2024 Travel Rule Compliance Challenges and How to Overcome Them: Counterparty VASP Due Diligence
The Travel Rule requires Virtual Asset Service Providers (VASPs) to identify and conduct due diligence on their counterparty VASP or financial institution. However, national Travel Rule frameworks tend to be silent or vague on this topic.
Conducting VASP due diligence generally involves obtaining information about the counterparty VASP’s registration/licensing status, its ability to securely hold Travel Rule information, whether it is tied to illicit actors or sanctioned persons, and its level of anti-money-laundering, counter-terrorism financing (AML/CTF) compliance. The aim of performing this due diligence is to ensure that VASPs avoid dealing with illicit or sanctioned actors and to gain assurance that a counterparty VASP can comply with the Travel Rule and protect the confidentiality of shared information.
‍
Counterparty VASP Due Diligence Challenges Faced by VASPs
VASPs face three main challenges in implementing due diligence processes:
1. Difficulty Accessing Information
Beyond identifying counterparties, VASPs struggle to make risk-based decisions due to the scarcity of publicly available information. Verifying whether a counterparty VASP is licensed or registered is particularly hard given the limited number of public registers. Furthermore, assessing a VASP’s adherence to AML/CTF standards is challenging without directly engaging each potential counterparty, which becomes impractical at scale.
2. Lack of Standardization
Currently, there is no uniform standard for conducting VASP due diligence. Additionally, national frameworks for the Travel Rule often lack clear criteria for due diligence.
3. Operational Costs
Conducting VASP due diligence requires resources, which involve either purchasing the relevant compliance tools (to the extent they are available) and/or allocating personnel to perform these due diligence assessments.
‍
The FATF acknowledged these challenges in its June 2023 Targeted Update, reporting that VASPs struggle to effectively conduct due diligence on counterparty VASPs [1]. This difficulty is further exacerbated by the existence of unregulated and unlicensed VASPs, making it even more challenging to gather information to assess these entities’ possible connections to illicit activities or sanctioned individuals, as well as their compliance with AML/CTF standards. Notabene’s industry survey supports these observations. Despite the significant drop in prominence since last year, a notable percentage of respondents (29%) continues to send Travel Rule information transfers to all VASPs, regardless of any due diligence assessment. Additionally, counterparty due diligence ranks as the least adopted compliance check among respondents, only ahead of the options “None” and “Other” (see Chapter 3, Section 8 of Notabene’s 2024 State of Crypto Travel Rule Compliance Report).
Approaches to VASP Due Diligence Challenges
FATF
The FATF can do little to solve the operational challenges associated with a VASP’s due diligence process apart from sharing recommendations on how a jurisdiction should implement VASP due diligence requirements. As such, the FATF does the following:
- Makes a clear distinction between the due diligence process required for establishing a correspondent relationship and the process required for Travel Rule purposes [2].
- Strongly encourages jurisdictions to maintain and publicize information on VASPs that are registered or licensed in their jurisdiction, to give VASPs access to information needed to perform counterparty due diligence in line with Recommendations 16 and 13 [3].
- Clarifies that VASPs need to independently perform due diligence [4] — a contentious point that has hindered Travel Rule interoperability efforts. Operators of Travel Rule protocols may resist interoperability to maintain control over the network. However, the FATF emphasizes that VASPs must still independently assess counterparty risk, highlighting that being part of closed Travel Rule networks does not eliminate a VASP’s need to verify information and meet domestic obligations.
- Suggests that the Wolfsberg Correspondent Banking Due Diligence Questionnaire be used as a starting point for the VA industry to develop its own risk-based best practices [5].
Regulators
It is not desirable that national regulators specify prescriptive criteria for conducting VASP due diligence, yet it is necessary that regulators understand the current challenges associated with evaluating counterparty VASPs and thus provide VASPs with practical guidance. In 2023, Hong Kong’s SFC offered valuable granularity in their detailed guidance on counterparty due diligence measures [6], identifying several criteria that VASPs should consider to determine whether a counterparty is eligible, such as the quality and effectiveness of regulations and supervision, the Travel Rule status in their jurisdiction, and the existent AML/CTF and data protection controls.
‍
National legislators and regulators should also strive to adhere to FATF guidelines on this topic to facilitate the emergence of a global standard for VASP due diligence. However, the European Transfer of Funds Regulation deviates from FATF guidelines by labeling the relationships between domestic CASPs and foreign VASPs as correspondent relationships due to their “ongoing and repetitive” nature. This divergence raises concerns about proportionality and scalability.
‍
Regulators may also consider incorporating exceptions for carrying out due diligence when appropriate, such as in the context of transactions between domestic VASPs that are both supervised by the same authority, or prescribing scenarios where simplified due diligence measures are permissible.
Joint Industry Initiatives
Finding solutions to some of the challenges associated with VASP due diligence can be championed by joint industry initiatives. In fact, there is already work underway to address this.
‍
In 2023, the Global Digital Finance (GDF) members association published the GDF Virtual Asset Due Diligence Questionnaire [7]. The questionnaire was designed to provide an overview of a VASP’s AML policies and practices, and it is suggested that VASPs use it to onboard counterparty VASPs or that financial institutions use it to onboard VASPs.
Travel Rule Solutions
Travel Rule solutions and other service providers can offer tools to assist VASPs in operationalizing and scaling due diligence efforts.
‍
Notabene customers can easily access and monitor their counterparties within the Notabene Network. By integrating with VASPNet and Global Legal Entity Identifier Foundation (GLEIF), Notabene provides real-time, verified data about counterparty VASPs’ regulatory statuses and incorporation information. Furthermore, VASPs can also request, review, and share an adapted version of GDF’s questionnaire between selected parties in a secure and encrypted manner.
‍
{{cta-learnmore10="/cta-components"}}
‍
VASPs
VASPs are encouraged to engage in global and local industry initiatives focused on VASP due diligence. Considering the significant impact of VASP due diligence on Travel Rule compliance, it is important that VASPs keep this in mind when selecting a Travel Rule solution to partner with.
Additionally, VASPs should cooperate with their counterparty’s due diligence efforts by providing any requested information. Ideally, VASPs should make their information available to as wide a network of trustworthy counterparties as possible. This would enable other VASPs to conduct due diligence more efficiently.
Notabene’s 2024 Status Check
In 2023, there was significant progress in clarifying and operationalizing counterparty due diligence obligations. The FATF clarified that this due diligence must be carried out independently, which helped the industry to advance with a unified understanding of these obligations. The publication of GDF’s questionnaire was a substantial contribution toward standardizing VASP due diligence. As detailed in Chapter 3, Section 8, our survey results indicate a substantial shift: the proportion of VASPs sending Travel Rule transfers to all counterparts without specific criteria dropped from 52% in 2023 to 29% in 2024. This change highlights a growing commitment to counterparty due diligence obligations.
‍
{{report2="/cta-components"}}
[1] FATF. 2023a. Targeted update on implementation of the FATF standards on virtual assets and virtual asset service providers. p. 20, para. 24
[2] FATF. 2021. Updated guidance for a risk-based approach to virtual assets and virtual asset service providers. p. 54, para. 169
[3] FATF. 2021. Updated guidance for a risk-based approach to virtual assets and virtual asset service providers. p. 7, para. 3
[4] FATF. 2023a. Targeted update on implementation of the FATF standards on virtual assets and virtual asset service providers. p. 24, para. 30
[5] FATF. 2021. Updated guidance for a risk-based approach to virtual assets and virtual asset service providers. p. 85, footnote 58
[6] Securities and Futures Commission. 2023b. Guideline on anti-money laundering and counter-financing of terrorism (for licensed corporations and SFC-licensed virtual asset service providers).
[7] Global Digital Finance. 2023. GDF virtual asset due diligence questionnaire.