- Interoperability is essential for Travel Rule compliance.
- The market currently has seven different messaging protocols, most lacking compatibility with each other.
- Open networks are accessible to any VASP, while closed networks have comprehensive vetting measures and fees to join.
- Standardization or a unifying gateway could be the future for the crypto industry's compliance with the Travel Rule.
- Notabene does not believe that a centralized system like SWIFT should control future financial rails for the crypto industry.
- Notabene’s SafeGateway offers a multi-protocol approach to ease compliance challenges.
Interoperability in crypto Travel Rule compliance is more than a buzzword; it's a critical necessity. This term refers to the ability of various Travel Rule messaging protocols and their networks to exchange personally identifiable information (PII) effectively without compromising safety and security. Despite its importance, interoperability remains a complex, unsolved challenge, often hindering due diligence processes and restricting virtual asset service providers (VASPs) from transacting with counterparties on different networks.
Today’s Travel Rule Compliance Landscape
Today's landscape features two core solution types: messaging protocols for data transfer and end-to-end solutions for comprehensive compliance, such as Notabene's SafeTransact. The current market features 5+ Travel Rule messaging protocols, each bringing unique technological approaches and communication methods to the table.
Travel Rule compliance solutions can be further broken down into open and closed networks.
Closed vs. Open Networks
Closed networks: VASPs undergo a comprehensive vetting process to join, and often have to pay higher membership and/or transaction fees. In closed networks, VASPs often outsource the counterparty VASP diligence process to the network. VASPs can only send data transfers to other in-network VASPs on both open and closed networks. With the more rigorous enforcement of the Travel Rule happening now across jurisdictions, this often restricts VASPs from transacting with out-of-network counterparts.
Open networks: Any VASP can join, often free of cost. The counterparty due diligence and risk assessment process is carried out between VASPs, which is in accordance with the Financial Action Task Force's (FATF's) standards.
“Compliance tool providers may therefore consider that allowing information sharing only between their users (i.e., no interoperability) will prevent information being shared with unreliable counterparties (e.g., illicit users or those with insufficient data protection controls).
The challenge with this approach is that, as set out in the FATF’s 2021 Guidance, VASPs are required to independently assess counterparty risk. While this approach may provide potential opportunities to simplify some aspects of counterparty due diligence (e.g., facilitating the identification of a counterparty VASP), it does not remove the need for VASPs to independently verify the information and ensure all relevant domestic obligations are met.” [1]
The FATF clarifies that the approach taken primarily by closed Travel Rule networks does not remove the need for VASPs to conduct counterparty VASP due diligence independently.
The Industry’s Take on Protocol Fragmentation
Nearly a quarter of VASPs surveyed identified interoperability issues as a significant hurdle to compliance, and 20% are concerned about market confusion due to the growing number of protocols. [2]
Even the FATF has emphasized the need for protocols to intercommunicate, calling for global solutions that can accommodate jurisdictional nuances. [3]
Overview of Travel Rule Messaging Protocols
A Travel Rule messaging protocol allows VASPs to exchange originator and beneficiary customer information securely. However, messaging protocols address only one of the seven FATF-outlined steps that VASPs must take to be fully Travel Rule compliant.
A comprehensive Travel Rule solution should enable businesses to:
- Identify the type of transaction counterparty.
- Apply relevant jurisdictional rules.
- Screen each counterparty for sanctions.
- Determine counterparty VASPs and assess risk scores using blockchain analytics.
- Conduct due diligence on VASPs before transactions.
- Store customer and beneficiary personal data in a GDPR-compliant manner.
- Exchange customer data with VASPs via various blockchain protocols.
Businesses must still develop a complete solution to meet the remaining six criteria.
Beyond Data Transfers: The Need for Comprehensive Compliance Solutions
A complete Travel Rule compliance solution goes beyond messaging protocols and provides support for each step of FATF’s Recommendation 16. It should include a full suite of services, from identifying counterparty types to GDPR-compliant data storage.
Notabene's Solution to the Interoperability Challenge
Notabene tackles interoperability head-on with SafeGateway, a solution that facilitates VASP-to-VASP interaction across protocols.
{{cta-learnmore16="/cta-components"}}
[1] FATF (2023), "Virtual Assets: Targeted Update on Implementation of the FATF Standards," paragraph 30.
[2] Notabene (2023), State of Crypto Travel Rule Compliance Report, pp. 22-23.
[3] FATF (2022), Targeted Update on Implementation of the FATF Standards on Virtual Assets/VASPs, p 18, paragraph 29.
