How Notabene Solves Counterparty VASP Identification and Due Diligence
Determining whether a transaction is with another VASP is the first phase of a due diligence process. This phase helps assess whether the counterparty VASP is eligible to establish a business relationship and send customer data (FATF’s Updated Guidance [OCT 2021], section 197 / c). Through this process, VASPs avoid dealing with illicit and sanctioned actors. They can ensure that counterparties can protect the confidentiality of the shared Travel Rule information (FATF’s Updated Guidance [OCT 2021], section 196.)
The Counterparty VASP’s due diligence process must consider several factors, such as:
- The robustness of the counterparty’s data storage and security framework,
- The licensing and registration requirements of the jurisdiction where the VASP is based, and
- Whether the counterparty complies with the Travel Rule. (FATF’s Updated Guidance [OCT 2021], paragraph 199).
Additionally, this assessment must occur before conducting any Travel Rule data transfer (FATF’s Updated Guidance [OCT 2021], paragraph 196.)
The Operational Importance of VASP Due Diligence
Compliance with the Travel Rule necessarily hinges on accurate identification of the counterparty. Identifying who controls the wallet they are transacting with is a widely cited pitfall that VASPs face when implementing the Travel Rule, yet it is a crucial step for VASPs, as the classification of the originating and beneficiary wallet owner will determine the applicable Travel Rule requirements.
As mentioned on our regulations page, enforcement varies depending on whether the transaction is with an unhosted wallet or another VASP, and if the counterparty VASP is registered in the same jurisdiction or a third country. VASPs are required by paragraph 197 of FATF’s Updated Draft Guidance to perform due diligence on their counterparties, in its 2021 update, the Financial Action Task Force (FATF) acknowledged that it was not “aware of any technically proven means of identifying the VASP that manages the beneficiary wallet exhaustively, precisely, and accurately in all circumstances and from the VA address alone.

Current VASP due diligence process
As crypto transfers are recorded in public ledgers, VASPs treat their wallet address books as confidential information. Revealing wallet addresses would grant competitors, and other third parties access to information about the VASP’s business and transactions that would be treated as strictly confidential in the traditional finance world. Because of this, VASPs currently rely on blockchain analytics providers like Chainalysis, Elliptic, and TRM to determine whether a transaction is with another VASP and identifies which VASP it is.
The Global Digital Finance's standards for VASP due diligence
To mitigate any adverse impacts of due diligence processes on the transaction volume and speed, it is essential to work on standards for scalable and reusable due diligence processes. To address this, the Global Digital Finance (GDF) ’s AML Working Group began working on a standardized due diligence questionnaire similar to that found in traditional finance and known as the Wolfsberg DDQ. Later, they published the industry-specific VASP-to-VASP Due Diligence Questionnaire (DDQ). If adopted by the wider industry, this questionnaire could facilitate this component of Travel Rule compliance.
VASP due diligence on a messaging protocol vs. full-service Travel Rule compliance solution
Since Travel Rule messaging protocols only address sending and receiving customer data, they rely on third-party services to perform due diligence on their network VASPs. It is improbable that a third party would have information on smaller exchanges, leading VASPs to painstakingly carry out due diligence on each of their counterparties themselves.
As a full-service Travel Rule compliance solution, Notabene clients can upload and share their due diligence information 1:1 between parties, removing friction from an already complex process.
How Notabene Support VASP Due Diligence
In our February 2022 release, we integrated the first version of the VASP DDQ into our VASP Network We'll keep updating the document in line with the GDF's final standard for VASP to VASP due diligence.

From the Notabene Network, clients can:
- Sign up for a free ‘SafeTransact Rise’ account.
- Fill out and submit their VASP DDQ.
- Request a completed questionnaire from another VASP within the Notabene network (provided they've already filled it out.)
Benefits the VASP due diligence questionnaire unlocks:
Streamlined Communication with VASPs: VASPs can request access to a counterparty's DDQ within the Notabene network. We'll send an invitation to complete their questionnaire if it is incomplete. This proactive approach invites VASPs to participate and fill out the DDQ, fostering better collaboration.
Enhanced Control: Easily share, decline, or revoke access to the questionnaire. This ensures full control over your data and who views it.
Transparent Tracking: With the ability to view the document’s share history, Notabene clients are always informed about who has accessed your data, ensuring transparency at all times.
Insightful Overview: The snapshot view of the DDQ share history on SafeTransact provides a clear perspective, helping you monitor and manage interactions effectively.
{{cta-notabene-network="/cta-components"}}