The Russia-Ukraine war changed crypto regulation–what does this mean for VASPs?
- Russia is facing new sanctions due to the Ukraine conflict.
- VASPs must follow the crypto Travel Rule to avoid transactions with sanctioned entities.
- Travel Rule compliance requires VASPs to collect and verify customer and counterparty information, perform VASP due diligence, sanction screening transaction counterparties and share accurate PII.
- Notabene offers tools to manage counterparty risk and enforce sanctions. VASPs can use Notabene's Rule Engine to set risk-based rules to block Travel Rule transactions from VASPs that don't meet their diligence criteria.
The ongoing conflict between Russia and Ukraine has resulted in new sanctions being imposed on Russian entities and individuals. Select Russian banks have been removed from the Society for Worldwide Interbank Financial Telecommunication (SWIFT) messaging system, limiting the country's access to global financial markets and international payment systems.
If the conflict persists, the sanctions list will likely become expansive, and the potential for evasion via crypto may become a more significant threat. Although the extent to which sanctioned parties may turn to crypto is unknown, virtual asset service providers (VASPs) worldwide have begun to rethink how they approach sanctions compliance.
This article covers actions VASPs can take today to block transactions with sanctioned individuals, regardless of their Travel Rule compliance status.
The growing scope of Russian sanctions
As of February 2023, Russian sanction lists have risen to 10,608 individuals, 3,431 companies, and nearly 500 institutions.
Additionally, the FATF has taken action by suspending Russia's FATF membership. The organization has also issued an advisory urging all jurisdictions to remain vigilant and be aware of current and potential risks associated with efforts to circumvent measures taken against Russia to protect the integrity of the international financial system.
A recent uptick in OFAC designations has shown that VASPs worldwide must rethink how they approach sanctions compliance. On January 18, 2023, the Financial Crimes Enforcement Network (FinCEN) issued its first order pursuant to section 9714(a) of the Combating Russian Money Laundering Act. FinCEN labeled crypto exchange Bizlatzo a "primary money-laundering concern" concerning illicit Russian finance. Days later, the US Justice Department charged Bitzlato with money laundering, and authorities in several countries seized control of Bitzlato's crypto wallets containing over $19 million.
Compliance with the crypto Travel Rule provides VASPs with valuable information on their counterparties and sanctions insight at the transaction level. This enables them to identify whether their clients are making transactions to sanctioned entities, wallets, or jurisdictions, thus improving their ability to detect and prevent potential legal and financial risks. VASPs adhering to the Travel Rule can more effectively safeguard themselves against such threats.
How FATF's crypto Travel Rule helps to prevent transactions with sanctioned parties
Since 1996, banks have complied with the Travel Rule to block transactions with sanctioned individuals. The original regulation mandated financial institutions to pass customer information in certain fund transmissions involving multiple financial institutions. Banks use know-your-customer (KYC), transaction-monitoring programs, and SWIFT to manage counterparty risk and send/receive Travel Rule messages.
In 2019, the FATF recommended crypto companies comply with the Travel Rule on or at the time of transactions over $1,000. VASPs currently have AML/CFT processes to identify and sanction screen customers. These programs help them block sanctioned individuals from directly using their products to initiate transactions.
However, the crypto industry lacks a SWIFT network to identify counterparty VASPs, assess security risks, send Travel Rule data, and block sanctioned transactions. Crypto Travel Rule compliance mitigates counterparty risk at the transaction level.
What does the Travel Rule require crypto companies to do?
The sanctions currently being levied against specific individuals present a prime example of what the Financial Action Task Force's crypto Travel Rule requirements are looking to solve.
To comply with the crypto Travel Rule, a VASP must:
- Collect and verify their customer's name and further PII based on jurisdiction requirements.
- Collect the counterparty's name and perform sanctions screening.
- Identify and perform due diligence on the counterparty institution (for transactions with custodial wallets.)
- Share the originator and beneficiary customer PII with the counterparty institution, confirm its accuracy, and allow or block the transfer.
As Travel Rule requirements are relatively new for the crypto industry, companies are in different stages of compliance, as detailed in our State of Crypto Travel Rule Compliance Report, published in January 2022. This unequal adherence to the regulation is called the 'Sunrise period,' leaving many companies vulnerable to exposure to sanctioned individuals.
Below, we outline what Notabene customers can do today to block transactions with sanctioned parties. We also share steps not-yet-compliant companies can take to mitigate transactions with sanctioned parties.
What can Notabene customers do today to block transactions with sanctioned parties?
Travel Rule–compliant crypto exchanges can use tools like Notabene provides to perform counterparty risk management and implement the sanction requirements for counterparties. Notabene customers can effectively identify securely sanctioned counterparties and block ensuing transactions using the features noted in the image below.
To identify counterparty VASPs, perform VASP due diligence, identify counterparty customers, monitor wallet risk scores, and sanction screen at scale, customers can set risk-based rules in our Rule Engine to restrict incoming or outgoing Travel Rule data transfers with VASPs that do not meet their diligence criteria.
By defining these risk-based rules in our Rule Engine to prevent incoming or outgoing Travel Rule data transfers with VASPs that don't fulfill their diligence standards, Compliance Officers can effectively mitigate AML-related counterparty risk by tying this mechanism into the transaction flow.
Customers can use Notabene's Rule Engine to identify other VASPs involved in a transaction, perform VASP due diligence, identify counterparty customers, monitor wallet risk scores, and screen for sanctioned parties at scale. By setting risk-based rules in the Rule Engine, customers can restrict Travel Rule data transfers with VASPs that do not meet their standards. This helps Compliance Officers effectively reduce AML-related counterparty risk by integrating the mechanism into the transaction flow.
How can companies get started if they are not yet Travel Rule compliant?
Companies not yet Travel Rule compliant begin the following compliance phases:
- Collect counterparty names for crypto transactions.
- Implement Notabene or a similar tool that provides alerts for transactions to sanctioned individuals or high-risk addresses.
- Integrate your sanctions screening and blockchain analytics providers.
- Add a list of high-risk VASPs to Notabene's Rules Engine to flag their transactions for review or automatic rejection. At this point, you can restrict data transfers with high-risk counterparty VASPs, and use the platform for counterparty risk assessment.
- Tie Notabene to your custodian/transaction flow to restrict/block high-risk transactions.
- Begin performing data transfers with counterparty VASPs when ready to comply with all Travel Rule requirements.
Is Notabene creating a SWIFT system for the crypto industry?
Notabene does not believe that a centralized system like SWIFT should control future financial rails for the crypto industry. When power is in the hands of a few, it can be easily misused. Prudence and caution must be exercised at all times. As crypto-native founders, we are proponents of a more open system where no one entity has the capacity to impose a set of blanket restrictions. This is why we've created holistic Travel Rule compliance software to securely route data transfers to multiple networks. In the crypto industry, regulators can set rules, but it's up to licensed institutions to apply the restrictions based on their risk-based approach.
How to get started today for free?
Notabene's Sunrise plan includes unlimited incoming Travel Rule data transfers and a monthly outgoing transaction volume of up to $10K. This plan is ideal for crypto companies just starting and needing to ease into Travel Rule compliance, and it is available at no cost.