By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Bitso’s Travel Rule Compliance Journey

Lesa Moné
Lesa Moné
May 27, 2022
Lesa, Head of Content at Notabene, utilizes her deep knowledge in B2B SaaS and crypto marketing to produce compelling content that reinforces Notabene's position as a key thought leader in the crypto regulatory technology field.

In a previous webinar, FATF’s Final Guidance for Virtual Assets and VASPs. What now?, Bitso’s Chief Compliance Officer, Patricia Risso, shared her personal experience with Travel Rule implementation. Bitso is a global crypto platform with operations in Latin America, operating in the Gibraltar jurisdiction. Bitso is a client of Notabene.

How does the Travel Rule impact your business?

From a business perspective, it will be challenging in terms of time, how you can deliver, and how long it will take to sign-up. From a business perspective, one of our primary concerns is the Travel Rule data transfers that we will be receiving. Bitso’s regulators are in Gibraltar; we have to adhere by June 2022. We must ensure that we align ourselves with the data requirements for our home jurisdiction and counterparty jurisdictions as well. 

Right now, the FATF requires the collection of an ID, address, or account number, which represents a challenge to transacting with a counterparty jurisdiction that might require the assembly of data points from the beneficiary. That could create inconsistencies and friction.

From a VASP perspective, we’re focused on the practicalities of implementing various requirements from jurisdictions and dealing with that friction within the codebase.

Dealing with incoming transfers from VASPs that have not implemented the Travel Rule

As incoming transactions from VASPs that have not implemented the Travel Rule will automatically be routed to our high-risk and monitoring systems, our queuing system will increase exponentially, which means more manual interaction. 

Receiving these transfers prompts many questions:

  • What do we do in these cases?
  • Do we have the risk appetite to accept these transactions? 
  • What is the Travel Rule enforcement mandate date of the jurisdiction of each transaction? 

The sunrise issue brings forth implementation concerns:

  • When do we go live? 

Implementing a staged approach to Travel Rule compliance for our end users

We need to understand how Travel Rule compliance impacts our clients; this is our key priority. I think the FATF is great, and I can understand what it’s trying to achieve in terms of transparency in AML, CTF, proliferation financing, etc. That’s the positive side. 

Conversely, like any other company, we also have day-to-day challenges with users sending assets to unhosted wallets and getting the address wrong. Adding beneficiary details to the mixture will increase user friction. We are concerned that our average user might not understand the implications of the Travel Rule. There will be teething issues during the education phase, which will impact our users to a certain extent, as happened with SWIFT.

As we advance, this pushes the implication to the content and marketing teams, who now have to educate our users about what is needed to send a transaction. Their knowledge will be critical when dealing with a retail mass market of VASPs such as FinCEN

Travel Rule compliance ensures VASPs’ future

Travel Rule requirements will give our users confidence in what we’re trying to achieve as an ecosystem. Our goal in the crypto space is for the last one to be financially included. As an industry, we must ensure that we are aligned and not just criticized by the rest of the financial services sector in terms of how we’re going forward to mitigate money laundering risks and terrorist financing risks, and proliferation financing. And that is why we decided to have our Gibraltar license to operate as well, to comply with the industry’s highest standards while giving confidence to the users and the financial ecosystem. 

When FATF first rolled out the Travel Rule, the industry waited for the other shoe to drop. Yet now, it’s becoming very evident: the FATF and the Travel Rule will be here to stay. Either you embrace it, or you don’t, and if you don’t embrace it, you won’t have a place within the VASP ecosystem. Per FATF, VASPs are recommended to stop interacting with VASPs that do not comply. They will essentially be phased out.

Challenges with rolling out Travel Rule compliance

Operational: It’s always challenging when something gets rolled out initially because you’ve got the key stakeholders of the business saying, Okay, now we’re going to do this? How is this going to affect our users? From a compliance perspective? 

Compliance Team: Most of our compliance team at Bitso comes from either a banking or an e-money background. The Travel Rule just made sense to us; we were very used to it as a department. Now, the challenges of rolling it out are another thing. Compliance teams are not formed of techies or engineers. They’re composed of compliance officers, analysts, and people who may not necessarily have a technical skill set. We needed a user-friendly solution that allowed us to be efficient as an organization. 

Choosing a Travel Rule solution: Bitso’s journey 

Bitso has a long history of leveraging adherence to international requirements and standards. Now, Travel Rule implementation changes will impact our operational capability.  We spent 18 months talking to different (Travel Rule solution) providers. I’ve been in some meetings learning about membership-based protocols that were not agnostic.

We want, and what the industry is craving for, is that agnostic solution that allows all of us to interact. Crypto is not about exclusion; it is about inclusion. That is the point of the ecosystem. Inclusion is at the forefront of the minds of Bitso founders, especially our CTO. The crypto ecosystem is supposed to interact and help, by all means, meet the requirements — but let’s do this intelligently. Let’s shift the organization and the industry from going down a “SWIFT” path. 

There are elements in different jurisdictions still being developed, and not many products reflect those elements. So that presented another challenge: going to many meetings where no one had a beta version, just a wire chart. When choosing a solution, we wanted to know if the solution was:

  • An open-sourced industry alliance network, a closed network, or a commercial solution.
  • Interoperable with various protocols and Travel Rule solutions.
  • Live and in production.
When we first met with Notabene, we realized that their Travel Rule compliance solution ticked every single box. We’ve made the correct decision with onboarding to Notabene, and to be quite honest, it was a massive relief for all of us. It’s a very public record; we’ve signed up with Notabene, and I’m very thankful for that. 

Going forward, I think that we’ll be testing for a while. We will spend a lot of time testing to ensure that we don’t burden the ultimate user. We want to ensure that our users get used to the new requirements, so we’re making the transmission of beneficiary data optional until they are used to it. So this is kind of the trajectory that we want to follow, which also tracks us to meet our local regulatory redline in June 2022.