‍

In June 2023, the Financial Action Task Force (FATF) published a Targeted Update report on the global state of Travel Rule adoption. The report stressed that the Travel Rule must be applied before a crypto transaction occurs. Yet, insights from our study published in April 2023 revealed that nearly 40% of companies reporting compliance are not fulfilling their obligations before the crypto transaction occurs.

In this second installment of a three-part series, we discuss why Travel Rule compliance is a pre-transaction requirement, the current industry compliance gaps. The final article in the series addresses how Notabene's SafeTransact helps VASPs achieve pre-transaction compliance.

‍

FATF’s Pre-Transaction Compliance Requirement

In its June 2023 Targeted Update report on the worldwide Travel Rule adoption, the FATF emphasized the necessity for Travel Rule compliance before the crypto transaction occurs. In the report titled “Virtual Assets: Targeted Update on Implementation of the FATF Standards,” the FATF revealed vital insights on the global enforcement of the Travel Rule, disclosing minimal progress, with three-quarters of surveyed jurisdictions found to be ‘only partially’ or ‘not compliant’ with its requirements for VAs and VASPs.

The report underscored instances of post-transaction compliance as a form of non-compliance. It stressed the urgency of immediately submitting originator and beneficiary information to the Beneficiary VASP or financial institutions before, simultaneously, or concurrently with the transaction. [1] This order of operations facilitates sanctions screening of the counterparty at or before the time of the transaction. It allows VASPs the chance to stop transfers with sanctioned persons or entities.

‍

Key Trends from Notabene’s 2023 State of Crypto Travel Rule Compliance Report

Notabene conducts an annual review to comprehensively assess the virtual asset industry's compliance efforts with FATF’s virtual asset Anti-Money Laundering (AML) guidelines. The 2023 State of Crypto Travel Rule Compliance survey ran from December 2022 to January 2023, covering 69 VASPs and financial institutions globally, and yielded the following results:
‍

‍Increased compliance efforts

^‍

Compared to the 2022 survey, the number of VASPs reporting 'already compliant' doubled, marking a 117% increase (11% in 2023, compared to 23% in 2023).

Limited increase in pre-transaction compliance

Although the number of VASPs reporting 'already compliant' doubled from last year, only 20% of VASPs send Travel Rule information pre-settlement (up by 50% from last year’s 13%).

This data reveals a disparity between assertions and actions, as well as confusion around what‘ fully compliant’ means.

‍

Post-transaction compliance dominates

The study highlights that 37.5% of firms performing Travel Rule meet the requirements only after completing transactions, which goes against the FATF's instructions.

While showing progress, these findings accentuate the need for local regulators to clarify that the Travel Rule is a pre-transaction obligation, a clarification reinforced by the FATF in its June 2023 update.

‍

Balancing Speed and Compliance in Cryptocurrency Transactions: The Challenges of Implementing the Travel Rule

The purpose of the Travel Rule is to ensure that appropriate checks and balances are in place before a transaction is initiated. To fulfill the goals of the Travel Rule effectively, the Beneficiary VASP should have sufficient time to scrutinize the transmitted information. Suppose instantaneous settlements take place without giving the VASP adequate time to react. In that case, it might hinder their ability to conduct essential due diligence tasks, such as matching the beneficiary's name and performing sanctions screening before the funds are received.

In some cases, VASPs might not have enough time to release the funds to the end customer, depending on the systems in place.
‍

Traditional SWIFT payments, characterized by their clearance times that span several days, give banks the luxury of time. They can share data and perform comprehensive checks before the transaction is initiated. This time factor is a significant difference between traditional and crypto transactions. Most cryptocurrency transactions occur instantaneously and are irreversible, leaving little to no room for pre-transaction checks. 

In the context of Travel Rule compliance, this characteristic of crypto transactions poses a unique problem for VASPs. It takes longer for VASPs to develop a compliance strategy that can effectively detect and halt illicit activity without impacting transaction speed or volumes. Therefore, the challenge lies in creating a compliance system that allows for comprehensive pre-transaction checks while still maintaining the speed and efficiency inherent to cryptocurrency transactions.

‍

Notabene’s SafeTransact: Solving Crypto Pre-Transaction Decision-Making

Notabene welcomes the FATF’s clarification that Originator VASPs must submit originator and beneficiary information before or concurrently with the crypto transaction. We’ve designed SafeTransact: The Crypto Pre-Transaction Decision-Making Platform to enable VASPs to Identify and stop high-risk activity before it occurs.

‍

Notabene’s SafeTransact offers a secure, holistic view of crypto transactions, enabling customers to automate real-time decision-making, perform counterparty sanctions screening, identify self-hosted wallets, and complete the smooth rollout of global Travel Rule compliance in line with global regulations.

‍

{{cta-learnmore3="/cta-components"}}

‍

Four years after the Financial Action Task Force (FATF) introduced the Travel Rule for crypto assets,  there has been significant progress in its adoption by virtual asset service providers (VASPs) and jurisdictions. 

However, gaps remain: only dozens of jurisdictions have enforced it, and among those where it is enforced, its adoption by VASPs is often post-transaction and does not meet the full requirements. To address these gaps, FATF launched an action plan with 200+ member states to accelerate the global implementation of the Travel Rule, in February 2023. The G7 also confirmed its commitment to speed up the enforcement of the Travel Rule in May 2023. 

This is the first article in a three part series that discusses the importance of fulfilling Travel Rule obligations before transactions, the pre-transaction decisions a VASP must make to comply, the current industry compliance gaps, and how Notabene's platform can help VASPs achieve pre-transaction compliance.

‍

The Importance of Pre-Transaction Decision-Making in Crypto Transactions

Complying with the FATF's crypto Travel Rule requires that VASPs adopt compliance processes to prevent funds from ending up in the hands of bad actors. That is only possible when the entire process is carried out before the transaction settles on the blockchain, providing a VASP with the ability to take necessary actions if suspicious activity is detected. 

FATF’s Interpretive Note 15-7b explicitly states that Travel Rule compliance solutions must ensure the submission of both originator and beneficiary information immediately or before an on-chain transaction. [1] Furthermore, FATF says why this is critical in Recommendation 16, laying out the different actions that a VASP should consider if suspicious activity is detected with the Travel Rule: 

“Providers in this space must comply with the requirements of Recommendation 16, including the obligation to obtain, hold, and transmit required originator and beneficiary information associated with VA transfers in order to identify and report suspicious transactions, take freezing actions, and prohibit transactions with designated persons and entities.” [2]

Before the Travel Rule was implemented, VASPs had limited means to gauge the ML/FT risk of counterparties. While many VASPs started using blockchain analytics tools to perform pre-transaction checks, it became increasingly evident that suspicious actors could circumvent those checks by creating new wallets. 

‍

‍

The Travel Rule now mandates VASPs to gather, screen, and share originator and beneficiary data before approving transactions above certain thresholds, ensuring transactions only occur with trusted counterparties. VASPs could unwittingly aid transactions to sanctioned individuals or malicious entities without these pre-transaction checks and data exchange.

When the Travel Rule is implemented correctly and carried out pre-settlement, VASPs can use Travel Rule solutions to identify and stop potential illicit transactions before they are settled.

For the first time in crypto history, we can prohibit transactions with unlawful and sanctioned entities and reduce on-chain risk. Compliance with the new anti-money laundering (AML) requirement —the Travel Rule —is the first chance for VASPs to capitalize on pre-transaction counterparty risk management. 

‍

{{cta-learnmore3="/cta-components"}}

‍

What are the Key Pre-Transaction Decisions in a Compliant Crypto Transaction?

Compliant crypto transactions involve several crucial pre-transaction decision-making steps. These steps differ based on whether the transaction is between two VASP-hosted wallets or involves a self-hosted wallet. Below, we dive into both scenarios.

Transactions between two hosted wallets 

For transactions between two hosted wallets, the Originator VASP must perform multiple pre-transaction compliance checks to ensure the transaction details satisfy their compliance process. 

The Originator VASP must tie the results from the Travel Rule decision points to the transaction outcome: to approve or block the transfer or take other actions like filing a suspicious transaction report. In the example above, if all the decision points are in the clear, then VASP 1 would allow the transaction to go through. But if, at any point, there is a cause for concern, the transaction can be blocked from going through or, at the minimum, flagged for further review.

Meanwhile, the Beneficiary VASP must confirm that the Originator VASP and Originator Customer (Alice) are low-risk by carrying out pre-transaction compliance checks before approving or denying the incoming Travel Rule transfer. If anything raises a concern, the Beneficiary VASP must be ready to take action, such as freezing the transaction if the funds were already transferred.

‍

Transactions between a hosted and self-hosted wallet

Contrary to common perceptions, the Travel Rule applies to both VASP-to-VASP and self-hosted transactions. FATF's Updated Guidance [3] brings AML across all transactions, including self-hosted wallets. During transactions with self-hosted wallets, Originator VASPs must collect the beneficiary's name and perform some compliance pre-transaction checks—at minimum. Further de-risking actions such self-hosted wallet ownership proofs are also required in some jurisdictions. 

‍

How Notabene Customers Leverage SafeTransact for Effective Pre-Transaction Decisions

During our yearly study, the 2023 State of Crypto Travel Rule Compliance Report, we found that 37.5% of VASPs reporting to be Travel Rule compliant are fulfilling their compliance obligations post-transaction. Post-transaction compliance does not effectively mitigate risk. 

To address these issues, Notabene has developed SafeTransact, a first-of-its-kind pre-transaction decision-making platform for the cryptocurrency industry that enables VASPs to conduct real-time risk assessments of involved parties before transaction settlement. 

‍

Unlock Effective Pre-Transaction Compliance: Download the Key Takeaways

Ensure your VASP meets the FATF’s Travel Rule requirements with Notabene’s SafeTransact. We've gathered all you need to know about pre-transaction decision making into one document. It covers into the key pre-transaction decisions necessary for compliant crypto transactions and showcases how our SafeTransact platform can help you mitigate risks before they occur.

Download the Guide Now to stay ahead in crypto compliance and secure your transactions against illicit activities.

‍

One of the major challenges in crypto regulation has been to link new categories of assets and services and the legal definitions of what qualifies as regulated assets and services. Non-fungible tokens (NFTs), stablecoins, and decentralized finance (DeFi) remain gray areas subject to evolving regulatory perspectives.

This article, taken from our 2023 State of Crypto Travel Rule Compliance Report, provides a side-by-side comparison of the Financial Action Task Force's (FATF) and the European Union's (EU) regulatory stances on NFTs.

What are NFTs?

NFTs are unique digital assets tokenized on a blockchain and have distinct identification codes, and metadata. Users can trade NFTs for fiat money, cryptocurrencies, or other NFTs based on their value determined by the market and owners. NFTs are challenging to classify and regulate due to their various possible configurations.  The entire crypto market took a hit in 2022, and NFTs were no exception, as noted in the chart below.

NFTs were the subject of several regulatory and legal interventions and initiatives in 2022, ranging from insider trading cases to intellectual property qualifications and advertisement restrictions. By way of example, we provide highlights below. N.B. The dates accompanied by a clipboard icon indicate a document a regulator produced.

NFT Legal & Regulatory Spotlight in 2022

• June 1, 2022 - A former employee of OpenSea (an NFT marketplace) was charged in the first digital asset insider trading scheme with accusations of wire fraud and money laundering.
• June 23, 2022 📋 - The European Union Intellectual Property Office (EQUIPO) clarifies how they classify NFTs, incorporating the term “downloadable digital files” authenticated by non-fungible tokens in Class 9.
• November 29, 2022 - The European Parliament hosted a meeting with NFT and metaverse experts. Industry representatives suggested policymakers regulate use cases rather than technology.
• December 21, 2022 - The UK's Advertising Standards Authority ruled against Crypto.com and Turtle United's NFT advertisements for not disclosing investment risks.

Crypto Travel Rule and NFTs

The FATF and EU have divergent, nuanced perspectives on NFT regulation, including varying. classifications and approaches. The primary distinction revolves around whether an NFT is considered a Virtual Asset (VA), which depends on usage and characteristics. The disparities mainly arise from differences in evaluation criteria and the circumstances determining VA status. The following sections provide an overview of the FATF's and EU's general positions on NFTs as VAs and if they consider NFT-related activities as covered by the regulation. Additionally, we discuss notable developments and essential considerations from the FATF and EU.

FATF vs. EU: General Stance on NFTs

FATF: FATF generally does not consider NFTs as VAs; however, the classification can depend on the nature and purpose of the NFT. It suggests governments evaluate each NFT case-by-case based on its intrinsic characteristics rather than the terminology used in its marketing. 

According to the FATF, an NFT would be classified as a VA if it's used primarily for payment or investment and has features that make it either fungible or not unique, such as the fractional parts of a unique crypto-asset, or if it's issued as part of a large series or collection. [1] 

EU: On the other hand, the EU’s stance, particularly reflected in the MiCA (Markets in Crypto-assets Regulation), maintains that unique crypto-assets like NFTs, digital art, and collectibles are excluded from its scope. [2]

In the EU, the uniqueness of the crypto-asset and the value it brings to the holder, and its non-fungibility determine whether or not it falls within the regulation. Like FATF, the EU encourages authorities to adopt a substance-over-form approach, emphasizing the asset's features over the issuer's designation.

‍

FATF vs EU: Is an NFT a Virtual Asset?

FATF: An NFT is not a VA if used as a collectible rather than for payment or investment. However, it is considered a VA if used for payment or investment or if its unique features become fungible.

EU: In contrast, the EU excludes unique and non-fungible crypto assets, like NFTs, from the VA classification. However, if an NFT's de facto features or uses make it either fungible or not unique, it may be considered a VA.

‍

FATF vs. EU: Are NFT-Related Activities Regulated? 

FATF: In its Money Laundering and Terrorist Financing in the Art and Antiquities Market report, the FATF recognizes that “markets for digital art, non-fungible tokens (NFTs), and art finance service providers all have intrinsic characteristics that expose them to different money laundering and terrorist financing vulnerabilities.” [3] FATF also clarified that NFT platforms that offer NFTs functioning as VAs may be considered VASPs, which the FATF Standards cover.

Factors to consider when assessing the application of AML/ CFT obligations:

1. The nature of the business dealing in NFTs;
2. Their function in practice; and
3. The facts and circumstances of the platform or other person doing business. [4]

EU: Although MiCA generally excludes NFTs, the forthcoming Anti-Money Laundering Directive 6 (AMLD 6) will likely cover companies that provide services related to NFTs.

‍

FATF vs. EU: Noteworthy NFT Developments

FATF: In its Targeted Update 2022, the FATF acknowledges the “rapid development of NFT markets and their functions/forms,” and promises to “continue to monitor this issue and discuss any new implementation issues and country approaches.” [5] 

EU: Similarly, The European Securities and Markets Authority (ESMA) is mandated to publish guidelines on criteria and conditions for the qualification of crypto-assets as financial instruments. The guidelines should also help better understand cases in which crypto-assets that are otherwise considered unique and not fungible with other crypto-assets might be qualified as financial instruments.NFT offerors or persons seeking admission to trading are primarily responsible for the correct classification of the crypto-assets, which the competent authorities might challenge.

‍

Conclusion

As the debate around the regulatory status of NFTs continues, it is clear that the technology is advancing at a pace that challenges existing legal and regulatory frameworks. FATF and the EU have recognized the complex nature of NFTs and their potential risks. Their nuanced approach reflects a careful and ongoing analysis of how these unique digital assets fit within the broader financial system.

While these organizations may differ in their current views on whether NFTs qualify as Virtual Assets, there is an alignment in the principle of evaluating NFTs on a case-by-case basis, considering their intrinsic characteristics and practical uses. This approach signifies a move towards a substance-over-form philosophy in regulatory practices.

‍

{{cta-learnmore6="/cta-components"}}

[Originally posted by Copper.co, see here]

Copper is pleased to announce it has partnered with Notabene to help its institutional clients adhere with the Travel Rule in their local jurisdiction. 

In 2019, the Financial Action Task Force (FATF) released a set of recommendations for combating money laundering. In recommendation 16, it covered digital assets, stating that they now came under the purview of Travel Rule requirements. This means digital assets transfers must be checked and verified to combat money laundering, terrorist financing and other illegal activities. 

Notabene, founded a year later in 2020, has provided a pre-transaction decision-making platform for crypto Travel Rule compliance to address this requirement for digital asset firms involved in trading activities. Headquartered in New York, Notabene is a global company with a presence in Switzerland, Singapore, Germany, and the UK. 

Since being founded in 2018, Copper, a SOC2 Type 2 certified company with a registration in Switzerland, has been setting the standard for institutional digital assets by offering custody and collateral management of digital assets. Underpinned by multi-award-winning technology, Copper has built the comprehensive and secure products and services required to safely custody and trade cryptocurrencies and other digital assets such as tokens and stablecoins. At the core of Copper’s infrastructure is ClearLoop, which enables clients to trade and settle in near real time across multiple exchanges, while mitigating counterparty risk and increasing capital efficiency

Regulatory adherence, although vital for safe and legally compliant financial systems, can be burdensome for digital asset firms especially given the space's relatively nascent regulatory frameworks across the world that can be confusing for those without extensive subject knowledge. 

Notabene works by providing a platform-agnostic data layer that allows transactions to be screened and counterparties to be verified before they are executed. Notabene provides data from multiple sources and uses software to automate decision-making, perform counterparty sanctions screening and VASP due diligence, identify self-hosted wallets, and adhere to Travel Rule compliance in accordance with global and local regulations. 

Integrating Notabene with Copper will be a significant step in enhancing Copper's transactions to bring us in line with the growing importance in Travel Rule compliance. In addition to Clear Loop and its English Law trust structure to back client collateral, Copper has partnered with some of the largest digital asset exchanges and service providers on the market, using its award-winning MPC custody solution and robust account management structures to mitigate counterparty risk. 

Unlike many of its competitors, Copper uses a 2 of 3 signing quorum for transaction verification, as opposed to 3 of 3, adding additional flexibility for client access. This flexibility is also applied to full compatibility to account structures, which can incorporate different wallet temperatures, such as hot, cold and warm to configure to different clients' needs. 

Integrating Notabene's automated Travel Rule compliance solution to Copper's compliance  stack will help to form part of the firm's wider offering and aid Copper in its mission to set the institutional standard for digital assets. 

According to a recent report by Notabene, 83% of its survey participants said they planned to be Travel Rule compliant by the end of 2023. Due to the global nature of digital assets, consistent Travel Rule compliance is vital to ensure there is a standard framework when transferring assets across borders. Although digital assets live on blockchains hosted online, monitoring which jurisdictions they are traveling between is important to bring digital assets into line with other asset classes. 

An increasing number of jurisdictions have brought in Travel Rule regulations for digital assets, including Japan, Singapore, Switzerland, Germany, Dubai, and the US. The UK, Portugal and Hong Kong are also set to enforce the Travel Rule later this year. 

Notabene will operate automatically under the hood, so there will be minimal impact on Copper's clients in their day-to-day activities and transactions. The platform is fast becoming the standard go-to solution for digital asset firms, with Copper joining a growing list of other firms to ensure compliance with Travel Rule requirements. 

Steve Strickland — Chief Compliance Officer, Copper, said:

"In the spirit of cooperation and innovation, we are thrilled to announce an exceptional relationship with Notabene, an industry-leading Travel Rule solution provider. Together, we will look to redefine the parameters of compliance by combining the strength of our technology and regulatory expertise to deliver secure and transparent transactions. As pioneers in the digital asset industry, we aim to forge a lasting bond that gives our clients an efficient means of implementing Travel Rule compliance. With the shared vision of Copper and Notabene, we unlock new possibilities and shape a future where compliance becomes a catalyst for growth and success.”

Pelle Braendgaard — CEO, Notabene, said:

“We are thrilled to announce our collaboration with Copper, as we jointly address the crucial compliance challenge of the Travel Rule within various jurisdictions. This collaboration highlights the significance of conducting thorough VASP due diligence and the importance of transacting with trusted and compliant counterparties. Through the seamless integration of Notabene's automated pre-transaction decision-making compliance solution into Copper's robust technology stack, Copper is reinforcing its comprehensive service portfolio and propelling itself towards setting the gold standard for institutional-grade digital assets”.

‍

– ENDS –

‍

About Copper

Since being founded in 2018, Copper, a SOC2 Type 2 certified company with a registration in Switzerland, has been setting the standard for institutional digital asset by offering custody and collateral management of digital assets. Underpinned by multi-award-winning technology, Copper has built the comprehensive and secure products and services required to safely custody and trade cryptocurrencies and other digital assets such as tokens and stablecoins.

At the core of Copper’s infrastructure is ClearLoop, which enables clients to trade and settle in near real time across multiple exchanges, while mitigating counterparty risk and increasing capital efficiency.

‍LinkedIn | Twitter

‍

About Notabene

Notabene is crypto’s only pre-transaction decision-making platform, enabling customers to identify and stop high-risk activity before it occurs.

Notabene’s SafeTransact platform helps financial institutions and crypto businesses unlock their full potential in the digital economy. With a focus on security, privacy, and end-user experience, Notabene customers can use our multi-source data and software to automate real-time decision-making, perform counterparty sanctions screening, identify self-hosted wallets, and complete the smooth rollout of Travel Rule compliance, all in line with global and local regulations.

Notabene has been SOC-2 security certified since 2021. Over 85 companies leverage our software to manage real-time regulatory and counterparty risk in virtual asset transactions, including Luno, Crypto.com, and Bitstamp. Headquartered in New York, Notabene is a global company with a presence in Switzerland, Singapore, Germany, and the United Kingdom.

‍LinkedIn | Twitter

Today, the Financial Action Task Force (FATF) released its fourth annual report on Virtual Assets and VASPs. The report, “Virtual Assets: Targeted Update on Implementation of the FATF Standards” (“Targeted Update 2023”), is based on a voluntary survey that collected responses from 151 jurisdictions, the FATF’s Virtual Assets Contact Group meetings, private sector consultations, including Notabene's participation, and results from FATF’s mutual evaluation reports. Section 2 of the Targeted Update is dedicated to the Travel Rule, focusing on the progress in its adoption and ongoing implementation challenges, including issues with compliance tools.

This article walks you through the key Travel Rule highlights. 

‍

Key Travel Rule Takeaways

‍

How many jurisdictions have implemented vs. enforced the Travel Rule?

The FATF reports that jurisdictions have made insufficient progress in implementing the Travel Rule and urges countries to urgently introduce the required legislation/regulations and operationalize Travel Rule compliance through supervision and enforcement.

Below we illustrate several key data points shared by the FATF to substantiate their findings.

Figure 1 above contrasts the count of jurisdictions that have enacted the Travel Rule with those still adopting it, compared to the survey results from the Targeted Update (2022).

Figure 2 illustrates the progress of jurisdictions on the Travel Rule. It shows the number of jurisdictions that have passed or are adopting legislation for the Travel Rule (62) versus the number of jurisdictions actively enforcing compliance with the Travel Rule (13). 

Relevantly, more than half (54%) of the survey respondents have not taken any steps towards Travel Rule implementation, and even among the jurisdictions that did pass relevant legislation, only a small minority (21%) has “issued findings or directives or taken enforcement or other supervisory actions against VASPs focused on Travel Rule compliance.” 

The FATF also stresses that the lack of progress is particularly concerning given that Travel Rule compliance requires intra-VASP and cross-border collaboration and, hence, its “effectiveness depends on consistent, global implementation and enforcement.”

‍

The ‘Sunrise Period’ is highlighted as a persistent issue

The Travel Rule, like the sun, rises at different times worldwide. The “sunrise period” refers to when the Travel Rule is not in full effect across jurisdictions. As revealed in Notabene’s 2023 State of Travel Rule Report, ‘Sunrise period effects’ continues to be one of the top 3 hindrances to the implementation of the Travel Rule: 19% of respondents cited it as their greatest compliance challenge. 

The FATF validates these concerns by stating that “Until all VASPs are required to implement the Travel Rule, VASPs operating in or from jurisdictions with Travel Rule obligations will continue to face challenges executing all covered transactions in a compliant manner.” ^[1]

‍

In most countries, domestic VASPs must transact with regulated and/or Travel Rule-compliant counterparties or must otherwise mitigate risks.

The FATF provides interesting insights into how jurisdictions are currently handling the sunrise issue and, more generally, the ability to transact with counterparties. As seen in Figure 5 below, allowing for a grace period for Travel Rule compliance or permitting a phased approach to implementation are still common practices. 

Survey data reveals that while 47% of countries enforce measures to ensure that domestic VASPs transact with regulated or Travel Rule-compliant entities or mitigate risks associated with VASPs that lack AML/CFT obligations (see measures highlighted in blue in the chart below), a substantial 26% of jurisdictions still allow VASPs to transact regardless of licensing status, Travel Rule compliance, or risk mitigation measures.

This aspect is closely connected to VASPs’ counterparty due diligence obligations, which we explore in the following section. 

‍

FATF clarifies that counterparty VASP due diligence must be carried out independently

Performing due diligence on the counterparty is an essential component of Travel Rule compliance. Even in countries where VASPs are allowed to transact with any foreign VASPs, regardless of licensing/registration status, Travel Rule compliance, or risk mitigation measures, the FATF clarifies that the private sector needs to take additional risk mitigation measures “to avoid submitting customer data to inappropriate counterparties.” ^[2] 

As reported by the FATF, counterparty due diligence is one of the reasons cited for resisting Travel Rule interoperability efforts: “the rationale is that compliance tool providers may screen users of their tool to ensure adequate data protection controls or even a level of counterparty due diligence, and therefore consider that allowing information sharing only between tool users (i.e., no interoperability).” ^[3]

However, the FATF clarifies that “VASPs are required to independently assess counterparty risk” and that this approach—taken primarily by closed Travel Rule networks—“does not remove the need for VASPs to independently verify the information and ensure all relevant domestic obligations are met.” ^[3] 

‍

{{cta-learnmore10="/cta-components"}}

‍

Report insights: counterparty due diligence challenges

VASPs still face challenges in performing due diligence on their counterparties. According to the FATF, these challenges are associated with three main reasons:

1. Subsistence of unregistered/unlicensed VASPs
   The FATF reports that only 30% of assessed jurisdictions require VASPs to be licensed or registered) and increased difficulty in obtaining information about these institutions to properly assess whether they are tied to illicit actors or sanctioned persons and the VASP’s AML/CFT compliance level.
2. Lack of public information about licensed/registered VASPs
   E.g., through a database or public register of licensed/registered VASPs.
3. Insufficiency of information available in some Travel Rule compliance tools.
   Some tools are only able to identify counterparties that are subscribers to that particular tool. ^[4] 

To counter the second issue mentioned above, FATF encourages jurisdictions to “maintain and publicise information on VASPs that are registered or licensed in their jurisdiction.” ^[4] The third issue pointed out by the FATF is mainly associated with closed Travel Rule networks. In such systems, VASPs are only able to identify and reach VASPs that are part of the same network, creating a Travel Rule compliance gap. 

The insights shared in Notabene’s 2023 State of Travel Rule Report corroborate the fact that VASPs struggle with counterparty due diligence, as 52% of respondents reported sending Travel Rule transfers to all VASPs without applying any criteria or counterparty due diligence process. 

‍

FATF clarifies that the Travel Rule is a pre-transaction requirement

In its 2023 Targeted Update, FATF dedicates a section to Travel Rule compliance tool shortcomings. The FATF highlights two main issues: the unsuitability of some existent tools to fully comply with FATF standards and the limited interoperability between solutions.

 In this context, the FATF urges:

Jurisdictions to 

1. Engage with VASPs to promote “the adoption of Travel Rule compliance tools that meet all the FATF requirements”; ^[5] 
2. In case shortcomings in Travel Rule compliance tools persist, alert VASPs of non-compliant tools operating within the jurisdiction and remind VASPs only to use compliance tools that meet the FATF requirements and/or take supervisory or enforcement action as appropriate. ^[6] 

VASPs and Travel Rule compliance tool providers to:

1. Review Travel Rule compliance tools to ensure they fully comply with the FATF requirements; ^[7] 
2. Rapidly address any shortcomings; ^[7] 
3. Improve the interoperability of Travel Rule compliance tools globally. ^[7] 

‍

FATF gives examples of shortcomings in available Travel Rule compliance tools

‍

“Many of the compliance tools fall short of the FATF Standards” ^[8] 

Table 2.1 provides “Examples of shortcomings in available Travel Rule compliance tools,” which provides much-needed clarity on what constitutes a compliant Travel Rule implementation.

For FATF's examples of non-compliance, please refer to the table below. 

‍

It is worth highlighting that the FATF clarifies that Travel Rule is a pre-transaction requirement; hence any implementations of post-transaction information transmission fall short of FATF standards.

FATF provides its reasoning below:

“To comply with their freezing obligations in practice, VASPs must submit Travel Rule information in sufficient time for both institutions to conduct sanctions screening, identify any designated persons/entities, and freeze funds before any sanctioned actor can access or dissipate the funds.” ^[8]

‍

This is particularly relevant given the specific characteristics of virtual asset transactions: settlement is immediate and irreversible; hence, only pre-transaction actions can effectively mitigate risk. 

Additionally, the FATF clarifies that the Originator VASP is required to transmit information about the originator and the beneficiary customer. Hence, Travel Rule implementations where the Originator VASP obtains beneficiary customer information from the Beneficiary VASP also fall short of FATF standards. 

‍

FATF calls out the limited interoperability among Travel Rule compliance tools

“There is only very limited interoperability among Travel Rule compliance tools.” ^[9]
- FATF, "Targeted Update 2023,” paragraph 29

The FATF highlights that interoperability between Travel Rule compliance tools limits VASPs’ ability to send Travel Rule information to all counterparties and increases compliance costs for VASPs that have to integrate with multiple tools. 

The report also states that there was limited progress in the past year to improve interoperability while acknowledging that some “industry participants are developing Travel Rule compliance tool aggregators to provide broader coverage amongst VASPs using different tools.” ^[10]

This is the case of Notabene: Notabene's Travel Rule product is the first protocol-agnostic solution and allows VASPs to connect to an open global network of 400+ reachable VASPs to securely exchange data transfers across jurisdictions. To address cases where the counterparty is part of a closed network that the VASP does not participate in, Notabene built a Travel Rule protocol agent that standardizes the connection to different protocols.

Finally, the FATF “urges the private sector to progress towards interoperability, whether through technological advancements that allow interoperability between tools or by developing relationships that permit transactions to be made through a chain of interoperable tools.” ^[11] 

‍

FATF provides guidance on how to assess the suitability of a Travel Rule solution provider

The Targeted Update includes a list of “guiding questions that VASPs should ask to determine whether potential Travel Rule compliance tools will comply with all FATF requirements.” ^[12]

Below, Notabene proactively gives answers to these questions:

‍

‍

Next steps

In addition to the above takeaways, FATF’s Targeted Update 2023 also includes updates regarding the overall adoption of Recommendation 15 and the evolving risks of DeFi and peer-to-peer transactions. FATF will continue outreach, identification, and publication of implementation steps, sharing of findings and experiences, engagement with member countries and the private sector, and conduct a further review by June 2024. The FATF and VACG also monitor developments relating to DeFi and self-hosted wallets, including peer-to-peer transactions. 

Last week, Hong Kong’s Securities and Futures Commission (SFC) concluded its consultation on the regulation of virtual asset trading platforms and has gazetted its’ AML/CTF Guideline for SFC-licensed VASPs, which sets forth Travel Rule obligations in the country. 

In two blog posts, we covered vital Travel Rule compliance takeaways in the update. Part I covered the entry into force, information transmission obligations, pre-transaction requirements, and self-hosted wallet obligations. The final part II will cover obligations for Intermediaries, Travel Rule solution requirements, how to handle deposits, and more.

Key Travel Rule Takeaways

‍

1. The SFC gives clear instructions on how to evaluate a Travel Rule solution provider.

See how Notabene performs:

‍

‍

2. Intermediary institutions must retain and transmit all relevant originator and recipient information and perform due diligence on other VASPs

Travel Rule flows often involve Intermediary VASPs. It is important to understand your obligations if you qualify as an Intermediary or when you interact with one. The definition and requirements for Intermediary VASPs vary from country to country. The SFC’s Guidance laid out clear requirements for Intermediary VASPs:

• Intermediary institutions involved in a virtual asset transfer must hold onto (retain) all the necessary information about the people involved in the transaction (the sender and receiver). 
• The intermediary institution must also verify (undertake due diligence measures) the identity and legitimacy of the ordering institution and any other institutions involved in the transfer.
• Just like the Originator, the intermediary institution must forward the required information to the next Intermediary VASP or the Beneficiary VASP receiving the funds, following the guidelines in specific paragraphs of the regulation. ^[2]
  
  

Watch our on-demand webinar “Everything Intermediary VASPs Need to Know About The Travel Rule” to learn more. 

‍

3. Beneficiary and Intermediary VASPs must have procedures for identifying and managing incoming transfers with missing information.

For transactions involving virtual assets of at least KRW 8,000, the Beneficiary VASP should confirm the recipient's identity if it hasn’t been previously verified as part of its CDD process. They should also confirm whether the recipient’s name and account number obtained from the institution from which it receives the transfer instruction match the recipient information verified by it and take reasonable measures as set out in paragraph 12.11.24 where such information does not match. ^[3]

Beneficiaries and intermediaries must have procedures for identifying and managing incoming transfers that don't provide enough information about the sender or receiver. The procedures include:

• Measures (such as real-time or post-event monitoring) to identify transfers that lack required information.
• Risk-based policies to decide whether to carry out, delay, stop, or return a transfer that lacks required information or, in some instances, return the assets to the sender. They should also determine suitable follow-up actions. ^[4]
  
  

Regarding the suitable follow-up actions mentioned above, if the Originator VASP doesn't provide all the required information about the virtual asset transfer, the Intermediary or Beneficiary VASP should try to get the missing details as quickly as possible. If they can't get this information, the receiving institution should consider limiting or ending their business relationship with the Originator VASP for future transfers or take reasonable steps to reduce the risk of money laundering or terrorist financing. ^[5] 

‍

In conclusion, the Hong Kong Securities and Futures Commission's recently gazetted Guidelines on Anti-Money Laundering and Counter-Financing of Terrorism provide clarity and guidance for the region's Virtual Asset Service Providers (VASPs). This development reemphasizes the importance of adhering to the Travel Rule and underlines specific responsibilities for all entities involved in virtual asset transactions, including intermediary institutions and Beneficiary VASPs. 

Notabene, a key player in the field, showcases how it meets and often exceeds these regulatory requirements with its comprehensive suite of solutions. While navigating the evolving landscape of digital asset regulation remains complex, such guidance offers a roadmap for compliance, promising safer and more secure virtual asset transactions. As the industry matures, the dialogue between regulators and the regulated will continue to foster a robust and compliant virtual asset ecosystem.

Today, Hong Kong’s Securities and Futures Commission (SFC) concluded its consultation on the regulation of virtual asset trading platforms and has gazetted the "Guideline on Anti-Money Laundering and Counter-Financing of Terrorism (For Licensed Corporations and SFC-licensed Virtual Asset Service Providers)" which sets forth Travel Rule obligations. The SFC received 152 written submissions from the industry, including one from the Notabene, submitted by our Regulatory and Compliance team.

In a series of two blog posts, we will cover key Travel Rule compliance takeaways. Part I covers the entry into force, information transmission obligations, pre-transaction requirements, and self-hosted wallet obligations. Part II will cover obligations for Intermediaries, Travel Rule solution requirements, how to handle deposits, and more.

Key Travel Rule Takeaways

‍

1. Hong Kong VASPs are required to comply with Travel Rule obligations from June 1, 2023

On June 1, 2023, significant progress is expected to be achieved in the adoption of the Travel Rule in the APAC region. Both Hong Kong and Japan will require Virtual Asset Service Providers (VASPs) to begin complying with Travel Rule requirements. This milestone holds great importance as more than 80 crypto firms from mainland China and other countries have expressed interest in establishing a presence in Hong Kong, bolstering the city's ambition to become a leading hub for Web3 technologies.

In addition, European VASPs are gearing up for a busy summer, with the implementation of the Travel Rule in Portugal on July 15 and in the United Kingdom on September 1. These developments indicate a growing global trend toward enhancing regulatory oversight and anti-money laundering measures within the cryptocurrency industry. 

Get in touch with Notabene and start a fast and straightforward rollout of the Travel Rule through our SAFE Implementation Phases. 

‍

‍

2. VASPs are required to transmit information for all transactions, with a limited scope of information required for transactions below HKD 8,000

Hong Kong reinforces the APAC trend of requiring Travel Rule information transmission regardless of transaction amount while allowing a more limited scope of information to be transmitted for transactions below HKD 8,000. 

‍

Originator VASPs are required to obtain, record and transmit to the Beneficiary VASP the required originator and beneficiary information, as follows: ^[1]

‍

Travel Rule information transmission obligations in Hong Kong 🇭🇰

Notabene helps VASPs comply with Travel Rule requirements globally by embedding information transmission requirements in our transaction validation system. By integrating with Notabene, Hong Kong VASPs can easily validate transactions against Notabene’s embedded jurisdictional rules and ensure that all the required information - considering the transaction amount - is included in the Travel Rule message.  

‍

3. Travel Rule obligations must be fulfilled pre-transaction

‍

The originator VASP must submit the required Travel Rule information to the Beneficiary VASP before or when the virtual asset transfer is conducted. [2]

‍

According to Notabene’s 2023 State of Travel Rule Report, 37.5% of companies reporting to be Travel Rule-compliant fulfill requirements post-transaction, which does not align with the FATF’s pre-transaction requirements nor with the requirements in Hong Kong. In fact, 11.6% of respondents to our survey fulfill Travel Rule obligations only after the settlement of the corresponding blockchain transactions, up from 7% in the previous report, representing a 51% increase since last year. While this demonstrates progress, it highlights the need for jurisdictions to clarify that the Travel Rule is a pre-transaction obligation. 

Notabene welcomes the clarification by the SFC that Travel Rule compliance needs to be performed pre-transaction. This is particularly important given the specific characteristics of virtual asset transactions: settlement is immediate and irreversible; hence, only pre-transaction actions can effectively mitigate risk.

Through our partnership with Fireblocks, Notabene offers the first fully integrated solution between custody and the Travel Rule, allowing VASPs to smoothly tie Travel Rule compliance and transaction settlement. 

‍

4. Account ownership verification is required when transacting with self-hosted wallets and higher-risk VASPs

Hong Kong joins Singapore 🇸🇬, Switzerland 🇨🇭, Germany 🇩🇪 and the European Transfer of Funds regulation in requiring VASPs to verify the customers’ wallet ownership when transacting with self-hosted wallets. Notabene helps VASPs comply with these requirements by providing a self-hosted wallet identification tool, allowing customers verify the ownership of the self-hosted wallet before transacting.

‍

The novelty of Hong Kong’s approach is requiring that same verification when transacting with VASPs that present higher ML/TF risks. In these cases, the VASP must verify that the customer owns or controls the account maintained with the higher-risk VASPs by obtaining, for instance, a statement of account. ^[3]

‍

The move by Hong Kong’s SFC to tighten regulations on VASPs demonstrates a rising trend toward greater clarity in global Travel Rule guidelines. As part of these regulatory changes, Hong Kong VASPs must comply with Travel Rule requirements from June 1, 2023, affecting VASPs across the region. Given the growing interest from numerous crypto firms to establish their presence in Hong Kong, this has significant implications.

Notabene’s role in this landscape is paramount, offering the industry’s only pre-transaction decision-making solution that ensures seamless compliance with these regulatory measures. Our service, which includes an integrated solution between custody and the Travel Rule and a self-hosted wallet identification tool, has the potential to significantly streamline the process of regulatory compliance for all VASPs, particularly in Hong Kong.

Click here to read part two.

Notabene, the crypto pre-transaction decision-making platform, has announced the launch of SAFE Implementation phases for a fast and straightforward rollout of the Travel Rule. The new launch is the latest addition to Notabene’s comprehensive compliance solution and underscores our continued commitment to enabling secure, trusted crypto transactions.

Crypto businesses or VASPs (Virtual Asset Service Providers) are required to comply with the Financial Action Task Force’s (FATF) Travel Rule, which mandates that certain identifiable information be shared between institutions before crypto transactions over a certain threshold. While compliance with the Travel Rule is crucial to operating in the crypto industry, many companies have faced challenges in implementing it effectively, largely due to the unclear nature of the regulation and the differences in timelines and requirements for jurisdictional rollout.

In Notabene's 2023 State of Crypto Travel Rule Compliance Report, legal uncertainty was cited by nearly a quarter (22%) of respondents as the main hindrance to compliance, which has caused the industry's progress to stall. As the rollout of FATF’s Travel Rule has been inconsistent globally, compliance officers are facing the difficult decision of when and how to implement travel rule requirements with minimal impact on transaction flow. This is why Notabene is offering a phased implementation process that simplifies operational risk and provides analytics to guide you through your Travel Rule rollout.  

‍

What is SAFE implementation?

SAFE Implementation enables customers to meet regulatory guidelines and evolve their own risk-based approach and needs over time - with the first phase requiring less than a week with only minimal technical integration. Furthermore, as part of the implementation phases, Notabene's SafeTransact platform provides industry-unique support for multiple legal entities. This makes it easier for you to expand seamlessly into multiple jurisdictions without worrying about complex legal and compliance issues.

These implementation phases demonstrate how the Travel Rule would affect your transaction flow today and what steps to take toward full compliance. Phasing Travel Rule rollout in this way allows companies to connect their internal systems before sending real transactions, with only minor technical changes needed, and gradually manage when to start sending and responding to transactions based on your own data. Working with the Notabene team, you can take a step-by-step approach to Travel Rule compliance or go straight to full compliance, depending on your jurisdictional requirements.

‍

How to use SAFE Implementation?

Each phase comprises required and optional actions, which compliance and technical teams can prioritize depending on their use case and timeline. Once you have completed the required tasks in each phase, you will progress to the next stage.

Our phased Travel Rule rollout plan has been thoroughly designed and optimized to ensure easy and fast integration. This means your team can be up and running quickly, with minimal effort. You can save additional resources and streamline your operations by leveraging our existing integrations with leading custodians, MPC wallets, and blockchain analytics providers. 

‍

Get started with Travel Rule today

If you're just getting to grips with Travel Rule compliance, our free SafeTransact-Rise plan is the best place to start. You can start using our platform without any integration required and begin enjoying the benefits of our advanced compliance features. With SafeTransact-Rise, you can take the first step towards ensuring that your business fully complies with Travel Rule regulations without any upfront costs or commitments.

The SAFE implementation phases for Travel Rule are just one of many features Notabene offers to help customers comply with regulations. We understand that regulatory compliance is a complex and ever-evolving issue, and we are committed to providing our customers with the tools and expertise they need to stay ahead of the game. Our team of experts is always available to answer any questions about regulatory compliance, and we are constantly updating our solutions to ensure that they meet the latest regulatory requirements.

‍

{{cta-bookademo="/cta-components"}}

NayaOne welcomes Notabene to the NayaOne Marketplace, making Notabene's pre-transaction decision-making platform accessible to NayaOne’s customers. This will benefit financial institutions that are seeking to improve their ability to automate real-time decisions, comply with the Travel Rule, perform sanction-screening of counterparties, and more.

Notabene's solution helps financial institutions and virtual asset service providers (VASPs) comply with regulatory requirements related to cryptocurrency transactions. Banks that offer cryptocurrency-related services, such as buying, selling, or exchanging virtual assets, are considered VASPs and are subject to regulatory guidelines set by the Financial Action Task Force (FATF) and other regulatory bodies. Notabene's platform can help VASPs, including banks, meet these guidelines by providing them with features such as:

1. Compliant transactions: Notabene provides a unified transaction risk management platform for complying in real-time with Travel Rule, self-hosted wallet requirements, and counterparty sanctions Screening.
2. Counterparty due diligence: SafeTransact provides customers with data and tools to perform ongoing due diligence and risk assessment on counterparty financial institutions or VASPs.
3. Intelligent Insights: The Notabene platform brings together transactional-level data on counterparties and transactions to enable fully informed compliance decisions and transactions with only trusted counterparties.

By using Notabene's solutions, banks can ensure compliance with regulatory requirements related to cryptocurrency transactions and mitigate the risk of potential legal and financial fines. Additionally, a compliance platform like Notabene can help banks streamline their compliance efforts, reduce costs, and improve transparency and security in the cryptocurrency industry.

Lauren Nichols, Head of Business Development at Notabene, “We are pleased to announce our partnership with NayaOne. As the go-to partner for Travel Rule compliance, we look forward to working alongside them to help financial institutions understand the complex world of crypto risk, enabling more people to participate safely and confidently. NayaOne's innovative approach is also noteworthy; by introducing the latest tools in an easy and seamless way, they make it easier for institutions to stay on top of regulatory requirements through its Digital Transformation Platform.”

Oli Platt, Product and Marketplace Manager at NayaOne,  “It's great to see Notabene available on the NayaOne Marketplace. Their Travel Rule compliance solution will help financial institutions understand the complex world of crypto risk, enabling more people and businesses to transact safely and confidently with crypto assets. This will support digital assets and RegTech use cases for our clients!”

‍

-ENDS-

About Notabene

Notabene is crypto’s only pre-transaction decision-making platform, enabling customers to identify and stop high-risk activity before it occurs.  

Notabene's SafeTransact platform helps financial institutions and crypto businesses unlock their full potential in the digital economy. With a focus on security, privacy, and end-user experience, Notabene customers can use our multi-source data and software to automate real-time decision-making, perform counterparty sanctions screening, identify self-hosted wallets, and complete the smooth rollout of Travel Rule compliance, all in line with global and local regulations.

About NayaOne 

NayaOne revolutionises innovation in financial services. We provide banks with a single point of access to hundreds of fintechs and datasets, through our Digital Sandbox and Fintech-as-a Service offering. Regulated firms are able to discover, build, evaluate and scale with fintechs in a matter of weeks instead of months.

Fireblocks and Notabene join forces to provide the first fully integrated solution for processing Travel Rule compliant transactions.

‍

‍NEW YORK – May 4, 2023 – Fireblocks, an easy-to-use platform to create innovative products on the blockchain and manage day-to-day crypto operations, announced today that it has partnered with Notabene by integrating its pre-transaction decision-making solution to the Fireblocks platform, creating a seamless experience for its institutional customers looking to comply with their local crypto Travel Rule requirements. 

In 2019, the Financial Action Task Force (FATF) introduced the Travel Rule. This rule requires virtual asset service providers (VASPs) to collaborate in identifying each other's customers in a transaction, to avoid financial crime and implement effective sanctions screening programs. Fireblocks' integration with Notabene seamlessly meets the needs of institutions looking for a solution that allows automated management and compliance of the Travel Rule's assorted requirements, regardless of variations across global jurisdictions. With this partnership, institutions can now perform real-time compliance checks before settlement, marking the first time this has been possible. The fully integrated solution eliminates much of the technical and operational complexity that previously hindered the implementation of the Travel Rule, empowering VASPs to achieve compliance and roll out the Travel Rule in a matter of days.

According to a recent FATF survey, 34 jurisdictions have passed relevant laws introducing the Travel Rule, and 25 are in the process of passing legislation. Examples of jurisdictions where the Travel Rule is currently enforced includes Switzerland, Singapore, Germany, Japan, Dubai, and the United States, with the United Kingdom and Hong Kong set to enforce the rule this year. For an updated list of jurisdictional requirements and insights on the industry's adoption of the Travel Rule, please visit Notabene’s newly released State of Crypto Travel Rule Compliance Report.

“We are excited to partner with Fireblocks to offer the first fully integrated solution  between custody and the Travel Rule,'' said Pelle Braendgaard, CEO, Notabene. “The integration ensures that all transactions going to and from Fireblocks are compliant by tying compliance decisions to settlement. With Notabene, users can identify and stop high-risk activity such as laundering of proceeds from exchange or DeFi hacks before it settles with Fireblocks.”

Following last year’s turbulent events in the crypto industry, there is an urgency between VASPs, their customers, regulators, and banking partners to rebuild trust. As regulations continue to evolve and become more stringent, there is a pressing need for solutions ensuring institutions are compliant. 

Together with partners Chainalysis, Elliptic, and now Notabene, Fireblocks provides the simplest and most streamlined way for institutions to meet these evolving digital asset regulatory requirements and address industry threats through its Compliance Solutions Suite. 

“As the world embraces the rapid advancement of Web3 and digital assets, we need to ensure our solutions strike a balance between regulatory compliance and the inherent agility of this fast-paced technology sector. By partnering with industry-leading digital asset compliance solutions like Notabene, we are empowering our customers to navigate complex compliance requirements across multiple jurisdictions with ease,” said Jason P. Allegrante, Chief Legal & Compliance Officer, Fireblocks. “We are proud to provide our customers with an all-in-one suite for remaining compliant with ease, allowing them to focus on what matters most – innovation and growth.”

Fireblocks’ Compliance Solutions Suite eliminates the complexity for institutions to remain compliant by enabling them with: 

1. Automated Screening – Allows institutions to integrate compliance checks into every transaction, meaning each transaction is automatically screened based on configured compliance rules and provider data which prevents teams from sending and/or receiving risky transactions. 
2. Compliance Policy Rules – Enables institutions to easily configure compliance policy rules based on risk scores generated by compliance providers. 
3. Compliance Dashboard – Provides a single dashboard for all compliance operations, allowing easy management of policy rules for each compliance solution provider. 

To learn more about Fireblocks’ partnership with Notabene and how the integration can help your company meet its FATF Travel Rule standards, click here.

‍

-ENDS-

About Fireblocks

Fireblocks is an enterprise-grade platform delivering a secure infrastructure for moving, storing, and issuing digital assets. Fireblocks enables exchanges, lending desks, custodians, banks, trading desks, and hedge funds to securely scale digital asset operations through the Fireblocks Network and MPC-based Wallet Infrastructure. Fireblocks serves thousands of financial institutions, has secured the transfer of over $4 trillion in digital assets, and has a unique insurance policy that covers assets in storage and transit. Some of the biggest trading desks have switched to Fireblocks because it's the only solution that CISOs and Ops Teams both love. For more information, please visit www.fireblocks.com.

‍

About Notabene

Notabene is crypto’s only pre-transaction decision-making platform, enabling customers to identify and stop high-risk activity before it occurs.  

Notabene's SafeTransact platform helps financial institutions and crypto businesses unlock their full potential in the digital economy. With a focus on security, privacy, and end-user experience, Notabene customers can use our multi-source data and software to automate real-time decision-making, perform counterparty sanctions screening, identify self-hosted wallets, and complete the smooth rollout of Travel Rule compliance, all in line with global and local regulations.

Notabene has been SOC-2 security certified since 2021. Over 85 companies leverage our software to manage real-time regulatory and counterparty risk in virtual asset transactions, including Luno, Crypto.com, and Bitstamp. Headquartered in New York, Notabene is a global company with a presence in Switzerland, Singapore, Germany, and the United Kingdom. 

LinkedIn | Twitter

‍

NEW YORK, SINGAPORE, LONDON - April 25, 2023 -- Notabene has published its second comprehensive State of Crypto Travel Rule Compliance Report, which provides insightful results from their 2023 global Travel Rule compliance survey. This report follows the successful inaugural report, which provided the industry's first-ever comprehensive analysis of Travel Rule compliance.

"This year's report highlights that Travel Rule compliance is becoming increasingly global, with nearly a quarter (23%) of the surveyed companies needing to comply with Travel Rule requirements in more than one jurisdiction. These findings suggest that the Travel Rule is becoming more global in nature, underscoring the need for a solution to the common cross-border challenges posed by the Travel Rule," says CEO Pelle Braendgaard.

The State of Travel Rule report includes survey results from financial institutions and crypto companies worldwide on how prepared they are for upcoming regulatory deadlines. Sixty-nine companies completed the survey, representing broad global coverage.

The report includes real-world feedback on differences in Travel Rule adoption across jurisdictions, approaches to implementation, components of compliance, and summarizes adoption pitfalls. Key findings show that 84% of companies are already complying or plan to by the end of 2023, and 75% of respondents impose some restrictions on transactions with self-hosted wallets. The report also found that of those who comply, 37.5% perform the travel rule post-transaction, not fulfilling today’s FATF requirements.

"Our global and diverse respondents have reinforced the global nature and the various levels of Travel Rule compliance." says Lana Schwartzman, Head of Regulatory and Compliance at Notabene. "VASPs are asking for a unified and interoperable global approach for reaching their counterparties and transmitting Travel Rule messages. As a result, regulators must work together with industry to develop a unified approach to Travel Rule compliance that addresses the needs of the entire industry. We are already seeing this in the EU and UK and hope other regions will follow."

This year's report includes a comprehensive illustration of the current global state of Travel Rule adoption, showcasing key information regarding jurisdictional enforcement, including information on the enforcement status of each jurisdiction, as well as the threshold amount and self-hosted wallet obligations. This information is crucial for businesses seeking to comply with the Travel Rule.

‍

-ENDS-

‍

About Notabene:

Notabene is crypto’s only pre-transaction decision making platform. We enable customers to identify and stop high-risk activity before it occurs.  

Notabene's SafeTransact platform helps financial institutions and crypto businesses unlock their full potential in the digital economy. With a focus on security, privacy, and end-user experience, Notabene customers can  use our multi-source data and software to automate real-time decision-making, perform counterparty sanctions screening, identify self-hosted wallets, and complete the smooth roll out of Travel Rule compliance, all in line with global and local regulations.

Notabene is SOC-2 security certified since 2021. Over 85 companies leverage our software to manage real-time regulatory and counterparty risk in virtual asset transactions, including Copper, Luno, Crypto.com and Bitstamp. Headquartered in New York, Notabene is a global company with presence in Switzerland, Singapore, and the United Kingdom. 

LinkedIn | Twitter

‍

Media contact:

Sacha Lowenthal

Head of Marketing, Notabene

[email protected] 

A Comparative Analysis of the EU's Transfer of Funds regulation with current industry standards on Travel Rule

‍

Today marks the achievement of a major milestone in European crypto regulation: the European Parliament approved the Regulation on Markets in Crypto-Assets (MiCA) and the revision of the Regulation on information accompanying transfers of funds (TFR, or Transfer of Funds Regulation). 

The approval of MiCA is a landmark that has the potential to set standards for crypto regulation globally. One of its main goals is to provide clarity and legal certainty for the crypto industry, which has been operating in a regulatory gray area for many years. MiCA establishes a level playing field for all European crypto-asset service providers (CASPs) and boosts consumers’ protection when using crypto-assets. It does so by introducing new rules for issuers of crypto-assets, CASPs, and trading platforms. It will also establish a new regulatory regime for stablecoins, which have become increasingly popular in recent years due to their stability and ease of use for payments. 

Despite the press attention on MiCA, the TFR is a critical piece of legislation that will harmonize crypto Travel Rule requirements across Europe and fundamentally change how we transact in crypto. In June 2019, the FATF published its Guidance for a Risk-Based Approach to Virtual Assets (VAs) and Virtual Asset Service Providers (VASPs), extending anti-money laundering/countering the financing of terrorism (AML/CFT) obligations to cover VAs and VASPs. This directive included the Travel Rule, which obliges VASPs that exchange, hold, safe keep, convert, and sell virtual assets to obtain, hold, and transmit required originator and beneficiary information immediately and securely during VA transfers. 

Since FATF introduced the crypto Travel Rule, national regulators have been working on transposing these requirements to their local frameworks, and significant progress has been achieved globally. With the introduction of the TFR, the EU follows in these footsteps and introduces Travel Rule obligations for European CASPs. 

Notabene reports on the progress achieved in the implementation of the Travel Rule through an annual global crypto Travel Rule compliance report. The 2023 edition will be available soon, and today we share how the TFR compares with industry benchmarks using fresh findings from our report. 

The revised Transfer of Funds Regulation

The European Commission made a significant move to combat money laundering and terrorism financing with an ambitious package of legislative proposals presented on July 20, 2021. The package aims to strengthen the EU's anti-money laundering and countering terrorism financing (AML/CFT) rules.

The package includes various measures to improve the EU's AML/CTF framework, including the revision of the Transfer of Funds Regulation to make it possible to trace transfers of crypto-assets by imposing Travel Rule requirements on CASPs. 

As mentioned above, the revision of the Transfer of Funds Regulation was finally approved by the European Parliament plenary today (April 20, 2023). However, the EU’s AML/CTF legislative package is not yet finalized. Notably, the legislative process of the new proposed regulation on AML/CTF (AMLR) is still ongoing and is expected to impact the requirements applicable to transactions with self-hosted wallets. 

For now, let’s dive into the TFR and how it compares to global industry standards on the crypto Travel Rule. 

‍

Five key TFR takeaways: EU vs. Global Industry Standards

‍

1. Travel Rule comes into effect for all EU VASPs on December 30, 2024

The Transfer of Funds Regulation will start applying on December 30, 2024, 18 months after the regulation enters into force.

According to Notabene’s 2023 State of Travel Rule Report, the large majority (84%) of respondents are currently complying or intend to comply with the Travel Rule by Q4 2023. In the United Kingdom, Travel Rule will be enforced starting September 2023, and several other crypto hubs are enforcing Travel Rule compliance already. This creates a considerable gap between the EU’s and third-countries timelines for Travel Rule implementation, which may prevent the industry from overcoming the Sunrise Issue. To stay competitive and continue to be able to transact with counterparties outside the EU, CASPs will need to roll out Travel Rule ahead of the TFR deadline. 

‍

Notabene’ study also reveals that Europe's adoption is delayed compared to the rest of the market. In particular, EMEA is the region with the highest percentage of VASPs planning to be compliant after Q4 2023. This may have reflected a lack of regulatory urgency, with many EU VASPs awaiting the implementation of Travel Rule requirements through the revised Transfer of Funds Regulation which had just occurred.

2. Zero Exceptions: Travel Rule obligations apply to all transactions, regardless of amount or location - inside or outside the Union.

EU CASPs will be required to comply with Travel Rule obligations in every transaction, regardless of its amount. No de minimis threshold applies, and there is no simplification of requirements for transactions within the Union. It is also worth noting that the scope of originator and beneficiary information that the originator CASP is required to share also does not vary depending on the transaction amount - the same scope, defined in Article 14 (1) and (2), is required for every transaction.

Recital 27 justifies the policy option by citing the “inherent borderless nature and global reach of transfers of cryptoassets and of the provision of crypto-asset services,” and being “in line with the FATF requirement to treat all transfers of crypto-assets as cross-border,”  which invalidates any distinction on the scope of obligations when transacting within and outside the Union. [1]

As reported in our 2023 global crypto Travel Rule compliance report, the approach taken by the TFR (imposing the same information transmission obligations regardless of the transaction amount) contrasts with the option taken by several other jurisdictions, notably Singapore, Germany, Hong Kong, and the United Kingdom, which allow a more limited scope of information to be shared below a certain threshold. 

3. First-party transactions with self-hosted wallets over 1,000 euros require wallet ownership verification.

In line with FATF recommendations, transactions with self-hosted wallers fall within the scope of the revised Transfer of Funds Regulation [2]. 

When transacting with self-hosted wallets, European CASPs must collect the required originator and beneficiary information and comply with the following additional wallet verification obligations for transactions exceeding 1,000 Euros:

1. When sending a transfer exceeding EUR 1,000 to a self-hosted wallet, the originator VASP is required to verify if that wallet is owned or controlled by the originator customer;
2. When receiving a transfer exceeding EUR 1,000 from a self-hosted wallet, the beneficiary VASP must verify that the beneficiary customer owns or controls the originating wallet. 

​​This means wallet ownership verification requirements apply to first-party transactions to/from self-hosted wallets exceeding EUR 1,000. [3]

Our 2023 State of Travel Rule Compliance Report revealed that the majority of surveyed VASPs already enforce restrictions when transacting with self-hosted wallets. Additionally, just over a third of companies (34.3%) only allow first-party transactions with self-hosted wallets, provided the customer can demonstrate ownership of the wallet address, which aligns with the approach taken by the TFR. 

‍

Going forward, VASPs will require a tool that allows them to determine if the transaction is with a self-hosted wallet and swiftly verify ownership before proceeding.

Notabene’s self-hosted wallet identification tool pinpoints the jurisdictional requirements of each transaction. It collects counterparty customer data from your withdrawal screen, creating an archive for sanctions compliance, record keeping, and Suspicious Activity Reports.

4. Due diligence measures for non-EU entities must adhere to correspondent banking standards.

In its Updated Guidance for VAs and VASPs (October 2021), FATF makes it clear that counterparty due diligence for the purposes of engaging in Travel Rule flows is distinct from the due diligence required to establish correspondent banking relationships [4]:

The nature of CASPs' relationships for transacting and sharing Travel Rule information is distinct from correspondent banking relationships and, hence, could justify a different - and more limited - scope of counterparty due diligence obligations to apply. 

However, the revised Transfer of Funds Regulation goes in a different direction: citing the “ongoing and repetitive” nature of the relationships between domestic CASPs and foreign VASPs for the purpose of transacting, the TFR deems these relationships as a type of correspondent relationship subject to enhanced due diligence measures. 

The measures CASPs are required to apply will be further specified in guidance issued by the European Banking Authority. Clear and adequate regulatory guidance on counterparty due diligence obligations will be key to enabling European CASPs to comply adequately. 

‍

Notabene’s  2023 State of Crypto Travel Rule Compliance Report shows 52% of respondents send Travel Rule transfers to all VASPs without applying any criteria or counterparty due diligence process. This indicates that perhaps counterparty due diligence is a component of Travel Rule compliance that VASPs still struggle to grasp fully. Local laws and regulations are often vague or silent on this topic, although it is covered at length in the FATF Guidance. The upcoming guidance by the European Banking Authority should set expectations as to what counterparty due diligence measures are required for the purposes of transacting and engaging in Travel Rule flows. It will also be relevant to specify cases where VASPs may be exempt from carrying out due diligence (e.g., relying on the uniform requirements and supervision applied in the jurisdiction or region) or where simplified due diligence measures are permissible. [5]

‍

5. CASPs are required to fulfill Travel Rule obligations prior to transacting

Notabene welcomes the clarification provided by the TFR that Travel Rule compliance needs to be performed pre-transaction. This is particularly important given the specific characteristics of virtual asset transactions: settlement is immediate and irreversible; hence, only pre-transaction actions can effectively mitigate risk. 

In line with this, Notabene is a pre-transaction decision-making platform offering a secure, holistic view of crypto transactions that enables CASPs to identify and stop high-risk activity before it occurs on the blockchain. 

According to the revised TFR, originator CASPs are required to transmit information to the beneficiary CASP before sending the corresponding crypto transaction. In turn, Beneficiary CASPs need to ensure that the required information was received before making funds available to the end customer. [6]

‍

According to Notabene’s 2023 State of Crypto Travel Rule Report,  although the industry is making significant progress in Travel Rule adoption, a notable discrepancy exists between VASPs’ claims of compliance and their fulfillment of pre-transaction obligations.

37.5% of companies reporting to be Travel Rule-compliant fulfill requirements post-transaction, which does not align with the TFR’s pre-transaction requirements or the FATF standards. Providing European CASPs with regulatory clarity in that Travel Rule is a pre-transaction requirement is a fundamental step to drive compliance in the right direction. 

‍

Next steps:

The revised Transfer of Funds Regulation will be supplemented by guidelines issued by the European Banking Authority on different aspects, for example:

• The factors to be taken into account by CASPs when entering into business relationships or carrying out transactions in crypto-assets and enhanced due diligence measures that obliged entities shall consider applying to mitigate higher risks when identified, including the adoption of appropriate procedures to detect the origin or destination of crypto assets;
• The criteria and means for identification and verification of the identity of the originator or beneficiary of a transfer made to or from a self-hosted address, in particular through reliance on third parties, taking into account the latest technological developments.