Responding to Travel Rule messages is crucial for VASPs to maintain regulatory compliance, build trust with counterparties, and ensure operational efficiency. This article explores the importance of timely responses, potential consequences of non-compliance, and how Notabene's solutions can streamline the process.
When I spoke about the Dawn of Travel Rule at the GBBC Members Forum, I spoke about the importance of not only sending and receiving Travel Rule messages, but responding to them as well.
Why is this so important? Simply put, at this point in our Travel Rule timeline (5 years since first adoption), supervisory authorities are starting to evaluate the effectiveness of Travel Rule. This means taking a closer look at one key requirement, which is responding to Travel Rule messages. Depending on the jurisdiction, it is no longer okay to only send a transfer and state to a regulator that “As a VASP, I am Travel Rule Compliant”. You will have to also demonstrate that you have been responding to incoming messages from counterparties.
Why Responding Matters
As the industry evolves, responding accurately to Travel Rule requests is not just a "nice-to-have" feature; it’s a compliance obligation that can impact a firm’s ability to do business. Let’s take a closer look at some of the key reasons why.
1. Compliance Requirements
Many jurisdictions have regulations explicitly mandating that VASPs engage in a two-way dialogue for Travel Rule compliance. This means that merely sending the required information is not enough—you must also respond to missing or incomplete data, and provide follow-up information when requested by counterparties or authorities. Failure to do so can put your business at risk of non-compliance and possible subject to fines or penalties.
Let’s take a look at just a few jurisdictional regulations (this is not the exhaustive list) that emphasize not only the need to send and receive required information but also the importance of responding to travel rule messages. You might note that these rules are primarily in the context of providing required transfer details back when there is incomplete or missing information.
European Union
The EU’s Transfer of Funds Regulation (TFR) goes beyond requiring accurate originator and beneficiary information. It mandates that CASPs (Crypto Asset Service Providers) request missing details and actively respond to counterparty requests to rectify discrepancies. Specifically, Article 16(1) and Article 17 of the TFR require prompt follow-up and compliance checks. Full details at the bottom of this article.
United States
The FinCEN Travel Rule requires U.S.-based VASPs to provide specified information for transactions over $3,000. This includes responding to any queries or compliance checks from counterparties. Ignoring such requests or failing to engage can be seen as regulatory non-compliance, particularly in the context of suspicious transactions. Full details at the bottom of this article.
United Kingdom
Under the Money Laundering Regulations (MLR), VASPs are required to take proactive steps if information is missing or incomplete. For example, if a discrepancy is detected, the VASP must request the missing information, delay the transaction, or, in some cases, even return the crypto assets. Such procedures necessitate a robust response mechanism. Full details at the bottom of this article.
Singapore
Under the Payment Services Act (PSA), the Monetary Authority of Singapore (MAS) implements FATF’s Travel Rule. VASPs must gather, verify, and transmit required information, and are expected to “provide value transfer information” by a certain time frame which can only be done through a response. For example, the legislation states that “In a value transfer where the amount to be transferred is below or equal to S$1,500…….the ordering institution shall provide the value transfer originator information and value transfer beneficiary information set out in paragraph 13.4(a) to (d) within 3 business days of a request for such information…” Full details at the bottom of this article.
Across these global regulations, the emphasis is clear: while sending and receiving information is essential, responding to travel rule transfers is equally important. This includes engaging with counterparties to verify, request additional information, and ensure compliance with AML/CFT obligations. A lack of response or failure to follow up on incomplete or suspicious transfers can result in non-compliance and regulatory scrutiny.
2. Counterparty Trust and Business Relationships
VASPs are increasingly choosing to limit their transactions to compliant counterparties. This trend is evident in Notabene’s own research, where 66% of surveyed VASPs reported restricting withdrawals with entities that do not comply with the Travel Rule. Failing to respond to a Travel Rule message sends a strong signal to your counterparties that your business may not be fully committed to compliance, leading them to potentially cut off transactions altogether.
3. Operational Efficiency and Risk Management
Failing to respond promptly to Travel Rule messages can create bottlenecks in your transaction workflows, resulting in increased operational costs and slower settlements. Having an automated system like Notabene’s SafeTransact that not only sends and receives messages but also monitors and responds to them can help streamline compliance processes and reduce the risk of human error.
Real-World Implications: What Happens When You Don’t Respond?
If a VASP fails to respond to a Travel Rule message, several scenarios could unfold:
Regulatory Penalties and Fines
Non-compliance can result in significant fines or penalties from regulatory bodies.
Counterparty De-Risking
If a counterparty sees that you are not responding to compliance messages, they may choose to de-risk by ceasing all business activities with your VASP, resulting in lost revenue and a damaged reputation.
Loss of Market Access
As global jurisdictions begin implementing stricter compliance rules, VASPs that are flagged for non-compliance may find themselves unable to operate in key markets.
Notabene’s Approach: Streamlining and Automating Responses
The complexity of responding to Travel Rule messages often stems from inconsistent regulations across jurisdictions. Notabene’s solution simplifies this by offering a unified platform that helps businesses automatically detect missing or incomplete data, sends requests for clarification, and ensures compliance through automated responses.
Notabene’s SafeTransact for Networks automates the end-to-end compliance process, enabling customers to respond to Travel Rule requests in real-time, ensuring compliance without disrupting business operations.
Responding to Travel Rule messages is not just about meeting regulatory expectations; it’s about building trust in the industry. As the market matures, businesses that invest in compliance today will be best positioned to thrive tomorrow.
By actively responding to Travel Rule messages, your business is not only complying with global regulations but also paving the way for more secure and efficient transactions, making you a preferred partner for other VASPs and financial institutions.
Want to learn more about how Notabene’s solution can help streamline your Travel Rule compliance? Book a call with our team today.
Addendum
European Union (EU) - Transfer of Funds Regulation (TFR) (Regulation (EU) 2015/847)
Articles 16(1) and 17 of the Transfer of Funds Regulation outline the responsibilities of Crypto Asset Service Providers (CASPs) to ensure that all transfers include accurate and complete originator and beneficiary information. They also specify that CASPs must request missing information from the sender's VASP and actively engage when information is incomplete. Responding to these situations is crucial for compliance.
“crypto-asset service providers should ensure that the information on the ... originator and the beneficiary is not missing or incomplete.” (Par. 28)
“With the aim of assisting payment service providers and crypto-asset service providers to put effective procedures in place to detect cases in which they receive transfers of funds or transfers of crypto-assets with missing or incomplete information on the payer, payee, originator or beneficiary and to take effective follow-up action, “ (Par. 51)
“To enable prompt action to be taken in the fight against money laundering and terrorist financing, payment service providers and crypto-asset service providers should respond promptly to requests for information on the payer and the payee or on the originator and the beneficiary from the authorities responsible for combating money laundering or terrorist financing in the Member State where those payment service providers are established or where those crypto-asset service providers have their registered office” (Par. 53)
Further, according to the final Travel Rule Guidelines1 by the European Banking Authority that accompany the TFR paragraph 56 states:
“Where the PSP, IPSP, CASP or ICASP requests required information that is missing, it should set a reasonable deadline by which the information should be provided. This deadline should not exceed three working days for transfers taking place within the Union, and five working days for transfers received from outside of the Union, starting from the day the PSP, CASP, IPSP or ICASP identifies the missing information”
1https://www.eba.europa.eu/sites/default/files/2024-07/6de6e9b9-0ed9-49cd-985d-c0834b5b4356/Travel%20Rule%20Guidelines.pdf
United States - Financial Crimes Enforcement Network (FinCEN) Travel Rule (31 CFR 1010.410)
The FinCEN Travel Rule mandates U.S. based VASPs (CVC’s) and financial institutions to collect, retain, and transmit specified information on fund transfers over $3,000. Responding to requests for additional details or missing information is required, particularly in suspicious cases or incomplete transfers.
“The money transmitter must obtain or provide the required regulatory information either before or at the time of the transmittal of value, regardless of how a money transmitter sets up their system for clearing and settling transactions, including those involving CVC” (Fincen Guidance FIN-2019-G001)
United Kingdom - The Money Laundering and Terrorist Financing (Amendment) (EU Exit) Regulations 2019
The UK’s Money Laundering Regulations (MLR) require VASPs to ensure full compliance with AML/CTF requirements, including receiving and transmitting required travel rule information. Further, there are requirements around reporting to FCA those that do not provide the required information back. Hence this really underscores the responsibility of VASPs to respond to inquiries from counterparties and authorities when information is missing or insufficient.
“(2) Where the cryptoasset business of the beneficiary becomes aware that any information required by regulation 64C to be provided is missing or does not correspond with information verified by it under Part 3, the cryptoasset business of the beneficiary must— (a) request the cryptoasset business of the originator to provide the missing information; (b) consider whether to make enquiries as to any discrepancy between information received and information verified by it under Part 3; and (c) consider whether— (i) to delay making the cryptoasset available to the beneficiary until the information is received or any discrepancy resolved; and (ii) if the information is not received or discrepancy resolved within a reasonable time, to return the cryptoasset to the cryptoasset business of the originator. (3) In deciding what action to take under paragraph (2)(c) the cryptoasset business must have regard to— (a) the risk assessments carried out by the cryptoasset business under regulations 18(1) (risk assessment by relevant persons) and 18A(1) (risk assessment by relevant persons in relation to proliferation financing); and (b) its assessment of the level of risk of money laundering, terrorist financing and proliferation financing arising from the inter-cryptoasset business transfer……."
(5) The cryptoasset business of a beneficiary must report to the FCA repeated failure by a cryptoasset business to provide any information required by regulation 64C as well as any steps the cryptoasset business of the beneficiary has taken in respect of such failures. (Par 64D)
Singapore - Payment Services Act (PSA) and FATF Travel Rule Implementation
Under the Payment Services Act (PSA), the Monetary Authority of Singapore (MAS) implements FATF’s Travel Rule. VASPs must gather, verify, and transmit required information, and are expected to “provide value transfer information” by a certain time frame which can only be done through a response. For example, “In a value transfer where the amount to be transferred is below or equal to S$1,500…….the ordering institution shall provide the value transfer originator information and value transfer beneficiary information set out in paragraph 13.4(a) to (d) within 3 business days of a request for such information…….”
