We talk with many compliance officers worldwide, and one of the number one questions we’ve received in the last few weeks is about the US Travel Rule WG. What is it, and will we support it?
Most of the information that is available publicly comes from a talk given by Coinbase’s Jeff Horowitz at the recent GDF Travel Rule summit. Through conversations with companies involved, we’ve been able to piece together a reasonably good idea of what it is and also more importantly, what it isn’t.
As a reminder the Travel Rule requires regulated financial institutions including Virtual Asset Service Providers (VASPs) to exchange their customers Persona Identifying Information (PII) with a counterparty institution when sending a transfer on behalf of their customer.
First and foremost the US Travel Rule WG was designed to allow MSB’s licensed by the US regulator FinCEN to rapidly implement and comply with the US Travel Rule, which is defined in the Bank Secrecy Act.
Unlike many people in the industry, the WG members believe that the Travel Rule must first be solved locally. Since the US has the oldest Travel Rule regulation, they designed it explicitly to comply with the FinCEN rules and not necessarily the FATF guidelines.
One of the primary design considerations of the solution they are proposing is data privacy. The WG itself does not want to be a central source of PII that could be hacked.
VASPs also expressed concern about sharing information publicly with, for example, blockchain analytics firms about which addresses belong to them.
Horowitz described the US Travel Rule WG solution as a simple centralized bulletin board. It is unclear who is developing it, but we have heard that it might be Coinbase’s own engineers.
Currently a group of large VASPs are in the WG. Horowitz says they want to make it as cheap and easy as possible for US MSBs to comply. You will have to have an active MSB License from FinCEN to join once they open it up. Since the WG itself will run the service, there will likely be a membership fee.
We are not 100% sure of the following, but have been able to piece the following flow together:
A few notes about the above:
Step 3) The current US BSA Travel Rule requirement is for transactions over $3000. The FATF guidelines require it for transactions over $1000. We assume this solution is for over $3000, but have been unable as yet to verify this.
Step 4) We believe that the reply is private, but have been unable to verify this. We are also uncertain what happens if multiple VASPs acknowledge the ownership of the same address. Is there a way of proving ownership?
Step 5) Horowitz specifically mentioned this in his talk. However, we have heard from others previously that it does not require the explicit transfer of PII as long as it is available to law enforcement requests. It is also uncertain to us if this peer to peer data transfer happens through the WG’s Bulletin Board or another out of band method.
Step 6) Several people familiar with the WG have mentioned that the protocol does not require the above mentioned flow to happen before sending a transaction. It appears not to be possible to block a transaction
We will update the above section as we learn more or as the WG white paper is published.
The WG specifically did not design this solution to handle international transfers. Only US licensed MSBs are allowed to use this with each other.
The WG may add interoperability support in the future. If so, we expect the first such protocol to be the TRP protocol.
Our opinion is that it is not good to have regional travel rule solutions. Cryptocurrencies are global technologies. For both FATF and international regulatory acceptance, it is vital for interoperability with open solutions like TRP and OpenVASP.
Once the official US Travel Rule WG white paper is published, we will add support for the US Travel Rule WG board as soon as possible for our customers with US MSB licenses.