August 4, 2020

What we know about the US Travel Rule WG?

We talk with many compliance officers worldwide, and one of the number one questions we’ve received in the last few weeks is about the US Travel Rule WG. What is it, and will we support it?

Most of the information that is available publicly comes from a talk given by Coinbase’s Jeff Horowitz at the recent GDF Travel Rule summit. Through conversations with companies involved, we’ve been able to piece together a reasonably good idea of what it is and also more importantly, what it isn’t.

As a reminder the Travel Rule requires regulated financial institutions including Virtual Asset Service Providers (VASPs) to exchange their customers Persona Identifying Information (PII) with a counterparty institution when sending a transfer on behalf of their customer.

Why does the US Travel Rule WG exist?

First and foremost the US Travel Rule WG was designed to allow MSB’s licensed by the US regulator FinCEN to rapidly implement and comply with the US Travel Rule, which is defined in the Bank Secrecy Act.

Unlike many people in the industry, the WG members believe that the Travel Rule must first be solved locally. Since the US has the oldest Travel Rule regulation, they designed it explicitly to comply with the FinCEN rules and not necessarily the FATF guidelines.

One of the primary design considerations of the solution they are proposing is data privacy. The WG itself does not want to be a central source of PII that could be hacked.

VASPs also expressed concern about sharing information publicly with, for example, blockchain analytics firms about which addresses belong to them.

Horowitz described the US Travel Rule WG solution as a simple centralized bulletin board. It is unclear who is developing it, but we have heard that it might be Coinbase’s own engineers.

Who can use it?

Currently a group of large VASPs are in the WG. Horowitz says they want to make it as cheap and easy as possible for US MSBs to comply. You will have to have an active MSB License from FinCEN to join once they open it up. Since the WG itself will run the service, there will likely be a membership fee.

Protocol Flow

We are not 100% sure of the following, but have been able to piece the following flow together:

  1. The originating customer receives the beneficiary address from the beneficiary
  2. The originating customer provides the beneficiary address to originating VASP
  3. If a transaction is over $3000, the originating VASP posts the beneficiary address to the US Travel Rule WG board
  4. The beneficiary VASP replies to the originating VASP, acknowledging that the address is theirs
  5. The originating VASP transmits PII to the beneficiary VASP through a peer to peer method
  6. The originating VASP submits the transaction to blockchain
  7. The transaction arrives in the beneficiary's account

A few notes about the above:

Step 3) The current US BSA Travel Rule requirement is for transactions over $3000. The FATF guidelines require it for transactions over $1000. We assume this solution is for over $3000, but have been unable as yet to verify this.

Step 4) We believe that the reply is private, but have been unable to verify this. We are also uncertain what happens if multiple VASPs acknowledge the ownership of the same address. Is there a way of proving ownership?

Step 5) Horowitz specifically mentioned this in his talk. However, we have heard from others previously that it does not require the explicit transfer of PII as long as it is available to law enforcement requests. It is also uncertain to us if this peer to peer data transfer happens through the WG’s Bulletin Board or another out of band method.

Step 6) Several people familiar with the WG have mentioned that the protocol does not require the above mentioned flow to happen before sending a transaction. It appears not to be possible to block a transaction

We will update the above section as we learn more or as the WG white paper is published.

What it isn’t?

The WG specifically did not design this solution to handle international transfers. Only US licensed MSBs are allowed to use this with each other.

US MSBs will still need to implement one of the international protocols such as TRP or OpenVASP to continue to be part of the global VASP ecosystem.

Several larger US institutional MSBs are already involved with the TRP protocol in parallel. We have also heard interest from several in using OpenVASP.

The WG may add interoperability support in the future. If so, we expect the first such protocol to be the TRP protocol.

Our opinion is that it is not good to have regional travel rule solutions. Cryptocurrencies are global technologies. For both FATF and international regulatory acceptance, it is vital for interoperability with open solutions like TRP and OpenVASP.

How will Notabene support this?

Once the official US Travel Rule WG white paper is published, we will add support for the US Travel Rule WG board as soon as possible for our customers with US MSB licenses.

Book a demo.
Comply with the Travel Rule today.

Learn what is required of your business to comply
Show regulators your path towards compliance
Send, receive and monitor your Travel Rule transfers today
Fully automate incoming and outgoing transfers