A Closer Look at CryptoUK’s Travel Rule Working Group and the Upcoming JMLSG Guidance: Insights from the Co-Chair

We are thrilled to announce that Catarina Veloso, Notabene's Senior Associate of Regulatory Affairs, has been appointed as the co-chair of CryptoUK’s Travel Rule Working Group. Catarina shares this esteemed position with Mark Aruliah, Senior Policy Advisor at Elliptic. 

Notabene's Regulatory and Compliance team is taking a proactive role in helping members of the group CryptoUK understand the requirements of the Financial Action Task Force's (FATF) Travel Rule. The Travel Rule has been implemented in the UK through the Money Laundering and Terrorist Financing (Amendment) (No. 2) Regulations 2022 (MLTFR 2022) on July 21st, 2022.

Navigating the FATF's Travel Rule: CryptoUK’s Working Group's Efforts to Educate UK VASPs

The Notabene Regulatory and Compliance team is dedicated to not only educating CryptoUK members about the requirements of this rule but also to engaging with policymakers and regulators to share their insights and perspectives on the topic.

The FATF's Crypto Travel Rule is a regulation that requires certain information to be included with transactions between virtual asset service providers (VASPs). In the case of the UK, the MLTFR 2022 would be the specific set of rules that VASPs, like cryptocurrency exchanges, have to comply with.

Following a 12-month grace period, the Travel Rule will be enforced in the UK from September 1st, 2023. On July 28, 2023, the Joint Money Laundering Steering Group (JMLSG) published a draft Travel Rule guidance that is now up for public consultation. CryptoUK’s Travel Rule Working Group shared insights and feedback with regulators and the JMLSG before publishing this draft. The next order of business for the working group is submitting a response to the public consultation, due on August 25, 2023. 

“Travel Rule compliance entails several new operational challenges for VASPs. And UK VASPs are in a really privileged position to overcome them - the fact that you are able to produce industry-led guidance through the JMLSG is a unique opportunity to have a say on how these challenges should be addressed and to define industry-wide compliance standards” - Catarina Veloso, Senior Associate of Regulatory Affairs - Notabene. 

The JMLSG is a private sector body comprising the leading UK Trade Associations in the financial services industry. They produce Guidance that sets out what is expected of firms and their staff concerning the prevention of money laundering and terrorist financing, which is now being extended to cover the crypto Travel Rule. 

Although the JMLSG Guidance is not legally binding, it is subject to approval by the HM Treasury and is taken into consideration by the FCA when supervising and by courts. Therefore, the JMLSG Guidance will provide a base from which UK VASPs can develop tailored policies and procedures for compliance with the Travel Rule. 

‍

JMLSG’s Draft Guidance on the Travel Rule: What It Means for UK Cryptoasset Businesses

The current draft of the JMLSG Guidance covers essential topics such as: 

📌 Sunrise issue: The Sunrise period is acknowledged as presenting “challenges for CBs dealing with counterparties in jurisdictions where the travel rule has not yet been implemented.” The current draft guidance advises VASPs to take account of any FCA communications on this matter. Just yesterday, the FCA published a statement on precisely this topic. This statement sets expectations for how VASPs in the UK are required to comply with the Travel Rule when sending or receiving a transaction from a counterparty based in a jurisdiction where Travel Rule does not yet apply, as follows:

When sending a cryptoasset transfer to a jurisdiction without the Travel Rule:

• Take all reasonable steps to establish whether the firm can receive the required information. 
• If the firm cannot receive the necessary information, the UK cryptoasset business must still collect and verify the information as required by the Money Laundering Regulations (MLRs) and should store that information before making the cryptoasset transfer.

When receiving a cryptoasset transfer from a jurisdiction without the Travel Rule:

• If the cryptoasset transfer has missing or incomplete information, UK cryptoasset businesses must consider the countries in which the firm operates and the status of the Travel Rule in those countries.
• The UK cryptoasset business should take these factors into account when making a risk-based assessment of whether to make the cryptoassets available to the beneficiary.

 📌 Cross-border transactions: The Guidance clarifies that UK VASPs must follow UK Travel Rule requirements, regardless of whether their counterparty is subject to a different scope of requirements. For withdrawals, the Guidance clarifies that “[w]here the transfer is to a jurisdiction with higher requirements than those required in terms of the travel rule, a CB complies with its travel rule obligations by providing the information as required.”. Similarly, in deposits, “[w]hen there is missing or inaccurate information, the CB of the beneficiary must, when appropriate, request the missing information (regardless of whether the CB of the originator is subject to higher value thresholds in its jurisdiction), and consider making enquiries as to any discrepancies.”. 

 📌 Self-hosted wallet transactions: The Guidance provides more granularity into how VASPs can assess the risk associated with transactions with self-hosted wallets and determine the appropriate follow-up actions.

📌Counterparty discoverability: Acknowledging that it is challenging to discover the counterparty to a crypto transaction (in the absence of global VASP identifiers, equivalent to SWIFT codes in wire transfers), the Guidance suggests reasonable steps that VASPs can take to identify the counterparty and whether a wallet is hosted or unhosted. 

📌Lightning network: JMLSG also covered the specificities of how Travel Rule applies in the context of the Lightning Network, acknowledging that “[t]hose parts of a LN transfer that are intermediate to originator and beneficiary are not in scope of the travel rule even where one or both nodes in the channel are CBs.”

‍

Notabene's Proactive Role in UK Travel Rule Compliance: Regulatory Sandbox Testnets and Guidance for VASPs

Notabene's Regulatory and Compliance team is dedicated to assisting UK VASPs in understanding and complying with their upcoming Travel Rule obligations. 

As part of that effort: 

• We have conducted two testnets as part of the Financial Conduct Authority’s (FCA’s) Regulatory Sandbox with firms such as Ramp, Bitstamp, Wirex, CoinPass, Altalix, Hidden Road, Bitpanda, Custody, Uphold, and Zodia Markets. 
• We published a brief guide that summarizes the Travel Rule obligations set forth in the MLTFR 2022. 

We invite you to join the CryptoUK’s Travel Rule Working Group to be part of the conversation, contribute to the public consultation response, and continue engaging with policymakers and regulators on this topic. 

London, UK - August 17 2023

Over the course of four months, Notabene conducted two tests as part of the Financial Conduct Authority’s (FCA’s) Regulatory Sandbox. Firms that participated in these tests included Compliance Officers from Ramp Network, Bitstamp, Wirex, CoinPass, Altalix, Hidden Road, Bitpanda Custody, Uphold and Zodia Markets in a live testing environment of Notabene’s innovative Travel Rule compliance offering.

As part of the testing sessions, a variety of real-life scenarios were tested on Notabene’s platform. This exercise aimed to allow firms to assess how Notabene’s solution can improve participants’ readiness to comply with Travel Rule requirements, which enter into force on September 1, 2023. Developer teams executed the testnet script via the terminal, enabling virtual asset service providers (VASPs) to test different Travel Rule scenarios on Notabene’s platform against the unique requirements of the UK jurisdiction.

"The opportunity to directly interact with these real-world scenarios is crucial for compliance teams in understanding and responding to the challenges posed by the Travel Rule." - Lana Schwartzman, Head of Regulatory Compliance at Notabene

Through this interactive testing, compliance teams learned how Notabene’s solution helps firms to identify potential workflows, shared testnet learnings, and brainstormed solutions for compliance challenges. Importantly, participants gained first-hand experience with how Notabene’s tool tackles the impact Travel Rule flows will have on blockchain transactions, including how to integrate counterparty sanction screening into Notabene’s platform.

“Participating in Notabene's testing cohort within the FCA's Regulatory Sandbox has been an invaluable experience. The hands-on experience provided us with indispensable insights, allowing our compliance teams to grasp the intricacies of how Notabene will support us in implementing our travel rule obligations and effectively address our compliance needs in advance of the UK's September 1st regulatory deadline.” - Oliver Morgans, Head of Compliance and MLRO at Uphold Europe Uphold Europe Ltd

The testing phase concluded with an in-person roundtable discussion, where VASPs had the opportunity to reflect on Notabene’s test, share their main compliance challenges, network with industry peers, and engage in a dialogue about the cryptocurrency sector.

"We are thrilled to have participated in Notabene's testing cohort as part of the FCA's Regulatory Sandbox. The opportunity to engage with real-world scenarios has been invaluable in helping our compliance team understand and address the challenges posed by the Travel Rule.” - James Dalton, Deputy MLRO, Ramp Network

__

About the FCA’s Regulatory Sandbox

The FCA ’s Regulatory Sandbox allows firms to test innovative offerings in a live and controlled environment. More information on the FCA’s regulatory sandbox can be found here.

The FCA's Regulatory Sandbox helps innovative firms, both incumbents and new players, navigate the regulatory landscape by providing them access to regulatory expertise, enabling product testing, accelerating market entry, and providing guidance, and was established to support the FCA’s objective of promoting effective competition in the interests of consumers. 

For more information about the FCA’s Regulatory Sandbox or other FCA Innovation services, please contact/visit:

[email protected]

fca.org.uk/firms/innovation 

‍

For more information about Notabene, please contact:

[email protected]

‍

About Notabene

Notabene is crypto’s only pre-transaction decision-making platform. Enabling customers to identify and stop high-risk activity before it occurs.

Notabene's SafeTransact platform helps financial institutions and crypto businesses unlock their full potential in the digital economy. With a focus on security, privacy, and end-user experience, Notabene customers can use our multi-source data and software to automate real-time decision-making, perform counterparty sanctions screening, identify self-hosted wallets, and complete the smooth rollout of Travel Rule compliance, all in consideration of global and local regulations.

Notabene is SOC-2 security certified since 2021. Over 90 companies leverage our software to manage real-time regulatory and counterparty risk in virtual asset transactions, including Copper, Luno, Crypto.com, and Bitstamp. Headquartered in New York, Notabene is a global company with presence in Switzerland, Singapore, and the United Kingdom.

Notebene is not regulated or registered with the FCA.

LinkedIn | Twitter

As the decentralized finance (DeFi) sector continues to gain momentum, global regulatory authorities are grappling with effectively overseeing this new frontier in financial services. The Financial Action Task Force (FATF) and the European Union (EU) are formulating their respective approaches to DeFi regulation, focusing on a broad interpretation of the definitions provided in the FATF’s standards and shifting towards an activity-based regulatory approach. The challenge lies in determining which entities within the DeFi ecosystem qualify as Virtual Asset Service Providers (VASPs) and how to apply Anti-Money Laundering (AML) and Counter Financing of Terrorism (CFT) obligations to them.

In a previous post, we covered the FATF’s and the EU’s regulatory stances on NFTs. This article, taken from our 2023 State of Crypto Travel Rule Compliance Report, compares their regulatory stances on DeFi.

What is DeFi

DeFi eliminates intermediaries in financial services by executing transactions via code on blockchains. In 2022, DeFi protocols and applications continued their unprecedented growth, with major asset managers offering DeFi exposure to institutional investors. Retail users continued to flock to DeFi, although there were risks along the way- liquidations surpassed $8.7 million on February 23, and DeFi exploits across blockchains worldwide totaled $3.64 billion in 2022, a rise of 47.4% compared to 2021.

‍

‍

DeFi Legal & Regulatory Spotlight in 2022

Protocol-level sanction action reared its head in 2022. In August 2022, Tornado Cash, an Ethereum-based mixer, was blacklisted by the Office of Foreign Assets Control (OFAC) for its alleged links to the Lazarus hacker group from North Korea. This incident indicates that DeFi protocols will have to comply with sanctions in the future. Additionally, financial regulators released papers highlighting the challenges surrounding DeFi regulation. Below we highlight relevant DeFi events in 2022. N.B. Dates accompanied by a clipboard icon indicate a document that a regulator produced.

• ‍June 8, 2021 📋 - DeFi Policy Maker Toolkit | The World Economic Forum takes the stance that “an effective regulatory response to DeFi is likely to involve a combination of existing regulation, retrofitted regulation, and new, bespoke regulation.” (p.21)‍
• January 5, 2022, Aave Arc, designed to help institutions develop new products and services utilizing digital assets, attracted 30 financial institutions to its whitelist.‍
• April 2, 2022 📋 - European Financial Stability and Integration Review 2022 | The European Commission acknowledged that copying traditional regulatory approaches in a decentralized environment may not be an option. It notes, "Possibly, even more emphasis would need to be put on activity-based regulation as opposed to entity-based one.” 
• ‍April 4, 2022 - Uniswap user forms a class action lawsuit alleging that Uniswap Labs and its investors are culpable for her losses due to a failure to comply with securities laws.‍
• April 13, 2022 📋 - Policy Considerations for Decentralized Finance | Abu Dhabi Global Market expresses the view that “Given that DeFi does not change the underlying nature of financial services, we believe that similar requirements should be placed on DeFi participants as on TradFi participants. (...) However, we recognise that since DeFi changes how financial services are delivered, we may need to impose different obligations on a DeFi activity to achieve the same outcomes as those obligations placed on a TradFi operator.” (p.16-17)
• August 8, 2022 - U.S. Treasury Sanctions Notorious Virtual Currency Mixer Tornado Cash‍
• August 10, 2022 - MakerDAO makes contingency plans to execute an emergency shutdown should core contracts underpinning DAI, its stablecoin, be sanctioned.

‍

Crypto Travel Rule and DeFi

In this section, we will delve into the general stance of the FATF and the EU towards DeFi, examining whether DeFi is currently regulated and the measures being taken to continuously monitor and assess developments in the sector. 

FATF vs. EU: General Stance on DeFi

FATF: The FATF expects countries to determine whether an identifiable person is a VASP within the DeFi arrangement on a case-by-case basis, according to a broad interpretation of the definitions provided in the FATF’s standards.

EU: The European Commission has expressed its view that traditional regulatory approaches may not be a suitable fit for the decentralized environment of DeFi platforms. Instead of relying on entity-based regulation, the Commission is considering a shift toward an activity-based regulatory approach, which may better align with the dynamic and decentralized nature of DeFi.

To implement this approach, the Commission proposes a few access points for DeFi regulation:

• regulating the connections between regulated entities and DeFi platforms
• regulating the features of smart contracts targeting the project team behind the specific DeFi application, and
• utilizing embedded supervision to capitalize on the inherent data transparency offered by public blockchains, making it easier to monitor and oversee DeFi activities.

‍

FATF vs. EU: Is DeFi Regulated?

FATF: According to the FATF, a DeFi software application could not inherently qualify as a VASP. Instead, entities that maintain "control or sufficient influence" over a DeFi protocol should be subject to AML and CFT obligations if they provide or facilitate VASP services. This would apply to entities with an ongoing business relationship with DeFi protocol users, those profiting from the DeFi service, or those with the ability to set or change the parameters of the DeFi protocol.

However, the FATF recognizes that identifying entities with control or substantial influence over a DeFi arrangement can be challenging, and in some cases, a VASP might not even exist. They recommend that countries assess the risks posed by these activities and adopt appropriate risk mitigation measures. ^[1] This could include requiring regulated VASPs to be involved in the activities of the DeFi arrangement if deemed necessary. The FATF also clarifies that holding governance tokens of a DeFi protocol does not automatically qualify someone as a VASP, unless they can control or substantially influence the protocol’s governance. ^[2]

EU: Under MiCA, crypto-asset services that are fully decentralized without any intermediary do not fall within the regulation’s scope. However, if there are natural, legal persons or other undertakings that provide or control, directly or indirectly, a regulated activity or service (i.e., service of exchange of crypto-assets for other crypto-assets or the operation of a trading platform for crypto-assets), even if the service or activity is performed in a decentralized way, it would be subject to the MiCA’s scope. ^[3]

‍

Comparison of FATF and EU Guidelines on When DeFI is Regulated

‍

FATF vs. EU: Continuous DeFi Monitoring and Assessment

FATF: In its Targeted Update, the FATF acknowledges that DeFi markets have grown significantly from 2021 to 2022 and promises to “continue to monitor developments in DeFi, particularly the emergence of truly decentralized DeFi entities, and to facilitate dialogue on common AML/CFT implementation challenges, risk assessment, and good practices.” ^[4]

EU: After consulting with the European Banking Authority (EBA) and the European Securities and Markets Authority (ESMA), the European Commission plans to deliver a series of reports to the European Parliament and Council on the latest crypto-asset developments. These reports, particularly concerning areas not yet covered by existing regulations, may inform potential new legislation.

• Report on the latest developments in crypto-assets, expected by December 30, 2024, is due to include “an assessment of the development of decentralised-finance in markets in crypto-assets and of the appropriate regulatory treatment of decentralised crypto-asset systems without an issuer or crypto-asset service provider, including an assessment of the necessity and feasibility of regulating decentralised finance.” ^[5] 
• Reports on the application of this Regulation, expected by June 30, 2027, shall include “an assessment of the development of decentralised finance in markets in crypto-assets and of the appropriate regulatory treatment of decentralised crypto-asset systems.” ^[6]

As the DeFi sector continues to grow and evolve, regulatory authorities around the world are working to develop effective regulatory frameworks that can address the unique challenges posed by decentralized financial systems. The FATF and EU have proposed different approaches to regulating DeFi, with the FATF focusing on identifying VASPs within the DeFi ecosystem and the EU considering an activity-based regulatory approach. Both organizations will continue to monitor the DeFi sector and assess the risks associated with these activities. The rapid growth of the DeFi sector and the increasing interest from institutional and retail investors make it crucial for regulatory authorities to establish clear and effective regulatory frameworks to ensure the sector's continued growth and stability.

In previous articles in this series, we covered the FATF’s stance on the timing of Travel Rule compliance and shared the critical decision-making points for regulated transactions. We also discussed how the crypto industry struggles with carrying out these steps before the blockchain transaction occurs. SafeTransact, Notabene’s pre-transaction decision-making platform, simplifies this process.

Applying FATF's rules can affect a whole business, as setting up a Travel Rule compliance program will affect many departments and stakeholders. Notabene’s long-standing goal has been to simplify this process, providing a way for VASPs to get started on their Travel Rule compliance journey with minimal effort from their teams. First, let’s revisit the steps that Travel Rule-compliant companies must follow before authorizing compliant crypto transactions on the blockchain:

These pre-transaction steps include:

1. Identifying and sanction screening the transaction counterparty
2. Performing due diligence and assessing risk on the counterparty VASP
3. Exchanging Travel Rule information according to FATF's rules

Despite FATF's recent clarification that these steps must be followed before the transaction, results from our 2023 State of Crypto Travel Rule Compliance revealed that nearly 40% of compliant VASPs do not fulfill their Travel Rule data transmission transmission obligations before the blockchain transaction occurs. With SafeTransact, Notabene is committed to improving this statistic while helping all companies identify illicit transactions before they occur.

‍

SafeTransact: A Suite of Tools for Crypto Pre-Transaction Decision-Making

Notabene’s SafeTransact is the first platform that enables Compliance Officers to identify and stop high-risk activity before it occurs. The Notabene platform offers a secure, holistic view of crypto transactions, enabling our subscribers to:

• automate real-time decision-making
• perform counterparty sanctions screening
• identify self-hosted wallets, and 
• complete the smooth rollout of global Travel Rule compliance in line with international regulations.

‍
Below, we break down SafeTransact's four major components that help VASPs implement pre-transaction decision-making.

‍

1. SafeConnect: Effortlessly Identify, and Screen Counterparties

SafeConnect assists in identifying and screening counterparties in the pre-transaction process, an essential step to safeguard businesses from any potential legal repercussions resulting from transactions with sanctioned entities. Counterparty identification is notoriously challenging, as crypto transactions are usually linked only to a blockchain address.

By incorporating SafeConnect into your system, you can automatically and dynamically gather counterparty identification information from multiple sources; we use a combination of blockchain analytics data, data generated from client activity, and direct inquiries from your customer. This ensures accurate identification and consideration of jurisdictional requirements like thresholds and PII specifications, which can affect compliance workflows.

‍

The Travel Rule compliance solution employs a multi-jurisdictional approach, automatically detecting specific requirements in our client’s jurisdiction, as well as their transaction counterparty’s jurisdiction. The plug-and-play functionality automatically applies relevant regulatory requirements to all transactions. Our product team constantly monitors and updates the criteria in case of any changes so Compliance Officers don't have to.

Further, Notabene aids in counterparty VASP discovery through blockchain analytics and several other methods. VASPs in the Notabene Network can upload their hashed blockchain addresses to expedite mutual discoverability. This allows automatic identification when those addresses are involved in transactions. Additionally, the Notabene Network Discovery features enable VASPs to manage their internal address book.

Lastly, once the transaction counterparty and institution are identified, VASPs can perform risk assessments at the transaction level, which involves sanction screening the beneficiary and originator name, and assessing the blockchain address risk score, by connecting to analytics and screening providers in Notabene's marketplace.

‍

2. Notabene Network: Enhanced VASP Due Diligence and Risk Assessment

Once the transaction counterparty has been checked against sanctions, the due diligence focus turns to the counterparty VASP to assess risk to ensure that the counterparty VASP is a trusted exchange with adequate security standards. In its "Targeted Update on Implementation of the FATF Standards," released in June 2023, the FATF clarified the due diligence responsibilities of VASPs; VASPs must perform due diligence on their counterparties, regardless of their compliance status or the regulatory environment in their jurisdiction.

The Notabene Network hosts the largest selection of VASP profiles equipped with real-time, third-party-verified data. As an added layer of compliance, companies can exchange industry-standard due diligence questionnaires for a more scalable approach to counterparty verification.

‍

3. Notabene Dashboard: Streamlining Travel Rule Information Exchange

Based on the outcome of due diligence checks on transaction counterparty and institution, a Compliance Officer can decide whether to exchange Travel Rule information or block the transaction. The Notabene dashboard, a holistic transaction hub, compiles critical Travel Rule data, enabling easy access and review of all such transactions. Our one-stop-shop dashboard simplifies compliance management by making information more organized and manageable. 

Notabene subscribers can manage incoming and outgoing data transfers, securely store their customer's data for record-keeping, and generate comprehensive reports from the same dashboard. Due to our multi-protocol approach, our clients can send encrypted Travel Rule data transfers to various VASPs, regardless of their compliance status or network protocol. 

Further enhancing the service, the dashboard offers a comprehensive view of all transactions beyond the scope of Travel Rule requirements, providing Compliance Officers with a singular platform to demonstrate pre-transaction decision-making approaches to regulators. It functions as a comprehensive compliance center, allowing approval or rejection of both hosted and self-hosted wallet transfers and connecting those decisions to the blockchain authorization flow.

‍

4. Rules Engine: Automating the entire process

Finally, automating these checks is vital to implementing a complete Travel Rule compliance workflow with minimal impact on transaction latency. Compliance Officers can use our Rules Engine to program and apply compliance controls with various criteria across all transactions.

Thanks to in-app automation, compliance checks, and Travel Rule decisions can be tied with transaction outcomes, allowing Notabene subscribers to control compliance roll-out and workflows from the UI. Our dashboard lets you connect your AML providers, manage your rules quickly, and prevent illicit transactions in real-time.

Conclusion

Notabene's SafeTransact platform is a clear-cut answer to the challenges of meeting the FATF's Travel Rule regulations. SafeTransact tackles the problem of companies not complying with their obligations pre-transaction—an issue for 40% of Travel Rule-compliant businesses. SafeTransact equips VASPs with the tools to assess risk quickly, share information, and perform critical checks, such as identifying and confirming transaction partners while keeping the fast pace of crypto transactions. 

Beyond streamlining crypto regulatory compliances, SafeTransact supports the growth and health of the worldwide digital asset industry by allowing businesses to spot and stop high-risk activities quickly.

Get started today!

‍

‍

{{cta-bookademo="/cta-components"}}

‍

As Travel Rule enforcement deadlines appear left and right, VASPs proactively embed compliance workflows in their day-to-day operations. A wave of Travel Rule compliance consciousness is rippling across the market and within companies, resulting in businesses expanding their operations into multiple jurisdictions. Not only is pre-transaction decision-making now seen as part of the larger compliance and business ecosystem, but the holistic view of the Travel Rule is also gaining ground. To further enable these developments, our product suite and updates focus on enabling much-needed standardization and scalability to the VASP due diligence process and empowering Compliance Officers (COs) with robust data and insights that drive informed decision-making. 

In this post, we share our product roadmap for 2023, highlighting our key achievements thus far and our future plans to further support your compliance efforts. 

Let's dive in!

Product Vision and Strategy

Our mission has always been to enable safe and trusted crypto transactions. To operationalize this, we’ve created the most comprehensive and user-friendly platform for Compliance Officers to gain a holistic view to make the appropriate pre-transaction decisions in regulated crypto transactions. Every feature we designed is grounded in this mission, aiming to simplify the daily tasks related to compliant crypto transactions. 

‍

Let’s take a look back at what we’ve shipped in the first six months of 2023:

‍

- Added five jurisdictions to our platform

Regulatory enforcement is speeding up, and so is our platform. A key trend highlighted in our 2023 State of Travel Rule Compliance Report was that 2023 would be the Year of Travel Rule compliance, an insight proving true.  Regulatory enforcement is accelerating, inspiring proactive compliance efforts among VASPs across multiple jurisdictions such as the United Kingdom, Dubai, Japan, Indonesia, and Hong Kong.

‍

‍

We've added these new jurisdictions to our platform, empowering businesses to adhere to local regulations seamlessly. The plug-and-play functionality automatically applies relevant regulatory requirements to all transactions. Our product team constantly monitors and updates the requirements in case of any changes so Compliance Officers don't have to.

Additionally, we've noticed an uptick in existing customers expanding their Travel Rule capabilities to additional jurisdictions, reflecting their solid commitment to compliance. With multi-entity support, our SafeTransact dashboard facilitates the management of multiple jurisdictions.‍

- Integrated on Fireblocks platform

Travel Rule compliance and pre-transaction decision-making have been recognized as integral parts of a comprehensive crypto compliance stack. Notabene plays a vital role here, providing trust, standardization, and scalability in the VASP due diligence process. Our Fireblocks partnership exemplifies this, as we recently joined forces to offer the industry’s first fully-integrated solution for processing Travel Rule-compliant transactions for institutional customers. Mutual customers can now seamlessly and automatically perform compliance checks on their transactions through their custody providers, with no additional integration needed.

- 117 companies began their Travel Rule compliance journey using SafeTransact

Navigating the global crypto landscape's complexity requires a deep understanding of the ever-evolving regulations in multiple jurisdictions, strategic planning, and meticulous execution.  Each company complies at its own pace—largely dependent upon local regulations or internal risk appetite. Further, implementing a Travel Rule compliance program in a company often involves multiple stakeholders from different departments. Knowing this, we put our heads down to devise a plan to improve our customers' experience along their compliance journey and launched the following features:

• SAFE Implementation phases: This feature provides a guided, phased approach to Travel Rule compliance. Customers securely link their internal systems and practice Travel Rule scenarios before initiating real transactions.

• RoboVASPs: This feature acts as a series of VASPs, automatically responding to send transactions. RoboVASPs provide an automated testing environment for diverse transaction scenarios.
• Enhanced compliance controls: Compliance officers have more control over compliance decisions without tapping into their in-house tech resources. For example, Notabene users can now record reasons for declining crypto transactions based on a comprehensive list of logic defined by compliance experts.

‍

- Added a ‘top 20 counterparties’ view to the dashboard

Notabene customers now have a view of their top 20 counterparties on their dashboard, a feature designed to streamline our customers’ initial due diligence process. After completing the initial integration phase, VASPs can automatically link their blockchain analytics providers to identify and rank top counterparties based on transaction history. 

‍

‍

The feature displays a curated list of these counterparties, complete with essential details like jurisdiction, Travel Rule activity, and reachability. This immediate value-add simplifies the due diligence process, helping customers quickly assess counterparty compliance.

‍

- Enhanced real-time counterparty identification

Network Discoverability is a feature designed to enhance the real-time identification of counterparties for in-network VASPs. By utilizing this tool, VASPs can boost their reachability and reduce end-user friction. 

‍

The system is set up to auto-identify blockchain addresses for both sides of a transaction, ensuring both speed and accuracy. Importantly, all blockchain addresses are securely hashed. Each address is queried individually, ensuring the confidentiality of the entire list. Furthermore, address sharing is reciprocal; they are only exchanged with counterparties who also share theirs. This streamlined approach empowers Compliance Officers to share swiftly, and access VASP blockchain addresses within the Notabene network, significantly optimizing Travel Rule transactions.

‍

- Compliance officers can now set Travel Rule timings without developers

Compliance officers now have the capability to set specific Travel Rule transaction states, such as 'Sent,' 'Confirmed,' or 'Accepted.' When set, a new event is triggered to their webhook, signaling the appropriate time to initiate the actual blockchain transaction. This enhancement addresses feedback from customers who sought guidance on the optimal timing for the corresponding blockchain transactions during the Travel Rule exchange. 

Previously, any change in transaction timing required the involvement of development teams. Now, this feature empowers compliance officers to determine the execution timing of these transactions independently, eliminating the need for developer intervention.

- Self-service API: customers can auto generate their API credentials

Aimed at developers, this tool gives customers the autonomy to auto-generate their API credentials without needing to liaise with Notabene's support team. This accelerates integration processes and facilitates the addition of new jurisdictions. 
‍

‍

Once generated, customers can seamlessly integrate these credentials with our Auth0 endpoint to retrieve tokens for API use. The system provides both the client ID and secret, eliminating any preparatory steps. While the responsibility of managing tokens rests with the users, this feature exclusively pertains to the Notabene API. It empowers users to create transactions from the backend, bypassing our UI directly. API credentials are the gateway to obtaining a token, which authenticates users to access our API.

‍

A look ahead to the updates and features coming in the second half of the year:

‍

{{cta-bookademo1="/cta-components"}}

Each year, as part of our comprehensive State of Crypto Travel Rule Compliance survey, Financial Institutions (FIs) and Virtual Asset Service Providers (VASPs) share their main hurdles in adopting the Travel Rule. This article presents notable shifts in the top challenges, providing valuable insights into the evolving landscape of Travel Rule compliance.

Our 2023 report findings underscore the complexities of Travel Rule compliance; these insights amplify the necessity for a harmonized, global approach to compliance, primarily to address interoperability issues and the identification of counterparty VASPs. Learn more below.

Lack of technical resources becomes the main barrier to compliance

‘Lack of technical resources has emerged as the top hindrance to Travel Rule adoption, overtaking 'legal uncertainty' and 'sunrise period effects', which rank second and third, respectively.

‍

The percentage of VASPs that chose this response as their top roadblock has risen from 23% in 2022 to 27% in 2023. This increase may be due to VASPs having difficulty managing multiple data flows and integrating with various protocols, highlighting the challenge of protocol interoperability for widespread adoption of the Travel Rule. 

Additionally, 72.46% of respondents who identified a lack of technical resources as their primary obstacle to Travel Rule compliance had a personnel headcount below 100, which could also indicate resource allocation challenges. ^[1]

2. Financial Institutions face more technical hurdles in comparison to crypto businesses

When looking deeper into the data, ‘lack of technical resources’ is the top obstacle for Financial Institutions (FIs), with 45% of respondents citing this issue compared to 27% for crypto businesses. ^[2]

‍

The results showcase that FIs tend to take a stricter approach to compliance, with fewer variations in compliance stages. The shortage of resources may not be limited to compliance but may reflect a broader shortage and allocation of resources for launching digital asset products.

3. Legal uncertainty and sunrise period effects remain in the top three hindrances to compliance

'Legal uncertainty,' which the survey defined as ‘being unclear on what is required to comply fully with the Travel Rule,’ was the reported top hindrance to Travel Rule adoption in 2022, but it has fallen to second place in 2023. While it suggests a positive trend, regulators still need to set clear expectations for Travel Rule compliance and make more progress in reducing this hindrance further. ‘Sunrise period effects’ was cited by 19% of respondents as their greatest compliance challenge, highlighting the need for more information and guidance on this issue. [1] You can learn more about the sunrise period and its impact on VASPs and FIs in Chapter 5 of Notabene's 2023 State of Crypto Travel Rule Compliance Report.

4. Rising concern: data privacy

Data privacy has witnessed a noteworthy rise in concern, moving from last place in 2022 to becoming the fourth largest obstacle to Travel Rule adoption (from 4% to 12%) in 2023. (Figure 1) Survey results also revealed that more than half of the respondents do not enforce a counterparty due diligence process before sending a Travel Rule transfer. This is a concerning trend, as a key part of the due diligence process is to assess the data protection capabilities of counterparty VASPs, a process that is critical to mitigating these risks.

The FATF outlines alternative procedures—including the possibility of not sending user information—when there are reasonable doubts about counterparty VASPs' data protection practices. ^[4] Yet, more recent regulatory guidelines, like Hong Kong’s SFC, specifically recommend that Travel Rule solutions “protect the submitted information from unauthorized access using a strong encryption algorithm to encrypt the information during the data submission.” ^[3] 

Notabene uses decentralized identifiers for a privacy-conscious implementation of the Travel Rule. To learn more, dive into our SAFE PII technology that uses encryption, secure escrow methods, and self-managed encryption keys for robust personal data protection. 

5. VASPs call for a global unified approach in Travel Rule communication and reachability

We asked respondents to anonymously share their opinions on the existing Travel Rule protocols in the market and the most relevant criteria for assessing their suitability. We share the common feedback divided by themes below.

6. Lack of Interoperability

One of the most common themes from the responses was the need for a unified global approach to reachability and transmitting Travel Rule messages. Nearly a quarter of the survey respondents (24%) cited interoperability as a current blocker for compliance. In comparison, 20% expressed concern that the availability of “too many” protocols on the market was causing fragmentation and confusion over their needs.*

VASPs and the FATF emphasize how crucial it is for protocols to communicate with one another. The FATF calls on the

‍“...industry to accelerate efforts to strengthen solutions that are global, and can accommodate nuances in requirements across jurisdictions, in line with the expectations of the FATF Standards.” ^[5]

7. Lack of Counterparty VASP Identification

Another common theme was the lack of a universal method for identifying counterparties. Unlike wire transfers, there is no standard method for tying a blockchain address to a specific counterparty. This creates a challenge in assessing transaction obligations and identifying the counterparty that needs to receive the required Travel Rule information. Chapter 5 of our report expands upon this topic.

8. Non-compliance with FATF Standards

Finally, nearly 10% of the respondents expressed concern that protocols are not compliant with the original FATF Travel Rule proposal. This key finding underscores the need for the industry to continue collaborating on common issues and for the private sector to develop global technological tools that can accommodate nuances across jurisdictions.

‍

In June 2023, the Financial Action Task Force (FATF) published a Targeted Update report on the global state of Travel Rule adoption. The report stressed that the Travel Rule must be applied before a crypto transaction occurs. Yet, insights from our study published in April 2023 revealed that nearly 40% of companies reporting compliance are not fulfilling their obligations before the crypto transaction occurs.

In this second installment of a three-part series, we discuss why Travel Rule compliance is a pre-transaction requirement, the current industry compliance gaps. The final article in the series addresses how Notabene's SafeTransact helps VASPs achieve pre-transaction compliance.

‍

FATF’s Pre-Transaction Compliance Requirement

In its June 2023 Targeted Update report on the worldwide Travel Rule adoption, the FATF emphasized the necessity for Travel Rule compliance before the crypto transaction occurs. In the report titled “Virtual Assets: Targeted Update on Implementation of the FATF Standards,” the FATF revealed vital insights on the global enforcement of the Travel Rule, disclosing minimal progress, with three-quarters of surveyed jurisdictions found to be ‘only partially’ or ‘not compliant’ with its requirements for VAs and VASPs.

The report underscored instances of post-transaction compliance as a form of non-compliance. It stressed the urgency of immediately submitting originator and beneficiary information to the Beneficiary VASP or financial institutions before, simultaneously, or concurrently with the transaction. [1] This order of operations facilitates sanctions screening of the counterparty at or before the time of the transaction. It allows VASPs the chance to stop transfers with sanctioned persons or entities.

‍

Key Trends from Notabene’s 2023 State of Crypto Travel Rule Compliance Report

Notabene conducts an annual review to comprehensively assess the virtual asset industry's compliance efforts with FATF’s virtual asset Anti-Money Laundering (AML) guidelines. The 2023 State of Crypto Travel Rule Compliance survey ran from December 2022 to January 2023, covering 69 VASPs and financial institutions globally, and yielded the following results:
‍

‍Increased compliance efforts

^‍

Compared to the 2022 survey, the number of VASPs reporting 'already compliant' doubled, marking a 117% increase (11% in 2023, compared to 23% in 2023).

Limited increase in pre-transaction compliance

Although the number of VASPs reporting 'already compliant' doubled from last year, only 20% of VASPs send Travel Rule information pre-settlement (up by 50% from last year’s 13%).

This data reveals a disparity between assertions and actions, as well as confusion around what‘ fully compliant’ means.

‍

Post-transaction compliance dominates

The study highlights that 37.5% of firms performing Travel Rule meet the requirements only after completing transactions, which goes against the FATF's instructions.

While showing progress, these findings accentuate the need for local regulators to clarify that the Travel Rule is a pre-transaction obligation, a clarification reinforced by the FATF in its June 2023 update.

‍

Balancing Speed and Compliance in Cryptocurrency Transactions: The Challenges of Implementing the Travel Rule

The purpose of the Travel Rule is to ensure that appropriate checks and balances are in place before a transaction is initiated. To fulfill the goals of the Travel Rule effectively, the Beneficiary VASP should have sufficient time to scrutinize the transmitted information. Suppose instantaneous settlements take place without giving the VASP adequate time to react. In that case, it might hinder their ability to conduct essential due diligence tasks, such as matching the beneficiary's name and performing sanctions screening before the funds are received.

In some cases, VASPs might not have enough time to release the funds to the end customer, depending on the systems in place.
‍

Traditional SWIFT payments, characterized by their clearance times that span several days, give banks the luxury of time. They can share data and perform comprehensive checks before the transaction is initiated. This time factor is a significant difference between traditional and crypto transactions. Most cryptocurrency transactions occur instantaneously and are irreversible, leaving little to no room for pre-transaction checks. 

In the context of Travel Rule compliance, this characteristic of crypto transactions poses a unique problem for VASPs. It takes longer for VASPs to develop a compliance strategy that can effectively detect and halt illicit activity without impacting transaction speed or volumes. Therefore, the challenge lies in creating a compliance system that allows for comprehensive pre-transaction checks while still maintaining the speed and efficiency inherent to cryptocurrency transactions.

‍

Notabene’s SafeTransact: Solving Crypto Pre-Transaction Decision-Making

Notabene welcomes the FATF’s clarification that Originator VASPs must submit originator and beneficiary information before or concurrently with the crypto transaction. We’ve designed SafeTransact: The Crypto Pre-Transaction Decision-Making Platform to enable VASPs to Identify and stop high-risk activity before it occurs.

‍

Notabene’s SafeTransact offers a secure, holistic view of crypto transactions, enabling customers to automate real-time decision-making, perform counterparty sanctions screening, identify self-hosted wallets, and complete the smooth rollout of global Travel Rule compliance in line with global regulations.

‍

{{cta-learnmore3="/cta-components"}}

‍

Four years after the Financial Action Task Force (FATF) introduced the Travel Rule for crypto assets,  there has been significant progress in its adoption by virtual asset service providers (VASPs) and jurisdictions. 

However, gaps remain: only dozens of jurisdictions have enforced it, and among those where it is enforced, its adoption by VASPs is often post-transaction and does not meet the full requirements. To address these gaps, FATF launched an action plan with 200+ member states to accelerate the global implementation of the Travel Rule, in February 2023. The G7 also confirmed its commitment to speed up the enforcement of the Travel Rule in May 2023. 

This is the first article in a three part series that discusses the importance of fulfilling Travel Rule obligations before transactions, the pre-transaction decisions a VASP must make to comply, the current industry compliance gaps, and how Notabene's platform can help VASPs achieve pre-transaction compliance.

‍

The Importance of Pre-Transaction Decision-Making in Crypto Transactions

Complying with the FATF's crypto Travel Rule requires that VASPs adopt compliance processes to prevent funds from ending up in the hands of bad actors. That is only possible when the entire process is carried out before the transaction settles on the blockchain, providing a VASP with the ability to take necessary actions if suspicious activity is detected. 

FATF’s Interpretive Note 15-7b explicitly states that Travel Rule compliance solutions must ensure the submission of both originator and beneficiary information immediately or before an on-chain transaction. [1] Furthermore, FATF says why this is critical in Recommendation 16, laying out the different actions that a VASP should consider if suspicious activity is detected with the Travel Rule: 

“Providers in this space must comply with the requirements of Recommendation 16, including the obligation to obtain, hold, and transmit required originator and beneficiary information associated with VA transfers in order to identify and report suspicious transactions, take freezing actions, and prohibit transactions with designated persons and entities.” [2]

Before the Travel Rule was implemented, VASPs had limited means to gauge the ML/FT risk of counterparties. While many VASPs started using blockchain analytics tools to perform pre-transaction checks, it became increasingly evident that suspicious actors could circumvent those checks by creating new wallets. 

‍

‍

The Travel Rule now mandates VASPs to gather, screen, and share originator and beneficiary data before approving transactions above certain thresholds, ensuring transactions only occur with trusted counterparties. VASPs could unwittingly aid transactions to sanctioned individuals or malicious entities without these pre-transaction checks and data exchange.

When the Travel Rule is implemented correctly and carried out pre-settlement, VASPs can use Travel Rule solutions to identify and stop potential illicit transactions before they are settled.

For the first time in crypto history, we can prohibit transactions with unlawful and sanctioned entities and reduce on-chain risk. Compliance with the new anti-money laundering (AML) requirement —the Travel Rule —is the first chance for VASPs to capitalize on pre-transaction counterparty risk management. 

‍

{{cta-learnmore3="/cta-components"}}

‍

What are the Key Pre-Transaction Decisions in a Compliant Crypto Transaction?

Compliant crypto transactions involve several crucial pre-transaction decision-making steps. These steps differ based on whether the transaction is between two VASP-hosted wallets or involves a self-hosted wallet. Below, we dive into both scenarios.

Transactions between two hosted wallets 

For transactions between two hosted wallets, the Originator VASP must perform multiple pre-transaction compliance checks to ensure the transaction details satisfy their compliance process. 

The Originator VASP must tie the results from the Travel Rule decision points to the transaction outcome: to approve or block the transfer or take other actions like filing a suspicious transaction report. In the example above, if all the decision points are in the clear, then VASP 1 would allow the transaction to go through. But if, at any point, there is a cause for concern, the transaction can be blocked from going through or, at the minimum, flagged for further review.

Meanwhile, the Beneficiary VASP must confirm that the Originator VASP and Originator Customer (Alice) are low-risk by carrying out pre-transaction compliance checks before approving or denying the incoming Travel Rule transfer. If anything raises a concern, the Beneficiary VASP must be ready to take action, such as freezing the transaction if the funds were already transferred.

‍

Transactions between a hosted and self-hosted wallet

Contrary to common perceptions, the Travel Rule applies to both VASP-to-VASP and self-hosted transactions. FATF's Updated Guidance [3] brings AML across all transactions, including self-hosted wallets. During transactions with self-hosted wallets, Originator VASPs must collect the beneficiary's name and perform some compliance pre-transaction checks—at minimum. Further de-risking actions such self-hosted wallet ownership proofs are also required in some jurisdictions. 

‍

How Notabene Customers Leverage SafeTransact for Effective Pre-Transaction Decisions

During our yearly study, the 2023 State of Crypto Travel Rule Compliance Report, we found that 37.5% of VASPs reporting to be Travel Rule compliant are fulfilling their compliance obligations post-transaction. Post-transaction compliance does not effectively mitigate risk. 

To address these issues, Notabene has developed SafeTransact, a first-of-its-kind pre-transaction decision-making platform for the cryptocurrency industry that enables VASPs to conduct real-time risk assessments of involved parties before transaction settlement. 

‍

Unlock Effective Pre-Transaction Compliance: Download the Key Takeaways

Ensure your VASP meets the FATF’s Travel Rule requirements with Notabene’s SafeTransact. We've gathered all you need to know about pre-transaction decision making into one document. It covers into the key pre-transaction decisions necessary for compliant crypto transactions and showcases how our SafeTransact platform can help you mitigate risks before they occur.

Download the Guide Now to stay ahead in crypto compliance and secure your transactions against illicit activities.

‍

One of the major challenges in crypto regulation has been to link new categories of assets and services and the legal definitions of what qualifies as regulated assets and services. Non-fungible tokens (NFTs), stablecoins, and decentralized finance (DeFi) remain gray areas subject to evolving regulatory perspectives.

This article, taken from our 2023 State of Crypto Travel Rule Compliance Report, provides a side-by-side comparison of the Financial Action Task Force's (FATF) and the European Union's (EU) regulatory stances on NFTs.

What are NFTs?

NFTs are unique digital assets tokenized on a blockchain and have distinct identification codes, and metadata. Users can trade NFTs for fiat money, cryptocurrencies, or other NFTs based on their value determined by the market and owners. NFTs are challenging to classify and regulate due to their various possible configurations.  The entire crypto market took a hit in 2022, and NFTs were no exception, as noted in the chart below.

NFTs were the subject of several regulatory and legal interventions and initiatives in 2022, ranging from insider trading cases to intellectual property qualifications and advertisement restrictions. By way of example, we provide highlights below. N.B. The dates accompanied by a clipboard icon indicate a document a regulator produced.

NFT Legal & Regulatory Spotlight in 2022

• June 1, 2022 - A former employee of OpenSea (an NFT marketplace) was charged in the first digital asset insider trading scheme with accusations of wire fraud and money laundering.
• June 23, 2022 📋 - The European Union Intellectual Property Office (EQUIPO) clarifies how they classify NFTs, incorporating the term “downloadable digital files” authenticated by non-fungible tokens in Class 9.
• November 29, 2022 - The European Parliament hosted a meeting with NFT and metaverse experts. Industry representatives suggested policymakers regulate use cases rather than technology.
• December 21, 2022 - The UK's Advertising Standards Authority ruled against Crypto.com and Turtle United's NFT advertisements for not disclosing investment risks.

Crypto Travel Rule and NFTs

The FATF and EU have divergent, nuanced perspectives on NFT regulation, including varying. classifications and approaches. The primary distinction revolves around whether an NFT is considered a Virtual Asset (VA), which depends on usage and characteristics. The disparities mainly arise from differences in evaluation criteria and the circumstances determining VA status. The following sections provide an overview of the FATF's and EU's general positions on NFTs as VAs and if they consider NFT-related activities as covered by the regulation. Additionally, we discuss notable developments and essential considerations from the FATF and EU.

FATF vs. EU: General Stance on NFTs

FATF: FATF generally does not consider NFTs as VAs; however, the classification can depend on the nature and purpose of the NFT. It suggests governments evaluate each NFT case-by-case based on its intrinsic characteristics rather than the terminology used in its marketing. 

According to the FATF, an NFT would be classified as a VA if it's used primarily for payment or investment and has features that make it either fungible or not unique, such as the fractional parts of a unique crypto-asset, or if it's issued as part of a large series or collection. [1] 

EU: On the other hand, the EU’s stance, particularly reflected in the MiCA (Markets in Crypto-assets Regulation), maintains that unique crypto-assets like NFTs, digital art, and collectibles are excluded from its scope. [2]

In the EU, the uniqueness of the crypto-asset and the value it brings to the holder, and its non-fungibility determine whether or not it falls within the regulation. Like FATF, the EU encourages authorities to adopt a substance-over-form approach, emphasizing the asset's features over the issuer's designation.

‍

FATF vs EU: Is an NFT a Virtual Asset?

FATF: An NFT is not a VA if used as a collectible rather than for payment or investment. However, it is considered a VA if used for payment or investment or if its unique features become fungible.

EU: In contrast, the EU excludes unique and non-fungible crypto assets, like NFTs, from the VA classification. However, if an NFT's de facto features or uses make it either fungible or not unique, it may be considered a VA.

‍

FATF vs. EU: Are NFT-Related Activities Regulated? 

FATF: In its Money Laundering and Terrorist Financing in the Art and Antiquities Market report, the FATF recognizes that “markets for digital art, non-fungible tokens (NFTs), and art finance service providers all have intrinsic characteristics that expose them to different money laundering and terrorist financing vulnerabilities.” [3] FATF also clarified that NFT platforms that offer NFTs functioning as VAs may be considered VASPs, which the FATF Standards cover.

Factors to consider when assessing the application of AML/ CFT obligations:

1. The nature of the business dealing in NFTs;
2. Their function in practice; and
3. The facts and circumstances of the platform or other person doing business. [4]

EU: Although MiCA generally excludes NFTs, the forthcoming Anti-Money Laundering Directive 6 (AMLD 6) will likely cover companies that provide services related to NFTs.

‍

FATF vs. EU: Noteworthy NFT Developments

FATF: In its Targeted Update 2022, the FATF acknowledges the “rapid development of NFT markets and their functions/forms,” and promises to “continue to monitor this issue and discuss any new implementation issues and country approaches.” [5] 

EU: Similarly, The European Securities and Markets Authority (ESMA) is mandated to publish guidelines on criteria and conditions for the qualification of crypto-assets as financial instruments. The guidelines should also help better understand cases in which crypto-assets that are otherwise considered unique and not fungible with other crypto-assets might be qualified as financial instruments.NFT offerors or persons seeking admission to trading are primarily responsible for the correct classification of the crypto-assets, which the competent authorities might challenge.

‍

Conclusion

As the debate around the regulatory status of NFTs continues, it is clear that the technology is advancing at a pace that challenges existing legal and regulatory frameworks. FATF and the EU have recognized the complex nature of NFTs and their potential risks. Their nuanced approach reflects a careful and ongoing analysis of how these unique digital assets fit within the broader financial system.

While these organizations may differ in their current views on whether NFTs qualify as Virtual Assets, there is an alignment in the principle of evaluating NFTs on a case-by-case basis, considering their intrinsic characteristics and practical uses. This approach signifies a move towards a substance-over-form philosophy in regulatory practices.

‍

{{cta-learnmore6="/cta-components"}}

[Originally posted by Copper.co, see here]

Copper is pleased to announce it has partnered with Notabene to help its institutional clients adhere with the Travel Rule in their local jurisdiction. 

In 2019, the Financial Action Task Force (FATF) released a set of recommendations for combating money laundering. In recommendation 16, it covered digital assets, stating that they now came under the purview of Travel Rule requirements. This means digital assets transfers must be checked and verified to combat money laundering, terrorist financing and other illegal activities. 

Notabene, founded a year later in 2020, has provided a pre-transaction decision-making platform for crypto Travel Rule compliance to address this requirement for digital asset firms involved in trading activities. Headquartered in New York, Notabene is a global company with a presence in Switzerland, Singapore, Germany, and the UK. 

Since being founded in 2018, Copper, a SOC2 Type 2 certified company with a registration in Switzerland, has been setting the standard for institutional digital assets by offering custody and collateral management of digital assets. Underpinned by multi-award-winning technology, Copper has built the comprehensive and secure products and services required to safely custody and trade cryptocurrencies and other digital assets such as tokens and stablecoins. At the core of Copper’s infrastructure is ClearLoop, which enables clients to trade and settle in near real time across multiple exchanges, while mitigating counterparty risk and increasing capital efficiency

Regulatory adherence, although vital for safe and legally compliant financial systems, can be burdensome for digital asset firms especially given the space's relatively nascent regulatory frameworks across the world that can be confusing for those without extensive subject knowledge. 

Notabene works by providing a platform-agnostic data layer that allows transactions to be screened and counterparties to be verified before they are executed. Notabene provides data from multiple sources and uses software to automate decision-making, perform counterparty sanctions screening and VASP due diligence, identify self-hosted wallets, and adhere to Travel Rule compliance in accordance with global and local regulations. 

Integrating Notabene with Copper will be a significant step in enhancing Copper's transactions to bring us in line with the growing importance in Travel Rule compliance. In addition to Clear Loop and its English Law trust structure to back client collateral, Copper has partnered with some of the largest digital asset exchanges and service providers on the market, using its award-winning MPC custody solution and robust account management structures to mitigate counterparty risk. 

Unlike many of its competitors, Copper uses a 2 of 3 signing quorum for transaction verification, as opposed to 3 of 3, adding additional flexibility for client access. This flexibility is also applied to full compatibility to account structures, which can incorporate different wallet temperatures, such as hot, cold and warm to configure to different clients' needs. 

Integrating Notabene's automated Travel Rule compliance solution to Copper's compliance  stack will help to form part of the firm's wider offering and aid Copper in its mission to set the institutional standard for digital assets. 

According to a recent report by Notabene, 83% of its survey participants said they planned to be Travel Rule compliant by the end of 2023. Due to the global nature of digital assets, consistent Travel Rule compliance is vital to ensure there is a standard framework when transferring assets across borders. Although digital assets live on blockchains hosted online, monitoring which jurisdictions they are traveling between is important to bring digital assets into line with other asset classes. 

An increasing number of jurisdictions have brought in Travel Rule regulations for digital assets, including Japan, Singapore, Switzerland, Germany, Dubai, and the US. The UK, Portugal and Hong Kong are also set to enforce the Travel Rule later this year. 

Notabene will operate automatically under the hood, so there will be minimal impact on Copper's clients in their day-to-day activities and transactions. The platform is fast becoming the standard go-to solution for digital asset firms, with Copper joining a growing list of other firms to ensure compliance with Travel Rule requirements. 

Steve Strickland — Chief Compliance Officer, Copper, said:

"In the spirit of cooperation and innovation, we are thrilled to announce an exceptional relationship with Notabene, an industry-leading Travel Rule solution provider. Together, we will look to redefine the parameters of compliance by combining the strength of our technology and regulatory expertise to deliver secure and transparent transactions. As pioneers in the digital asset industry, we aim to forge a lasting bond that gives our clients an efficient means of implementing Travel Rule compliance. With the shared vision of Copper and Notabene, we unlock new possibilities and shape a future where compliance becomes a catalyst for growth and success.”

Pelle Braendgaard — CEO, Notabene, said:

“We are thrilled to announce our collaboration with Copper, as we jointly address the crucial compliance challenge of the Travel Rule within various jurisdictions. This collaboration highlights the significance of conducting thorough VASP due diligence and the importance of transacting with trusted and compliant counterparties. Through the seamless integration of Notabene's automated pre-transaction decision-making compliance solution into Copper's robust technology stack, Copper is reinforcing its comprehensive service portfolio and propelling itself towards setting the gold standard for institutional-grade digital assets”.

‍

– ENDS –

‍

About Copper

Since being founded in 2018, Copper, a SOC2 Type 2 certified company with a registration in Switzerland, has been setting the standard for institutional digital asset by offering custody and collateral management of digital assets. Underpinned by multi-award-winning technology, Copper has built the comprehensive and secure products and services required to safely custody and trade cryptocurrencies and other digital assets such as tokens and stablecoins.

At the core of Copper’s infrastructure is ClearLoop, which enables clients to trade and settle in near real time across multiple exchanges, while mitigating counterparty risk and increasing capital efficiency.

‍LinkedIn | Twitter

‍

About Notabene

Notabene is crypto’s only pre-transaction decision-making platform, enabling customers to identify and stop high-risk activity before it occurs.

Notabene’s SafeTransact platform helps financial institutions and crypto businesses unlock their full potential in the digital economy. With a focus on security, privacy, and end-user experience, Notabene customers can use our multi-source data and software to automate real-time decision-making, perform counterparty sanctions screening, identify self-hosted wallets, and complete the smooth rollout of Travel Rule compliance, all in line with global and local regulations.

Notabene has been SOC-2 security certified since 2021. Over 85 companies leverage our software to manage real-time regulatory and counterparty risk in virtual asset transactions, including Luno, Crypto.com, and Bitstamp. Headquartered in New York, Notabene is a global company with a presence in Switzerland, Singapore, Germany, and the United Kingdom.

‍LinkedIn | Twitter

Today, the Financial Action Task Force (FATF) released its fourth annual report on Virtual Assets and VASPs. The report, “Virtual Assets: Targeted Update on Implementation of the FATF Standards” (“Targeted Update 2023”), is based on a voluntary survey that collected responses from 151 jurisdictions, the FATF’s Virtual Assets Contact Group meetings, private sector consultations, including Notabene's participation, and results from FATF’s mutual evaluation reports. Section 2 of the Targeted Update is dedicated to the Travel Rule, focusing on the progress in its adoption and ongoing implementation challenges, including issues with compliance tools.

This article walks you through the key Travel Rule highlights. 

‍

Key Travel Rule Takeaways

‍

How many jurisdictions have implemented vs. enforced the Travel Rule?

The FATF reports that jurisdictions have made insufficient progress in implementing the Travel Rule and urges countries to urgently introduce the required legislation/regulations and operationalize Travel Rule compliance through supervision and enforcement.

Below we illustrate several key data points shared by the FATF to substantiate their findings.

Figure 1 above contrasts the count of jurisdictions that have enacted the Travel Rule with those still adopting it, compared to the survey results from the Targeted Update (2022).

Figure 2 illustrates the progress of jurisdictions on the Travel Rule. It shows the number of jurisdictions that have passed or are adopting legislation for the Travel Rule (62) versus the number of jurisdictions actively enforcing compliance with the Travel Rule (13). 

Relevantly, more than half (54%) of the survey respondents have not taken any steps towards Travel Rule implementation, and even among the jurisdictions that did pass relevant legislation, only a small minority (21%) has “issued findings or directives or taken enforcement or other supervisory actions against VASPs focused on Travel Rule compliance.” 

The FATF also stresses that the lack of progress is particularly concerning given that Travel Rule compliance requires intra-VASP and cross-border collaboration and, hence, its “effectiveness depends on consistent, global implementation and enforcement.”

‍

The ‘Sunrise Period’ is highlighted as a persistent issue

The Travel Rule, like the sun, rises at different times worldwide. The “sunrise period” refers to when the Travel Rule is not in full effect across jurisdictions. As revealed in Notabene’s 2023 State of Travel Rule Report, ‘Sunrise period effects’ continues to be one of the top 3 hindrances to the implementation of the Travel Rule: 19% of respondents cited it as their greatest compliance challenge. 

The FATF validates these concerns by stating that “Until all VASPs are required to implement the Travel Rule, VASPs operating in or from jurisdictions with Travel Rule obligations will continue to face challenges executing all covered transactions in a compliant manner.” ^[1]

‍

In most countries, domestic VASPs must transact with regulated and/or Travel Rule-compliant counterparties or must otherwise mitigate risks.

The FATF provides interesting insights into how jurisdictions are currently handling the sunrise issue and, more generally, the ability to transact with counterparties. As seen in Figure 5 below, allowing for a grace period for Travel Rule compliance or permitting a phased approach to implementation are still common practices. 

Survey data reveals that while 47% of countries enforce measures to ensure that domestic VASPs transact with regulated or Travel Rule-compliant entities or mitigate risks associated with VASPs that lack AML/CFT obligations (see measures highlighted in blue in the chart below), a substantial 26% of jurisdictions still allow VASPs to transact regardless of licensing status, Travel Rule compliance, or risk mitigation measures.

This aspect is closely connected to VASPs’ counterparty due diligence obligations, which we explore in the following section. 

‍

FATF clarifies that counterparty VASP due diligence must be carried out independently

Performing due diligence on the counterparty is an essential component of Travel Rule compliance. Even in countries where VASPs are allowed to transact with any foreign VASPs, regardless of licensing/registration status, Travel Rule compliance, or risk mitigation measures, the FATF clarifies that the private sector needs to take additional risk mitigation measures “to avoid submitting customer data to inappropriate counterparties.” ^[2] 

As reported by the FATF, counterparty due diligence is one of the reasons cited for resisting Travel Rule interoperability efforts: “the rationale is that compliance tool providers may screen users of their tool to ensure adequate data protection controls or even a level of counterparty due diligence, and therefore consider that allowing information sharing only between tool users (i.e., no interoperability).” ^[3]

However, the FATF clarifies that “VASPs are required to independently assess counterparty risk” and that this approach—taken primarily by closed Travel Rule networks—“does not remove the need for VASPs to independently verify the information and ensure all relevant domestic obligations are met.” ^[3] 

‍

{{cta-learnmore10="/cta-components"}}

‍

Report insights: counterparty due diligence challenges

VASPs still face challenges in performing due diligence on their counterparties. According to the FATF, these challenges are associated with three main reasons:

1. Subsistence of unregistered/unlicensed VASPs
   The FATF reports that only 30% of assessed jurisdictions require VASPs to be licensed or registered) and increased difficulty in obtaining information about these institutions to properly assess whether they are tied to illicit actors or sanctioned persons and the VASP’s AML/CFT compliance level.
2. Lack of public information about licensed/registered VASPs
   E.g., through a database or public register of licensed/registered VASPs.
3. Insufficiency of information available in some Travel Rule compliance tools.
   Some tools are only able to identify counterparties that are subscribers to that particular tool. ^[4] 

To counter the second issue mentioned above, FATF encourages jurisdictions to “maintain and publicise information on VASPs that are registered or licensed in their jurisdiction.” ^[4] The third issue pointed out by the FATF is mainly associated with closed Travel Rule networks. In such systems, VASPs are only able to identify and reach VASPs that are part of the same network, creating a Travel Rule compliance gap. 

The insights shared in Notabene’s 2023 State of Travel Rule Report corroborate the fact that VASPs struggle with counterparty due diligence, as 52% of respondents reported sending Travel Rule transfers to all VASPs without applying any criteria or counterparty due diligence process. 

‍

FATF clarifies that the Travel Rule is a pre-transaction requirement

In its 2023 Targeted Update, FATF dedicates a section to Travel Rule compliance tool shortcomings. The FATF highlights two main issues: the unsuitability of some existent tools to fully comply with FATF standards and the limited interoperability between solutions.

 In this context, the FATF urges:

Jurisdictions to 

1. Engage with VASPs to promote “the adoption of Travel Rule compliance tools that meet all the FATF requirements”; ^[5] 
2. In case shortcomings in Travel Rule compliance tools persist, alert VASPs of non-compliant tools operating within the jurisdiction and remind VASPs only to use compliance tools that meet the FATF requirements and/or take supervisory or enforcement action as appropriate. ^[6] 

VASPs and Travel Rule compliance tool providers to:

1. Review Travel Rule compliance tools to ensure they fully comply with the FATF requirements; ^[7] 
2. Rapidly address any shortcomings; ^[7] 
3. Improve the interoperability of Travel Rule compliance tools globally. ^[7] 

‍

FATF gives examples of shortcomings in available Travel Rule compliance tools

‍

“Many of the compliance tools fall short of the FATF Standards” ^[8] 

Table 2.1 provides “Examples of shortcomings in available Travel Rule compliance tools,” which provides much-needed clarity on what constitutes a compliant Travel Rule implementation.

For FATF's examples of non-compliance, please refer to the table below. 

‍

It is worth highlighting that the FATF clarifies that Travel Rule is a pre-transaction requirement; hence any implementations of post-transaction information transmission fall short of FATF standards.

FATF provides its reasoning below:

“To comply with their freezing obligations in practice, VASPs must submit Travel Rule information in sufficient time for both institutions to conduct sanctions screening, identify any designated persons/entities, and freeze funds before any sanctioned actor can access or dissipate the funds.” ^[8]

‍

This is particularly relevant given the specific characteristics of virtual asset transactions: settlement is immediate and irreversible; hence, only pre-transaction actions can effectively mitigate risk. 

Additionally, the FATF clarifies that the Originator VASP is required to transmit information about the originator and the beneficiary customer. Hence, Travel Rule implementations where the Originator VASP obtains beneficiary customer information from the Beneficiary VASP also fall short of FATF standards. 

‍

FATF calls out the limited interoperability among Travel Rule compliance tools

“There is only very limited interoperability among Travel Rule compliance tools.” ^[9]
- FATF, "Targeted Update 2023,” paragraph 29

The FATF highlights that interoperability between Travel Rule compliance tools limits VASPs’ ability to send Travel Rule information to all counterparties and increases compliance costs for VASPs that have to integrate with multiple tools. 

The report also states that there was limited progress in the past year to improve interoperability while acknowledging that some “industry participants are developing Travel Rule compliance tool aggregators to provide broader coverage amongst VASPs using different tools.” ^[10]

This is the case of Notabene: Notabene's Travel Rule product is the first protocol-agnostic solution and allows VASPs to connect to an open global network of 400+ reachable VASPs to securely exchange data transfers across jurisdictions. To address cases where the counterparty is part of a closed network that the VASP does not participate in, Notabene built a Travel Rule protocol agent that standardizes the connection to different protocols.

Finally, the FATF “urges the private sector to progress towards interoperability, whether through technological advancements that allow interoperability between tools or by developing relationships that permit transactions to be made through a chain of interoperable tools.” ^[11] 

‍

FATF provides guidance on how to assess the suitability of a Travel Rule solution provider

The Targeted Update includes a list of “guiding questions that VASPs should ask to determine whether potential Travel Rule compliance tools will comply with all FATF requirements.” ^[12]

Below, Notabene proactively gives answers to these questions:

‍

‍

Next steps

In addition to the above takeaways, FATF’s Targeted Update 2023 also includes updates regarding the overall adoption of Recommendation 15 and the evolving risks of DeFi and peer-to-peer transactions. FATF will continue outreach, identification, and publication of implementation steps, sharing of findings and experiences, engagement with member countries and the private sector, and conduct a further review by June 2024. The FATF and VACG also monitor developments relating to DeFi and self-hosted wallets, including peer-to-peer transactions. 

Last week, Hong Kong’s Securities and Futures Commission (SFC) concluded its consultation on the regulation of virtual asset trading platforms and has gazetted its’ AML/CTF Guideline for SFC-licensed VASPs, which sets forth Travel Rule obligations in the country. 

In two blog posts, we covered vital Travel Rule compliance takeaways in the update. Part I covered the entry into force, information transmission obligations, pre-transaction requirements, and self-hosted wallet obligations. The final part II will cover obligations for Intermediaries, Travel Rule solution requirements, how to handle deposits, and more.

Key Travel Rule Takeaways

‍

1. The SFC gives clear instructions on how to evaluate a Travel Rule solution provider.

See how Notabene performs:

‍

‍

2. Intermediary institutions must retain and transmit all relevant originator and recipient information and perform due diligence on other VASPs

Travel Rule flows often involve Intermediary VASPs. It is important to understand your obligations if you qualify as an Intermediary or when you interact with one. The definition and requirements for Intermediary VASPs vary from country to country. The SFC’s Guidance laid out clear requirements for Intermediary VASPs:

• Intermediary institutions involved in a virtual asset transfer must hold onto (retain) all the necessary information about the people involved in the transaction (the sender and receiver). 
• The intermediary institution must also verify (undertake due diligence measures) the identity and legitimacy of the ordering institution and any other institutions involved in the transfer.
• Just like the Originator, the intermediary institution must forward the required information to the next Intermediary VASP or the Beneficiary VASP receiving the funds, following the guidelines in specific paragraphs of the regulation. ^[2]
  
  

Watch our on-demand webinar “Everything Intermediary VASPs Need to Know About The Travel Rule” to learn more. 

‍

3. Beneficiary and Intermediary VASPs must have procedures for identifying and managing incoming transfers with missing information.

For transactions involving virtual assets of at least KRW 8,000, the Beneficiary VASP should confirm the recipient's identity if it hasn’t been previously verified as part of its CDD process. They should also confirm whether the recipient’s name and account number obtained from the institution from which it receives the transfer instruction match the recipient information verified by it and take reasonable measures as set out in paragraph 12.11.24 where such information does not match. ^[3]

Beneficiaries and intermediaries must have procedures for identifying and managing incoming transfers that don't provide enough information about the sender or receiver. The procedures include:

• Measures (such as real-time or post-event monitoring) to identify transfers that lack required information.
• Risk-based policies to decide whether to carry out, delay, stop, or return a transfer that lacks required information or, in some instances, return the assets to the sender. They should also determine suitable follow-up actions. ^[4]
  
  

Regarding the suitable follow-up actions mentioned above, if the Originator VASP doesn't provide all the required information about the virtual asset transfer, the Intermediary or Beneficiary VASP should try to get the missing details as quickly as possible. If they can't get this information, the receiving institution should consider limiting or ending their business relationship with the Originator VASP for future transfers or take reasonable steps to reduce the risk of money laundering or terrorist financing. ^[5] 

‍

In conclusion, the Hong Kong Securities and Futures Commission's recently gazetted Guidelines on Anti-Money Laundering and Counter-Financing of Terrorism provide clarity and guidance for the region's Virtual Asset Service Providers (VASPs). This development reemphasizes the importance of adhering to the Travel Rule and underlines specific responsibilities for all entities involved in virtual asset transactions, including intermediary institutions and Beneficiary VASPs. 

Notabene, a key player in the field, showcases how it meets and often exceeds these regulatory requirements with its comprehensive suite of solutions. While navigating the evolving landscape of digital asset regulation remains complex, such guidance offers a roadmap for compliance, promising safer and more secure virtual asset transactions. As the industry matures, the dialogue between regulators and the regulated will continue to foster a robust and compliant virtual asset ecosystem.