What Is Counterparty Crypto Wallet Identification & How Does It Work?
- Travel Rule compliance hinges upon the identification of the counterparty.Â
- Transactions routed to self-hosted wallets have different requirements.
- While the FATF recommends VASPs collect information about a self-hosted wallet's owner from their customer, other jurisdictions have different requirements for/approaches to regulating transactions between VASPs and self-hosted wallets.
- To ensure compliant transactions regardless of counterparty wallet type, VASPs need a wallet identification tool to identify self-hosted wallets, authenticate beneficial ownership, collect transaction information, and apply jurisdiction rules without disrupting their customers' transactions.
‍
‍
The importance of counterparty wallet identification in regulated crypto transactions
Virtual asset service providers (VASPs) must identify the counterparty wallet type to determine the requirements that apply to the transaction at hand. Suppose the transaction is coming from or being routed to a self-hosted wallet. In that case, Travel Rule information transmission obligations do not apply, and VASPs must fulfill different requirements. To ensure compliant transactions regardless of counterparty wallet type, VASPs need a wallet identification tool that allows them to identify self-hosted wallets, confirm beneficial ownership, collect the necessary information for each transaction, and apply appropriate jurisdiction requirements without impeding their customer's transaction experience.
‍
What is crypto counterparty wallet identification?
Counterparty crypto wallet identification is the process of verifying the identity of the individuals or entities that hold or control a cryptocurrency wallet. Counterparty wallet identification aims to ensure that transactions are conducted with legitimate and known parties and to prevent transacting with sanctioned entities and illegal activities such as money laundering and terrorist financing.Â
In context to the crypto Travel Rule, counterparty wallet identification helps VASPs determine who is on the other side of a transaction and when to adhere to additional self-hosted wallet identification requirements, as required by the VASP's jurisdiction.
‍
What is the difference between a hosted wallet and a self-hosted wallet? A hosted wallet is hosted and maintained by a third-party service provider, often requiring the user to go through a know-your-customer (KYC) process. On the other hand, a self-hosted crypto wallet is a wallet stored on the user's device or computer, giving them complete control over their private keys, and does not require a KYC process.
‍
FATF adds self-hosted wallets to the scope of the Travel Rule
Historically, the FATF and local regulators have generally focused on enforcing AML/CFT controls on transactions that involve intermediaries, such as VASPs or other obliged entities. The Crypto Travel Rule, by definition, mandates VASPs to collect, store, and send customer information when transferring digital assets to another VASP.Â
In its initial Guidance for VAs and VASPs (June 2019), crypto transfers between VASPs and self-hosted wallets were already subject to information collection obligations. Yet, after a significant uptick in crypto activity, the Financial Action Task Force (FATF) expanded its stance and added new requirements for transfers between VASPs and self-hosted wallets in specific cases. (October 2021)Â
The FATF now recommends that VASPs take a risk-based approach when interacting with unhosted wallets and apply additional risk mitigation measures if necessary, including potentially only allowing VASP to VASP transactions.
A VASP may choose to impose additional limitations, controls, or prohibitions on transactions with unhosted wallets in line with their risk analysis. Potential measures include:Â
a. enhancing existing risk-based control framework to account for specific risks posed by transactions with unhosted wallets (e.g., accounting for specific users, patterns of observed conduct, local and regional risks, and information from regulators and law enforcement); andÂ
b. studying the feasibility of accepting transactions only from/to VASPs and other obliged entities, and/or unhosted wallets that the VASP has assessed to be reliable.
(FATF. 2021, pp. 86, 67, para. 297)
This adds additional complexity to Travel Rule compliance. Going forward, when a VASP receives a transaction from a self-hosted wallet, their customer (the transaction beneficiary) must identify the transaction originator. When a VASP sends a transaction to a self-hosted wallet, they must require their customer (the transaction originator) to identify the transaction beneficiary. Additionally, VASPs shall apply additional risk mitigation measures as they see fit.Â
This brings wallet identification to the forefront. VASP must now determine if the counterparty wallet is self-hosted or hosted to apply the appropriate PII requirements to the transaction.Â
Several components of Travel Rule compliance hinge upon determining whether a transaction is with a counterparty VASP, a self-hosted wallet, or another service. Below, we revisit the steps of crypto Travel Rule compliance.
Jurisdictions have different approaches to self-hosted wallets
National regulators have interpreted and applied several elements of the Travel Rule in differing ways that work best for their jurisdictions. Approaches to self-hosted wallet transactions are one of these varying elements, alongside thresholds that trigger compliance, enforcement dates, counterparty VASP due diligence obligations, transacting during the sunrise period, etc.Â
Regulators have taken three distinct approaches to transactions between VASPs and self-hosted wallets, listed from lightest measures to heaviest measures below:
- Enhanced due diligence: VASPs must apply enhanced due diligence measures determined according to VASPs' risk-based approach.
- Collecting information from customers: Following FATF's recommendation, VASPs gather wallet ownership information from their customers but are not required to verify the data. ‍
- Verifying the identity of the self-hosted wallet owner: VASPs must identify and confirm the identity of the Originating or Beneficiary self-hosted wallet owner.
‍
How can VASPs identify and verify the owner of a counterparty self-hosted wallet?
Self-hosted wallets pose unique challenges when verifying identities, as traditional KYC/AML methods aren't effective in these cases. VASPs can leverage the following techniques to identify and verify self-hosted wallet ownership:
- Obtaining ownership proofs from clients
As there is no other VASP from which to obtain the information when transacting with self-hosted wallets, VASPs will need to collect all the necessary Travel Rule information (names, account numbers or wallet addresses, addresses or IDs, DOBs, POBs, etc.) from their customer, without compromising user experience. - ‍Wallet-signed messages
In some jurisdictions, VASPs are required to verify the ownership of the self-hosted wallet. For this, VASPs shall use methods that allow them to tie an identity to the wallet they are transacting with. Companies can accomplish this through cryptographic signatures or satoshi tests. - Avoid interactions with self-hosted wallets
Finally, VASPs can choose to impose additional limitations and controls or even avoid interacting with self-hosted wallets when dealing with potentially higher-risk transactions.
‍
Click here for more information about ensuring Travel Rule Compliance on transactions involving self-hosted wallets.
‍
How can Notabene help with crypto wallet identification?
Our fully-customizable wallet identification solution, SafeConnect, offers your customers a seamless and secure transaction experience. With SafeConnect, you no longer have to worry about incomplete data and unknown counterparties. Our tool automates compliance by instantly identifying self-hosted wallets, recommending the best-fit method for each wallet, and applying the appropriate regulations per jurisdiction. SafeConnect also offers two cryptographic ownership proof methods and identifies regulated transactions against Travel Rule thresholds. Additionally, it provides reusable proofs and allows your customer to submit missing information post-deposit.
‍
{{cta-learnmore14="/cta-components"}}
‍
Resources:
FATF. 2021. Updated Guidance for a Risk-based Approach to Virtual Assets and Virtual Asset Service Providers. Paris: FATF. Published June 21, 2021.
Our certification program covers this topic and much more
FAQ
Counterparty Crypto Wallet Identification
What are self-hosted wallets?
A self-hosted or non-custodial wallet allows users to store their private keys and retain control over their funds.
Does the Travel Rule apply to transactions with self-hosted wallets?
FATF recommends that VASPs have their customer identify the transaction originator when receiving a transaction from a self-hosted wallet. When a VASP customer sends a transaction to a self-hosted wallet, the customer (the transaction originator) must identify the transaction beneficiary. Additionally, VASPs shall apply additional risk mitigation measures as they see fit.
Why is counterparty crypto wallet identification important for VASPs?
Determining the type of wallet on the other side of a transaction is integral to Travel Rule compliance because it determines which rules apply to the transaction. The FATF recommends collecting information about a self-hosted wallet's owner from a VASP customer. Still, different jurisdictions have different approaches to regulating transactions between VASPs and self-hosted wallets.
How can VASPs ensure Travel Rule compliance when transacting with self-hosted wallets?
VASPs can leverage wallet identification tools to help them collect the appropriate customer-identifying information for each Travel Rule-regulated transaction to/from self-hosted wallets.