Verifying self-hosted wallet ownership is a critical step in ensuring regulatory compliance while maintaining user trust and convenience. 

At Notabene, we offer 4 proof methods, each tailored to different needs and scenarios. 

Read on to learn more about these options, how they work, and why a user might choose each method depending on their circumstances.

1. Digital Signature: The Gold Standard for Blockchain Verification

Digital signatures use cryptographic algorithms to prove ownership of a blockchain address directly from the wallet. This method is highly secure, seamless, and widely supported across blockchains. While the specific signature standards vary by blockchain, the overall logic and flow remain similar, ensuring consistent user experience.

Advantages

• Highly secure and proof
• Fully automated for faster verification

Supported Wallets

• EVM-Compatible: MetaMask, WalletConnect, Ledger, Trezor, etc.
• Bitcoin: Electrum, Ledger, Trezor, BlueWallet, etc.
• Solana: Phantom, Solflare, etc.
• Other Blockchains: TronLink (Tron), Daedalus (Cardano)

Digital signatures are the gold standard for wallet ownership proof when security, versatility, and compliance are critical.

2. Microtransaction: Blockchain-Recorded Proof

Microtransaction (often referred to as the Satoshi Test) involves sending a small transaction from the wallet to confirm ownership. This method relies on blockchain records and is particularly useful for wallets that do not support signing messages.

Advantages

• Transparent proof recorded on the blockchain
• Works for any wallet capable of making transactions
• Ideal for cases where digital signature is unavailable

Supported Wallets

• No restrictions, if wallet cable to send transactions :)

Microtransactions provide a robust alternative when digital signatures are unavailable, offering trustless verification through the blockchain.

3. Screenshot: Quick and Visual Proof

The screenshot method involves capturing the wallet interface to visually prove ownership of the wallet. This method is simple and accessible, especially for non-technical users.

Advantages

• Quick and easy to perform
• Works for any wallet with a graphical user interface
• Accessible for less tech-savvy users

Supported Wallets

• Any wallet with a GUI, including mobile and desktop wallets.

4. Self-Declaration: Simple and Declarative Proof

Self-declaration involves a user’s assertion of wallet ownership through a signed checkbox. While less secure than other methods, it’s useful for jurisdictions or cases with no strict compliance requirements

Here’s a roundup of what you need to know from the last week in global crypto regulatory news.

🌎 Americas

🇺🇸 United States

President-elect Trump appoints AI and crypto czar. President-elect Donald Trump has named David Sacks, a venture capitalist and former PayPal executive, as the White House’s artificial intelligence and cryptocurrency czar. Sacks is expected to lead the administration’s policies on AI and digital assets, signaling a proactive approach to emerging technologies.

President-elect Trump shifts SEC leadership. President-elect Donald Trump has nominated Paul Atkins, a former SEC commissioner and advocate for digital assets, to replace Gary Gensler as SEC chair. Atkins is expected to bring a more crypto-friendly approach to regulation.

🌍 EMEA

🇬🇧 United Kingdom

FCA unveils crypto regulation roadmap. The Financial Conduct Authority (FCA) released a detailed plan for comprehensive crypto regulations by 2026. Findings show over 12% of U.K. adults hold crypto, emphasizing the need for clear regulatory frameworks.

🇪🇺 European Union

EBA publishes explainer on AML/CFT in crypto. The European Banking Authority (EBA) released a comprehensive explainer on preventing money laundering and terrorism financing in the EU’s crypto-assets sector. The document highlights key requirements under MiCA and the latest AMLD amendments, including the implications of the grandfathering clause. This resource offers essential insights into the EBA’s efforts to align crypto compliance with EU standards.

💡Go deeper with our recent article on debunking the myth of the Grandfathering Clause for the European Travel Rule.

🇲🇦 Morocco

Morocco drafts crypto regulations. Bank Al-Maghrib introduced regulations developed with World Bank support, focusing on financial inclusion and long-term CBDC exploration.

🌏 APAC

🇹🇼 Taiwan

Taiwan accelerates AML compliance for VASPs. The Financial Supervisory Commission (FSC) moved the AML registration deadline for Virtual Asset Service Providers (VASPs) to November 30, 2024. Updated guidelines include tracking suspicious activities and unusual transactions.

🌐 Global Highlights

Global Blockchain Business Council (GBBC)

GBBC launches GSMI 5.0, mapping blockchain regulation. The latest edition of GSMI 5.0 features global regulatory developments, taxonomy for 391 key terms, and in-depth reports on sustainability, AI convergence, and decentralized finance.

Questions? Contact [email protected]

Today, the European Banking Authority (EBA) released an explainer entitled Preventing Money Laundering and Terrorism Financing in the EU’s Crypto-Assets Sector. As the crypto landscape evolves, the EU is tightening its grip on compliance with the introduction of MiCAR (Markets in Crypto-Assets Regulation) and its accompanying AML/CFT rules, including the Transfer of Funds Regulation (TFR).

One common misconception among crypto-asset service providers (CASPs) is that MiCAR includes a “grandfathering” exemption under the new European Travel Rule. 

Let’s set the record straight: this is definitively not the case.

What Does Article 143(3) of MiCAR Really Say?

The much-discussed Article 143(3) states:

“Crypto-asset service providers that provided their services in accordance with applicable law before 30 December 2024, may continue to do so until 1 July 2026 or until they are granted or refused an authorization pursuant to Article 63, whichever is sooner.”

At first glance, this might appear to grant a blanket reprieve for CASPs operating before the cut-off date. In reality, the provision is far more limited in scope.

What This Provision Actually Means

While this transitional clause provides a limited window for CASPs to continue operating while applying for MiCAR authorization, it is not a free pass to avoid compliance. CASPs operating under existing frameworks—such as AMLD (Anti-Money Laundering Directive) or domestic AML/CFT regimes—must still adhere to all applicable AML/CFT requirements and that includes the Regulation (EU) 2023/1113, also know as the Transfer of Funds Regulation (TFR).

In simple terms:

• Yes, CASPs can keep operating during the transitional period.
• No, this does not exempt them from complying with the updated AML/CFT framework (including TFR).

The same stringent rules that apply to credit and financial institutions also apply to “grandfathered” CASPs.

The Travel Rule is Here to Stay

A major component of these regulations is the European Travel Rule, requiring CASPs to ensure that crypto transfers include comprehensive information about both originators and beneficiaries with the goal of preventing illicit activities like money laundering and terrorist financing in the crypto ecosystem and reporting it. This rule is non-negotiable and applies equally to CASPs during the transitional period.

Furthermore, CASPs engaging in transactions with self-hosted wallets or operating across borders will need to implement robust measures to trace and verify transfers.

Why Compliance Matters Now

While the transitional period may offer some operational flexibility, CASPs that delay in meeting compliance requirements risk jeopardizing their long-term viability. Here’s why:

• Increased Scrutiny: The EBA and upcoming EU AML Authority are tasked with enforcing strict compliance.
• Reputation at Stake: Operating without adherence to AML/CFT standards could harm trust with customers, partners, and regulators. As a matter of fact, we published earlier this year the results of our State of Crypto Travel Rule Report which showed from the survey that 66% of VASPs restrict withdrawals that do not comply with Travel Rule requirements
• Operational Risks: Failure to comply could lead to service suspension, fines, or denial of authorization.

For more on the risks of not complying with TFR, read our recent article on the Consequences of Non-Compliance with EU's Travel Rule After December 30th.

The Path Forward for CASPs

For CASPs looking to thrive under the new regime:

1. Act Now: Begin implementing Travel Rule solutions and robust AML/CFT measures immediately.
2. Understand the Framework: Familiarize yourself with MiCAR, Regulation (EU) 2023/1113, and the EBA Travel Rule Guidelines.
3. Prepare for Licensing: Gather the necessary documentation and establish a compliance-first culture to streamline your MiCAR authorization process.

Debunking the Myth

The takeaway is clear: there is no blanket “grandfathering clause” exempting CASPs from compliance. The transitional provision simply ensures continuity while maintaining full AML/CFT obligations.

As the compliance deadline of December 30, 2024 approaches, proactive measures will separate the leaders from those left scrambling to catch up. The time to act is now—ensure your operations are Travel Rule-ready and compliant with the evolving regulatory landscape.

Let’s work together to build a safe, compliant, and thriving crypto ecosystem in the EU. 🌍

As the EU’s Travel Rule regulations continue to advance, other global regions are beginning to feel the ripple effects. The Transfer of Funds Regulation (TFR), notably Regulation (EU) 1113/2023, sets stringent requirements on crypto asset service providers (CASPs) within the EU to mitigate risks of money laundering, terrorist financing, and other financial crimes. 

Yet, the effects of these rules extend beyond EU borders, influencing jurisdictions worldwide as they adapt to the standards set forth by these robust regulations.

Let’s have a look at some of the ways the EU’s TFR could impact regions globally.

A Surge in Global Compliance Demand

North America

VASPs in the US and Canada are closely observing the EU’s strict stance, with regulators considering updates or FAQs to enhance their own frameworks. The EU’s Travel Rule has set a benchmark, making it difficult for non-compliant entities to serve EU-based customers without adhering to similar standards.

Asia-Pacific

Countries like Singapore and Japan, which have already implemented Travel Rule provisions, are likely to refine their compliance measures further to align with EU requirements. This is especially important as EU-based financial institutions increasingly demand verification of counterparties in these regions.

Strengthening Due Diligence and AML Practices

The EU’s TFR mandates comprehensive due diligence for CASPs, which has led other jurisdictions to adopt or enhance similar anti-money laundering (AML) practices. For instance, LATAM countries, particularly those with high remittance flows, are tightening scrutiny on VASP activities to align with FATF recommendations and TFR influences.

For example, according to Reuters, Argentina’s cryptocurrency transactions have surged to $85.4 billion in the past year, raising concerns about money laundering. In response, the government is implementing new regulations, including a July 2024 fiscal package offering tax amnesty for individuals declaring up to $100,000 in registered crypto assets. This initiative aims to align with Financial Action Task Force (FATF) standards and prevent Argentina from being placed on the FATF’s grey list, which could deter foreign investment and harm the economy. Additionally, the government is amending laws related to money laundering and reporting entities to strengthen oversight of the crypto market. Regionally, the Financial Action Task Force of Latin America (GAFILAT), comprising 18 countries from South, Central, and North America, is enhancing anti-money laundering frameworks to align with global standards.

These efforts ensure that transactions from different regions meet EU standards, thereby reinforcing global AML practices.

Influencing Emerging Economies and Adoption Challenges

For emerging markets, particularly in Africa, the drive toward compliance is becoming essential as EU-based users and entities prefer to transact only with VASPs in compliance with their own regulatory standards. 

This could either foster rapid compliance adoption or limit market access for non-compliant VASPs in these regions. This was also noted in our State of Crypto Travel Rule Report where survey results showed that VASPs are increasingly intolerant towards transacting with counterparties that do not comply with the Travel Rule. In fact, over 66% of VASPs somehow restrict withdrawals that don't comply with Travel Rule requirements.

In Nigeria, a leading African cryptocurrency market, VASPs face pressure to align with international standards to maintain global market access. In December 2023, the Central Bank of Nigeria (CBN) issued guidelines for VASPs, lifting a two-year restriction on financial institutions operating accounts for cryptocurrency service providers or processing crypto-related transactions. However, smaller VASPs often struggle with the financial and operational burdens of compliance, creating a dichotomy:

• Rapid Compliance Adoption: VASPs that can afford necessary compliance measures may gain a competitive advantage by attracting EU-based clients and partners, thereby expanding their market reach.
• Limited Market Access: Conversely, VASPs unable to meet these standards risk exclusion from transactions with EU entities, limiting their growth potential.

This dynamic underscores the importance for African VASPs to invest in compliance infrastructure. While initial costs may be high, the long-term benefits include maintaining access to international markets, fostering trust with global partners, and enhancing the overall credibility of the African cryptocurrency market, which can attract more investors and users.

Increasing Demand for Compliance Technology

As VASPs worldwide aim to meet EU standards, the demand for compliance technology is surging. Many are adopting regtech solutions to streamline KYC, AML, and data-sharing processes, enabling efficient alignment with international standards, particularly for cross-border transactions. This trend is reshaping how global VASPs approach compliance.

The Road Ahead: Potential Challenges and Opportunities

The EU’s TFR is reshaping the regulatory landscape, creating both challenges and opportunities for global VASPs. Increased regulatory pressure may lead to market consolidation, where larger entities excel while smaller players struggle to adapt. However, harmonized regulations promise more secure, trustworthy global transactions, offering users a safer and more navigable digital asset ecosystem.

This evolving environment demands proactive investment in compliance solutions. For VASPs, adapting to these changes is not just a regulatory necessity—it’s an opportunity to enhance credibility, foster innovation, and help standardize the global digital transaction landscape.

If your business is located outside of the EU and you would like to speak with our team about implementing a TFR-compliant Travel Rule program, you can schedule a free demo of our solution at notabene.id/demo

Lately, we’ve been hearing a recurring question from our customers and prospects: Is the EU Transfer of Funds Regulation (TFR) being postponed by six months? Let’s set the record straight.

The short answer: No, the TFR is not being delayed.

Understanding the Source of the Confusion

This misunderstanding likely stems from recent discussions around MiCA (Markets in Crypto-Assets) regulatory technical standards (RTS). As members of BlockchainForEurope, we’ve joined others in addressing concerns about MiCA’s RTS and its implementation timeline. The letter we co-signed with other industry members highlights several key challenges that MiCA introduces, including:

1. Timing and Legal Uncertainty: With less than two months left before MiCA’s application on December 30, 2024, delays in RTS adoption have left both national competent authorities (NCAs) and CASPs scrambling to prepare.
2. Inconsistent Transitional Periods: Divergent “grandfathering” clauses across Member States create a compliance patchwork—5 months in Lithuania versus 18 months in France—undermining the intended harmonization.
3. Foreseeable Delays and Risks: Without coordinated measures, we risk regulatory uncertainty, market disruptions, and reputational harm, detracting from MiCA’s goals.
4. Operational Challenges: CASPs face impractical requirements, such as applying in all Member States, while some states have ceased accepting pre-MiCA applications.
5. Proposed Mitigations: The letter calls for ESMA to issue a “no action” letter to promote consistency among NCAs and extend transitional arrangements.

How Does This Relate to TFR?

It’s crucial to understand that MiCA and TFR are separate regulations. While MiCA includes transitional or “grandfathering” clauses for existing CASPs, the TFR does not.

For TFR, there is no "traditional" transitional period. Under the EBA Travel Rule Guidelines, until July 31, 2025, CASPs may exceptionally use infrastructures or services with technical limitations, but are required to implement additional technical steps to ensure full compliance with the requirements. This does not exempt them from Travel Rule compliance. CASPs using such infrastructures are required to take additional technical steps to ensure full compliance with the Travel Rule during this period. This means that all existing CASPs, regardless of their new status, must fully comply with the TFR requirements by the official application date. Any delays or mitigations proposed under MiCA will not directly impact TFR timelines.

Failing to comply with the TFR by the December 30, 2024, deadline carries serious consequences, including the potential for service disruptions, reputational damage, and regulatory penalties. We recently explored this topic in detail in our article: The Consequences of Non-Compliance with the EU’s Travel Rule After December 30th. If you’re preparing for compliance, it’s worth a read.

At Notabene, we’re committed to helping businesses navigate these regulatory complexities. If you have questions or concerns about preparing for the TFR, we’re here to help. Feel free to reach out to our Regulatory & Compliance team at [email protected] 

Celebrating 25 Million Transfers and $500B in Transaction Volume Processed on the Notabene Network

We’re so proud to announce that Notabene has reached a significant milestone – processing over 25 million transactions and $500B in transaction volume through our secure Travel Rule compliance solution. This achievement underscores our position as the industry’s largest active Travel Rule network, as well as our commitment to facilitating secure and compliant cryptocurrency transactions on a global scale.

As a leader in Travel Rule compliance since 2020, Notabene has been at the forefront of enabling Virtual Asset Service Providers (VASPs) to meet regulatory requirements while maintaining the efficiency and speed that crypto users expect. Our solution has become an integral part of the crypto ecosystem, bridging the gap between traditional financial regulations and the innovative world of digital assets.

Reaching 25 million transactions is not just a number—it's a testament to the scale and impact of our solution in the crypto compliance industry. This milestone has far-reaching implications for the broader crypto ecosystem. It demonstrates that large-scale compliance is not only possible but can be achieved without sacrificing the speed and efficiency that are hallmarks of cryptocurrency transactions. It also shows that the industry is maturing, with VASPs increasingly prioritizing regulatory compliance as part of their operations.

By facilitating 25 million compliant transactions, Notabene has played a crucial role in driving Travel Rule compliance within the crypto industry. This has contributed to increased trust and legitimacy in the eyes of regulators and traditional financial institutions, while enabling our customers to grow their business in a scaleable way.

Our Journey to 25 Million

The path to 25 million transactions has been marked by continuous innovation, strategic partnerships, and overcoming significant challenges in partnership with our valued customer base. Along the way, we have:

• Launched our first Travel Rule solution in 2020
• Expanded our network to include VASPs from over 50 countries
• Implemented support for multiple blockchain protocols and countless crypto wallets
• Launched first of its kind Phased Implementation Plan to aid VASP roll out of Travel Rule
• Launched the first Travel Rule Certification program in the crypto industry
• Engaged extensively with regulators and industry associations to address some of the most complex challenges in implementing the Travel Rule
• Developed and released the Transaction Authorization Protocol (TAP), a decentralized protocol solution for the entire industry
• Launched our innovative SafeTransact for Networks, bringing a layer of compliance to the robust networks where transactions already occur
• Built a best-in-industry self-hosted wallet solution that provides end-users with an elegant UX with a simple and powerful embeddable component

And we’re just getting started.

We will continue to rapidly grow our network volume by adapting to rapidly evolving regulations, ensuring interoperability with various VASP systems, and maintaining the highest standards of data security and privacy.

As we celebrate this milestone, we want to highlight our commitment to being the leading provider of Travel Rule solutions in the cryptocurrency space. This achievement would not have been possible without the trust and collaboration of our partners, clients, and the dedicated Notabene team.

To VASPs not yet on our network, there’s never been a better time. Join the largest and most far-reaching Travel Rule compliance network in the crypto industry.

Contact our team to learn how Notabene can help your organization meet Travel Rule requirements and be part of the next 25 million transactions.

For compliance professionals across Europe, the Transfer of Funds Regulation (TFR) plays a pivotal role in enhancing transparency and combating money laundering and terrorist financing. While its primary objective is to align with the Financial Action Task Force’s (FATF) “Travel Rule” for European Union (EU) member states, it’s equally important—but sometimes overlooked—that it also applies to the European Economic Area (EEA) member states, namely Norway, Iceland, and Liechtenstein. This blog post delves into how the TFR extends to the EEA, ensuring a homogeneous regulatory framework across the region.

TFR in the EEA: Not Just an EU Regulation

The TFR was first established under Regulation (EU) 2015/847*, mandating that financial service providers share information accompanying transfers of funds. This regulation is designed to combat money laundering and terrorist financing by ensuring transparency in financial transactions. When the regulation was introduced, the EEA Joint Committee, responsible for aligning EEA non-EU members with relevant EU regulations, formally incorporated it into the EEA Agreement.

EEA Joint Committee Decision No. 198/2016*, adopted on 30 September 2016, amended Annex IX (Financial Services) of the EEA Agreement to include the TFR, thereby extending its applicability to Iceland, Liechtenstein, and Norway. This decision ensured that non-EU EEA members implement the TFR within their financial systems, thus aligning their AML measures with EU standards.

The Complete List of EEA Countries Impacted by the TFR

Understanding which countries the TFR applies to is key for compliance. Here’s the full list of EEA member states:

EU Member States (27 countries): 

• 🇦🇹 Austria
• 🇧🇪 Belgium
• 🇧🇬 Bulgaria
• 🇭🇷 Croatia
• 🇨🇾 Cyprus
• 🇨🇿 Czech Republic
• 🇩🇰 Denmark
• 🇪🇪 Estonia
• 🇫🇮 Finland
• 🇫🇷 France
• 🇩🇪 Germany
• 🇬🇷 Greece
• 🇭🇺 Hungary
• 🇮🇪 Ireland
• 🇮🇹 Italy
• 🇱🇻 Latvia
• 🇱🇹 Lithuania
• 🇱🇺 Luxembourg
• 🇲🇹 Malta
• 🇳🇱 Netherlands
• 🇵🇱 Poland
• 🇵🇹 Portugal
• 🇷🇴 Romania
• 🇸🇰 Slovakia
• 🇸🇮 Slovenia
• 🇪🇸 Spain
• 🇸🇪 Sweden

EEA EFTA States (3 countries): 

• 🇮🇸 Iceland
• 🇱🇮 Liechtenstein
• 🇳🇴 Norway
  

It’s worth noting that 🇨🇭 Switzerland, although part of the European Free Trade Association (EFTA), is not a member of the EEA and is therefore not directly subject to the TFR.

How the TFR Enhances AML/CFT Measures Across the EEA

The TFR strengthens AML and Counter Financing of Terrorism (CFT) measures by requiring payment service providers to attach detailed payer and payee information to transfers of funds. For the EEA as a whole, this means consistent AML compliance standards for financial institutions across both EU and non-EU EEA states.

When Regulation (EU) 2023/1113* updated the TFR, it further extended these obligations specifically for virtual asset service providers (VASPs), bringing them under the same AML/CFT standards. This update is part of the EU’s broader Markets in Crypto-Assets (MiCA) framework, which aims to regulate cryptocurrency service providers consistently across the EEA.

This update extended obligations to VASPs across the EEA as part of the region’s coordinated AML/CFT strategy and ensured that virtual asset transfers include necessary information about the originator and beneficiary, aligning with the FATF’s Travel Rule.

Implications of the TFR for Financial Institutions and VASPs in the EEA

The TFR’s incorporation into the EEA Agreement means that financial institutions, including VASPs in Iceland, Liechtenstein, and Norway, must now comply with the same AML requirements as those in the EU. This uniformity is essential for:

1. Legal Alignment: Ensuring a homogenous legal framework across all EEA member states.
2. Compliance Requirements: Enforcing the same level of scrutiny for fund transfers within the EEA, enhancing transparency and reducing regulatory disparities.
3. AML/CFT Strengthening: Bolstering defenses against money laundering and terrorism financing across borders, especially in high-risk sectors like virtual assets.

Why Compliance Professionals Shouldn’t Overlook EEA Obligations

For compliance officers, particularly those dealing with cross-border transactions, it’s essential to remember that the TFR’s obligations span the entire EEA. Ignoring the non-EU EEA countries—Norway, Iceland, and Liechtenstein—can lead to gaps in compliance, risking penalties and reputational damage. Every compliance framework and transaction protocol should therefore account for the TFR’s reach across these territories.

The TFR is not just an EU obligation; it applies to the entire EEA, including Iceland, Liechtenstein, and Norway. Its aim is to create a consistent and robust AML framework across Europe, aligning the EEA non-EU members with the EU’s AML/CFT standards. Compliance professionals and financial institutions should ensure that their policies and procedures reflect this broader scope of the TFR, safeguarding against regulatory and operational risks in today’s complex financial landscape.

Where to Find Further Guidance on EEA Compliance

The EFTA Secretariat offers access to legal texts and guidance on implementing EU regulations within the EEA, including the TFR. Additionally, each EEA EFTA state’s financial supervisory authority provides national guidelines to help institutions comply with the regulation’s requirements.

For more detailed information on the TFR’s integration into the EEA, refer to EEA Joint Committee Decision No 198/2016, published in the EEA Supplement to the Official Journal of the European Union. The official EFTA website also provides a repository of EEA-related legislative documents, ensuring that compliance professionals have the resources they need to meet EEA-wide AML standards.

*Sources

Regulation (EU) 2015/847 - https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32015R0847#ntr2-L_2015141EN.01000101-E0002

EEA Joint Committee Decision No. 198/2016 -  https://www.efta.int/sites/default/files/documents/legal-texts/eea/other-legal-documents/adopted-joint-committee-decisions/2016%20-%20English/198-2016.pdf

Regulation (EU) 2023/1113 - 3 https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32023R1113

Nearly five years ago when Alice, Ania, Andrés, and I sat down to start our journey to making crypto part of the everyday economy, we realized it was an amazing opportunity for us to really solve some of the foundational issues we saw were inherent in crypto and the crypto industry of 2020.

Trust between the many varied crypto native institutions, traditional finance, and global regulators seemed missing and, frankly, not many people cared back then. As early Bitcoin and Web3 developers, we believe in the importance of decentralization and people managing their own keys. And yet we also realized that institutions are as critical to scaling and making crypto safe for regular people and use-cases as they are in the cash-based economy.

Thus, our simple plan: to help crypto native companies trust each other and allow regulators to feel safe and comfortable for their constituents to entrust their money with this new generation of crypto native fintechs. This is ultimately about adoption of crypto and stablecoins globally with everyone and everywhere. 

Announcing our Series B

Today marks a significant milestone in Notabene's journey, as we announce our $14.5 million Series B funding round led by DRW VC, with participation from funds managed by Apollo, Nextblock, and Wintermute, along with existing investors CMT Digital, F-Prime, Green Visor Capital, Illuminate Financial, Jump Capital, Signature Ventures, and Y Combinator. This investment is a testament to our vision of building a trust infrastructure that enables all financial institutions—from crypto natives to traditional banks—to transact securely and confidently in the digital age.

It's noteworthy that DRW, Wintermute, and Jump (who co-lead our Series A) are all major players in providing the critical underlying liquidity that powers the crypto ecosystem. Their participation underscores their deep understanding of the importance of institutional trust infrastructure in driving the industry forward.

Our Journey So Far

We recognized early that the future of finance would require a new kind of trust infrastructure. Traditional finance relies on centralized gatekeepers, while crypto operates on trustless technology. We saw the need for a middle ground—a way for institutions to build trust through transparency and verifiable credentials while maintaining their autonomy.

What started as helping companies implement the Travel Rule has evolved into something much more fundamental: a decentralized trust network that enables any financial institution to verify, trust, and transact with counterparties globally. Today, having processed nearly $500B in transactions through our Transaction Authorization Network, we've proven that compliance and transaction volume can go hand in hand when built on the right foundation.

Why Institutional Trust Infrastructure Matters More Than Ever

The financial industry stands at a crossroads. Crypto natives have built incredible technology but struggle with trust. Traditional financial institutions have deep trust relationships but are constrained by legacy infrastructure. Fintech companies are bridging the gap but need better tools to build trust with both sides. These dynamics create the perfect conditions for a new kind of financial infrastructure built on verifiable trust rather than centralized gatekeepers.

Nowhere is this more evident than in the evolution of stablecoins. While stablecoins solve the fundamental challenge of instant, 24/7 settlement, they can only replace traditional settlement rails if institutions can trust who they're transacting with before they send funds. This is where our pre-transaction authorization infrastructure becomes crucial—enabling institutions to verify counterparty identity, assess risk, and ensure compliance before a single dollar moves.

What excites me most is seeing how our trust network enables entirely new ways of collaboration between different types of financial institutions. When a crypto exchange can instantly verify the compliance credentials of a traditional bank, when a fintech can prove its trustworthiness to multiple partners simultaneously, when institutions can maintain their high standards while embracing innovation—that's when we know we're building something transformative.

Building the Trust Network

This funding will accelerate our vision in three key areas:

1. Network Expansion: Our network of 165 customers and 1,600 profiles is just the beginning. We're building the world's most comprehensive network of verified institutional identities, enabling any financial institution to find and trust counterparties globally.

2. Trust Infrastructure: We're investing heavily in our pre-transaction authorization platform and decentralized trust infrastructure. This enables institutions to comply with regulations and build verifiably trusted relationships at the scale needed for stablecoins to become the next generation of settlement rails. By solving the "trust gap" that has held back institutional stablecoin adoption, we're helping create a future where instant, global settlement is the norm, not the exception.

3. Global Standards: We're working with regulators and industry leaders, particularly in the EU with MiCA and the US, to establish standards for institutional trust that work for everyone - from the most innovative crypto native to the most conservative bank. These standards will be crucial as stablecoins increasingly become part of the core financial infrastructure.

A Foundation Built on Trust

Our success comes from understanding that trust can't be enforced - it must be earned and verified. We've built a team that deeply understands both traditional finance's trust requirements and decentralized technology's innovative potential. This unique perspective allows us to bridge the gap between stablecoins' instant settlement capabilities and institutional finance's trust requirements.

DRW's Kimberly Trautmann captures this well: "Notabene offers a comprehensive and efficient way to track and disclose who an asset is being sent to, which is critical for Virtual Asset Service Partners. We believe Notabene is positioned to be the provider of choice."

To Our Stakeholders

To our customers: Thank you for your trust. We're committed to being your long-term partner in building compliant digital payment infrastructure. This funding will help us serve you better and support your growth.

To our team: Your dedication to solving hard problems while maintaining the highest compliance and security standards has brought us here. We're just getting started.

To our investors: Thank you for believing in our vision. We're building infrastructure that will reshape how value moves around the world.

The Road Ahead

The next phase of finance will be defined by how successfully different types of institutions can work together. This isn't just about compliance or technology, it's about building an ecosystem where traditional banks, fintechs, and crypto companies can each maintain their identity while building meaningful trust relationships with others.

We see a clear path to stablecoins becoming the backbone of institutional settlement. The technology for instant, 24/7 settlement exists today—what's missing is the trust infrastructure to make it work at scale. By solving the critical challenges of pre-transaction authorization and institutional trust, we're removing the final barriers to widespread stablecoin adoption.

We're creating a world where a bank can instantly verify a crypto exchange's compliance credentials, a fintech can prove its trustworthiness to multiple partners simultaneously, and innovation doesn't come at the cost of trust. A world where institutions don't need centralized gatekeepers to trust each other because they have the tools to verify trust directly. A world where settling a cross-border payment is as instant and simple as sending an email but with all the trust and security that institutions require.

Our journey continues, and we're more excited about what's ahead. If you're interested in being part of building this trust-based future - whether as a customer, partner, or team member - we'd love to hear from you.

The future of finance is being built today, and it's being built on verifiable trust relationships between sovereign institutions. We're proud to be leading the way. Our vision of crypto being a key part of the everyday economy is closer than ever.

‍

‍

Pelle Brændgaard is the CEO and co-founder of Notabene. Follow him on Twitter @pelleb for more insights on the future of compliant digital payments.

NEW YORK, NY – November 12, 2024 – Notabene, a leading provider of cryptocurrency compliance solutions, today announced it has raised $14.5 million in a Series B funding round led by DRW VC, with participation from funds managed by Apollo, Nextblock, and Wintermute, along with existing investors CMT Digital, F-Prime, Green Visor Capital, Illuminate Financial, Jump Capital, ParaFi Capital, Signature Ventures, and Y Combinator. The funding will accelerate Notabene’s mission to make crypto payments a part of the everyday global economy by fostering open, secure, and compliant transactions.

Regulators now require crypto companies such as exchanges, wallet providers, and payment processors to securely exchange information about sender and receiver, just like they already do in traditional payments. This so-called Travel Rule is now a requirement in most global financial centers.

Having already helped process half a trillion dollars worth of transactions, Notabene is the leading global platform and network for compliant crypto payments. By automating the secure transfer of sensitive data between institutions, Notabene simplifies this complex process that is virtually impossible for companies to implement independently.

Kimberly Trautmann, Partner and Head of DRW VC, the round’s lead investor, emphasized the significance of Notabene’s work in this emerging financial ecosystem:

“Notabene offers a comprehensive and efficient way to track and disclose who an asset is being sent to, which is critical for those who facilitate the exchange, transfer, safekeeping, and administration of virtual assets (Virtual Asset Service Partners or VASPs) and need to be compliant with the Travel Rule. We believe Notabene is positioned to be the provider-of-choice, as it allows users to achieve real-time compliance, is protocol agnostic and does not require exposing sensitive information to other market participants.”

Notabene is expanding its focus to support the growing number of traditional financial institutions moving into digital payments. With over $20T in stablecoin transactions processed last year, global adoption is on the rise and poised to be crypto’s long-awaited killer use case. The key to unlocking stablecoins’ potential as fast, low-cost, borderless payments is a secure and transparent system – one that’s open and not controlled by any single entity. Notabene offers the essential infrastructure for compliance, reconciliation, and safety, enabling open, interoperable payment networks that will drive the next wave of adoption.

Notabene’s CEO, Pelle Brændgaard, underscores the company’s vision for the future of payments:

“We’ve already established ourselves as a pioneer in Travel Rule compliance, and now, as regulatory clarity grows and adoption scales, we are positioned to do the same for payments. By enabling secure, compliant, and open digital asset transactions, we’re helping shape the next generation of global financial infrastructure. Our philosophy of building open networks to maximize reachability between transacting counterparties will be a key driver of adoption with both crypto-native organizations, as well as incumbent players in traditional finance that are showing an increased interest in digital assets and blockchain payment solutions.”

Notabene’s platform has seen a rapid 10x increase in transaction volumes over the past year, totaling nearly $500 billion in transaction volume—solidifying the company’s role as a trusted provider in the compliance space. With over 165 companies using the platform, including some of the largest virtual asset service providers (VASPs) globally such as Copper, OKX, and Robinhood, as well as working relationships with regulatory bodies across hundreds of global jurisdictions, Notabene has built the largest network of transacting counterparties in the market today.

Alexander Ross, General Partner, Head of NYC for investor Illuminate Financial, added:

“As the existing market leader for Travel Rule compliance, we believe Notabene has the potential to become the “SWIFT network” for blockchain transactions. There is a desperate need for a secure network to share all transaction metadata. This will enable compliance with global regulations and is a key pillar to unlocking mass adoption of stablecoins for payments. We have been working with the founders since 2021 and believe they are the best positioned to execute this vision.”

With this raise, Notabene is set to continue its mission to bring crypto and stablecoins into everyday global payments. It will help grow the industry's only open compliant payments network to support more use cases and new market entrants.

“With $20 trillion in stablecoin transactions processed last year, stablecoins are emerging as the preferred method for fast, low-cost global payments,” said Pelle Brændgaard, Notabene CEO. “As regulatory clarity expands, traditional financial institutions are beginning to recognize stablecoins’ potential. Notabene’s role as a trusted compliance provider is critical to unlocking this potential and establishing stablecoins as a legitimate payment medium worldwide.”

About Notabene

Notabene is the leading crypto payment authorization network, enabling secure, transparent, and compliant transactions for financial institutions around the world. With a platform that facilitates transactions in over 80 jurisdictions, supports over 165 companies, and has processed half a trillion dollars in transaction volume, Notabene is setting the standard for compliant transactions in the digital asset space.

For more information, please visit notabene.id.

‍

As the European Union's Transfer of Funds Regulation (TFR) comes into force on December 30th, 2024, Crypto Asset Service Providers (CASPs) and other obliged entities must be prepared for the stringent compliance requirements. But what happens if an entity fails to comply after this crucial date? Let's explore the potential consequences of non-compliance with the TFR.

1. Financial Penalties

One of the most immediate and tangible consequences of non-compliance is the imposition of financial penalties. These can be substantial and may vary depending on the severity of the breach and the specific regulations in each EU member state. It's important to note that:

• Penalties can accumulate, potentially resulting in daily fines
• Non-compliant CASPs may face enhanced regulatory oversight
• Increased compliance costs and operational burdens may be necessary to resolve deficiencies

2. Criminal and Administrative Sanctions

In more severe cases, particularly those involving deliberate non-compliance or gross negligence, entities and individuals may face criminal or administrative sanctions. This can include:

• Criminal liability for Chief Compliance Officers (CCOs) or executives responsible for overseeing AML/CFT protocols
• Administrative sanctions that could significantly impact business operations

3. Regulatory Sanctions

While exact details may vary, it's likely that regulatory sanctions for non-compliance could be severe:

• Suspension or revocation of operating licenses within the EU
• Restrictions on certain activities or prohibitions on cross-border crypto-asset transfers

4. Reputational Damage

In the highly regulated EU market, reputation is crucial. Non-compliance can lead to:

• Loss of trust from customers and partners
• Negative publicity that can be challenging to overcome
• Long-term impact on business relationships and growth opportunities

5. Heightened Regulatory Scrutiny

Entities found to be non-compliant will likely face increased attention from regulators:

• More frequent audits and inspections
• Increased reporting obligations, adding administrative burdens and costs
• Requirements to submit additional documentation to demonstrate compliance improvements

6. Counterparty Risks

Non-compliance can also affect business relationships:

• Counterparties may report non-compliance to regulators
• Partners may be hesitant to work with non-compliant entities
• This can lead to lower transaction volumes and overall business success

While no one has a crystal ball, the consequences of non-compliance with the EU's TFR after December 30th, 2024, are far-reaching and potentially severe. From financial penalties to reputational damage, the possible risks suggest that CASPs and other obligated entities should take seriously the need to be fully prepared with a TFR-ready Travel Rule solution when the regulation comes into force.

‍

When I spoke about the Dawn of Travel Rule at the GBBC Members Forum, I spoke about the importance of not only sending and receiving Travel Rule messages, but responding to them as well.

Why is this so important? Simply put, at this point in our Travel Rule timeline (5 years since first adoption), supervisory authorities are starting to evaluate the effectiveness of Travel Rule. This means taking a closer look at one key requirement, which is responding to Travel Rule messages. Depending on the jurisdiction, it is no longer okay to only send a transfer and state to a regulator that “As a VASP, I am Travel Rule Compliant”. You will have to also demonstrate that you have been responding to incoming messages from counterparties.

Why Responding Matters

As the industry evolves, responding accurately to Travel Rule requests is not just a "nice-to-have" feature; it’s a compliance obligation that can impact a firm’s ability to do business. Let’s take a closer look at some of the key reasons why.

1. Compliance Requirements

Many jurisdictions have regulations explicitly mandating that VASPs engage in a two-way dialogue for Travel Rule compliance. This means that merely sending the required information is not enough—you must also respond to missing or incomplete data, and provide follow-up information when requested by counterparties or authorities. Failure to do so can put your business at risk of non-compliance and possible subject to fines or penalties.

Let’s take a look at just a few jurisdictional regulations (this is not the exhaustive list) that emphasize not only the need to send and receive required information but also the importance of responding to travel rule messages. You might note that these rules are primarily in the context of providing required transfer details back when there is incomplete or missing information.

European Union

The EU’s Transfer of Funds Regulation (TFR) goes beyond requiring accurate originator and beneficiary information. It mandates that CASPs (Crypto Asset Service Providers) request missing details and actively respond to counterparty requests to rectify discrepancies. Specifically, Article 16(1) and Article 17 of the TFR require prompt follow-up and compliance checks. Full details at the bottom of this article.

United States

The FinCEN Travel Rule requires U.S.-based VASPs to provide specified information for transactions over $3,000. This includes responding to any queries or compliance checks from counterparties. Ignoring such requests or failing to engage can be seen as regulatory non-compliance, particularly in the context of suspicious transactions. Full details at the bottom of this article.

United Kingdom

Under the Money Laundering Regulations (MLR), VASPs are required to take proactive steps if information is missing or incomplete. For example, if a discrepancy is detected, the VASP must request the missing information, delay the transaction, or, in some cases, even return the crypto assets. Such procedures necessitate a robust response mechanism. Full details at the bottom of this article.

Singapore

Under the Payment Services Act (PSA), the Monetary Authority of Singapore (MAS) implements FATF’s Travel Rule. VASPs must gather, verify, and transmit required information, and are expected to “provide value transfer information” by a certain time frame which can only be done through a response. For example, the legislation states that “In a value transfer where the amount to be transferred is below or equal to S$1,500…….the ordering institution shall provide the value transfer originator information and value transfer beneficiary information set out in paragraph 13.4(a) to (d) within 3 business days of a request for such information…” Full details at the bottom of this article.

Across these global regulations, the emphasis is clear: while sending and receiving information is essential, responding to travel rule transfers is equally important. This includes engaging with counterparties to verify, request additional information, and ensure compliance with AML/CFT obligations. A lack of response or failure to follow up on incomplete or suspicious transfers can result in non-compliance and regulatory scrutiny.

2. Counterparty Trust and Business Relationships

VASPs are increasingly choosing to limit their transactions to compliant counterparties. This trend is evident in Notabene’s own research, where 66% of surveyed VASPs reported restricting withdrawals with entities that do not comply with the Travel Rule. Failing to respond to a Travel Rule message sends a strong signal to your counterparties that your business may not be fully committed to compliance, leading them to potentially cut off transactions altogether.

3. Operational Efficiency and Risk Management

Failing to respond promptly to Travel Rule messages can create bottlenecks in your transaction workflows, resulting in increased operational costs and slower settlements. Having an automated system like Notabene’s SafeTransact that not only sends and receives messages but also monitors and responds to them can help streamline compliance processes and reduce the risk of human error.

Real-World Implications: What Happens When You Don’t Respond?

If a VASP fails to respond to a Travel Rule message, several scenarios could unfold:

Regulatory Penalties and Fines

Non-compliance can result in significant fines or penalties from regulatory bodies.

Counterparty De-Risking

If a counterparty sees that you are not responding to compliance messages, they may choose to de-risk by ceasing all business activities with your VASP, resulting in lost revenue and a damaged reputation.

Loss of Market Access

As global jurisdictions begin implementing stricter compliance rules, VASPs that are flagged for non-compliance may find themselves unable to operate in key markets.

Notabene’s Approach: Streamlining and Automating Responses

The complexity of responding to Travel Rule messages often stems from inconsistent regulations across jurisdictions. Notabene’s solution simplifies this by offering a unified platform that helps businesses automatically detect missing or incomplete data, sends requests for clarification, and ensures compliance through automated responses.

Notabene’s SafeTransact for Networks automates the end-to-end compliance process, enabling customers to respond to Travel Rule requests in real-time, ensuring compliance without disrupting business operations.

Responding to Travel Rule messages is not just about meeting regulatory expectations; it’s about building trust in the industry. As the market matures, businesses that invest in compliance today will be best positioned to thrive tomorrow.

By actively responding to Travel Rule messages, your business is not only complying with global regulations but also paving the way for more secure and efficient transactions, making you a preferred partner for other VASPs and financial institutions.

Want to learn more about how Notabene’s solution can help streamline your Travel Rule compliance? Book a call with our team today.

‍

‍

Addendum

European Union (EU) - Transfer of Funds Regulation (TFR) (Regulation (EU) 2015/847)

Articles 16(1) and 17 of the Transfer of Funds Regulation outline the responsibilities of Crypto Asset Service Providers (CASPs) to ensure that all transfers include accurate and complete originator and beneficiary information. They also specify that CASPs must request missing information  from the sender's VASP and actively engage when information is incomplete. Responding  to these situations is crucial for compliance.

“crypto-asset service providers should ensure that the information on the ... originator and the beneficiary is not missing or incomplete.” (Par. 28)

“With the aim of assisting payment service providers and crypto-asset service providers to put effective procedures in place to detect cases in which they receive transfers of funds or transfers of crypto-assets with missing or incomplete information on the payer, payee, originator or beneficiary and to take effective follow-up action, “ (Par. 51)

“To enable prompt action to be taken in the fight against money laundering and terrorist financing, payment service providers and crypto-asset service providers should respond promptly to requests for information on the payer and the payee or on the originator and the beneficiary from the authorities responsible for combating money laundering or terrorist financing in the Member State where those payment service providers are established or where those crypto-asset service providers have their registered office” (Par. 53)

Further, according to the final Travel Rule Guidelines¹ by the European Banking Authority that accompany the TFR paragraph 56 states:

“Where the PSP, IPSP, CASP or ICASP requests required information that is missing, it should set a reasonable deadline by which the information should be provided. This deadline should not exceed three working days for transfers taking place within the Union, and five working days for transfers received from outside of the Union, starting from the day the PSP, CASP, IPSP or ICASP identifies the missing information”

¹https://www.eba.europa.eu/sites/default/files/2024-07/6de6e9b9-0ed9-49cd-985d-c0834b5b4356/Travel%20Rule%20Guidelines.pdf

‍

United States - Financial Crimes Enforcement Network (FinCEN) Travel Rule (31 CFR 1010.410)

The FinCEN Travel Rule mandates U.S. based VASPs (CVC’s) and financial institutions to collect, retain, and transmit specified information on fund transfers over $3,000. Responding to requests for additional details or missing information is required, particularly in suspicious cases or incomplete transfers.

“The money transmitter must obtain or provide the required regulatory information either before or at the time of the transmittal of value, regardless of how a money transmitter sets up their system for clearing and settling transactions, including those involving CVC” (Fincen Guidance FIN-2019-G001)

United Kingdom - The Money Laundering and Terrorist Financing (Amendment) (EU Exit) Regulations 2019

The UK’s Money Laundering Regulations (MLR) require VASPs to ensure full compliance with AML/CTF requirements, including receiving and transmitting required travel rule information.  Further, there are requirements around reporting to FCA those that do not provide the required information back. Hence this really underscores the responsibility of VASPs to respond to inquiries from counterparties and authorities when information is missing or insufficient.

“(2) Where the cryptoasset business of the beneficiary becomes aware that any information required by regulation 64C to be provided is missing or does not correspond with information verified by it under Part 3, the cryptoasset business of the beneficiary must— (a) request the cryptoasset business of the originator to provide the missing information; (b) consider whether to make enquiries as to any discrepancy between information received and information verified by it under Part 3; and (c) consider whether— (i) to delay making the cryptoasset available to the beneficiary until the information is received or any discrepancy resolved; and (ii) if the information is not received or discrepancy resolved within a reasonable time, to return the cryptoasset to the cryptoasset business of the originator. (3) In deciding what action to take under paragraph (2)(c) the cryptoasset business must have regard to— (a) the risk assessments carried out by the cryptoasset business under regulations 18(1) (risk assessment by relevant persons) and 18A(1) (risk assessment by relevant persons in relation to proliferation financing); and (b) its assessment of the level of risk of money laundering, terrorist financing and proliferation financing arising from the inter-cryptoasset business transfer……."

(5) The cryptoasset business of a beneficiary must report to the FCA repeated failure by a cryptoasset business to provide any information required by regulation 64C as well as any steps the cryptoasset business of the beneficiary has taken in respect of such failures.  (Par 64D)

Singapore - Payment Services Act (PSA) and FATF Travel Rule Implementation

Under the Payment Services Act (PSA), the Monetary Authority of Singapore (MAS) implements FATF’s Travel Rule. VASPs must gather, verify, and transmit required information, and are expected to “provide value transfer information” by a certain time frame which can only be done through a response. For example,  “In a value transfer where the amount to be transferred is below or equal to S$1,500…….the ordering institution shall provide the value transfer originator information and value transfer beneficiary information set out in paragraph 13.4(a) to (d) within 3 business days of a request for such information…….”

As the Head of Regulatory and Compliance at Notabene, I've been at the forefront of discussions about one of the most pressing issues keeping compliance officers awake at night: How do you handle non-compliant deposits under the Travel Rule in the EU and other jurisdictions?

The implementation of the Travel Rule is an essential step in ensuring compliance with anti-money laundering (AML) and counter-terrorist financing (CTF) regulations. But this regulatory evolution brings a real challenge—how should Crypto Asset Service Providers (CASPs) respond when they receive non-compliant deposits? The issue isn’t only theoretical; it’s something that every CASP will face.

The Challenge of Non-Compliant Deposits

With the implementation of the Travel Rule, non-compliant deposits are an inevitable reality. These can arise from various scenarios(^1) that beneficiary CASPs must be prepared to address such as:

1. Deposits originating outside of approved CASPs
2. Deposits from approved CASPs with insufficient Travel Rule information
3. Deposits from approved CASPs with inconsistent beneficiary information
4. Deposits from approved CASPs where the originator is not an allowed person 

Without a clear policy or well-defined workflow, the risks are high and these issues can disrupt the user experience, complicate operations, and even lead to asset loss. Each scenario requires a well-thought-out policy and workflow to address it effectively while minimizing disruption to user experience.

Non-Compliance Under the EU’s TFR (Regulation 1113/2023)

In the EU, Travel Rule under the TFR (Regulation 1113/2023)(^2) places significant responsibility on beneficiary CASPs. Articles 14, 16, and 17 of the regulation clearly outline the need for accurate originator and beneficiary information to be included with each transaction. The challenge lies in the fact that beneficiary CASPs can't proactively block incoming deposits. They must rely on the originating CASP's compliance to meet their obligations. This creates a complex situation where beneficiary CASPs must navigate between regulatory compliance and customer service. Despite beneficiary CASPs having less control over incoming deposit flows than originating CASPs, they must still enforce compliance, using methods such as post-monitoring or suspending suspicious transactions.

Under Article 17, CASPs must implement risk-based procedures to determine whether to execute, reject, return, or suspend transfers of crypto-assets that lack the required information. Non-compliant transactions must be carefully reviewed, with potential responses ranging from requesting missing data to returning the crypto-assets to the originator.

But the process isn't simple. For instance, a transfer may originate from a wallet that no longer belongs to the sender. Or, the originator may have no account with an approved CASP. How do you return the funds then? The answers are not always straightforward, and the EU’s TFR leaves room for a risk-based approach to address these scenarios.

Developing a Policy for Travel Rule Non-Compliant Deposits

At the heart of handling non-compliant deposits is the necessity of a clear, risk-based policy which is part of every industry best practice. This policy must account for several key steps:

1. Withhold assets until compliance is achieved: If the necessary Travel Rule information is missing, the assets should not be made available to the beneficiary until compliance is ensured. This may require collecting additional information or performing enhanced due diligence.
2. Return non-compliant assets promptly: Where compliance cannot be achieved, CASPs should have clear procedures for returning the assets to the originator. This process should be timely to avoid user frustration while ensuring that the return itself is secure and complies with AML/CTF obligations.
3. Avoiding technical complications in the return process: Blockchain transactions, particularly those involving aggregated wallets, present additional challenges. Simply sending the funds back to the originating address may not always be feasible or safe. Instead, CASPs should establish secure, alternative methods to return funds while protecting against illicit activity.
4. Reassess relationships with non-compliant counterparties: CASPs should monitor their counterparties’ compliance levels. Repeated non-compliance from a particular CASP may necessitate reevaluating the relationship, issuing warnings, applying enhanced due diligence, or even terminating the partnership. And let's not forget that there is a requirement of reporting of non-compliance of CASPs to national authorities. 
   

The Return Dilemma

One of the most challenging aspects of handling non-compliant deposits is the return process. The FATF guidance and local regulations don't prescribe specific requirements for return policies, leading to varied practices among VASPs.
Key considerations for a return policy include:

1. Where to return the assets
2. Who to return the assets to
3. Whether Travel Rule compliance applies to the return transaction

While there’s no universally accepted answer, the principle of reliability and a risk-based approach may guide your actions. For instance, can you confidently rely on a blockchain address used in a Travel Rule message for returning assets? Often, the answer is no. Wallet addresses change, can become dormant, and may result in commingled assets. 

A more cautious approach is to confirm the originator’s identity and account details through both on-chain screening and direct communication with the counterparty. This ensures that the return process doesn’t inadvertently violate AML/CTF rules.

These are the practical steps for compliance that you can take:

1. Develop clear policies for handling non-compliant deposits
2. Implement robust monitoring systems to detect non-compliant transactions
3. Establish a detailed workflow for the return process
4. Communicate policies clearly to users to minimize disruption
5. Regularly reassess relationships with repeatedly non-compliant counterparties

Notabene’s Role: Helping CASPs Navigate Non-Compliance

At Notabene, our platform helps CASPs identify and manage non-compliant CASPs with precision. By offering insights into missing Travel Rule data and alerting users to potential non-compliant transactions, we help CASPs maintain compliance while minimizing disruption. Additionally, our reporting tools allow CASPs to generate comprehensive lists of non-compliant transactions, simplifying their decision-making process and enhancing their regulatory reporting.

The Path Forward: A Risk-Based Approach

Handling non-compliant deposits under the Travel Rule is complex, but not insurmountable. As the regulatory landscape continues to evolve, staying informed and adaptable will be key to success in the world of crypto compliance. The road ahead may be challenging, but with the right policies, workflows, and tools such as Notabene in place, compliance can be achieved without sacrificing user experience. At Notabene, we’re committed to helping CASPs and regulators strike this critical balance.

If you would like to speak with Notabene about  implementing a risk-based compliance solution for your unique needs, book a call with our team today.
‍

References

^1 This is not an inclusive list
^2 https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32023R1113