FATF's Recommendation 16, informally called the Travel Rule, requires VASPs (Virtual Asset Service Providers) that transact with each other to exchange relevant customer information. However, before they can even begin transferring data and funds, they first have to identify and perform due diligence on each other.
In response to the new regulations, multiple industry groups are building different protocols that focus on secure VASP-to-VASP information-sharing. While much needed, these protocols work under the assumption that all companies will be using the same protocol. We can already see that this single-protocol future is still a long way off, if at all ever possible.
1. Companies are forced to implement multiple protocols to operate in a truly global fashion and interact with any VASP.
Even then, the lack of an overreaching cross-protocol framework still poses critical challenges:
Let’s suppose an Originator VASP wants to send customer information to a Beneficiary VASP.
- How does the Originator know which protocol(s) the Beneficiary supports?
To exchange customer information, the Originator VASP must first figure out if they and the Beneficiary VASP support any common protocols. If they do, then they have to determine each others’ unique VASP identifiers. These are created to enable VASP-to-VASP discovery and establish a secure communication channel. The challenge is that there is not a universal VASP identifier, and protocol-specific identifiers work only within their particular network.
- How does the Originator verify a Beneficiary?
Even when the VASPs find a common protocol and identify each other within that network, to fully comply with the Travel Rule, they’re still required to due diligence each other. Such business-to-business verification often results in a burdensome back and forth between compliance officers that can take up to 6 weeks.
2. Notabene created a free, public-data directory for all VASPs, regardless of which Travel Rule protocol they support.
The directory allows companies to search for counterparties and easily determine which, if any, Travel Rule protocol they are using. It also provides access to relevant business information, helping counterparties build trusted relationships and take first steps towards Travel Rule compliance.
Using Notabene's directory, companies can:
- Create their VASP profile, so it's easily discovered by counterparties
- Search for other VASPs and view their incorporation, licensing and registration information
- Determine which Travel Rule solutions counterparties are using
3. First steps towards Travel Rule compliance with VASP verification
Many businesses worry (and rightfully so!) that complying with the Travel Rule will significantly slow down both incoming and outgoing transactions.
Currently, it takes time and resources to identify and get in touch with a Beneficiary VASP. And after that, compliance officers on both sides are still wrapped up in an endless back and forth to gather the necessary information for accurate risk assessment.
With Notabene's public directory, a compliance officer can simply look up a business and quickly access verified information about them. To help perform due diligence even faster, we introduced three verification levels:
- Verified by Notabene: Every VASP that creates or claims their profile has their business details vetted by the Notabene team. After ensuring data accuracy, the VASP receives a "Verified by Notabene" badge. Remember though, while we can verify information about a VASP, it is always up to a VASP to make the decision if they want to do business with them.
We will be adding third-party providers specializing in business identity verification. Contact us if you're interested in this type of partnership.
- Pending Verification: After a VASP creates or claims their profile, we confirm its accuracy. During this time, the VASP has a "Pending Verification" status. If there are any questions or issues, they must be resolved before we provide the "Verified by Notabene" badge.
- Not Verified: This designates a VASP profile that we created based on publicly available data. Because this profile is unclaimed and Notabene cannot fully verify its accuracy, "Not Verified" provides some information but is not at the same level as a fully vetted profile with the "Verified by Notabene" badge.
4. Travel Rule protocols directory
When VASPs create or claim a profile, we also ask them to provide a list of Travel Rule protocols they use and relevant VASP identifiers. This way, an Originator VASP can easily determine which protocol they should use to transfer customer data to a Beneficiary VASP securely.
5. The goal of the free and open VASP directory is to address the challenges of multiple Travel Rule protocols and to build a trusted network of verified crypto businesses.
We hope to bring the community together in efforts of making compliance easier, regardless of the technical solutions each individual company supports.
As the extension of that mission, Notabene’s Travel Rule compliance platform enables a seamless cross-protocol data exchange between VASPs by supporting all major protocols. This allows our customers to not be limited by any one protocol, and send / receive transfer requests with all their counterparties. In addition, companies using Notabene can streamline their counterparty due diligence process even further, beyond the public business information available in the directory. Our platform allows VASPs to securely share private data with each other for further diligence and quickly establish bilateral relationships for Travel Rule transactions.
6. Notabene’s directory is a community-driven initiative.
As you create your profile, contact us with any input or suggestions you may have. We’re looking forward to hearing how we can make it better for you and your business partners.
We invite organizations from the space to partner with us to build a truly global network of crypto companies. Interested? Contact us.