A widely cited pitfall that VASPs face when implementing the Travel Rule is identifying who controls the wallet they are transacting with. This is a crucial step, as the classification of the owner of the originating or beneficiary wallet will determine the applicable Travel Rule requirements. Requirements vary depending on whether the transaction is with an unhosted wallet or a VASP, and if the Counterparty VASP sits in the same jurisdiction or a third country. Hence, compliance with the Travel Rule necessarily hinges on accurate identification of the counterparty.
Learn more in Chapter 3 of Notabene's State of Crypto Travel Rule Compliance Report.
The FATF acknowledges that accurately identifying the counterparty VASP is not possible in all circumstances.
To date, the FATF is not aware of any technically proven means of identifying the VASP that manages the beneficiary wallet exhaustively, precisely, and accurately in all circumstances and from the VA address alone.
Crypto transfers are recorded in public ledgers, causing VASPs to treat their wallet address books as confidential information. Revealing wallet addresses would grant competitors and other third parties access to information about the VASP’s business and transactions that would be treated as strictly confidential in the traditional finance world.
Determining whether a transaction is with another VASP is the first phase of a due diligence process to assess whether the counterparty VASP is eligible for establishing a business relationship and sending customer data. (FATF’s Updated Guidance [OCT 2021], section 197 / c). Ultimately, through this process, VASPs avoid dealing with illicit and sanctioned actors and ensure that counterparties can protect the confidentiality of the shared Travel Rule information (FATF’s Updated Guidance [OCT 2021], section 196.)
The Counterparty VASP's due diligence process must consider several factors, such as:
- the robustness of the counterparty’s data storage and security framework,
- the licensing and registration requirements of the jurisdiction where the VASP is based, and
- whether the counterparty complies with the Travel Rule (FATF’s Updated Guidance [OCT 2021], paragraph 199).
This assessment must occur before conducting any Travel Rule data transfer (FATF’s Updated Guidance [OCT 2021], paragraph 196.)
To mitigate the impact of this process on the transaction’s volume and speed, it is essential to work on standards for scalable and reusable due diligence processes. It is worth highlighting that Global Digital Finance (GDF) is working on adapting the Wolfsberg Correspondent Banking Due Diligence Questionnaire to the VASP due diligence process; if adopted by the industry as a standard, this questionnaire could facilitate this component of Travel Rule compliance.
How does Notabene support VASP due diligence?
Notabene’s VASP Directory features a due diligence questionnaire based on the Wolfsberg Correspondent Banking Due Diligence Questionnaire (CBDDQ) for financial institutions. The Wolfsburg Group produces AML, KYC, and CTF/CFT standards for finance, creating 19+ documents that establish rules for bank transparency.
The Global Digital Finance (GDF) has adapted the Wolfsberg Correspondent Banking Due Diligence Questionnaire to the VASP due diligence process, resulting in an industry-specific VASP-to-VASP due diligence questionnaire. If adopted by the industry as a standard, this questionnaire could facilitate this component of Travel Rule compliance.
In our February 2022 release, we integrated the first version of the GDF Questionnaire. We will continually update the document as the GDF releases the final standard for VASP to VASP due diligence.
From the VASP Directory, clients can:
- Sign up for a free account
- Fill out and submit their own VASP due diligence questionnaire
- Request a completed questionnaire from another VASP within the Notabene network (providing they filled it out already.)
VASPs are now able to:
- Request a questionnaire from another VASP within the Notabene network, even if they haven’t yet filled it out. This request will trigger an email directly to the VASP, inviting them to complete the questionnaire.
- Share their questionnaire with a selected VASP.