2024 Travel Rule Compliance Challenges and How to Overcome Them: VASP Identification
Understanding who controls the recipient wallet is crucial for Virtual Asset Service Providers (VASPs) to comply with the Travel Rule. The first phase of the mandated pre-transaction due diligence process, as set forth by the Financial Action Task Force (FATF) [1], involves identifying the counterparty VASP. A comprehensive due diligence process is initiated once another VASP is identified as the counterparty.
Correctly carrying out this procedure enables VASPs to sidestep transactions with suspicious or sanctioned entities. Moreover, it safeguards sensitive customer data by ensuring it only goes to a verified or intended counterparty. [2]
{{cta-learnmore10="/cta-components"}}
Counterparty VASP Identification Challenges
Crypto transfers are recorded on public ledgers, leading VASPs to treat their wallet address books as confidential, which complicates identification efforts during Travel Rule-compliant transfers. VASPs face a wide range of counterparties, from other VASPs and financial institutions to self-hosted wallets and entities like e-commerce platforms, gaming sites, and mining pools. This diversity adds another layer of complexity to the already challenging counterparty identification process.
Currently, VASPs rely on (1) blockchain analytics, (2) input from their end customer, and (3) other specific discoverability methods available in their Travel Rule network to identify the counterparty to the transaction. These solutions have limitations: blockchain analytics can cluster wallet addresses with VASP groups but cannot reconcile them with specific legal entities; end customers may know the VASP brand but often do not know the specific legal entity with which they or their transaction counterparty is contracted; Travel Rule networks are limited to the information made available by the network members.
This issue remains critical, as compliance with the Travel Rule hinges on the accurate identification of the counterparty.
Learn more about this topic in Chapter 1, Section 2.2.1 of the 2024 State of Crypto Travel Rule Compliance Report.
FATF's Stance on VASP Identification
In its 2021 update, FATF highlighted the lack of "technically proven means" for accurately identifying the VASP overseeing the beneficiary wallet based solely on the Virtual Asset (VA) address:
To date, the FATF is not aware of any technically proven means of identifying the VASP that manages the beneficiary wallet exhaustively, precisely, and accurately in all circumstances and from the VA address alone. - FATF [3]
In the same report, the FATF explicitly urged the industry to accelerate efforts to strengthen global solutions that can accommodate nuances in requirements across jurisdictions in accordance with FATF Standards. [4]
{{report2="/cta-components"}}
Approaches to theSunrise Issue Challenges
Below, we discuss what can be done about the VASP identification issue and initiatives that are already in place at the various stakeholder levels, and which stakeholders are best positioned to drive solutions to this issue:
Joint Industry Initiatives
Notabene had the honor of attending the V20 Summit in October 2022. Held alongside the G20, 20 VASPs convened to discuss global financial policies and industry proposals in the wake of the FTX collapse, TerraUSD crash, and other industry events. At the V20 Summit, the stakeholders present set a goal to develop and agree on a common approach to public infrastructure for VASP discovery and the general principles that should be observed, namely:
- The infrastructure should be common, global, decentralized, and open (available to all VASPs and Travel Rule protocols).
- The infrastructure should provide base layers of information (entity name, jurisdiction, regulatory status, contact info, and supported Travel Rule protocols).
The Joint Working Group under IVMS, in which Notabene is an active participant, is leading the initiative to create this infrastructure.
Travel Rule Solutions
Many Travel Rule solutions are already participating in the Joint Working Group under IVMS mentioned above. Others are encouraged to join to ensure that the chosen industry approach has stakeholders' buy-in at all levels.
Notabene enables VASPs to autonomously identify the counterparty to transactions through the following discoverability methods:
- Integration with blockchain analytics: SafeTransact features integrations with several blockchain analytics service providers that allow VASPs to plug in their blockchain analytics accounts to the Travel Rule flow. The counterparty wallet address is queried against the information available to the blockchain analytics service to determine whether or not that wallet is associated with a known VASP.
- Network Discoverability: In response to these identified challenges, Notabene has rolled out Network Discoverability. This feature offers scalable, secure, and reusable techniques for counterparty VASP identification within open networks. The Notabene Network features an internal, self-managed address book. Participating VASPs can upload their blockchain addresses in hashed format to Notabene and permit them to be safely leveraged across the network to streamline the discoverability process. When other VASPs in the network engage in transactions involving any of the uploaded hashed addresses, the VASP that controls the respective address will be automatically identified.
{{cta-learnmore7="/cta-components"}}
VASPs
VASPs ultimately own the information that allows the accurate association between their wallet addresses and the legal entities that operate them. The adoption of any standard for VASP discovery necessarily hinges on VASPs’ collaboration.
2024 Status Check
Partial solutions for VASP identification are available, but their limitations continue to negatively impact Travel Rule compliance. Recognizing how important a common industry approach will be in solving this, the Joint Working Group under IVMS is working toward a standard that it hopes the industry will adopt.
Learn more about Network Discoverability
Learn more about our VASP identification feature, which offers scalable, secure, and reusable techniques for counterparty VASP identification within open networks.
{{cta-learnmore7="/cta-components"}}
* A closed network refers to a digital or communication network that is not freely accessible to the public. Access to a closed network is often restricted and controlled through security measures such as authentication, authorization, and specific protocols.
* An open network is a digital or communication network accessible to the public without significant restrictions. It's designed to be inclusive, allowing various devices, systems, or users to connect, communicate, and exchange information.
[1] FATF (2023), "Virtual Assets: Targeted Update on Implementation of the FATF Standards,” paragraph 24
[2] FATF (2021), Updated Guidance for a Risk-based Approach to Virtual Assets and Virtual Asset Service Providers, page 62, paragraph 196.
[3] FATF (2021), Updated Guidance for a Risk-based Approach to Virtual Assets and Virtual Asset Service Providers, page. 62, para. 197/c
[4] FATF (2022), FATF 2022. Targeted Update on Implementation of the FATF Standards on Virtual Assets/VASPs, page 18, paragraph. 29.
[5] FATF (2023), "Virtual Assets: Targeted Update on Implementation of the FATF Standards,” paragraph 30