Commonly Used Terms and Definitions

Anti-money laundering/counter-terrorism financing. Sometimes written as AML/CFT.

Anti-money laundering (AML) for cryptocurrencies refers to the laws, rules, and policies to prevent criminals from turning unlawfully-obtained cryptocurrency into fiat.

Beneficial owner refers to the natural person(s) who ultimately owns or controls a customer and/or the natural person on whose behalf a transaction is being conducted. It also includes those persons who exercise ultimate effective control over a legal person or arrangement. Reference to “ultimately owns or controls” and “ultimate effective control” refer to situations in which ownership/control is exercised through a chain of ownership or by means of control other than direct.

A customer that receives a virtual asset transfer from the Originator VASP.

A virtual asset service provider (VASP) that receives the transfer of a virtual asset (VA) from the Originator VASP directly or through an intermediary VASP, and makes the funds available to the Beneficiary.

In Notabene’s VASP Network, a "Claimed" status indicates that the respective companies are prepared and have configured their systems to initiate or receive transfers using Notabene’s VASP directory.

In the context of Travel Rule compliance, a closed network mandates that VASPs undergo a rigorous onboarding process prior to joining the network. Closed networks operate on exclusive protocols, which means they don't usually work with other systems. In these networks, VASPs can only exchange Travel Rule information with others in the same network. Yet, regardless of the network type, the FATF requires all VASPs to perform detailed due diligence and risk evaluations on their counterparts, as detailed in paragraph 30 of the FATF's report, “Virtual Assets: Targeted Update on Implementation of the FATF Standards.”

A closed protocol refers to a proprietary communication or data exchange standard that is not openly available to the public. Unlike open protocols, which are documented and freely accessible for anyone to implement and use, closed protocols are typically owned, controlled, and maintained by a specific organization or entity. Using or integrating with a closed protocol often requires licensing, special permission, or partnership with the owning entity.

Counter-Terrorism Financing (CTF) is a combination of government legislation, regulations, and other measures designed to disrupt the flow of funds and other resources to terrorist organizations.

A VASP on the opposite side of a Travel Rule data transfer when a transaction is initiated from one VASP to another.

A wallet in which the private keys are held by a third party. Meaning, the third party has full control over your funds while you only have to give permission to send or receive payments.

Decentralized identifiers (DIDs) are decentralized entity-controlled identifiers that are designed to enable individuals and organizations to generate their own trusted identifiers. Individuals or institutions can prove control over them by authenticating using cryptographic proofs such as digital signatures. In the context of the Travel Rule, VASPs can use DIDs to build cryptographically verifiable presentations that collate essential transaction information, including: - VASP entities - Encryption public keys - Supported Travel Rule messaging protocols, etc.- Encryption Public keys - Supported Travel Rule messaging protocols, etc.

A "decision" is binding on those to whom it is addressed (e.g., an EU country or an individual company) and is directly applicable.

DORA is a European Union regulation designed to ensure that financial institutions, including those in the crypto and blockchain space, maintain robust operational resilience against information and communication technology (ICT) risks. Effective as of Jan 17, 2025, DORA requires firms to implement strong safeguards for digital infrastructure, assess and manage third-party risks, and establish incident response frameworks. By addressing operational vulnerabilities, DORA aims to strengthen the stability of the EU’s financial system in the face of cybersecurity threats, IT disruptions, and other digital risks, while promoting harmonized practices across member states.

A "directive" is a legislative act that sets out a goal that all EU countries must achieve. However, it is up to the individual countries to devise their own laws on how to reach these goals.

Enhanced due diligence (EDD) is the advanced know-your-customer (KYC) process of gathering data and information to verify the identity of clients with additional information required to mitigate the risk associated with the client.

The Financial Action Task Force (FATF) Recommendations set out a comprehensive and consistent framework of measures that countries should implement to combat money laundering, terrorist financing, and the financing of weapons of mass destruction.

Notabene's shorthand version for FATF's Public Consultation: Draft Updated Guidance for a Risk-Based Approach to Virtual Assets (VAs) and VASPs Original document: https://www.fatf-gafi.org/media/fatf/documents/recommendations/March%202021%20-%20VA%20Guidance%20update%20-%20Sixth%20draft%20-%20Public%20consultation.pdf

Notabene's shorthand version for FATF's 12-Month Review: Revised FATF Standards on VAs and VASPs Published June 2020 Original document - https://www.fatf-gafi.org/media/fatf/documents/recommendations/12-Month-Review-Revised-FATF-Standards-Virtual-Assets-VASPS.pdf

Notabene's shorthand version of FATF's Guidance for a Risk-Based Approach to Virtual Assets (VAs) and Virtual Asset Service Providers (VASPs) Released June 2019 Original document: https://www.fatf-gafi.org/media/fatf/documents/recommendations/RBA-VA-VASPs.pdf

An additional note relating to or providing an interpretation of a FATF Recommendation

Notabene's shorthand version of FATF's Second 12-Month Review: Revised FATF Standards on VAs and VASPs. Released June 2021 Original document: https://www.fatf-gafi.org/media/fatf/documents/recommendations/Second-12-Month-Review-Revised-FATF-Standards-Virtual-Assets-VASPS.pdf

Notabene's shorthand version for FATF's Updated Guidance for a Risk-Based Approach to VAs and VASPs, released in October 2021. Original document - https://www.fatf-gafi.org/media/fatf/documents/recommendations/Updated-Guidance-VA-VASP.pdf

The Financial Crimes Enforcement Network (FinCEN) is a bureau of the United States Department of the Treasury created in 1970 to combat money laundering and terrorist financing. It is responsible for the collection and dissemination of financial data to law enforcement and other organizations to help identify and prosecute criminals. FinCEN’s mission is to detect, deter, and investigate money laundering, terrorist financing, and other financial crimes. It enforces compliance with its regulations and works with other financial intelligence units around the world to build cooperation and combat criminal activities. The organization also works with law enforcement to investigate financial crimes, providing support for criminal investigations and prosecutions. FinCEN is responsible for issuing advisories, guidance, and regulations to the financial sector to help them stay compliant with their obligations. The effectiveness of FinCEN in curbing financial crime has been debated, but many experts agree that its impact on the financial sector has been significant. It has helped to improve financial transparency and increase the ability of authorities to detect and investigate illegal activities.

FATF is an intergovernmental global money laundering and terrorist financing watchdog that sets international standards aiming to prevent illegal activities.

A financial institution (FI) is a company engaged in dealing with financial and monetary transactions such as deposits, loans, investments, and currency exchange.

In Notabene’s VASP Network, "In-Network" refers to accounts that have an active administrator. This ensures that they will promptly respond to incoming Travel Rule data transactions.

Refers to a VASP in a serial chain that receives and retransmits a virtual asset transfer on behalf of the Originator VASP and the Beneficiary VASP or another intermediary VASP.

An NCA is a government or regulatory body designated within a specific jurisdiction to oversee compliance with financial and anti-money laundering (AML) regulations, including the Crypto Travel Rule. NCAs enforce local laws, issue guidance, and monitor Virtual Asset Service Providers (VASPs) to ensure they meet global and domestic requirements for transparency, customer due diligence, and transaction reporting. They play a crucial role in fostering trust, mitigating financial crime, and aligning national practices with international standards like those set by the Financial Action Task Force (FATF).

In the context of Travel Rule compliance, an open network is a network of VASPs that do not require permission to join. Companies interested in joining an open network upload their business information to become verified. VASPs conduct due diligence and risk assessments on counterparty VASPs, as mandated by FATF.

An open protocol is a set of rules and standards for data exchange and communication that is publicly available and not proprietary. This means that anyone can access, implement, and use it without restrictions. Open protocols are often developed collaboratively, allowing for widespread adoption and interoperability across various systems and platforms. Examples of open protocols include HTTP (for web browsing) and SMTP (for email). These protocols help ensure that different technologies and software can communicate and work together effectively.

An "opinion" is an instrument that allows the institutions to make a statement in a nonbinding fashion, in other words without imposing any legal obligation on those to whom it is addressed. An opinion is not binding. While laws are being made, the committees give opinions from their specific regional or economic and social viewpoint.

A customer that sends a virtual asset transfer from the Originator VASP.

A VASP which initiates the transfer of a virtual asset on behalf of an Originator Customer.

Personally identifiable information (PII) is information related to confirming an individual's identity. Sensitive PII can include full name, Social Security number, driver's license, financial information, and medical records.

Pre-transaction decision-making refers to the process of analyzing and evaluating potential risks associated with a crypto transaction before it is executed. Crypto pre-transaction decision-making involves thorough due diligence and compliance checks, including sanction screening counterparties and verifying their identities. It is a critical framework for Virtual Asset Service Providers (VASPs) under the Financial Action Task Force (FATF) Travel Rule to ensure they adhere to regulatory standards and avoid facilitating illicit activities.

A protocol is a set of rules governing computer communications on a network. These rules include guidelines that regulate the following characteristics of a network: access method, allowed physical topologies, types of cabling, and speed of data transfer.

A protocol switch enables interaction and communication to other protocols. With regards to the Travel Rule, Notabene defines a Travel Rule messaging protocol switch as a mechanism that examines incoming Travel Rule messages to see which protocol is the intended recipient, and then directly (and only) passes the messages to that protocol.

A FATF "recommendation" is not binding. FATF recommendations allow the institution to make their views known and to suggest a line of action without imposing any legal obligation on those to whom it is addressed.

A "regulation" is a binding legislative act. It must be applied in its entirety across the EU.

An approach where a financial institution or crypto company identifies the highest compliance risks to their organization. Then the company comes up with a process to assess, monitor, manage, and mitigate money laundering and terrorist financing risks and prioritize controls, policies, and procedures going forward.

SafeGateway is Notabene’s solution that facilitates VASP-to-VASP interaction across protocols.

Part of Notabene's SafeGateway solution for VASP-to-VASP interaction, this option allows VASPs complete control by developing and managing their gateway in-house. Tailored for specific operational and security needs, it enables the creation of highly customized security solutions.

Part of Notabene's SafeGateway solution for VASP-to-VASP interaction, this hassle-free option is fully developed and maintained by Notabene. Ideal for VASPs preferring to avoid technical management, this gateway ensures robust security and maintenance, all handled by Notabene.

As part of Notabene’s SafeGateway solution for VASP-to-VASP interaction, the Notabene-Built, Customer-Operated protocol gateway offers professional development and customized operational control. While Notabene handles the development of the gateway, the VASP manages its operation; this allows VASPs to tailor certain security aspects.

Users have full control over their funds and on the associated private key. FATF often used “unhosted wallet” to refer to noncustodial wallets in its text.

In the context of crypto Travel Rule compliance, the sunrise period refers to a transitional phase during which the enforcement of this rule is staggered globally across different jurisdictions. The sunrise period poses specific challenges for Virtual Asset Service Providers (VASPs) due to the asynchronous adoption and implementation of the Travel Rule across countries.

In Notabene’s VASP Network, a "SuperVASP" badge is awarded to entities that meet all three essential criteria. This includes being verified, having a claimed status, and being in-network. This badge is a symbol of the entity's comprehensive readiness and active participation within the network.

The Travel Rule is the application of the FATF's Recommendation 16 to VASPs and consists of the obligation to obtain, hold, and transmit required originator and beneficiary information, immediately and securely, when conducting VA transfers.

Personally identifiable data (name, account number, etc) which must be sent from the Originating VASP to the Beneficiary VASP alongside or before a funds transfer over a specific threshold.

An Ultimate Beneficial Owner (UBO) is the person who is the ultimate beneficiary when an institution initiates a transaction.

A verifiable credential (VC) is an open standard for tamper-evident digital credentials that can be cryptographically verified. VCs can be used to show information from physical credentials, like a driver’s license or passport.

Within Notabene's VASP Network, the "Verified" distinction signifies that Notabene has thoroughly checked and confirmed the authenticity of the VASP company's provided information, ensuring its legitimacy and accuracy.

According to FATF, a VA is a digital representation of value that can be digitally traded, or transferred, and can be used for payment or investment purposes.

VASP is a term introduced by the FATF referring to any natural or legal person who is not covered elsewhere under the FATF Recommendations and as a business conducts one or more of the following activities or operations for or on behalf of another natural or legal person: i. exchange between VAs and fiat currencies; ii. exchange between one or more forms of VAs; iii. transfer of VAs; iv. safekeeping and/or administration of VAs or instruments enabling control over VAs; and v. participation in and provision of financial services related to an issuer's offer and/or sale of a VA.

In the context of VAs, FATF defines a transfer as a means to conduct a transaction on behalf of another natural or legal person that moves a virtual asset from one virtual asset address or account to another. Throughout this document, we also refer to virtual asset transfers as "blockchain transactions."