs. 
• No common terminology exists for virtual assets and VASPs among these jurisdictions, with at least 11 different terms reported for VASPs. 
• 18 jurisdictions have introduced registration requirements, and 12 have introduced licensing regimes. These requirements generally apply to VASPs who are incorporated in their countries, but also apply in many cases to VASPs selling products/services in their jurisdictions even if incorporated overseas (18 VASPs) or VASPs operating from their jurisdiction (20 VASPs). So far, 20 jurisdictions have reported a total of 1,133 registered or licensed VASPs.
• 15 jurisdictions have started conducting on- and/or off-site inspections of VASPs and 8 reported that they have already imposed sanctions on VASPs for noncompliance with existing guidelines. 
  

These emerging complex and non-uniform regulatory landscapes present challenges for VASPs looking to be regulated. 

Increased readiness by the private sector for Travel Rule compliance

The FATF acknowledges progress by the private sector in developing comprehensive technological solutions for the Travel Rule, but notes that none is yet widely adopted. This has delayed the introduction of travel rule guidance by jurisdictions, with only 15 jurisdictions having implemented the travel rule. However, FATF believes that jurisdictions should not wait any longer to fully implement AML/CFT obligations for VASPs, including the travel rule, and calls on the industry to “redouble its efforts towards the swift development of holistic technological solutions encompassing all aspects of the travel rule”.

FATF is technology-neutral, and is supportive of industry efforts to develop technical standards like messaging standards that allow interoperability among the different solutions.

What happens next?

Going forward, FATF expects all of its members and its broader global network of FATF-Style Regional Bodies (FSRBs) to have fully implemented these guidelines by June 2021. It also expects the virtual asset industry to be compliant with the travel rule. FATF will be releasing additional guidance by October 2020 to shed light on any issues that have arisen in implementation.