In the light of our recent fundraising round, I wanted to share some thoughts on Notabene today and on our future to help mark this important milestone for our team.
My co-founders and I are all big believers in the underlying mission of cryptocurrencies, DeFi, and their underlying blockchain protocols. The permissionless nature of these protocols is a requirement for them to function correctly. It also allows developers and startups to create groundbreaking new innovative products that just would not be possible in a permissioned world.
However, it is easy to forget that behind each transaction flowing through these protocols are real people and businesses. They do need to be able to make educated decisions if they want to perform a transaction or not.
I firmly believe that one of the biggest problems affecting the adoption of crypto is that most people and businesses are still finding it difficult to trust the counterparties to a transaction:
For some, such as end-users, it is primarily about the risk of losing funds. Will I lose money sending a transaction to the wrong address or a fraudulent business? As someone who sent his first Bitcoin transaction in 2010, I am still worried every time I send a crypto transaction.
Regulated companies like banks and crypto exchanges also have a regulatory requirement to know with whom they are transacting, which increases the risk of doing business. This risk is present regardless of whether they send funds to their customer’s Ledger Nano or send funds to another exchange.
Sending or receiving funds to another exchange adds multiple parties to the transaction, thus substantially raising the risk. Not managing these risks can have very extreme consequences for a regulated company like an exchange. There may be fines involved, but you could also lose your license or go to jail in some severe cases.
We started Notabene specifically to help regulated companies have the confidence to send and receive more transactions on behalf of their customers. I believe this will ultimately allow broader adoption of crypto and DeFi by everybody and push the technology into mainstream usage.
This year we have seen a remarkable resurgence in Bitcoin and an incredible amount of innovation in DeFi. These two technologies, together with stablecoins, are now no longer just the talk of crypto Twitter. They have reached the top of mind for central bankers, regulators, investors, and bankers. The main reason is that the value proposition of these protocols has become so much clearer to them.
There has never been a more important time to grow the amount of value transferred through these decentralized protocols. Not just by 2x or 10x. Let’s shoot higher to 100x and 1000x.
As an early Bitcoiner, I have never felt more confident in us reaching the broad and inclusive adoption goals that we have been speaking about at conferences and on podcasts for the last ten years.
Last year the global Anti Money Laundering watchdog FATF laid down a new global framework for regulating crypto businesses based on applying their existing recommendations to crypto businesses. In 2013 the US was the first country to apply its existing regulatory framework to crypto businesses. Now regulators from most major economies are figuring out how to implement this framework.
Unfortunately, in many jurisdictions, such as Singapore and the Netherlands, established companies struggle to fulfill the new licensing requirements required to continue operating.
Since its start, the crypto industry has had a problem with regulation. Regulation seems antithetical to the technology’s permissionless aspect. Also, when it comes to a decentralized protocol like Bitcoin, whom do you regulate? I, like many others, joined the space because of this promise of permissionless innovation.
Lacking access to the traditional financial system ended up being one of the most significant issues for many startups working with crypto. After all, how can I sell Bitcoin if my customers can’t pay for it?
Our CTO Andrés Junge launched the first Bitcoin brokerage, Yaykuy, in Chile back in 2012. The banks shut off access to Yaykuy one by one since they did not know how to manage the risk of having an unlicensed crypto exchange as a customer. They finally had to shut down. I went through something similar in Kenya with my old startup Kipochi when mPesa shut down our operational account within a week of our press launch.
In both of these cases, it wasn’t the regulators closing these startups down. It was traditional financial institutions shutting them out since they had no clear path towards regulation. More importantly, they couldn’t prove the source of funds for our customers’ transactions.
“Derisking” is the term usually used for this process of banks shutting off access. Without access to the correct tools, there is a real risk that well-regulated exchanges start derisking away transactions to less well-regulated ones.
When the last significant change in regulation happened in the US in 2013, it became a competitive advantage to actively seek out and manage relationships with both regulators and banking connections.
The most controversial part of the FATF framework for crypto regulation has to be the “Travel Rule,” which many saw as impossible to implement for blockchain applications.
The Travel Rule comes into effect when a regulated financial institution sends funds on behalf of a customer to an account at another regulated institution. The rule requires the sending institution to transmit information about its customer to the receiving institution, who have to take this information into account when managing the risk of the transaction.
One of the main reasons regulators require companies to implement the Travel Rule is to perform better sanctions list checking. Governments, the EU, the UN, and others create sanctions lists to list known terrorists, corrupt politicians, and organized crime members. In some cases, they include known blockchain addresses of sanctioned people, but checking only for sanctioned addresses is insufficient for compliance.
If an institution accidentally facilitates a transaction with someone on one of these lists, it can lead to fines. A lawyer friend who has advised companies accused of this calls it an extinction-level event for many unprepared companies. Defending it becomes a case of proving you have set up correct processes to avoid it.
Sanctions list checking is a requirement for both the sending and the receiving institution. Doing so based solely on public data from blockchains is impossible, so the Travel Rule sets up a new layer on top of the underlying blockchains enabling them to do so correctly.
In reality, the Travel Rule is not new, and most traditional payment systems such as SWIFT have implemented it since the 90s. When banks say they can’t trust the source of funds for crypto companies, they are typically referring to the lack of the Travel Rule.
Notabene takes a very holistic view of managing the regulatory risk of crypto transactions. Our current offering consists of a unified API and dashboard helping compliance officers within crypto businesses manage risk for both Travel Rule and regular non-custodial transactions in a single place.
While the Travel Rule is used to help regulated institutions manage risk, we also see it as an excellent way to give their end-users the confidence to transact more. We provide innovative companies with the tools to help use the travel rule to increase their transaction volume and, ultimately, revenue.
There are currently many protocols for solving the Travel Rule today. All of them help businesses involved in a particular transaction to exchange information about their customers. They also require every transacting party to be on the same protocol. This lack of a clear winner amongst all of the protocols has made it even more difficult for crypto businesses to pick just a single protocol.
From talking with leadership and compliance staff at countless crypto companies, I believe this has only caused confusion and slowed the industry’s overall implementation. Notabene provides a switch on top of them and even allows our customers to continue transacting with exchanges that aren’t yet actively implementing the Travel Rule. Our Travel Rule switch gives our customers access to by far the broadest amount of crypto businesses.
Since we launched in August, over a dozen companies, have started using Notabene for Travel Rule compliance. Ania Lipinska, our head of product, has personally had deep dives with compliance teams at over 100 different crypto businesses this year. Our team’s strong focus on their needs has made us the default choice for most exchanges looking to implement the Travel Rule. By the end of 2021, I expect the majority of exchange to exchange transactions globally to have their risk managed at least partially through Notabene.
Data privacy and surveillance are always subjects that rightly come up when thinking about KYC and AML. There is also a fundamental paradox between the transparent public aspects of blockchains and the goals of privacy.
Notabene helps our customers manage sensitive data about their internal business operations, including identity data about their customers. Being part of this process is a big responsibility that we take very seriously.
We designed our core architecture around privacy-preserving identity data to ensure the privacy and integrity of our customers’ data and the privacy of their end-users. We do not and will not ever maintain a global identity graph as Facebook or Google do around financial data.
My entire team is very passionate about this data privacy. We all worked together to build the framework for privacy-preserving user-centric identity at ConsenSys’ uPort project. Many of the architectural decisions we have made were specifically to ensure privacy also made our platform much more difficult to develop. We will share more about our approach to data privacy in future posts.
My incredible co-founders Alice Nawfal, Ania Lipinska, Andrés Junge, and I worked together before at ConsenSys. There we built the foundational decentralized identity platform, uPort. The technology and ideas that we pioneered at uPort now form the basis for many sizable regional identity initiatives such as the EU’s eIDAS SSI bridge, Spain’s Alastria, and the Inter-American Development Bank’s groundbreaking LACChain project.
Early this year, right before COVID-19 hit the world, the four of us decided we wanted to use our unique experience and knowledge to solve fundamental problems the crypto industry has been facing pretty much since its inception. With its seven nationalities (several dual), our five-member team is global, just like our customers. We are based in New York, Santiago de Chile, Switzerland, and Zoom.
The crypto industry is continually changing. DeFi and stablecoins have shown regulators and the financial world that the basic building blocks are soon ready to replace traditional financial products.
Regulators are anxious about money laundering and fraud in these platforms and are already discussing how to apply existing rules to this technology. At the recent V20 event, FATF agreed that they have to work closely with the industry. I spend a lot of time with regulators and industry groups to help solve their concerns in ways that don’t halt innovation.
There is a lot to do if we want to enable everybody to perform crypto transactions with confidence, particularly in an industry as innovative and fast-moving as ours. We are looking for new team members who share our mission to help us get there. In particular, we are looking for technical and operational roles.
Thank you so much to our customers and investors for placing their trust in us and our mission.