In light of the conflict between Russia and Ukraine, new sanctions have been imposed on Russian entities and individuals. On February 26, 2022, leaders of the European Commission, France, Germany, Italy, the United Kingdom, Canada, and the United States issued a joint statement that pledges to remove select Russian banks from the SWIFT messaging system. These actions intend to block transactions to and from a list of sanctioned names or corresponding financial entities, limiting the country’s access to worldwide financial markets and barring millions of people from using international payment systems.

In the absence of a SWIFT network for crypto, exchanges can take a more targeted approach to prevent transactions with sanctioned individuals. By leveraging sanctions screening providers and Travel Rule solutions, crypto exchanges can implement more effective hyper targeted individual sanctions and avoid a blanket ban on a broader group of citizens.

This article highlights actions that companies—regardless of Travel Rule compliance status—can take today to block transactions with sanctioned individuals.

The growing scope of sanctions

Australia, Canada, the EU, France, Japan, Switzerland, the UK, and the United States sanctioned 8,159 Russian persons and 1,511 businesses between February 22, 2022, and October 5, 2022.

Total number of list-based sanctions imposed by Australia, Canada, the European Union, France, Japan, Switzerland, the United Kingdom, and the United States on Russia from February 22, 2022, to October 5, 2022, by target (Source: Statista).

If the conflict persists, the sanctions list will likely become expansive, and the potential for evasion via crypto may become a more significant threat. Although the extent to which sanctioned parties may turn to crypto is unknown, VA exchanges around the globe are preparing to comply with the sanctions requirements. 

How FATF’s Crypto Travel Rule helps to prevent transactions with sanctioned parties

A Bank Secrecy Act (BSA) rule [31 CFR 103.33(g)] mandated in 1997 by FinCEN required all financial institutions to pass on certain information to the next financial institution in certain funds transmissions involving multiple financial institutions. This legislation is recognized as the original “Travel Rule.'' 

Banks have a multitude of tools to manage counterparty risk; robust KYC and transaction monitoring platforms are in place to identify transactions involving sanctioned individuals, as well as SWIFT to manage counterparty risk and send and receive Travel Rule messages. More than two decades later, in 2019, the Financial Action Task Force (FATF) recommended that companies that custody, transmit, or exchange cryptocurrency also comply with the Travel Rule for transactions exceeding $1,000.

Today, many exchanges have AML/CFT processes that allow them to perform customer identification and sanctions screening of their customers as part of onboarding and ongoing customer due diligence. This helps them block sanctioned individuals from directly using their products to initiate transactions. 

Yet, the crypto sector lacks a SWIFT network to communicate with counterparties and send customer data, as well as a risk management framework to assess and classify a counterparty's security risk. In order to carry this out, VASPs require a robust Travel Rule solution to mitigate counterparty risk and identify or block transactions with sanctioned individuals or entities.

What does the Travel Rule require crypto companies to do?

The sanctions currently being levied against specific individuals present a prime example of what the Financial Action Task Force's crypto Travel Rule requirements are looking to solve.

The requirements for a crypto exchange consist of: 

  1. Collecting and verifying the name and additional personally identifiable information (PII) of their customer [the specific PII is dependent on the jurisdiction requirements]
  2. Collecting the name of the counterparty and performing sanctions screening on them
  3. Identifying the counterparty institution [for transactions with custodial wallets] and performing due diligence on it to ensure it is not an unlicensed or non-compliant institution
  4. Sharing the customer and counterparty info with the counterparty institution, waiting for the counterparty data to be confirmed as accurate, before allowing the transfer to go through

Crypto Travel Rule requirements for VASPs.

As Travel Rule requirements are relatively new for the crypto industry, companies are in different stages of compliance, as detailed in our recent State of Crypto Travel Rule Compliance Report. This leaves many companies vulnerable to exposure to sanctioned individuals.

Below, we outline what Notabene customers can do today to block transactions with sanctioned parties. We also share steps not-yet-compliant companies can take to block transactions with sanctioned parties. 

What can Notabene customers do today to block transactions with sanctioned parties?

Travel Rule–compliant crypto exchanges can use tools like those Notabene provides to perform counterparty risk management and implement the sanction requirements pertaining to counterparties. Notabene customers can identify sanctioned counterparties and block ensuing transactions effectively by using the features noted in the image below.

Notabene features to block transactions with sanctioned parties.

To identify counterparty VASPs, perform VASP due diligence, identify counterparty customers, monitor wallet risk scores, and sanction screen at scale, customers can set risk-based rules in our Rule Engine to restrict incoming or outgoing Travel Rule data transfers with VASPs that do not meet their diligence criteria.

By defining these risk-based rules in our Rule Engine to prevent incoming or outgoing Travel Rule data transfers with VASPs that don't fulfill their diligence standards, Compliance Officers can effectively mitigate AML-related counterparty risk by tying this mechanism into the transaction flow.

Notabene’s Rule Engine

Our Rule Engine allows you to set comprehensive controls to effectively perform AML-related counterparty risk mitigation.

How can companies get started if they are not yet Travel Rule compliant? 

Companies that are not yet Travel Rule compliant can take the following actions:

  1. Start collecting counterparty names for crypto transactions, as the Travel Rule requires. 
  2. Implement a tool like Notabene that provides alerts for every transaction to a sanctioned individual or high-risk address You will need to connect your sanctions screening and blockchain analytics providers for this.
  3. Add a list of VASPs you will not transact with to Notabene’s Rules Engine to flag them for manual review or automatic rejection.
    At this point, you can choose not to perform any data transfers with the counterparty exchange and can merely use the Notabene product for counterparty risk assessment.
  4. Tie Notabene to your custodian/transaction flow to restrict or block a transaction accordingly. 
  5. Once ready to comply with all Travel Rule requirements, begin performing data transfers with counterparty VASPs. 

Is Notabene creating a SWIFT system for the crypto industry?

No. At Notabene, we do not believe that a centralized system like SWIFT should exist for the crypto industry or control future financial rails. This is why we’ve spent the last two years creating Travel Rule compliance software that routes Travel Rule data transfers to multiple networks. 

When power is in the hands of a few, it can be easily misused, so prudence and caution must be exercised at all times. We are proponents of a more open system, where neither we nor any other firm or association has the capacity to impose a blanket set of restrictions on the broader financial sector. 

In the crypto industry, national and international regulators can set such restrictions, but it is up to individual licensed institutions to apply them. Decisions are pushed out to the compliance teams, which implement compliance measures and policies based on their respective risk-based approaches.

How to get started today for free?

Our no-cost 'Sunrise plan' allows crypto companies who are only getting started with the above terms and need to ease into travel rule compliance. Via our sunrise plan, you can receive unlimited Travel Rule data transfers and send up to $10K in transaction volume monthly.