By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Understanding the Key Challenges of VASP Identification in Travel Rule Compliance

Catarina Veloso
Catarina Veloso
September 4, 2023
Catarina, Regulatory & Compliance Senior Associate at Notabene, specializes in global crypto regulations. With roles including co-chair of the CryptoUK Travel Rule group and part of the EBA Expert Group, she shapes Travel Rule compliance. Holds Masters in Energy Law and BA in Law.

Understanding who controls the recipient wallet is crucial for Virtual Asset Service Providers (VASPs) to comply with the Travel Rule. The first phase of the mandated pre-transaction due diligence process, as set forth by the Financial Action Task Force (FATF) [1], involves identifying the counterparty VASP. A comprehensive due diligence process is initiated once another VASP is identified as the counterparty.

Correctly carrying out this procedure enables VASPs to sidestep transactions with suspicious or sanctioned entities. Moreover, it safeguards sensitive customer data by ensuring it only goes to a verified or intended counterparty. [2]

Adapted from Figure 1, “Updated Guidance for a Risk-based Approach to Virtual Assets and Virtual Asset Service Providers, “ FATF, 2021. Illustration by Notabene.

Challenges With Identifying Counterparties Through Blockchain Addresses

Unlike conventional wire transfers, which offer a standardized, reliable method for identifying specific counterparties, tying a blockchain address to a counterparty lacks such a standard. Compliance Officers usually turn to blockchain analytics and customer input to spot counterparty VASPs. However, these methods are far from foolproof and can lead to dead ends. 

The situation is exacerbated by the confidential nature of crypto data on public ledgers, causing VASPs to regard their wallet address books as sensitive, thus further obstructing identification efforts during Travel Rule-compliant transfers.

The complexity is further heightened when considering the range of counterparties VASPs may encounter. These can vary from other VASPs and financial institutions to self-hosted wallets and entities like e-commerce platforms, gaming sites, and mining pools. This diversity adds yet another layer of complexity to the already challenging counterparty identification process.

Insights and data from Notabene’s 2023 State of Crypto Travel Rule Compliance report

Notabene’s 2023 State of Travel Rule Report substantiated the difficulties VASPs face in counterparty due diligence, with 52% of participants revealing that they conduct Travel Rule transfers to all VASPs without implementing any criteria or due diligence process. [3] 

Source: Notabene’s 2023 State of Travel Rule Report, pg. 39.

Additionally, we asked respondents to anonymously share their opinions on the existing Travel Rule protocols in the market and the most relevant criteria for assessing their suitability. A common theme expressed was the lack of a universal method for identifying counterparties. 

Source: Notabene’s 2023 State of Travel Rule Report, pg. 32.


FATF's Stance on VASP Identification

In its 2021 update, FATF emphasized the absence of "technically proven means" for accurately identifying the VASP overseeing the beneficiary wallet based solely on the Virtual Asset (VA) address. [4] Fast forward to June 2023, the organization released its fourth annual report titled "Virtual Assets: Targeted Update on Implementation of the FATF Standards." This report, informed by a voluntary survey from 151 jurisdictions, presents updates on Travel Rule adoption and continuing challenges, including shortcomings with compliance tools.

The report highlights key challenges that VASPs encounter in conducting due diligence. Among these are a limited number of registered VASPs, insufficient public information, and the constraints of using closed network tools for compliance. Specifically, VASPs operating within closed Travel Rule networks are restricted to identifying only those VASPs that are also part of the same network, limiting the scope of available information.

Emphasizing the importance of independent due diligence, FATF encourages VASPs to assess counterparty risks and validate information autonomously. This holds true even when VASPs are part of closed Travel Rule networks and face interoperability issues. The aim is to ensure that domestic obligations are fulfilled despite the various hurdles posed by the current systems and protocols. [5]

Moving Forward: The Need for a Unified Approach

In Notabene's 2023 State of Crypto Travel Rule Compliance Report and FATF's Targeted Update, the industry stakeholders stress the immediate need for protocols that facilitate communication.  FATF explicitly urges the industry to accelerate efforts to strengthen solutions that are global and can accommodate nuances in requirements across jurisdictions, in line with the expectations of the FATF Standards.” [6] 

In response to these identified challenges, Notabene has rolled out Network Discoverability. This feature offers scalable, secure, and reusable techniques for counterparty VASP identification within open networks.



* A closed network refers to a digital or communication network that is not freely accessible to the public. Access to a closed network is often restricted and controlled through security measures such as authentication, authorization, and specific protocols.

* An open network is a digital or communication network accessible to the public without significant restrictions. It's designed to be inclusive, allowing various devices, systems, or users to connect, communicate, and exchange information.

[1] FATF (2023), "Virtual Assets: Targeted Update on Implementation of the FATF Standards,” paragraph 24

[2] FATF (2021), Updated Guidance for a Risk-based Approach to Virtual Assets and Virtual Asset Service Providers, page 62, paragraph 196.

[3] Notabene (2023), “State of Crypto Travel Rule Compliance Report,” page 39.

[4] FATF (2021), Updated Guidance for a Risk-based Approach to Virtual Assets and Virtual Asset Service Providers, page 62, paragraph 197a.

[5] FATF (2023), "Virtual Assets: Targeted Update on Implementation of the FATF Standards,” paragraph 30

[6] FATF (2022), FATF 2022. Targeted Update on Implementation of the FATF Standards on Virtual Assets/VASPs, page 18, paragraph. 29.