Last week at Stablecon in Amsterdam, I was on a panel called "Killing the Fiat Stablecoin Sandwich" with Simon Taylor (Tempo), Tyler Sherwin (BVNK), and Tedd Huff (Fintech Confidential).

We had a good debate about the pros and cons of the current implementation of the stablecoin sandwich. But I came away thinking the whole framing, mine included, was off.

The stablecoin sandwich isn't the real problem. The word "stablecoin" is.

The day prior to the panel I had a call with the digital assets GM at a major European bank. He said something that stuck:

"From our perspective, a stablecoin is just a settlement mechanism between fiat accounts. The enterprise instructs us to move money. Whether it goes via Swift or stablecoin rails, it lands as fiat on the other side."

That's it. He's right. And once you accept that, the whole "sandwich" debate looks different.

The "stablecoin" name is doing a lot of damage

"Stablecoin" sounds like a crypto asset that happens to be price-stable. Something exotic. Something you need to convert into and out of. That framing comes from crypto, from a world where on/off ramps are real because you're genuinely leaving fiat when you buy Bitcoin.

But USDC is just dollars. EURC is just euros. When you "on-ramp" to USDC, you never left fiat. You just changed the form factor. There is no ramp. There's no sandwich. There's just fiat sitting in a different kind of account.

It's all just money

M0, M1, and M2 are all fiat. Physical cash, checking accounts, savings accounts: different properties, different forms, same underlying asset. We don't call a savings account an "M2coin." We don't build conversion infrastructure between your checking account and your money market fund and call it a sandwich.

Tokenized money market funds are basically M2. Tokenized deposits are M1 or M2 depending on the form. Stablecoins don't fit neatly into the existing categories, but they belong in the same family. They're a new form of fiat with slightly different properties that they share with their other tokenized money cousins: programmable, blockchain-settled, 24/7. Not a foreign asset.

So why does the sandwich exist?

Because we borrowed crypto infrastructure (tokenization, blockchains, wallets) for a fiat asset, but kept the crypto mental model around it. The result is two conversion events that don't need to exist, a PSP sitting in the middle taking margin, and correspondent banking rebuilt at higher cost with extra steps.

The current batch of stablecoin orchestrators (as they came to be known) built the Wise model for stablecoins. That's useful. It works. But it's a stepping stone, not the destination. This PSP model exists because banks aren't plugged into stablecoin rails natively. Once they are, the on/off ramps dissolve.

One of the things we did discuss on stage at Stablecon is that this model, just like Wise recreates all the bad parts of correspondent banking. Not because of any specific properties of stablecoins, but because they still rely on pre-funded accounts and bilateral agreements to operate (aka correspondent banking).

The end state is simpler than the sandwich

It's account-to-account transfers on open, programmable rails. The stablecoin is the settlement layer, invisible to the enterprise, just like ACH or SWIFT is invisible today. The bank's treasury team picks the right stablecoin for the corridor. The CFO sees euros leave and euros arrive.

No sandwich. Just payments.

I argued at Stablecon that the sandwich scales badly: custody concentration, treasury risk, limited reachability. That's still true. But the deeper point is that we've been debating how to improve the sandwich when we should be asking why we're making sandwiches with fiat in the first place.

Stablecoins are just fiat. The sooner we name them that way, the better the infrastructure we'll build around them.

On 20 May 2026, the European Commission’s Directorate-General for Financial Stability, Financial Services and Capital Markets Union (DG FISMA) opened its targeted consultation on the review of the Markets in Crypto-Assets Regulation (MiCA). Responses are due by 31 August 2026 and must be submitted through the Commission’s online questionnaire.

The consultation has two tracks: a public consultation for individuals, and a targeted consultation for specialised stakeholders, covering more technical and legal questions. This article focuses on the targeted consultation.

This is the first formal step in the legislative review process anticipated under Article 140 of MiCA. The Commission is expected to report to the European Parliament and Council by 30 June 2027, on the application of MiCA and, where appropriate, accompany that report with a legislative proposal — what the market already refers to as “MiCA 2”.

Want to talk this through? Join us on 4 June, 2026, for a live webinar on From Transition to Transformation: MiCA Grandfathering Ends, the New Consultation, and What Comes Next - where we will unpack the consultation question by question and discuss what is at stake before the 31 August deadline.

Why this consultation matters

MiCA was designed before today’s stablecoin, tokenisation and DeFi markets had fully taken shape. It began applying in stages from 2024, but the market has continued to move quickly, and other jurisdictions have now put forward their own frameworks.

That is the backdrop to this consultation. The Commission is asking whether MiCA remains fit for purpose in a rapidly evolving global market, and whether the EU framework should be adjusted to reflect what has changed since the regulation was adopted.

The exercise is not limited to small technical corrections. It reopens core policy questions about Europe’s digital finance framework: whether MiCA can support globally relevant euro-denominated stablecoins, how the EU should position itself in a market increasingly shaped by USD denominated global stablecoins, where the regulatory perimeter should sit, and whether the current crypto-asset service providers (CASPs) framework is strong enough to protect the integrity of the EU market in practice. 

The consultation is organised into four parts:

1. Scope and definitions for crypto-assets other than asset-referenced tokens (ARTs) and e-money tokens (EMTs)
2. Requirements applying to ARTs, EMTs and their issuers
3. The legal framework for CASPs
4. Topics outside MiCA’s original scope, including decentralised finance, prediction markets, tokenised deposits and legal certainty for natively issued on-chain assets

Below are some of the key themes to watch.

Part 1: Where does MiCA’s perimeter sit?

The first part of the consultation deals with crypto-assets that are neither ARTs nor EMTs — what MiCA calls “other crypto-assets”. It opens with the architectural question at the heart of the framework: where should the boundary between MiCA and sectoral financial services legislation sit?

Today, crypto-assets that qualify as financial instruments remain outside MiCA and are instead governed by frameworks such as MiFID II, MAR and the Prospectus Regulation. That reflects the principle of “same activity, same risk, same rules”.

The challenge is that market reality is testing that boundary in both directions. Traditional financial institutions are entering the MiCA-regulated crypto-asset space. MiCA-authorised entities are expanding into products that look closer to traditional financial instruments. Tokenised fund interests, tokenised money-market instruments, wrapped assets, governance tokens, all raise difficult classification questions.

The consultation also revisits the design of Title II, including the white paper framework, marketing rules, ex ante notification model, retail withdrawal rights, civil liability and post-issuance updates. The Commission is asking whether the current model strikes the right balance between investor protection, market integrity and innovation.

Part 2: Stablecoins take centre stage

Part 2 is the longest and arguably the most politically charged section of the consultation. The Commission structures the discussion around three themes: the future role of stablecoins in the EU, the calibration of MiCA’s existing rules, and the treatment of global stablecoins.

The future role of stablecoins

The consultation begins by asking what stablecoins should become in the EU over the next five to ten years. Are they likely to become a mainstream retail payment instrument? A wholesale settlement rail? A complement to existing payment methods for cross-border payments? Or a transitional product that will eventually be displaced by CBDCs or commercial bank money innovations?

That framing is important because the answer drives the policy choices that follow. If stablecoins are treated mainly as crypto trading instruments, the focus is likely to remain on investor protection and market integrity. If they are treated as payment infrastructure, then redemption, liquidity, reserve management, operational resilience and supervisory reporting become much more central.

The consultation also asks how beneficial stablecoins could be for concrete use cases, including international payments, retail payments, wholesale payments, settlement of tokenised financial instruments, corporate treasury management and access to programmable financial services.

A clear vision of these use cases is essential for an informed policy debate. Stablecoins’ risks depend heavily on how they are used, at what scale, by whom, and in connection with which parts of the financial system.

Reopening the debate on interest-bearing stablecoins

The consultation reopens one of the most politically sensitive questions in MiCA: whether the prohibition on interest for EMTs and ARTs remains appropriate in its current form.

Under MiCA, issuers of e-money tokens are prohibited from granting interest in relation to EMTs. The prohibition also applies to CASPs providing services related to EMTs, and “interest” is defined broadly to include any remuneration or other benefit linked to the length of time a holder holds the token. 

That design reflects MiCA’s original policy choice: EMTs should function as means of payment, not as store-of-value products competing with bank deposits. But the effect is that euro EMTs are structurally non-remunerated even where the reserves backing them generate income. As the Blockchain for Europe Joint Report “Reforming MiCA for Euro Stablecoins” argues, this can weaken the competitiveness of euro-denominated stablecoins and push users either toward foreign-currency stablecoins or toward yield structures outside the regulated perimeter.

The consultation puts several questions back on the table. Should MiCA continue to prohibit all holder benefits linked to time held, even where they are funded solely from low-risk reserve income? Should the regime distinguish between issuer-paid interest, third-party rewards and regulated pass-through remuneration? And would allowing limited remuneration improve the competitiveness of euro EMTs, or would it create unacceptable risks for bank funding and monetary transmission? 

Global stablecoins and multi-issuance

A key part of the stablecoin discussion concerns global stablecoins and, in particular, multi-issuance models.

There are two questions running in parallel here. The first is a legal one: does MiCA, as currently written, allow multi-issuer models? The Commission gives a clear answer in the consultation. In its view, MiCA does not currently prohibit them.

That statement matters because EU authorities have adopted divergent stances:

• The ECB, in its 10 April 2026 non-paper on EU and third country stablecoin multi-issuance, argues for a reading of MiCA that would not permit third-country multi-issuance. Its concern is that third-country issuers are not generally required to comply with protections equivalent to MiCA, and that multi-issuance could expose EU token holders — and potentially the EU financial system as a whole — to material risk. 
• The European Systemic Risk Board reached a similar conclusion in its September 2025 recommendation. It flagged third-country multi-issuer schemes as amplifying financial stability risks that Union supervisors cannot adequately assess from outside the EU, and recommended that the Commission should not consider such schemes to be permitted under the current MiCAR framework. 

The second question is a policy one: even if multi-issuance is not prohibited under the current text, should MiCA continue to allow it, and under what conditions?

That is the debate the Commission is now reopening. It asks whether EU users and businesses benefit from access to global stablecoins, how important it is that such access is provided through EU-licensed issuers and CASPs, and what safeguards would be needed to manage the risks of multi-issuance.

Particularly, the consultation asks whether MiCA’s existing safeguards can mitigate multi-issuance risks and, more specifically, whether the EU share of a globally fungible stablecoin can be determined with sufficient accuracy and frequency, especially where tokens circulate through self-hosted wallets.

That question sits at the intersection of MiCA’s prudential framework and the compliance infrastructure needed to make that framework operational. On-chain data may show that a transfer occurred, but it does not, by itself, tell a supervisor whether the transfer changed the person legally entitled to the token, whether the holder is located in the Union, whether the holder is retail or institutional, or whether the movement was a payment or a first-party transfer.

That information cannot be inferred with supervisory confidence from on-chain data alone. It requires identity and transaction-context data held by CASPs, issuers and other reporting infrastructures.

This is where Travel Rule architecture becomes relevant beyond its AML/CFT purpose. Originator, beneficiary and wallet-control data can help attach legal and prudential meaning to otherwise pseudonymous on-chain flows. Multi-issuance safeguards — especially any mechanism that rebalances reserves between an EU issuer and a third-country issuer based on estimated EU holdings — are only as reliable as the data used to identify those EU holdings in the first place.

Effective Travel Rule implementation is therefore instrumental to unlocking properly managed multi-issuance frameworks.

Finally, the consultation also asks whether the EU should introduce an equivalence regime for global stablecoins, and how much reliance should be placed on third-country supervision.

This debate is in direct dialogue with the emerging U.S. approach. The GENIUS Act creates a controlled access route for foreign payment stablecoin issuers whose tokens are offered into the U.S. market. The foreign issuer must operate under a comparable home regime, register with the Comptroller of the Currency, and hold reserves in a U.S. financial institution sufficient to meet the liquidity demands of U.S. customers, unless a reciprocal arrangement provides otherwise.

The EU is confronting a similar policy problem. A globally transferable stablecoin may be issued, distributed or managed across several jurisdictions, but redemption pressure, liquidity risk and consumer protection concerns materialise locally. The policy question is how to preserve access to global liquidity while ensuring that EU holders are not dependent entirely on reserves, redemption arrangements and supervisory powers located outside the Union.

Part 3: The CASP perimeter after grandfathering

Part 3 examines the legal framework for CASPs. It revisits the scope of crypto-asset services under Article 3(16), the prudential regime and minimum capital requirements for different classes of CASPs, and the interaction between MiCA and the revised payments framework for transfer services involving EMTs.

One question stands out as the EU approaches the end of MiCA’s grandfathering period: are unauthorised crypto-asset service providers continuing to serve EU users?

This question goes to the credibility of the MiCA perimeter. By the end of the transitional period, the market is expected to look materially different. Around 200 CASPs are authorised according to ESMA’s Interim MiCA register, while there is an expectation that approximately 75% of the pre-MiCA VASP population will lose its registration status as national transitional periods expire.

Against that backdrop, the relevant supervisory question is not only which firms become authorised under MiCA, but also whether firms outside the EU authorisation framework continue to serve EU residents, and what tools supervisors or enforcement authorities should have to stop unauthorised service provision.

MiCA-authorised CASPs are investing in licensing, governance, safeguarding, conduct rules, operational resilience, market abuse controls and prudential requirements. If offshore or otherwise unauthorised providers can continue to serve EU residents, the result is an uneven playing field. Consumers remain exposed to providers outside the EU supervisory framework, while authorised firms carry the cost of compliance without the benefit of a protected market.

The FATF’s 2026 report on offshore VASPs is directly relevant here. It points to the risk that regulatory or enforcement developments can shift user activity toward offshore, unregistered providers. It also highlights the need for clearer criteria on what counts as active service provision into a jurisdiction, expectations for authorised VASPs to assess exposure to unlicensed counterparties, and stronger host-jurisdiction powers against offshore providers targeting local residents without authorisation.

These points map closely onto the post-grandfathering MiCA environment. The success of MiCA will depend on making sure its perimeter is meaningful in practice.

Part 4: Revisiting what MiCA left outside

The final part of the consultation looks at activities that were left outside MiCA’s original scope and asks whether the perimeter should now be redrawn.

Decentralised finance

MiCA excludes crypto-asset services provided in a fully decentralised manner without intermediaries. While that may sound straightforward, in practice decentralisation is rarely binary.

The consultation asks how to assess whether a service is truly fully decentralised and what indicators should matter: control over the protocol, governance rights, admin keys, front-end control, revenue capture, upgradeability, or the ability of identifiable persons to influence outcomes.

It also asks what role CASPs should play when connecting users to DeFi. Options range from warnings and disclosures, to CASP liability for incidents, to limiting access to certified applications or verified pools, to whitelists, blacklists or outright restrictions on CASP facilitation of DeFi access.

Prediction markets

The consultation also asks whether DLT-enabled prediction markets create opportunities or risks for EU consumers and markets, and whether they should fall under MiFID or MiCA when facilitated through smart contracts.

In the U.S., prediction markets have become a live test case for regulatory perimeter-setting. The CFTC is pursuing a clearer federal framework for prediction markets, asserting that event contracts offered to the public may fall within the Commodity Exchange Act as swaps or futures traded on regulated venues, while several states continue to challenge certain markets as gambling or contrary to public policy. 

Tokenised deposits and natively issued assets

The consultation also explores tokenised deposits, including their use cases, regulatory constraints and interaction with the CRD/CRR framework and the Deposit Guarantee Schemes Directive.

This is part of a broader question running through the consultation: how should EU law treat assets that are issued, recorded and transferred natively on-chain?

If tokenised deposits, tokenised securities, stablecoins and natively issued assets are expected to support future financial market infrastructure, participants need clarity on legal nature, transfer finality, holder rights, insolvency treatment and supervisory responsibilities.

What comes next

Responses to the consultation are due by 31 August 2026 through the online questionnaire on the Commission's website. 

Notabene will be following this consultation closely and engaging in the policy conversation.

If you want to dig into what the end of the grandfathering period and the new consultation mean in practice, join us for our upcoming webinar:

— From Transition to Transformation: MiCA Grandfathering Ends, the New Consultation, and What Comes Next. We'll walk through the policy choices on the table and what they mean for the future of Europe’s digital financial infrastructure.

‍

‍

This week, two executive orders signed on the same day. While most coverage is treating them as separate stories, when read together, they are really one important compliance story.

The Fintech Integration EO

The Fintech Integration EO asks the Federal Reserve to evaluate direct access to Reserve Bank payment accounts for non-bank financial companies, naming digital asset firms in the text. For stablecoin issuers, custodians, and digital asset infrastructure, this is the master account fight finally landing on a federal clock.

This fight has been the most consequential unresolved piece of U.S. digital asset policy for years. Reserve Bank discretion is exercised on a case-by-case basis without a consistent standard. The result has been a payment system where digital asset firms could approach but not enter, dependent on sponsor banks willing to take on the relationship risk. This EO doesn't resolve the access question on its own, but it does force the Federal Reserve to put a transparent framework on paper within four months, and if the conclusion is that existing law permits expanded access, the 90-day application clock starts running.

The Restoring Integrity EO

The Restoring Integrity EO, signed the same day, gives Treasury 90 days to propose BSA changes that strengthen risk-based CDD and beneficial ownership identification, and 180 days to revisit CIP requirements. The mechanism reaches every covered institution.

How the two work together

A helpful way to think about these two EOs together is that one opens a door, while the other raises the bar for anyone walking through it.

For stablecoin issuers, the operational picture changes overnight if the Federal Reserve Bank concludes existing law permits expanded access. They will have access to direct settlement and real-time payment network participation with no sponsor bank in the middle. Settlement risk profiles, capital efficiency, and the operational architecture of a stablecoin business all look different the day after that determination lands.

The price of that access is becoming clearer too. The CDD and CIP changes pull domestic U.S. identity standards much closer to what FATF Recommendation 16 already demands cross-border. The gap between what a U.S. bank has been expected to collect on a domestic account opening and what a VASP has been expected to collect on a Travel Rule transfer has been wide for years. A U.S. bank could open an account with minimum FinCEN CDD compliance. A VASP sending the same customer's funds cross-border had to satisfy originator and beneficiary information requirements that went substantially further. These orders close that gap from the domestic side.

The firms already operating to FATF-aligned standards have been doing it because they had to, while the firms that built compliance programs to the higher standard absorbed the cost. That gap is what's closing.

Four Key Takeaways

Here are the four things compliance teams should be thinking about in the wake of these EOs.

1. Pressure-test your CIP program documentation against a tighter BSA standard. The Treasury advisory lands in 60 days and the proposed BSA changes land in 90.
2. Audit your beneficial ownership controls. If your onboarding is built to the minimum FinCEN CDD rule, the floor is moving and your program is about to look thinner than it did last week.
3. Map your counterparty due diligence to FATF R.16. The standards being raised domestically are the ones FATF has expected on the originator and beneficiary side for years. Domestic and cross-border requirements are converging.
4. If you are pursuing a Fed master account, get your application-readiness package together now. When the 90-day clock starts, firms with documented, examiner-ready programs move first.

In the end, most "good enough" compliance setups will not hold under these new rules. The firms treating May 19 as an inflection point will be the ones positioned when access expands.

How the 2026 Report Reshapes Crypto Compliance

In March 2026, the US Treasury published its report on Innovative Technologies to Counter Illicit Finance Involving Digital Assets. The report frames AI, digital identity, blockchain analytics, and APIs as the four technology pillars for modern financial crime compliance. Inside sits a sharper signal for digital asset firms: Treasury explicitly references the Travel Rule, reaffirming the Funds Transfer Rule applies to crypto transactions over $3,000 and is expected to be operationalized in practice.

While the Travel Rule has long been applicable to the US crypto market, its implementation was frequently viewed more as a policy guideline than a functional necessity. The 2026 report marks a definitive transition from theoretical interpretation to mandatory implementation.

Treasury's Stance on Travel Rule Implementation

Rather than proposing new mandates, the Treasury is reinforcing established regulations. The report reiterates that digital asset transfers fall under the Funds Transfer Rule, maintaining the $3,000 threshold and requiring the collection, verification, and transmission of originator and beneficiary data.

The significance lies in the context: this directive is central to a 2026 report on illicit finance and advanced compliance tools. The industry's focus must now shift from questioning the rule's applicability to ensuring its practical effectiveness.

‍

‍

The Treasury's report is a major federal action signal in addition to the April 8, 2026 joint Notice of Proposed Rulemaking from FinCEN and OFAC detailed AML/CFT requirements for stablecoin issuers under the GENIUS Act. That is in additional to the FATF's March 2026 report identifies Travel Rule data gaps as a primary vulnerability in global crypto AML efforts.

All of these are moving towards the objective of closing the compliance gap.

Monitoring Is Not Travel Rule Execution

Many firms assume blockchain analytics coverage equals Travel Rule coverage. The assumption is wrong.

Blockchain analytics tools identify risk, monitor transactions, and trace flows across wallets and chains. They give institutions visibility into on-chain activity. Analytics tools do not fulfill Travel Rule obligations. They do not send originator and beneficiary data to counterparties. They do not standardize data across institutions. They do not enforce compliance workflows between counterparties.

Insight alone does not meet regulatory requirements. Insight has to be acted on, triggering workflows, exchanging required data, and enforcing decisions across counterparties. This is the distinction Treasury is pointing toward. The difference between monitoring and execution.

Obtaining insight is only the first step toward meeting regulatory mandates. Actionable workflows, data exchange, and cross-counterparty enforcement are necessary to bridge the gap between simple monitoring and true execution.

The Network Nature of Compliance

Because the Travel Rule relies on secure, real-time interactions between institutions, compliance cannot be achieved in isolation. Connectivity is the essential core of the rule.

Digital asset and stablecoin compliance is a network-wide challenge rather than an entity-specific one. While issuer compliance and counterparty controls are foundational, the system remains vulnerable if the broader network fails to exchange data reliably.

Structural exposures caused by network gaps are now a primary target for regulators, as evidenced by the alignment of the FATF offshore VASP report, the April 8 NPRM, and the Treasury Report.

How to Execute Travel Rule Compliance in Practice

This is the gap Notabene was built to solve. Notabene acts as the trust layer enabling institutions to execute Travel Rule compliance. The platform identifies and screens counterparties before a transaction, performs VASP due diligence, securely exchanges required Travel Rule data between institutions, and supports real-time decisions on whether a transaction should proceed. All of this happens before funds move.

Travel Rule compliance depends on reachability. Notabene addresses this through a global network of over 2,100 VASPs and over 260 financial institutions, custodians, and exchanges, spanning more than 100 jurisdictions and supporting 300+ assets and blockchains.

Compliance Infrastructure for the Next Phase of Digital Assets

For years, the Travel Rule was discussed primarily as a regulatory obligation. Treasury’s 2026 report signals a broader shift toward operational maturity, interoperability, and trusted digital asset infrastructure.

The shift is not about entirely new rules. It is about higher expectations for how compliance is embedded into real-time financial systems.

As digital assets and stablecoins become more integrated into global finance, institutions need infrastructure that enables secure connectivity, trusted counterparties, and seamless data exchange across networks. Monitoring and visibility remain important, but scalable growth increasingly depends on the ability to operationalize compliance in a way that supports speed, trust, and cross-border participation.

The opportunity for the industry is significant: institutions that can execute compliance efficiently will be better positioned to expand partnerships, access new markets, and participate confidently in the next generation of financial services.

The question is no longer simply whether firms understand the Travel Rule. It is how they use compliance infrastructure to unlock safer, faster, and more connected digital asset ecosystems.

‍

On April 28, 2026, Notabene hosted a fireside chat with two of Brazil's most experienced voices on virtual asset regulation: Sodreia Amorim, Head of Payments & Banking Relationships at BRAZA, and Marcos Rocha, Partner at Veirano Advogados. Moderated by Catarina Veloso - Director of Regulatory & Compliance at Notabene.

The session was held in Portuguese, days before the FX reporting obligation took effect. We've recapped it in English for our global audience, to surface the subject matter and the most relevant topics for anyone navigating Brazil's regulatory build-out.

Prefer the original? The recording is available here.

The regulatory moment Brazil is in

Brazil's virtual asset framework took a decisive shape in early 2026. On February 2, 2026, BCB Resolutions 519, 520, and 521 entered into force and, alongside Law 14,478, established what Catarina described as a comprehensive regulatory regime for SPSAVs (Sociedades Prestadoras de Serviços de Ativos Virtuais).

But the framework isn't being implemented all at once. The Travel Rule under Resolution 520 is being phased in through February 2028. The FX reporting obligation under Resolution 521 — the focus of this session — kicks in much sooner: May 2026, with the first reports due by the 5th business day of June covering April's operations.

That sequencing matters. As Catarina put it: even though the formal Travel Rule deadlines extend to February 2028, much of the counterparty identification work it requires becomes operationally urgent far earlier — because the FX regime demands it.

‍

Why FX? The history behind the rule

Marcos opened with the historical context, and it's worth understanding because it explains the BCB's reasoning.

Brazil's FX regulation reflects a long history of foreign reserves scarcity. Even after the 1994 Plano Real strengthened the country's external reserves and the regime liberalised through the late 1990s, the BCB retained what Marcos called "liberdade monitorada" — monitored freedom. The Central Bank cares deeply about visibility into the balance of payments, the flow of foreign currency in and out of Brazil, and the holdings of non-residents domestically and Brazilians abroad.

That posture is now being applied to virtual assets. Resolution 521 amended Resolution 277 — the foundational FX regulation — to bring four new categories of virtual asset operations into the FX market perimeter:

1. International payment or transfer using virtual assets. A Brazilian resident transferring or receiving virtual assets to or from a non-resident.
2. Virtual asset transfers to fund international card or electronic payment use. This addresses crypto-loaded credit cards used internationally — partly a pre-emptive move against IOF tax arbitrage.
3. Transfers of virtual assets to or from self-hosted wallets (carteiras autocustodiadas). The BCB's logic: once an asset moves to a self-hosted wallet, it leaves the regulator's field of view, so it must be reported as if it crossed a border.
4. Purchase, sale, or exchange of virtual assets referenced to fiat currency — including stablecoins, even Real-denominated ones. Marcos noted this last category surprised many in the market: a BRL-stablecoin trade arguably isn't a cross-border movement at all, yet it falls under FX market rules.

The unifying theme: the BCB wants visibility into where virtual assets go, and is treating the loss of that visibility as functionally equivalent to a cross-border movement.

What gets reported, and how

Sodreia walked through the operational mechanics. The reporting vehicle is ACAM 212, a structured data file SPSAVs submit to the BCB. The cadence is monthly, with the deadline falling on the 5th business day of the following month — though institutions can submit multiple times throughout the month.

The data fields ACAM 212 requires include:

• Customer identification (originator)
• Counterparty identification — the hardest field, by consensus
• Transaction value in BRL and in the asset
• Asset type
• Transaction date and nature
• Country of origin and destination

Sodreia made an important framing point: it would be a mistake to read the BCB's phased Travel Rule timeline as permission to defer Travel Rule readiness. The ACAM 212 obligation alone effectively requires the counterparty identification capability that the Travel Rule will demand. Companies treating February 2027 (domestic Travel Rule) or February 2028 (cross-border) as a cliff-edge deadline risk not being prepared to meet interim obligations.

She also offered a pointed defense of the Travel Rule itself, against the reflexive crypto-native skepticism that often accompanies it. Tracing transactions improves AML enforcement, makes international flows auditable, and — critically — gives end users an additional layer of protection. In crypto today, a customer sending funds to the wrong wallet has no recourse. A counterparty identification layer changes that.

The hard part: identifying the counterparty

This was the throughline of the entire session. Every panelist returned to it.

The challenge is structural, not procedural. Sodreia put it cleanly: SWIFT — over 40 years of standardisation, accelerated in the late 1990s and now harmonised under ISO 20022 — gives institutions a BIC code that resolves counterparty identity and jurisdiction in one field. Pix and other modern payment rails inherit that design.

Crypto has nothing equivalent natively. A wallet address tells you nothing about who controls it.

Three patterns emerged from the discussion on how SPSAVs should approach this.

1. Self-declarations are accepted, but insufficient on their own.Resolution 520 permits SPSAVs to rely on customer self-declarations to gather counterparty information during the Travel Rule phase-in. Sodreia framed self-declarations as a useful starting point, but a weak control on their own, which can be enhanced if paired with blockchain analytics. Marcos agreed: at scale, there is no realistic alternative today. But the direction of travel is clear. As Travel Rule requirements come fully into force across jurisdictions, counterparty information will need to be verified institution-to-institution, through the exchange between counterparty VASPs themselves.

2. Cryptographic proof of ownership has tradeoffs.Methods like Satoshi tests (sending a small amount to verify control of a wallet) work, but they're expensive at volume and can make smaller transactions uneconomic. Marcos noted that some Swiss institutions use video calls to verify wallet ownership — but Brazil's market is too pulverised for that to scale. User-friendlier cryptographic signatures generated from the user's wallet are emerging as the best path, particularly in jurisdictions like the EU where verification of control is mandatory above certain thresholds.

3. Wallet screening is the practical near-term tool.Marcos pointed to the increasing sophistication of wallet screening providers — algorithms that can determine with high confidence whether a wallet's behaviour pattern matches a self-hosted wallet or a VASP, and even infer geolocation from on-chain activity. Catarina added that Notabene's network can already identify a significant portion of counterparty wallets and resolve their VASP and jurisdiction.

Same data, different flows: where Travel Rule and FX reporting converge

This was the conversation's organising insight.

The Travel Rule and the FX reporting rule are asking for largely the same underlying data — counterparty identification, originator information, transaction details. But they ask for it through different channels:

• Travel Rule requires SPSAVs to transmit that information to the institutions they interact with (the counterparty VASP or its proxy).
• FX reporting requires SPSAVs to submit that information to the Central Bank itself.

Same data, two flow directions. One is institution-to-institution; the other is institution-to-regulator.

For SPSAVs building or buying compliance infrastructure right now, this matters operationally: investments in counterparty identification that look like Travel Rule investments are, in fact, also FX reporting investments. The reverse is true too. Catarina's recommendation to anyone implementing the Travel Rule: talk to your providers about what they can already tell you about counterparty wallets, because that capability is doing double duty.

She also flagged a common organisational hazard. The team building Travel Rule compliance and the team building ACAM 212 reporting are often different teams. The session's purpose, she said, was to get those teams talking — because the controls each is building should serve both obligations.

Settlement risk: a deeper problem the conversation surfaced

A participant question late in the session raised one of the deeper problems with applying conventional compliance to public blockchains: once a transaction is on-chain, it's settled. There's no recall, no clawback.

Catarina used the question to introduce a concept Notabene has been developing in other markets: shifting compliance to before settlement, not after. In traditional payment systems, settlement is preceded by an authorisation flow between the institutions involved. The same model can be applied to virtual asset transfers — the originating VASP transmits identifying information to the beneficiary VASP before executing on-chain, and the beneficiary can respond before funds move.

Notabene also announced (during the session) a new capability for VASPs to coordinate the return of unwanted transactions through its network — addressing the fact that you cannot simply send funds back to the originating address without knowing whether that address is structured to receive them. Read more on Notabene Revert in our recent blog post.

Marcos added that permissioned networks have a structural advantage here: they support clawback and freezing natively, which has become a meaningful topic in international regulatory forums. The asset-recovery question — what happens when a high-value transaction goes to the wrong place — is one regulators globally are watching.

A post-webinar update: Resolution 561 and what it actually does

Two days after the webinar, on April 30, 2026, the BCB published Resolution 561, amending the eFX framework. International headlines almost immediately declared that Brazil had "banned stablecoin settlement in cross-border payments."

In fact, Resolution 561 targets one specific channel: eFX, Brazil's simplified electronic FX route for retail digital cross-border flows — such as international online card purchases and digital remittances handled by payment institutions, e-money issuers, and acquirers. Inside that channel, settlement between an eFX provider and its overseas counterparty must now occur through traditional FX operations or non-resident BRL accounts. Stablecoins and other virtual assets can no longer be used as the settlement leg. The change takes effect October 1, 2026.

What Resolution 561 does not do is ban stablecoin cross-border settlement across the board. Licensed SPSAVs — and banks operating under the SPSAV framework — can still use stablecoins for international transfers, because that activity sits inside the FX market regime established by Resolution 521 (mentioned above). Cross-border stablecoin movement remains entirely possible: it just has to flow through an authorised institution, under FX-market rules, with the reporting and counterparty obligations that come with that perimeter.

Put together with Resolution 521, the BCB's direction is now unambiguous:

• The lighter, retail-oriented eFX route is being closed to virtual assets.
• The supervised SPSAV/FX-market route is being expanded and reinforced, with ACAM 212 reporting, Travel Rule obligations, and FX market authorisation as the price of entry.

For the audience of this article, the practical implication is straightforward. Resolution 561 doesn't change the operational picture for SPSAVs building toward May 2026 reporting and 2027–2028 Travel Rule compliance. If anything, it raises the stakes: cross-border stablecoin activity that previously sat in the lighter eFX channel will increasingly flow through SPSAVs, which means the supervised route can absorb more volume. The institutions that have built robust Travel Rule, and counterparty resolution capabilities will be the ones positioned to capture that flow.

What SPSAVs should do now: the panel's recommendations

The panel closed with practical guidance. Compressed:

Sodreia (operational priorities):

1. Map your flows. Understand which transaction types your business runs and which qualify for ACAM 212 reporting.
2. Classify operations. Build a clean classification logic for the four FX-scoped categories.
3. Choose your counterparty identification model deliberately. Don't default to manual collection from customers — they often don't know the answer either. Look at where automation, blockchain analytics, and network-resolved counterparty data can take friction out of the customer experience.
4. Don't defer Travel Rule preparation. The phased timeline isn't permission to wait.

Marcos (legal priorities):

1. Comply with all obligations now, even ahead of authorisation. SPSAV authorisation applications will assess prior compliance posture. Falling short on obligations already in force can compromise the authorisation outcome.
2. Assume FX market authorisation is required. Marcos was direct: realistically, almost no SPSAV will be able to operate without FX market authorisation, because even buying a BRL-denominated stablecoin now falls within the FX market.
3. Structure for partnerships. SPSAVs facing the operational limits — including the USD 100,000 per transaction cap for SPSAVs without full FX dealer authorisation — should be looking at partnerships with authorised institutions early. Sodreia confirmed this is exactly where many in the market are heading, with institutions like BRAZA positioned to absorb operations that exceed SPSAV limits.

The bigger picture

Catarina closed on a structural point that's worth flagging. Crypto's native architecture wasn't designed to fit within regulatory perimeters. Bringing virtual asset infrastructure into a regulated regime means building something that doesn't yet exist: a coordination layer between institutions that can carry the kind of contextual information traditional payment rails carry natively.

That layer matters beyond compliance. As Catarina noted — drawing on Notabene's own experience with finance teams — one of the reasons crypto and stablecoin payments haven't yet penetrated business operations at scale is that payments arrive without context. Reconciliation against invoices, contracts, and customer records is genuinely hard. The same infrastructure that makes Travel Rule compliance and FX reporting possible is the infrastructure that makes crypto and stablecoins viable as actual payment rails.

May 2026 is one milestone. It's also a forcing function for building the right thing.

Want to go deeper?

For a comprehensive view of the regulatory landscape, see Notabene's Brazil Virtual Asset Regulatory Playbook, produced in partnership with Veirano Advogados and ABToken.

The full webinar recording is available on demand, and the recording is available here.

This article summarises a fireside chat held in Portuguese, hosted by Notabene in collaboration with AB Token on April 28, 2026, with Catarina Veloso (Notabene), Sodreia Amorim (BRAZA), and Marcos Rocha (Veirano Advogados). All quotes and references have been translated from the original Portuguese.

‍

‍

‍

Something shifted in cross-border payments over the last few years, and it happened faster than most people expected. The stablecoin layer - once an experiment at the margins - is now a real part of how money moves globally. You can see it in the deal flow, customer conversations, in where regulatory attention is going. Digital assets have crossed the chasm.

But having crossed the chasm doesn't mean you've arrived. It means the question has changed. And the question the industry is now dealing with - mostly implicitly, sometimes explicitly - is whether the architecture that got us this far is the architecture that takes us to the next stage.

The dominant architecture is what people started calling the stablecoin sandwich a year or two back. Fiat converts to stablecoin at one end, value moves across the chain, stablecoin converts back to fiat at the other end. It works. It has unlocked real use cases: hard-currency corridors where someone on one side urgently wants dollars, corporate treasury moving funds across borders at hours that SWIFT can't touch, situations where you can bundle the off-ramp problem into one partner relationship and move on.

I spent time at a very large GSIB early in my career, building systems reconciling trade feeds to SWIFT feeds, sitting inside correspondent banking. Something I learned - and that I keep thinking about now - is that correspondent banking works. It is expensive, slow, and remarkably opaque, but it reliably moves money. The model is: bilateral relationships, pre-funded positions, corridor-by-corridor expansion. You add a corridor when the economics justify it. You maintain the relationships because the alternative is reduced volume.

What I find genuinely interesting about the stablecoin sandwich is that it has reproduced this model almost exactly. Different settlement rails, same underlying structure. If you peel back the UX improvements and the faster settlement times, the correspondent banking architecture is still there. You still need pre-funded positions on both sides of each corridor. You still build out one corridor at a time. Conversion costs don't disappear - they shift around, sometimes to your benefit, sometimes not - but they stay in the system.

The payment CEOs I talk to who have been running stablecoin sandwich operations for a few years are starting to feel this. Three or four corridors looks great on the unit economics. Twenty corridors - which you need if you're serious about global reach - starts to look like a different business. Many stablecoin orchestrators product roadmaps are filled with integrations to support more corridors to increase volume rather than building better products.

The operational overhead, the compliance exposure per corridor, the working capital tied up in pre-funded positions: it compounds. And margins that looked healthy early on start to come under pressure. Many of the largest banks globally have secretly been removing expensive and risky to operate long tail corridors from their correspondence bank offerings by outsourcing this volume to PSPs and stablecoin orchestrators.

The industry is already sensing this, and you can see it in where the interesting product work is happening. What's emerged is a kind of open-faced stablecoin sandwich: one-way fiat conversion instead of two-way. Stablecoin cards are the clearest example - the cardholder's account is stablecoin-native, the conversion only happens at the point of spend into fiat. You've cut the conversion problem in half. One side of the transaction has gone native; the other side is still touching the legacy rails. It's real progress. But it's still a transitional architecture, not the destination.

This isn't a criticism of the people who built this way. The stablecoin sandwich, and its open-faced variant, were the correct call for the environments in which they emerged. When you're trying to get from zero to adoption, you build for backward compatibility. You operate within the systems where the money already lives.

Every technology does this phase. Remember Vonage or paying for a phone number in Skype? VoIP spent years routing calls between traditional phone endpoints before Skype and WhatsApp came along and made those endpoints superfluous for general use. The stablecoin sandwich is how you get a foothold, not how you achieve the end state.

As more issuers enter the market - across banking consortia, fintechs, and sovereign-backed initiatives - the question stops being which stablecoin you're holding and becomes what you can do with it natively. A network of institutions that can settle with each other directly, without rebuilding bilateral corridors for each relationship, compounds differently than a network of corridors does. That's the transition worth building toward.

There's a difference between a transitional architecture and a destination, and the industry is at the point where that distinction matters for the decisions you're making now. The companies worth watching are the ones that ran the stablecoin sandwich where they needed to, understand exactly what it costs them to operate, and are building deliberately toward something different. The regulatory framework is falling into place. The infrastructure question is the one that deserves more honest attention.

‍

‍The problem with crypto’s one-way street

Blockchain transactions are natively unilateral. Whoever holds the private keys decides if settlement happens. Once a transaction is broadcast and confirmed on-chain, the receiver doesn’t get a “yes” or “no” moment. There is no native ability to accept or reject a payment.

When an unwanted transaction is received, there is also no straightforward way to send it back even though, in many cases, returning funds is a mandatory regulatory requirement.

For example, under the EU Travel Rule regime, if a beneficiary Crypto-Asset Service Provider detects post-settlement a transaction that lacks the required Travel Rule information to unambiguously identify the parties, it must return the funds to the originator.

In practice, however, returning funds is anything but simple. Institutions face a minefield of liability. They cannot assume that the original sending address is able to receive a return. If that address is not prepared for this purpose, the returned funds may be permanently lost.

The scale of this problem is significant. The Joint Money Laundering Steering Group (JMLSG)—the UK body providing guidance on AML compliance—explicitly recognizes this, stating that crypto asset businesses “should consider the risks and complexities [of returning funds] prior to making a return, as it may create operational challenges … to reattribute it to the originator.”

The long-awaited "undo button" for crypto

To solve this, Notabene has introduced Revert—a post-settlement control layer for digital asset transactions, enabling institutions to safely coordinate, authorize, and complete returns of funds across counterparties. This is effectively an "undo button" for crypto transactions.

Here’s how it works:

When a beneficiary institution needs to return funds, it initiates a revert request. The originator is notified of the request and can respond by authorizing the return and providing a verified wallet address where the funds should be sent. The beneficiary can then execute the return with confidence, while both sides retain full visibility and auditability across the entire lifecycle.

To be clear: this is an innovation in trust and coordination. There is no change to how blockchains natively work. Settlement remains immediate and irreversible according to first principles of blockchain design. However, within a network of cooperative institutions, we can introduce a novel new control layer to correct mistakes. 

This functionality is built on the Transaction Authorization Protocol (TAP), an open standard for communicating about transactions. Any adopter of TAP, regardless of a commercial relationship with Notabene, can participate in coordinated return-of-funds flows. This is infrastructure for the entire industry, not just Notabene customers.

The importance of pre-transaction authorization

Revert addresses a necessary gap today, but it is not on its own a holistic solution to end-to-end transaction orchestration.

When counterparties verify compliance data, assess risk profiles, and explicitly authorize transactions before settlement, the need for post-settlement remediation and fund returns largely disappears. 

The Notabene Network has already powered over $2 trillion in compliant transaction volume using this approach. Pre-transaction authorization is becoming a standard, and we are advancing it further by enforcing authorization by design within Notabene Flow payments.

But standards take time to become universal. Until pre-transaction authorization is widespread across all digital asset transactions, the industry needs a way to handle edge cases: non-compliant counterparties, missing information, and operational mistakes.

That’s the safety net that Revert provides.

Trust, coordination, and compliance infrastructure

Notabene's Revert functionality demonstrates the power of coordination and an end-to-end transaction control layer when institutions transact within shared standards and trusted networks.

As digital asset payments evolve, infrastructure like this is what turns crypto rails into something businesses can actually rely on.

With the introduction of Revert, we’re covering all the bases so that compliant, coordinated transactions become the default.

‍NEW YORK — April 28, 2026 — Once a crypto transaction settles, there has never been a safe, standardized way to reverse or correct it, even when regulation requires it. Notabene, the trust layer for global money movement, today announced Revert, the first post-settlement control layer for digital asset transactions, enabling institutions to safely coordinate, authorize, and complete returns-of-funds flows across counterparties.

For the first time, institutions can control what happens after a crypto transaction settles, not just before it.

Until now, post-settlement workflows in crypto have been manual, fragmented, and high-risk. The moment a transaction moved between two institutions, there was no coordinated mechanism to return the funds. 

While traditional payment systems rely on standardized processes for refunds, corrections and dispute resolution, crypto transactions between institutions have lacked any coordinated mechanism - leaving institutions to rely on email, informal coordination, and unverified wallet addresses.

At the same time, new regulations now require institutions to return funds in certain cases, creating a gap between regulatory obligation and available infrastructure.

Revert closes that gap. Revert introduces a post-settlement control layer for digital assets - enabling institutions to initiate, authorize, and complete return-of-funds flows with verified wallet destinations and a full audit trail.

Built on the Transaction Authorization Protocol (TAP), Revert enables institutions to coordinate refunds across counterparties as a shared network standard, rather than within closed ecosystems.

"Blockchain finality makes sense for settlement. It doesn't make sense for everything else institutional payments actually require: coordinating across counterparties, correcting mistakes, and unwinding transactions that shouldn't have gone through," said Pelle Braendgaard, CEO of Notabene. "Revert is the first post-settlement control layer that works between institutions rather than inside them, and crypto can't credibly support real business payments without it."

Revert is available today across the Notabene Network, which already connects more than 2,200 regulated institutions across 100+ jurisdictions and has processed over $2 trillion in compliant transaction volume. The launch lands as return-of-funds obligations are tightening across jurisdictions. Under the EU Transfer of Funds Regulation, for example, a Crypto-Asset Service Provider that detects missing Travel Rule information after a transaction has settled must return the funds to the originator, a workflow that has been operationally difficult until now.

For more on Revert, visit notabene.id/revert

‍

About Notabene

Notabene is the trust layer for global money movement. The Notabene network connects thousands of trusted counterparties, facilitating trillions of dollars in transaction volume annually across over 100 jurisdictions. Notabene provides industry-leading tools for stablecoin payment coordination, real-time transaction authorization, counterparty verification, and self-hosted wallet identification—helping institutions build trust into every transaction.

Press Contact:

Clay Fain
VP, Marketing
Notabene
[email protected]

For the first time, institutions can control what happens after a crypto transaction settles, not just before it.

Once a transaction confirms on-chain, there has never been a safe, standardized way to reverse or correct it. Post-settlement workflows have been manual, fragmented, and high-risk — institutions relying on email, informal coordination, and unverified wallet addresses to handle something as routine as a refund. The moment a transaction moved between two institutions, there was no coordinated mechanism to return the funds.

Revert closes that gap. It's a post-settlement control layer for digital assets that lets institutions initiate, authorize, and complete returns of funds with verified wallet destinations and a full audit trail — across counterparties, not just within a closed ecosystem.

Read the full press release.

‍

How it works

Either side of a transaction — the originator or the beneficiary — can initiate a revert request. The full flow:

1. The institution initiating the return submits a revert request with a reason attached.
2. The counterparty receives the request through the Notabene platform and reviews it.
3. If approved, the counterparty provides a verified wallet address for where the funds should be sent.
4. The initiating institution executes the return to that verified address.
5. Both sides retain full status and timeline visibility, from the initial request through to settlement.

The critical step is #3: the wallet address is confirmed through the coordination process before funds move. That's what eliminates the operational risk that has made cross-institution returns so difficult — no more sending funds back blindly to an address that may not be able to receive them.

For a full walkthrough of the technical mechanics, visit our help documentation.

‍

What institutions use Revert for

• Customer refunds where funds need to be returned to the original sender
• Operational corrections — transactions sent in error, wrong amounts, or wrong counterparty
• Dispute resolution between institutions
• Regulatory return obligations, including cases where Travel Rule regulations require a beneficiary to return funds to the originator

‍

Open to the whole industry

Revert is built on the Transaction Authorization Protocol (TAP), the open standard for institutional communication about crypto transactions. Any institution that has implemented TAP can participate in coordinated return flows — regardless of whether they have a commercial relationship with Notabene. This is infrastructure for the industry, not a feature locked behind a single platform.

Revert is available today across the Notabene Network, which connects more than 2,100 regulated institutions across 100+ jurisdictions and has processed over $2 trillion in compliant transaction volume.

‍

Already a Notabene customer? Revert is available now. Reach out to your Customer Success Manager or contact us at [email protected] to get set up.

Not yet on the Notabene Network? Book a demo and we'll walk you through how Revert works in the context of your operations.

‍

Between April 1 and April 8, 2026, three federal agencies put concrete proposals on the table for how the GENIUS Act will be implemented.

• Treasury issued its notice of proposed rulemaking (NPRM) on how state-level stablecoin regimes get certified as substantially similar to the federal framework.
• The FDIC published a NPRM establishing requirements and standards applicable to FDIC-supervised permitted payment stablecoin issuers (PPSIs) and insured depository institutions (IDIs) that engage in payment stablecoin-related activities, covering reserves, redemption, custody, and risk management.
• FinCEN and OFAC jointly proposed the AML/CFT and sanctions compliance program that every PPSI will need to build.

🗓️ April 1: Treasury defines the pathway to state-level regulation

The GENIUS Act created a dual-pathway regime. Payment stablecoin issuers with consolidated outstanding issuance of $10 billion or less can opt into state-level regulation, provided the state regime is certified as "substantially similar" to the federal framework. Issuers above that threshold come under direct federal oversight.

Treasury's April 1 NPRM lays out the broad-based principles it will use to determine substantial similarity, building on the advance notice of proposed rulemaking Treasury issued the prior September.

Under GENIUS, states must meet or exceed the core prudential standards and requirements described in Section 4(a) of the Act. Treasury's proposal splits those Section 4(a) requirements into two buckets:

• "Uniform requirements" (such as reserve composition, BSA/sanctions compliance, and redemption obligations), where states have essentially no interpretive discretion and must mirror the federal standard.
• "State-calibrated requirements" (such as capital, liquidity, reserve asset diversification, and risk-management standards), where states retain meaningful design flexibility but must still produce outcomes "at least as stringent and protective" as the federal framework.

For provisions outside Section 4(a) — applications, licensing, supervision, and enforcement — states get more latitude, but must still deliver similar levels of authority, oversight, and holder protection. Examination authority, for example, cannot be limited to cases where the issuer consents, and stablecoin holders cannot be treated as general unsecured creditors in insolvency.

Treasury is also explicit that states may go beyond federal requirements, but only if the additional rules neither conflict with the Act nor erode the substantially-similar determination.

The comment period runs 60 days from Federal Register publication.

🗓️ April 7: FDIC sets the operating rules for PPSIs

On April 7, 2026, the FDIC approved a NPRM implementing GENIUS Act requirements for FDIC-supervised PPSIs and insured depository institutions that engage in payment stablecoin-related activities, with comments due by June 9, 2026.

Among the most consequential provisions is proposed § 350.3(b)(4), which operationalizes Section 4(a)(11) of the GENIUS Act — the statutory prohibition on stablecoin yield. The rule would bar a PPSI from paying any holder of its payment stablecoin any form of interest or yield, whether in cash, tokens, or other consideration, solely in connection with the holding, use, or retention of the stablecoin.

Anticipating that issuers may seek to replicate yield indirectly through affiliates or commercial partners, the FDIC pairs the prohibition with a rebuttable presumption. An issuer is presumed to be in violation if it has an arrangement to pay consideration to an affiliate or related third party, and that affiliate or related third party in turn pays interest or yield to holders of the issuer's stablecoin solely for holding, using, or retaining it. The presumption also reaches cases in which the PPSI issues stablecoins on behalf of, or under the branding of, a related third party — in that scenario, the end holder is treated as a holder of the PPSI-issued stablecoin for purposes of the prohibition.

That second prong is aimed squarely at white-label and co-branded issuance arrangements, where the regulated issuer is one entity but the customer-facing brand and distribution relationship sit with another. 

A PPSI may rebut the presumption only by submitting written materials that satisfy the FDIC the arrangement is neither prohibited nor structured to evade the prohibition. Taken together, the provision signals that the FDIC intends the no-yield rule to apply substantively, not just on the face of issuer–holder documentation.

🗓️ April 8: FinCEN and OFAC define the AML/CFT and sanctions rules

On April 8, 2026, FinCEN and OFAC jointly issued a proposed rule implementing the GENIUS Act's directive to treat PPSIs as financial institutions under the Bank Secrecy Act and to require an effective sanctions compliance program. The rule puts PPSIs squarely under the full BSA playbook — a risk-based AML/CFT program, SAR filing (at a $5,000 threshold), Customer Due Diligence and beneficial ownership collection for legal entity customers, CTRs, Recordkeeping and Travel Rule, information sharing, enhanced due diligence for correspondent and private banking relationships, and special measures — plus two PPSI-specific obligations mandated by the GENIUS Act: 

(1) technical capabilities to block, freeze, and reject impermissible transactions, and 

(2) the capability to comply with "lawful orders" to seize, freeze, burn, or prevent the transfer of payment stablecoins. 

On the sanctions side, OFAC proposes a new Part 502 codifying a five-element effective sanctions compliance program (senior management commitment, risk assessment, internal controls, testing and auditing, and training), modeled on OFAC's 2019 Compliance Framework and 2021 Virtual Currency Industry Guidance.

On Travel Rule specifically: FinCEN's 2019 interpretive guidance (FIN-2019-G001) had already clarified that transmittal orders involving convertible virtual currencies (CVCs) — a category that includes payment stablecoins — qualify as "transmittals of funds" under the Recordkeeping and Travel Rules, because a CVC transmittal order is an instruction to pay "a determinable amount of money." The underlying Travel Rule obligation therefore already applied. What is new is that FinCEN proposes amending the definition of "transmittal order" in 31 CFR 1010.100(eee) to expressly include payment stablecoin alongside "money", codifying the 2019 position and removing any remaining room for interpretation post-GENIUS. PPSIs are also being added to the list of institutions in § 1010.410(e)(6), giving them the same PPSI-to-PPSI and PPSI-to-bank exceptions that banks and broker-dealers enjoy.

The relevance of Travel Rule requirements extends well beyond Travel Rule compliance in itself. OFAC sanctions are a strict-liability regime — a PPSI can be held civilly liable for a violation even without knowledge that it was engaging in one — and the rule makes clear that PPSIs must account for identifying and blocking transactions that would violate U.S. sanctions, including stablecoins traded by blocked persons on the secondary market when a PPSI exercises possession or control (for example, through smart contracts). A risk-based OFAC program cannot function on wallet addresses alone; meaningful screening requires counterparty identity. The data PPSIs collect through Travel Rule controls is paramount to ensure the effectiveness of OFAC screening programs.

Finally, proposed § 1033.240(a) implements the GENIUS Act's directive that PPSIs maintain technical capabilities, policies, and procedures to block, freeze, and reject specific or impermissible transactions, and FinCEN expressly extends this obligation to secondary market activity, noting that this is where the majority of illicit stablecoin flows occur.

Conclusion

Read together, these three proposals sketch the operational reality of PPSIs under the GENIUS Act. All three proposals follow the standard 60-day comment window from Federal Register publication, which puts the response deadlines in early June 2026. Overlaying this process is the GENIUS Act's own effective-date mechanic. The Act becomes effective on the earlier of (a) January 18, 2027, or (b) 120 days after the primary Federal payment stablecoin regulators issue final regulations implementing the Act. 

Notabene is actively preparing its response to the FinCEN and OFAC NPRM. Further insights to follow.

Last month, I joined government and industry stakeholders from both sides of the Atlantic at the U.S.–U.K. Transatlantic Taskforce on Markets of the Future. The session brought together U.S. Treasury, the FCA, the Bank of England, and agencies including the SEC, CFTC, FDIC, OCC, and Federal Reserve, alongside asset managers, global banks, payment platforms, and digital asset infrastructure providers.

The discussion was substantive and specific. Participants named real friction points: punitive Basel capital treatment keeping banks out of tokenized markets, definitional mismatches between U.S. and U.K. money market funds, sandbox structures that inadvertently exclude non-U.K. entities, and the gap between where stablecoin policy intent is heading and where operational realities sit today.

I want to share the perspective Notabene brought to the table as it cuts to something foundational that often gets lost in the broader regulatory harmonization conversation.

As tokenization and stablecoin settlement scale, the question is not whether we regulate — it's whether supervision is interoperable across jurisdictions.

Right now, the policy intent between the U.S. and U.K. is largely aligned. The operational realities are not. From Notabene's position — operating the largest AML Travel Rule-compliant network for regulated institutions, connecting thousands of counterparties across more than 100 jurisdictions and facilitating over $2 trillion in annual transaction volume — we see exactly where that friction lives. Here is where we focused.

Interoperability Is the Friction Point

The Travel Rule is not a niche crypto requirement. It is a core FATF standard designed to ensure that cross-border value transfers carry originator and beneficiary information. Over 100 jurisdictions are now implementing some version of it. Interoperability is no longer theoretical, it is foundational to how digital asset markets function safely across borders.

But the U.S. and U.K. implementations diverge in ways that create real, daily compliance asymmetry. In the U.K., firms must transmit core Travel Rule information for crypto transfers regardless of amount, with enhanced requirements once transfers exceed roughly €1,000 in cross-border contexts. In the U.S., Travel Rule obligations generally trigger at $3,000, with different implementation mechanics.

Even though the policies are aligned, that difference alone creates operational friction. A U.K. firm is obligated to receive information on a broader set of transfers than a U.S. counterparty is legally required to send. U.K. firms are also required to report non-compliant U.S. counterparties to the FCA — even where the U.S. counterparty transmitted no data because it had no obligation to do so under U.S. regulations.

This is not a disagreement about AML policy. Both jurisdictions are committed to the same underlying objective. It is a systems interoperability problem — and it has a tractable solution. Alignment on a minimum interoperable data schema and response protocol for cross-border regulated transfers would resolve it. The forthcoming adjustments to align with the revised FATF Recommendation 16 present a timely, concrete opportunity.

Trust Frameworks Should Be Machine-Readable

Both jurisdictions expect firms to conduct risk-based due diligence on counterparties — verifying regulatory status, Travel Rule compliance capability, and safeguards around transmitted personal data. That expectation is sound.

The execution is not. Today, that diligence is largely manual and duplicative. If a U.S. institution and a U.K. institution are both supervised entities, there should be a standardized, machine-readable way to recognize that status and its scope. Not a PDF exchange. A structured, interoperable counterparty trust taxonomy.

This reduces friction while strengthening assurance. That is harmonized supervision done well and critically, it does not require identical regulatory regimes. It requires a shared vocabulary for recognizing equivalent outcomes.

Programmable Compliance Solves the Irreversible Settlement Problem

One of the defining operational challenges in digital asset markets is that once a transfer settles, reversal is difficult. Returning funds can introduce operational, liquidity, and sanctions exposure which are the very risks compliance frameworks are designed to prevent.

U.K. guidance produced by the Joint Money Laundering Steering Group already contemplates confirmation mechanisms to ensure that beneficiary information aligns before value is finalized. That instinct is correct. Programmable compliance is where it becomes actionable.

A pre-settlement authorization layer, which was introduced as an infrastructure upgrade to virtual asset transactions, that allows institutions to validate identity, confirm regulatory status, attach structured compliance metadata, and enforce AML policy before assets move. That transforms the Travel Rule from a recordkeeping obligation into a preventative control.

As stablecoins increasingly serve as settlement rails for tokenized activity, pre-settlement authorization is not an enhancement — it is a prerequisite for safe cross-border scale.

Without interoperable pre-settlement controls, cross-border settlement risk does not stay constant as these markets grow. It scales with volume.

Regulator Visibility Requires Harmonized Protocols

Regulators on both sides of the Atlantic are flying partially blind when Travel Rule exceptions occur cross-border. Without shared reason codes or common escalation thresholds, a compliance failure that is visible to the FCA may produce no signal at all for a U.S. counterpart and vice versa.

Open messaging standards already exist that would enable structured, machine-readable compliance exchange. The Transaction Authorization Protocol (TAP) — the open standard that Notabene Transact and Notabene Flow are built on — is designed precisely for this: allowing verified entities to exchange compliance data securely and consistently before settlement. The point is not to mandate any single framework. It is to recognize that programmable interoperability is technically achievable today, and that aligning around open standards rather than bespoke bilateral integrations would materially reduce friction while strengthening supervisory oversight.

The Window Is Now

The session surfaced broader themes beyond Travel Rule mechanics — punitive Basel capital treatment keeping well-capitalized banks on the sidelines, definitional mismatches between U.S. and U.K. money market funds complicating tokenized collateral use cases, and open questions about how stablecoin issuance recognition will work across jurisdictions as the GENIUS Act moves into implementation.

Running through all of it was a consistent message from industry: we do not need identical rules. We need the rules we have to be interoperable. And we need that interoperability built into infrastructure — not achieved transaction-by-transaction through manual reconciliation.

What stood out about this session was the level of specificity on both sides. Regulators genuinely in listening mode. Industry participants naming concrete friction points rather than offering generalized calls for clarity. That is the right conversation to be having, and the right format for having it.

The taskforce indicated that recommendations will be delivered to the U.S.–U.K. Financial Regulatory Working Group this summer, ultimately reaching the Chancellor and Treasury Secretary. Written follow-up from industry is welcomed and encouraged.

For those who want to shape what comes next: now is the moment to be specific.

Stablecoin payments shouldn't require your finance team to chase down wallet addresses, verify counterparties manually, or reconcile transactions after the fact. In this two-minute walkthrough, I demo how a custodial wallet provider can create and send a compliant invoice that gets paid, verified, settled on-chain, and reconciled — automatically — through Notabene Flow.

We’re excited to announce our integration partnership between Corsa and Notabene, bringing together leading transaction authorization and trust infrastructure with a modern risk operating system for moving digital assets compliantly and at scale.

Notabene provides real-time counterparty coordination and end-to-end transaction authorization solutions for digital asset businesses, enabling secure, compliant data exchange between counterparties. Institutions use Notabene to meet global regulatory requirements and facilitate high-value B2B stablecoin payments while maintaining seamless transaction flows. Corsa delivers the operating layer that unifies compliance data, automates workflows, and turns risk signals into actionable intelligence across the organization.

Together, the integration brings Notabene’s network-driven trust layer directly into the core of compliance operations and helps financial institutions bridge compliance decisioning and transaction execution.

With this integration, teams using Notabene can view Travel Rule information in full context - alongside counterparty data, transaction activity, customer profiles, onboarding data, alerts, and risk signals - all within Corsa.

By simply connecting their Notabene API keys, customers can automatically surface data from the Notabene network inside Corsa with no engineering work required. This securely encrypted data becomes immediately available across customer profiles, transactions, alerts, and investigations, enabling a unified and real-time view of compliance across both counterparties and transactions.

Beyond visibility, the integration enables companies to operationalize Travel Rule data within their broader compliance workflows. Teams can incorporate this data into monitoring, investigations, and decisioning processes - all within Corsa.This allows compliance teams to move beyond fragmented workflows and manage Travel Rule requirements as part of a broader, connected compliance system.

This partnership reflects a shared vision: enabling digital asset institutions to meet global regulatory requirements while moving value with greater speed, confidence, and control.

By combining Notabene’s trust infrastructure with Corsa’s unified compliance and risk OS, teams gain the ability to manage regulatory obligations and customer risk in one place - with full context, control, and automation.

‍

---

For more info, talk to our team or visit www.corsa.finance

The Financial Action Task Force (FATF)'s March 2026 report on stablecoins and unhosted wallets is simultaneously alarming and clarifying. It formally documents the architecture of a compliance failure that we at Notabene have been watching for years.

The report finds that stablecoins now represent 84% of illicit virtual asset transaction volume, surpassing Bitcoin. As of March 2026, there are 259 stablecoins in circulation, with a combined market cap exceeding $300 billion. They're faster, more stable, and more liquid than Bitcoin—exactly the properties that make stablecoins useful for legitimate commerce. The problem is that these same properties make stablecoins attractive to DPRK state hackers, Iranian proliferation financiers, and professional money launderers.

FATF illustrates these dynamics in the infographic below, highlighting the growing role of stablecoins and the increasing use of peer-to-peer transactions through unhosted wallets.

The report notes that stablecoins are increasingly used in peer-to-peer transactions via unhosted wallets, which are not operated by third-party service providers and can fall outside traditional counter-illicit finance controls.

The real story here isn't the stablecoin adoption curve. it's the gap in the compliance framework built to contain it.

The Unhosted Wallet Problem

The FATF report doesn't frame stablecoins as the problem. Its focus is on how they move. Peer-to-peer (P2P) transactions via unhosted wallets are the critical vulnerability the report identifies, and within the current FATF framework, there's no regulatory solution to close it.

By design, P2P transactions between individuals using self-custody wallets fall outside AML/CFT obligations. This allows users to send and receive crypto assets without relying on a regulated intermediary like an exchange or custodian**.** No intermediary means no obliged entity responsible for customer due diligence, transaction monitoring, or suspicious activity reporting. The transaction is visible on-chain, but functionally invisible to competent authorities until it reaches an off-ramp.

This is a structural feature of the framework as written, not an implementation gap.

The FATF acknowledges this honestly. Their guidance as it pertains to Travel Rule coverage on this is clear: obligations fall on VASPs, not individuals. Secondary market P2P transactions don't trigger compliance requirements. However, the report documents case after case of threat actors exploiting this exact dynamic: layering in unhosted wallets, chain-hopping across blockchains, structuring transactions to stay functionally distant from any Travel Rule-covered wallet, then converting to fiat through unlicensed OTC brokers in jurisdictions with weak AML/CFT controls.

What the Report Gets Right

The FATF report makes clear that this is not a detection problem that can be solved with better analytics. The mitigation measures recommended such as identity verification of wallet owner, whitelisting (allow-listing), blacklisting (deny-listing), programmable smart contract controls, blockchain forensics, supervisory colleges, and public-private partnerships are all legitimate tools, and some jurisdictions are already putting them to use:

• Switzerland plans to implement on-chain allow-listing.
• France is deploying blockchain analytics.
• Japan has introduced explicit requirements on stablecoin issuers and intermediaries.
• Singapore has mandated enhanced due diligence for unhosted wallet transfers.

The progress is real, but the problem is that all of these measures are reactive. They freeze addresses after the fact, monitor secondary market circulation, catch exits - but they don't prevent the transaction from happening in the first place.

The Travel Rule Problem

The FATF report is careful but clear on a critical vulnerability: the Travel Rule framework struggles with unhosted wallet scenarios in precisely the way that matters for stablecoin misuse.

The report reiterates that Recommendation 15 and the Travel Rule remain the foundation of crypto AML compliance. Under FATF standards, jurisdictions must ensure that virtual asset service providers (VASPs) are licensed or registered, conduct customer due diligence, monitor transactions, and report suspicious activity, and that they transmit originator and beneficiary information for qualifying transfers. ****It's designed to ensure that compliance-aware intermediaries have visibility and can apply controls. The FATF guidance makes clear that even when a VASP customer is transferring to an unhosted wallet, the VASP must collect beneficiary information.

The problem is what happens next or more precisely, what doesn't.

When a VASP's customer transfers to an unhosted wallet, the VASP now has beneficiary information about an address it doesn't control. That address, in turn, may then transfer to another unhosted wallet. And another. And another. The report calls this the "transactionally distant" problem: threat actors create chains of unhosted wallets that are multiple hops away from any Travel Rule-covered wallet, deliberately fragmenting the transaction trail.

The VASP at the origin can report the first transfer, but once stablecoins land in an unhosted wallet, they're effectively outside the obligated entity network. A VASP monitoring its customer's outbound transfer to an unhosted wallet has limited visibility into what happens downstream. When stablecoins pass through five, ten, or twenty unhosted wallet hops before reaching an off-ramp, no single obliged entity has sight of the full transaction chain. Most importantly, no single obliged entity is responsible for filing a suspicious activity report on the layered transfers that occur outside the Travel Rule-covered ecosystem.

This is a major structural limitation of Travel Rule implementation. The Travel Rule was designed for transfers between obliged entities. It creates visibility at the edges—when stablecoins enter and exit the regulated perimeter—but it has no mechanism to create compliance visibility for movements within the unhosted wallet space.

The FATF acknowledges this by noting that stablecoin issuers may need to play a complementary role, using their ability to freeze or monitor addresses based on information from law enforcement. That ability is reactive, not preventive.

The Authorization Gap

This is where I keep returning to the question that animates much of our work at Notabene: what if the framework required authorization before the transaction, not just information exchange after?

The Travel Rule, as currently implemented, is fundamentally about information exchange and reporting the originator and beneficiary details flowing from one VASP to another, with suspicious activity reporting happening after transfers are processed. Unhosted wallet transactions bypass meaningful compliance precisely because once funds reach an unhosted wallet, they leave the obligated entity network entirely. Travel Rule visibility ends.

The framework needs to evolve beyond information exchange and toward pre-transaction authorization—specifically for flows involving unhosted wallets or chains of unhosted transfers.

The Transaction Authorization Protocol (TAP), an open standard protocol that embeds compliance directly into transaction settlement, is designed to solve exactly this problem. It complements the Travel Rule by adding an authorization layer that operates at the point of settlement, not just at the point of information exchange.

What Needs to Happen

The FATF report makes clear recommendations for jurisdictions: establish comprehensive legal frameworks, impose clear AML/CFT obligations on stablecoin issuers, assess and mitigate P2P risks, leverage advanced tools, and foster public-private collaboration.

But the report also, implicitly, shows the limits of the current approach. The existing framework allows for supervisory oversight of stablecoin issuers, enhanced due diligence for unhosted wallet transfers, mandatatory blockchain analytics, and address freezing.

None of these can prevent a compliant intermediary's customer from transferring stablecoins to an unhosted wallet controlled by a sanctioned entity, because the customer is acting on their own behalf, using tools available to them, and the transaction doesn't directly involve an obliged entity.

Notabene propose a two-fold response:

1.  Push harder on implementing and strengthening the Travel Rule in the stablecoin ecosystem. The FATF requires VASPs to collect beneficiary information even for unhosted wallet transfers. But compliance with this requirement is uneven, and the tools for monitoring downstream transfers are limited. Jurisdictions need stronger enforcement of Travel Rule obligations, clearer standards for what beneficiary verification means for unhosted wallets, and better mechanisms for VASPs to share risk assessments when they know a customer is transferring to high-risk addresses.

2. The framework needs to evolve beyond the Travel Rule's information-exchange model, and toward pre-transaction authorization. The Transaction Authorization Protocol, also known as TAP — is a framework that embed compliance checks directly into transaction settlement—can close the visibility gap that the Travel Rule inevitably creates. Where the Travel Rule ensures that originator and beneficiary information is collected and reported, TAP would add a gate: real-time verification, risk assessment, and approval before settlement, with compliance rules embedded in the transaction itself.

The Travel Rule works when both parties are in the obligated entity ecosystem. TAP is designed specifically for the edge cases of transfers to unhosted wallets, cross-chain movements, and higher-risk scenarios where the Travel Rule's reach is limited.

For stablecoin issuers, this means embedding compliance logic into smart contracts that can enforce authorization requirements at the protocol level. A transfer to an unhosted wallet could trigger cryptographic ownership proof before settlement.  Rules can be enforced not just through monitoring and remediation, but through the transaction mechanics itself.

This shifts responsibility from surveillance to prevention, and from ex-post reporting to ex-ante controls.

The DPRK's use of Tether to finance weapons procurement, Iranian actors converting stablecoins for components, terrorist financiers using densely structured wallet hops to move funds—these cases share a common thread. The privacy, liquidity, and pseudonymity built into the unhosted wallet architecture have become properties that existing compliance frameworks can't adequately address. The March 2026 FATF report documents this gap with precision.

The solution is not to abandon the Travel Rule, but to build solutions that extend its reach. Stronger enforcement of Travel Rule obligations on unhosted wallet transfers and open frameworks that bring compliance controls into the settlement layer itself are how we actually close this gap.

‍

São Paulo/New York - 25 February 2026

Notabene, Veirano Advogados and ABToken announced today the launch of the Brazil Virtual Asset Regulatory Playbook, a practical implementation guide designed to help institutions navigate Brazil’s new regulatory framework for virtual asset service providers, including licensing, operational, AML/CFT obligations and Travel Rule requirements.

With the Central Bank of Brazil’s (BCB) new rules for virtual asset service providers (VASPs) now in force, Brazil enters a new phase of supervised virtual asset activity. The framework established by BCB Resolutions 519, 520, and 521 introduces a comprehensive licensing, supervisory, and AML/CFT regime for VASPs, as defined under Brazilian Law No. 14,478/2022.

Crucially, while Travel Rule obligations will be phased in through 2028, certain foreign exchange (FX) reporting requirements begin much sooner. Under BCB Normative Instruction No. 693, institutions must begin monthly reporting of FX-scoped virtual asset transactions, including self-hosted wallet and cross-border transfers, starting in May 2026. In practice, this means key originator and beneficiary data collection capabilities must be operational well ahead of full Travel Rule enforceability.

Designed for compliance, legal, operations, and product teams, the Brazil Playbook provides detailed guidance on:

• The VASP licensing framework and supervisory timelines;
• A breakdown of Travel Rule obligations under BCB Resolution 520;
• How foreign exchange reporting requirements intersect with Travel Rule controls; including the May 2026 monthly reporting obligation; 
• The requirement for SPSAVs conducting FX-scoped activities to obtain both SPSAV and foreign exchange market licenses; and
• A phased implementation roadmap aligned to 2026 - 2028 enforcement milestones.

The Travel Rule framework under BCB Resolution No. 520 requires SPSAVs to collect, verify, retain, and transmit originator and beneficiary information for all virtual asset transfers, regardless of value. The guide outlines the two-phase rollout of Travel Rule obligations, beginning with domestic transfers between Brazilian VASPs and extending to cross-border transfers by 2028.

“Brazil’s new framework brings clarity, structure, and accountability to the virtual asset market,” said Catarina Veloso, Director of Regulatory & Compliance at Notabene. “The May FX reporting milestone makes it clear that institutions cannot wait until 2027 or 2028 to operationalize Travel Rule capabilities. This Playbook is built to help firms make meaningful progress throughout the two-year phased implementation period, while ensuring they meet interim regulatory milestones along the way.”

“The Central Bank’s regulations represent a structural shift in how virtual asset services are supervised in Brazil”, said Marcos Rocha, Partner at Veirano Advogados. “By clarifying the interaction between licensing, AML/CFT controls, and foreign exchange obligations, we aim to give market participants quick practical guidance.”

“This is a defining moment for Brazil’s virtual asset ecosystem,” said Regina Pedroso, Executive Director at ABToken. “Clear rules and coordinated implementation strengthen trust across the market and position Brazil as a leading jurisdiction for responsible innovation in virtual asset services.”

The Brazil Virtual Asset Regulatory Playbook is available for download now. Download the guide: https://notabene.id/reports/brazil-virtual-asset-regulatory-playbook

‍

ENDS

About the Contributors

Notabene is the trust layer for global crypto money movement. Our products include Notabene Flow, the first open stablecoin payments platform for businesses, and Notabene Transact, the world's largest Travel Rule-compliant transaction authorization platform for regulated institutions. The Notabene network connects thousands of trusted counterparties, facilitating over $2T in transaction volume annually across more than 100 jurisdictions. It’s built on the Transaction Authorization Protocol (TAP), our open messaging standard that enables verified entities to transact securely. Notabene provides industry-leading tools for stablecoin payment coordination, real-time transaction authorization, counterparty verification, and self-hosted wallet identification—helping institutions build trust into every transaction.

Veirano Advogados is a leading Brazilian law firm with extensive experience advising clients in the fintech and digital assets industries. The firm has been closely involved in some of the most relevant projects in the Brazilian financial and crypto-asset markets, assisting both domestic and international clients on licensing, regulatory structuring, product launches, and complex cross-border transactions. Veirano’s team combines deep knowledge of the Brazilian financial regulatory framework with practical experience in the implementation of compliance programs, providing clients with pragmatic and business-oriented legal solutions in a rapidly evolving regulatory environment.

ABToken is a leading Brazilian industry association created to strengthen the country’s digital asset and tokenization ecosystem. The Association works to promote innovation alongside high standards of governance, regulatory compliance, and market integrity. ABToken represents tokenization platforms, blockchain companies, and virtual asset service providers (VASPs), serving as a unified voice for the sector in its engagement with regulators, policymakers, and market participants, and contributing to the development of a safe, credible, and sustainable digital finance environment in Brazil. 

‍

London / New York — 9 February 2026

Notabene today announces new regulated banking customer, AMINA Bank AG (“AMINA Bank”),  a Swiss Financial Market Supervisory Authority (FINMA)-regulated crypto bank with global reach, to advance trusted infrastructure for transactions across crypto and traditional financial rails.

As digital assets continue to intersect with regulated finance, institutions on both sides are increasingly subject to the same regulatory expectations, even when operating on fundamentally different infrastructures. Standards developed for traditional finance, including FATF’s payment transparency requirements under Recommendation 16, have long been embedded in banking workflows. These expectations have since been extended to virtual assets and VASPs through the Crypto Travel Rule, creating a shared regulatory baseline across the two systems.

However, regulatory alignment has not translated into operational consistency. Differences in infrastructure, workflows, and counterparties mean that applying long-established expectations of counterparty trust to crypto transactions, particularly when value moves between the two environments, remains an operational challenge.

With this partnership, Notabene and AMINA Bank are addressing the real-world application of Travel Rule requirements across crypto-native infrastructure and regulated banking environments. Notabene’s platform enables secure information exchange and transaction transparency across crypto transactions. AMINA Bank provides banking services across traditional financial and digital assets in one place, serving clients from over 40 countries. Through this integration, AMINA Bank can now extend a more streamlined and automated experience for Travel Rule compliance.

“As institutional portfolios increasingly include crypto alongside traditional holdings, clients require infrastructure that works across both environments without creatng compliance friction,” said Myles Harrison, Chief Product Officer at AMINA Bank. “Integrating Notabene’s technology allows us to provide a more streamlined compliance framework that reduces operational friction, allowing clients to transact between crypto and traditional finance with ease.”

“FATF standards are well established in banking, but applying them consistently when value moves between crypto and traditional financial systems is still an open operational challenge,” said Pelle Braendgaard, CEO of Notabene. “AMINA is able to leverage the Notabene platform as a system of record for seamless, trusted transactions as these markets continue to converge.”

As the trust layer for global money movement, Notabene works with crypto-native firms and financial institutions to support secure information exchange, authorisation, and transparency across all transactions. Through partnerships such as the one with AMINA Bank, Notabene is moving the industry towards more consistent, operationally viable transaction flows between crypto and traditional finance.

This partnership marks an important step toward bridging operational and regulatory understanding between crypto and traditional finance, as institutions seek practical ways to support compliant, trusted digital asset activity within existing financial frameworks.

‍

ENDS

‍

Media Inquiries

[email protected]

The Digital Asset Market Clarity Act is the most comprehensive effort so far to establish a federal framework for digital assets in the United States. While much of the debate has focused on securities classification and innovation, the bill’s most consequential shift sits elsewhere, specifically in how it governs illicit finance and the movement of funds.

Rather than treating compliance as an afterthought applied after transactions occur, the proposed bill advances a different premise: that payment integrity must be built into the transaction itself. This approach aligns digital asset markets with long-standing expectations in traditional finance, where authorization, counterparty assurance, and traceability are prerequisites—not afterthoughts—for moving money.

Anti-money laundering controls, sanctions compliance, and the Travel Rule are no longer framed as constraints on innovation. They are framed as the trust infrastructure required for digital assets to function as real payment rails.

This is not about reinventing financial crime compliance. It is about extending it deliberately into digital asset markets, and in doing so, laying the foundation for crypto payments that institutions, regulators, and users can trust.

Bringing digital asset intermediaries under the Bank Secrecy Act

Title II explicitly places digital commodity brokers, dealers, and exchanges under the Bank Secrecy Act (BSA).

Section 201 removes any remaining ambiguity about whether crypto intermediaries are covered financial institutions. It directs the Treasury, through FinCEN, to apply AML and counter-terrorist financing requirements in a risk-based manner, consistent with how banks and payment providers are supervised today.

That includes:

• Risk-based AML/CFT programs
• Customer identification and due diligence
• Recordkeeping and suspicious activity reporting
• Compliance with U.S. sanctions administered by OFAC

This matters because BSA coverage is the legal foundation for the Travel Rule. Once an entity is clearly in scope, requirements to collect, transmit, and retain originator and beneficiary information are no longer theoretical, they are enforceable.

The Travel Rule: reinforced, not reinvented

The bill does not rewrite the Travel Rule. Instead, it strengthens the legal perimeter that allows it to function in digital asset markets.

Two provisions are critical:

First, by confirming that digital commodity intermediaries are BSA-covered institutions, the bill eliminates arguments that crypto transfers fall outside the transmittal-of-funds framework altogether.

Second, Title III, Section 303 introduces a special measure for certain transmittals of funds, modeled on Section 5318A of the BSA. This is the same authority Treasury uses to restrict or cut off transactions involving jurisdictions, institutions, or transaction types that present elevated money laundering risk.

Applied to digital assets, this authority allows Treasury to condition, monitor, or prohibit specific crypto fund flows where transparency or compliance breaks down.

The bill reinforces this approach further by explicitly including digital assets in the definition of monetary instruments, closing any remaining gap between crypto transfers and established concepts of value transmission.

Why the Travel Rule makes crypto payments safer

The Travel Rule is often framed as a compliance burden. In practice, it’s a basic safety mechanism.

By requiring originator and beneficiary information to accompany a transaction, the Travel Rule creates accountability across payment chains. It allows institutions to assess counterparty risk before execution, rather than relying solely on post-transaction monitoring.

This is how traditional payment systems work. Wire transfers, correspondent banking, and cross-border settlement depend on shared information standards to function safely.

Without those standards, payments become fragmented and high-risk. The same is true in crypto. When no one knows who is sending or receiving value, legitimate actors pay the price and illicit actors benefit.

The Travel Rule is about authorization and risk management. It enables compliant institutions to transact with confidence and limits the ability of bad actors to exploit opacity.

From transaction monitoring to transaction authorization

Another important shift in the bill is its emphasis on pre-transaction controls, not just after-the-fact reporting.

Several provisions authorize temporary holds, enhanced scrutiny, or conditions on execution where illicit finance risk is elevated. This brings crypto compliance closer to how mature payment systems actually operate.

In traditional finance:

• Certain payments require additional review before execution
• High-risk transfers may be delayed or blocked
• Authorization workflows are built directly into payment rails

By explicitly addressing digital asset transmittals within the BSA framework, the bill opens the door for similar controls in crypto especially for institutional, cross-border, and high-value transactions.

This reflects a simple reality: reporting suspicious activity after value has moved is often too late. Preventing abuse requires the ability to stop or condition transactions before settlement.

Payments transparency as operational infrastructure

Title II treats payments transparency as an operational requirement, not a policy aspiration.

The bill:

• Encourages the use of blockchain analytics in AML programs
• Expands examination standards for digital asset firms
• Directs attention to mixers, kiosks, and offshore intermediaries

It also focuses enforcement at key access points, such as digital asset kiosks and user-facing application layers. Even where underlying protocols are decentralized, the interfaces that enable access are expected to screen for sanctions exposure and high-risk activity.

This reflects how illicit finance actually works. Risk concentrates at entry and exit points, not deep inside protocol code.

Transparency at these points allows regulators to distinguish lawful activity from abuse—and allows compliant institutions to transact without assuming unnecessary risk.

What this means for crypto payments

Taken together, the illicit finance provisions of the Digital Asset Market Clarity Act point to three clear conclusions:

1. Crypto payments will be held to the same standards as traditional payments
2. Including AML controls, sanctions screening, and Travel Rule compliance.
3. Risk assessment is moving closer to execution
4. Authorization, not just monitoring, becomes central to compliance.
5. Compliance is a condition for access, not a barrier to innovation
6. Firms that cannot support transparency and authorization will struggle to connect to regulated payment networks.

The bill doesn’t solve every implementation challenge. But it draws a clear line: crypto payments that connect to the U.S. financial system must be traceable, authorizable, and accountable.

That’s how crypto payments become infrastructure—not an exception.

So what’s next: from markup to the President’s desk

The Clarity Act has already cleared an important milestone: it passed the U.S. House of Representatives with bipartisan support. The bill now moves to the Senate.

The next major milestone is markup, where the Senate will decide whether to take up the House-passed bill as written or advance its own version. That process includes committee review and potential amendments, particularly around market structure and illicit finance provisions. If the Senate’s version differs, the two chambers will need to reconcile the text before final passage.

Only once both the House and Senate pass identical language can the bill be sent to the President for signature.

Even then, the work won’t be finished. Much of the real impact will come through Treasury and FinCEN rulemaking, which will determine how AML, sanctions apply in practice especially for transaction authorization and cross-border crypto payments.

For compliance and payments teams, this is a key moment. The direction is set: crypto payments connected to the U.S. financial system will be expected to meet the same trust standards as traditional payments. What’s still being decided is how those standards are implemented.

Have questions about how this legislation might impact your business? Schedule a call with our Regulatory & Compliance team—we’d be happy to provide our perspective help you navigate this new regulatory landscape.

We previously reported on Hong Kong’s new stablecoin issuer regime, which introduced a comprehensive set of Travel Rule obligations for licensed issuers. As the HKMA now moves from reviewing applications to making licensing decisions, issuers that treat Travel Rule as an afterthought risk delaying their go-live—operational readiness on Day 1 will be the real differentiator.

The Stablecoins Ordinance took effect on August 1, 2025, alongside the HKMA’s AML/CFT Guideline for licensed stablecoin issuers. The HKMA made clear that AML/CFT requirements—including Travel Rule compliance—apply to licensed stablecoin issuers.

The Guideline states explicitly in section 1.6 that the minimum AML/CFT criteria 

“apply when a licensee is granted a license and continue to apply throughout the licensee’s conduct of licensed stablecoin activities.” HKMA AML/CFT Guideline for Licensed Stablecoin Issuers

In practice, the HKMA expects Travel Rule compliance to be addressed in the AML/CFT policies and procedures submitted as part of the license application. Once a license is granted, stablecoin issuers cannot commence operations until they are able to comply with the Travel Rule—meaning the necessary systems must be fully implemented, tested, and ready to go live before any regulated stablecoin activity begins.

The Ordinance included a transitional regime for entities already conducting regulated stablecoin activities before August 1, 2025, allowing eligible firms to continue operating while their license applications were assessed. This transitional window closes at the end of January 2026, with the HKMA able to grant provisional licenses up to February 1, 2026.

In practice, however, no entity actually benefited from the transitional regime, meaning there are no issuers operating under transitional status while awaiting approval.

The market is now entering the next phase: the HKMA is reviewing the first wave of applications, specifically those submitted by the end of September 2025, and expects to issue licensing decisions early this year.

The market is now entering the next phase: the HKMA is reviewing the first wave of applications, specifically those submitted by the end of September 2025, and expects to issue licensing decisions early this year. For applicants in this first cohort, the priority is to avoid a post-approval scramble—because the fastest route to launch is the one where operational compliance is ready before the license arrives.

For teams navigating this next phase of approvals and compliance readiness, join our upcoming webinar: HKMA Stablecoin Licensing Decisions Are Coming — Are You Ready? 

What issuers should be doing now to protect go-live timelines

• Finalize your Travel Rule solution selection process and complete vendor due diligence
• Map end-to-end stablecoin transfer flows, including self-hosted wallet scenarios
• Approve detailed operating procedures and internal controls for stablecoin transfers
• Assess counterparty readiness, including messaging standards and data availability
• Integrate Travel Rule data into transaction monitoring and sanctions screening
• Produce evidence of testing and operational readiness, so compliance is demonstrable on Day 1

A closer look into Travel Rule obligations for Stablecoin Issuers

Scope of Application

The Guideline on Anti-Money Laundering and Counter-Financing of Terrorism (For Licensed Stablecoin Issuers) applies to stablecoin issuers that hold a license granted under section 15 of the Stablecoins Ordinance.

In the HKMA’s words:

“This Guideline is issued … for a stablecoin issuer which holds a license granted under section 15 of the Stablecoins Ordinance (hereafter referred as ‘licensee’). A licensee is a financial institution as defined in Part 2 of Schedule 1 to the AMLO.”

The HKMA is explicit that compliance with the Guideline is necessary to meet statutory obligations under both the Stablecoins Ordinance and the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (AMLO). 

“A licensee should meet these requirements in order to comply with the statutory requirements under the Stablecoins Ordinance and the AMLO.” HKMA AML/CFT Guideline

What that means in practice

• Only licensed stablecoin issuers are directly subject to these guidelines.
• Once licensed, the issuer is treated as an AML/CFT-obliged financial institution under Hong Kong law.
• The obligations apply to:
  • the entity itself,
  • its officers, senior management, and staff, and
  • its licensed stablecoin activities, including issuance, redemption, and stablecoin transfers.

When the obligations apply

Importantly, the guidelines are not just ongoing supervisory expectations. They apply:

“when a licensee is granted a license and continue to apply throughout the licensee’s conduct of licensed stablecoin activities.”

This is why the HKMA expects applicants to demonstrate compliance readiness at the point of licensing, not after.

Who they do not directly apply to

• Unlicensed stablecoin issuers (though they cannot legally operate once licensing is required)
• Wallet providers, VASPs, banks, or intermediaries unless they are also licensed stablecoin issuers
• Overseas group entities, except to the extent group-wide AML/CFT controls are required by the licensed issuer (Chapter 3)

That said, counterparties do feel the impact indirectly, because licensed issuers must assess whether counterparties can meet Travel Rule and data-protection requirements before transacting with them (Chapter 6).

For pre-existing issuers operating under transitional arrangements, January marks the end of the window to continue business without a full license. For new applicants, January is when the HKMA starts deciding who's actually ready versus who's just talking about readiness.

Zero Tolerance for Compliance Gaps

Unlike jurisdictions that set minimum thresholds for Travel Rule compliance, Hong Kong takes a zero-threshold approach. Every stablecoin transfer requires travel rule compliance, regardless of amount. For transfers below $8,000, issuers must still collect and transmit originator and recipient names plus account information. Above $8,000, they need to transmit a broader scope of originator identifying information, as further detailed in our Hong Kong jurisdiction page.

End-to-end Travel Rule processes

Chapter 6 of the Guideline sets out detailed obligations for ordering, intermediary, and beneficiary institutions, in which they need documented procedures for collecting and verifying originator and beneficiary information, transmitting required data immediately and securely, and rejecting or escalating transfers with missing information. For more details, consult our Hong Kong jurisdiction page. 

A functioning Travel Rule technology solution

If you rely on a third-party Travel Rule solution, the responsibility still sits with you. The HKMA requires due diligence proving your solution can identify counterparties, transmit data securely in real-time, handle transaction volume, and support sanctions screening. 

Counterparty due diligence 

Travel Rule compliance depends on who you transact with. The HKMA requires issuers to assess whether counterparties can meet Travel Rule and data-protection obligations before entering into stablecoin transfer relationships.

This is particularly important given the global patchwork of Travel Rule implementation. Issuers must be able to justify why a counterparty is acceptable or restricted.

Integration with monitoring and sanctions screening

Travel Rule data isn’t standalone. The HKMA expects it to feed into transaction monitoring and sanctions screening programs under Chapters 5 and 7 of the Guideline.

That includes screening originators and beneficiaries before executing transfers and using Travel Rule information to detect suspicious activity.

Self-hosted Wallets Get Enhanced Scrutiny

The guidelines take a particularly cautious approach to self-hosted wallet transactions. Stablecoin issuers must:

• Screen wallet addresses against databases of illicit activity
• Implement enhanced monitoring for higher-risk wallets
• Apply transaction limits where appropriate
• Collect originator/recipient information for all transfers to/from unhosted wallets

For more details, consult our Hong Kong jurisdiction page. 

Ongoing monitoring

The HKMA recognizes that stablecoin transactions are visible on-chain and that tools like blockchain analytics, wallet screening, blacklists, and freezing mechanisms can help detect and respond to illicit activity. However, the HKMA takes the view that “the effectiveness of these risk mitigating measures is yet to be proven”—especially for peer-to-peer transfers involving self-hosted wallets—the HKMA expects issuers to take a cautious approach. This means that unless an issuer can clearly demonstrate that its risk controls are effective, the HKMA’s default expectation is that the identity of every stablecoin holder should be verified, even where that holder is not a customer of the issuer. In practice, this can create an obligation to verify the identity of third parties, either directly by the issuer or via a supervised financial institution/VASP or another reliable third party.

Operational readiness is your competitive edge

With the HKMA reviewing the first applications, Hong Kong’s stablecoin regime is moving from paper to practice. The framework sets a high bar, and issuers that can translate policies into operational capability will be better positioned to launch quickly once licensed. Travel Rule compliance, in particular, needs to be designed into the operating model from the start—it can’t be treated as a bolt-on—because it shapes everything from customer flows to monitoring, investigations, and SAR reporting. As licensing decisions begin to come through, the first-to-market issuers will be those that can demonstrate readiness and begin operating without delay.

For teams navigating this next phase of approvals and compliance readiness, join our upcoming webinar: HKMA Stablecoin Licensing Decisions Are Coming — Are You Ready? 

🎥 Register to attend

In 2025, the conversation around crypto and stablecoins fundamentally changed.

What was once framed as innovation at the bleeding edge of technology became infrastructure at the center of how financial organizations do business. Regulations matured, transaction volumes surged, and institutions moved decisively from experimentation to execution. In this environment, trust was no longer an aspiration. It became a prerequisite for scale.

For Notabene, 2025 was the year our founding vision became undeniable to the rest of the crypto and financial worlds. When the Financial Action Task Force (FATF) extended the Travel Rule to crypto in 2019, much of the industry viewed it as added friction—a compliance requirement imposed on a fast-moving ecosystem. At Notabene, we saw something fundamentally different.

We saw a catalyst for building what crypto had been missing since day one: a transaction authorization layer that enables digital assets to function as essential financial infrastructure. That belief has guided our work from the start, and in 2025 it began to fully take shape on Notabene as a powerful platform for trusted, programmable and revenue-generating transactions across the globe.

As the market evolved, so did our platform.

In 2025, Notabene evolved into a core payments infrastructure provider and system of record for financial institutions globally

That evolution was anchored by the launch of Notabene Transact, our next-generation transaction authorization and compliance engine.

Transact is the operational core of the Notabene platform and the system of record that regulated financial institutions rely on to move digital assets at scale. It is where counterparty due diligence, policy enforcement, and transaction authorization come together in real time, enabling institutions to make automated, risk-aware decisions before value moves.

By embedding compliance and authorization directly into transaction flows, Transact enables high straight-through processing rates while meeting the regulatory requirements of operating across jurisdictions. What began as Travel Rule infrastructure has evolved into a foundational layer that institutions depend on to operate, scale, and connect with confidence on the Notabene Network.

When we started Notabene, we saw compliance as a critical stepping stone—the core—but not the end goal. Enabling compliant transactions at scale meant starting with the hardest problem first: getting compliance right. The vision was to embed trust directly into how transactions are authorized, coordinated, and settled so that digital assets could support real-world payments at scale. We made this possible last year with the launch of Notabene Flow, the first open stablecoin payments platform built for businesses.

Notabene Flow introduces new payment capabilities such as pull payments and recurring subscriptions, enabling our fast-growing network to provide instantaneous stablecoin payments to  the global B2B market. It also represents a shift from enabling individual transactions to enabling complete payment workflows that meet both operational and regulatory expectations.

By embedding compliance, identity, and authorization directly into payment flows, Notabene Flow takes stablecoins beyond simple transfers and into real commercial use, enabling new revenue flows for institutions in our network. It is a critical step toward making stablecoins usable at scale in everyday business.

Apply to be a partner

Explore the Flow Whitepaper

When we look back at 2025, a few themes become clear to us.

Growing transaction volume across borders requires a built-in trust layer

In crypto’s early years, compliance was often treated as an add-on, implemented only when regulation made it unavoidable—and as a result, it was frequently viewed by business teams as friction rather than an enabler. By 2025, that mindset no longer held.

As transaction volumes grew and stablecoins moved into real payment flows, trust could no longer be bolted on after the fact. Growth itself began to require shared standards, interoperability, and regulatory alignment built directly into how value moves.

That shift was not anecdotal. It was visible in the data and in the scale of the Notabene Network, which by Mid-2025, surpassed $1 trillion in total transaction volume processed across our network. While the first $500 billion took us three and a half years to grow into, the second happened in just 6 months. This exponential growth trend continues with the Notabene Network knocking on the door of $2T just a few months later.

This milestone reflects both the scale at which our customers operate and the role Notabene plays in enabling compliant global transactions. As institutions handle higher volumes across more jurisdictions, Notabene increasingly serves as the connective infrastructure that allows crypto and stablecoin payments to move safely between counterparties.

Compliance became an enabler of doing business for anyone working with digital assets

As regulatory expectations moved from concept to enforcement across 2025, one question dominated the industry: Is the market ready?

In April 2025, Notabene released the State of Crypto Travel Rule 2025 Report, the fourth annual edition of our comprehensive analysis of Travel Rule adoption, readiness, and implementation trends across the digital asset ecosystem. The report draws on survey data from nearly one hundred Virtual Asset Service Providers and input from regulatory bodies to capture how the industry is navigating evolving compliance landscapes.

One finding stood out. An unprecedented 100% of VASPs surveyed reported that they plan to be Travel Rule compliant by the end of 2025, reflecting a decisive shift from earlier years when compliance was optional or aspirational. Nearly nine in ten respondents expected to meet requirements in the first half of the year, underscoring the urgency across the market.

What the survey data shows is reinforced, and in many cases surpassed, by what we see across the Notabene platform itself. Over the past year, there has been a sharp increase in due diligence questionnaire requests, rapid adoption of policy engines, and a growing density of live connections between institutions. These are not theoretical commitments. They are operational signals that firms are actively raising their compliance standards to work with one another.

The data also revealed deeper operational change. Institutions are increasingly blocking withdrawals until beneficiary information is confirmed and returning deposits if originator data is missing. Compliance is no longer a policy exercise. It is becoming embedded directly into transaction flows, counterparty selection, and go to market decisions.

Taken together, the message is clear. Travel Rule compliance is no longer a regulatory checkbox. Companies operating on the Notabene platform are setting a global standard for what good looks like, proving that robust compliance has become a prerequisite for participation, connectivity, and growth in an increasingly interconnected and regulated digital asset economy.

Open messaging layers are essential for global stablecoin payment networks

Stablecoins will only deliver on truly global, borderless payments if the messaging layer is open. We’ve seen this before: shared standards like SWIFT and ISO 20022 made global bank-to-bank transactions possible, just as HTTP, SMTP, and SSL allowed the open internet to scale beyond closed, proprietary networks.

The same is true for crypto. Travel Rule compliance and transaction authorization cannot rely on closed protocols controlled by a few players. That approach fragments the ecosystem and limits innovation.

This is why we built the Transaction Authorization Protocol (TAP). TAP is an open messaging standard that enables pre-settlement coordination while preserving the permissionless nature of blockchain networks. It adds the missing authorization layer so transactions carry intent, compliance, and accountability alongside value.

By embedding regulatory checks directly into transaction flows, TAP turns compliance into infrastructure. Stablecoin payments become faster, safer, and more interoperable than traditional rails.Backed by Notabene’s open network of 2,000+ institutions, TAP lays the foundation for mainstream, compliant global stablecoin adoption.

Policy, payments, and infrastructure are converging

‍Trust is not built by infrastructure alone. It is reinforced through community. Our community-building initiatives in 2025 helped to generate a shared understanding, open dialogue, and alignment across the crypto payments ecosystem.

At our second annual Notabene Summit in New York City, we convened leaders from financial institutions, crypto-native companies, regulators, and infrastructure providers as stablecoins and compliant payments moved from theory to execution. The Summit focused on the convergence of traditional finance and crypto, the role of stablecoins in cross-border payments, and the importance of industry-regulator collaboration as adoption accelerates.

The event also marked a major milestone for Notabene with the launch of Notabene Flow, opening a new chapter in compliant stablecoin payments. Panels featured senior leaders from organizations including Mastercard, Robinhood, the U.S. Treasury, the Blockchain Association, BVNK, and Bitso, with discussions centered on real-world execution: operationalizing stablecoin payments, navigating regulatory expectations, and building interoperable infrastructure that can scale globally.

We carried these conversations forward with Stack Chats, a video interview series focused on the strategic and operational realities of payments, compliance, and digital asset infrastructure. Episodes featured leaders including Clarisse Hagege, Anoosh Arevshatian, and Kevin Lehtiniitty, sharing candid perspectives on innovation, regulation, and global scale.

The next episode will launch in early 2026 as these conversations continue into the year ahead.

Looking Ahead to 2026: From Momentum to Execution

The foundation we laid in 2025 sets a clear direction for the year ahead and we could not be more excited to execute our vision for an open, trusted, and value-accruing network of regulated financial institutions.

We’re focused on the following areas as we hit the ground running in 2026.

Building the system of record for regulated financial institutions

As large financial institutions and regulated crypto exchanges continue to build and grow in additional jurisdictions across the globe, they demand a best-in-class authorization and orchestration layer to power their transactions in a compliant and trusted way.

In the United States, proposed legislation such as the GENIUS Act reflects a broader shift toward clear, enforceable expectations for digital asset transactions. While regulatory frameworks differ by jurisdiction, the direction is consistent: regulated institutions need infrastructure that can support authorization, compliance, and reporting by default. This continued alignment reinforces the need for a shared system of record as digital assets move further into mainstream financial activity.

With our powerful set of tooling that facilitates automated decision-making and compliance engine with unmatched straight-through processing rates, we are fast becoming the de facto system of record for FIs, fintechs, and crypto-natives as they build out their payments infrastructure. Our commitment to open standards, interoperability, and industry-leading security have made Notabene the first name that regulated institutions turn to for compliant, trusted digital asset transactions.

Combined with automated reporting and analytics, our powerful transaction authorization platform has evolved beyond so much more than a Travel Rule compliance solution. Our customers are now turning to us as a foundational piece of their core digital asset infrastructure—and we're doubling down on our investment in product innovation to help our customers drive even more efficiency and compliant transaction volume on their platforms while de-risking their business at the same time. You can expect many more product enhancements on our core platform in 2026 to drive even more value for our customers.

Enabling high-value B2B stablecoin payment flows across the globe

As we write about in our Notabene Flow whitepaper, there is a good reason that stablecoins have yet to take a meaningful bite out of the $120T global B2B payments market. Context is missing. Trust is missing. Authorization is missing. While the gains in transaction speed and affordability are undeniable for a classic one-directional push payment, the reality is that the higher-value payments that unlock real utility for large enterprise need to have Trust, Context, and Authorization in place to enable payment types that they rely on for daily commerce, pull payments and recurring subscriptions, and metered billing.

This is where the Notabene Flow vision meets reality. By bringing this payment layer to our existing network of active regulated FIs and exchanges, Notabene is set to kickstart the adoption of stablecoins for B2B payment applications in 2026. We’re thrilled to be working side-by-side with our founding partners of Notabene Flow to continue building out our APIs and tooling to support their business use cases and many more as the year unfolds.

You can sign up today to join the network, and join us in-person in New York and London to learn more at our Notabene Flow Roadshow meetups next month.

Accelerating the agentic payments future

Perhaps the only word more ubiquitous than stablecoins last year was agentic. And for good reason, with agentic payments poised to revolutionize the way that consumers and businesses operate in 2026 and beyond. Notabene is actively investing in building this future with some exciting new developments in our Transact product, bringing robust and instantaneous counterparty due diligence to our 250+ customers, as well as working to bring more complex payment routing to members of the Notabene Flow network with real-time payment orchestration built not only on efficient routing but also factoring in the critical elements of counterparty trust and transaction context so that agentic payments can really prioritize what matters most to each individual party.

Keep an eye on this space as we invest in accelerating the future of agentic payments for our customers in 2026.

Thank you for building with us in 2025. Here’s to an even more incredible 2026!

To our customers, partners, and community, thank you for being a part of the Notabene ecosystem in 2025. A core part of our philosophy is the belief that no one company alone can build the future we all want to see. We thank you for being a part of our story in 2025 and are honored for you to join us as we move forward in 2026 with clarity of vision and a commitment to building real value for businesses across the globe.

‍

2025 was the year trust became infrastructure.

2026 will be the year we scale it into everyday global payments.

Join us as we continue building the trust layer for global money movement.

‍

Anastasiia from the Notabene product team walks through an example of a pull transaction on Notabene Flow. This demo shows the full end-to-end flow, with Travel Rule compliance and transaction authorization built-in to every payment on the Flow network.

To learn more, schedule a custom demo with the team or read our introduction to Notabene Flow developer documentation at devx.notabene.id.

‍

This morning at the Blockchain Association's Policy Summit, Senator Cynthia Lummis dropped significant news: the Senate's bipartisan market structure draft will be released by the end of this week, with markup planned for next week.

With the GENIUS Act now law and its rule-making process underway, Washington has turned its attention to the fundamental question that's been hanging over the industry: who regulates what in crypto? 

The answer matters because it determines whether the SEC or CFTC has jurisdiction, what registration requirements apply, and ultimately how digital asset markets can operate in the United States.

After months of negotiations between Senate Banking and Agriculture Committees, the legislative framework that will determine how digital assets are regulated in the United States is finally ready for public review.

Timeline: How We Got Here & What Comes Next

Let’s quickly review how we got here. On July 17, 2025 Digital Asset Market Clarity Act of 2025 (CLARITY Act, now it has to pass the Senate, and after that it goes to the president to be signed into law.

• July 17, 2025: House passes CLARITY Act (H.R. 3633) with bipartisan support, 294-134
• November 10, 2025: Senate Agriculture Committee releases 155-page bipartisan discussion draft on digital commodities and CFTC oversight
• September-December 2025: Senate Banking Committee negotiates bipartisan draft covering SEC jurisdiction (not yet public)
• Last week: First bipartisan member meeting between Senate Democrats and Republicans
• Last night (Mon, Dec. 8): Democrats delivered final asks to Republican staff
• This week: Draft bill to be released by week's end
• Next week: Markup planned
• End of 2025: Senate Banking Chair Tim Scott's goal for committee votes on both bills
• Early 2026: Target for merged Senate floor vote

The Two-Committee Process

The Senate is taking a different approach than the House. Rather than the joint committee process used in the House, the Senate has two separate committees working in parallel.

The Senate Banking Committee handles SEC-facing aspects of market structure: how to define investment contracts, what qualifies as an ancillary asset, and related securities questions. Chair Tim Scott started with Republican-led discussion drafts, most recently the Responsible Financial Innovation Act of 2025, then worked to turn this into a bipartisan product through meetings with crypto-friendly Democrats and industry roundtables.

The Senate Agriculture Committee focuses on digital commodities and CFTC oversight. On November 10, Chair John Boozman and Senator Cory Booker released a 155-page bipartisan discussion draft that builds on the House CLARITY Act but takes a more prescriptive approach to customer protection. It includes tighter proprietary trading limits, detailed conflict-of-interest rules, enhanced retail protections, and would create an Office of the Digital Commodity Retail Advocate at the CFTC.

The two committees communicate extensively to ensure their bills work together, even though they're moving on separate tracks. Once both bills pass committee, they'll be stitched together on the Senate floor as a two-committee product.

Why This Week Matters

The timing is deliberate. With fewer than 10 legislative days left in 2025, Senate leadership wants to move quickly. According to Lummis, their staffs are exhausted after working through weekends and late nights, and it's time to reveal the product, give everyone a chance to review it over the holiday break, and move forward.

The first bipartisan member meeting happened last week and went well. Democrats delivered their final asks to Republican staff last night. Today, Gillibrand, Lummis, and other key senators are meeting to work through remaining issues.

"Industry is getting a little concerned about what's happening behind closed doors," Lummis said. “Our staffs are exhausted. I'm worried about the temperature and the flare, and it's just time to reveal a product."

Both senators were direct: when the draft drops, industry will be on a tight timeline to read it, vet it, and provide feedback. This is prime time for getting this done.

What Makes the Senate Bill Different

The Senate bill tackles issues the House CLARITY Act didn't address. According to Gillibrand, the House didn't have time to bring Democratic negotiators in to add their contributions, so while the House bill was bipartisan in vote count (294-134 in July), it was largely drafted by Republicans.

The Senate version includes substantial new provisions on decentralized finance exchanges and illicit finance. The Agriculture Committee draft explicitly left sections on DeFi and anti-money laundering incomplete, with bracketed language marking areas still under negotiation. These aren't just placeholders. They represent some of the hardest policy questions Congress has to answer.

On DeFi specifically, the challenge is determining what activities should be exempt from intermediary registration with the CFTC. It's complicated by the fact that KYC requirements fall under Banking Committee jurisdiction, so whatever Agriculture produces needs to mesh with Banking's approach even though they're working in parallel.

But the most significant innovation is how the Senate bill handles network tokens.

The Network Token Framework

Gillibrand explained that when she and Lummis started working together four years ago, their draft created a binary choice: tokens were either digital securities or digital commodities. Some would fall in between, and a committee would assess them on a case-by-case basis.

But over those four years, they realized that most network tokens don't fit neatly into either category. They have characteristics of both.

"Most network tokens are offered for sale like a security to raise money for their company, for their idea, for their token," Gillibrand said. "And there's still a board. There's still a CEO. There's still some centralized management. The value of that token still derives from who those people are and how smart they are and how capable they are and what their vision is."

Over time, these projects aim to become fully decentralized and fungible, essentially becoming commodities. But that transition might take one year, three years, or ten years.

"Why should we make them be one thing or the other?" Gillibrand asked. "Let them be what they want to be. Let us regulate their business model based on their function and what they're doing, and write regulation that meets their needs, as opposed to forcing them by label to fit one category or the other under existing law."

The approach acknowledges that this ecosystem is fundamentally different from traditional securities and commodities markets. While a token's ambition might be to become a commodity, during the period when there's still a board, still a CEO, and the project's reputation is still relevant to the token's value, the regulatory framework should reflect that reality.

Lummis credited Gillibrand with developing this framework, noting that one benefit of the long legislative process has been the ability to adapt the bill as the industry itself evolved and changed over four years.

Reconciling House and Senate Approaches

The House and Senate are taking fundamentally different approaches to key definitions. How they classify tokens versus ancillary assets versus commodities differs in material ways.

When GENIUS moved through Congress, the Senate was able to push its approach and the final law reflected mostly Senate priorities. That's unlikely to happen with market structure legislation. The differences here are too significant, and finding middle ground will be necessary.

The Senate Banking Committee has been particularly focused on getting the ancillary asset test right, understanding that a few words in these provisions can have dramatic downstream effects. Senate staffers have been meeting late into the night working through these details, recognizing they get one shot at getting this right.

Coordinating on Multiple Fronts

The negotiations aren't just between Democrats and Republicans. According to Lummis, they're also coordinating with industry and the White House simultaneously.

One key sticking point has been ethics language. Senator Lummis and Senator Ruben Gallego negotiated language and sent it to the White House, which sent it back saying they could do better. Senator Lummis plans to sit down with staffers and rework it, then potentially lobby the White House on two issues: the revised ethics language and advancing Democratic nominees to the CFTC and SEC as a show of good faith.

Democrats are focused on bringing consumer protections and fairness provisions that will apply across the board. Senator Angela Alsobrooks, who recently joined the Banking Committee negotiations, emphasized that Democrats want to make sure people are safe to engage in crypto markets. "People lose millions of dollars in crypto scams last year," she noted. "We want to be able to put forward a product that protects consumers while allowing innovators to enter this space."

Senator Cory Booker, leading negotiations on the Agriculture Committee side, stressed the balance required on DeFi: "We can't criminalize people writing code, for crying out loud. We have got to protect the innovators." At the same time, he acknowledged legitimate national security concerns about illicit finance that need to be addressed.

The "dynamic dozen" Democratic senators working on market structure have been meeting throughout the process. Alsobrooks confirmed they're working together well and have made significant progress on issues that matter to Republicans, while Republicans need to lean in on Democratic priorities. She left a negotiating session in Chairman Scott's office just before speaking this morning, where discussions have been happening in good faith.

Democrats are focused on bringing consumer protections and fairness provisions that will apply across the board. Republicans are focused on innovation and regulatory clarity. The bill is stronger because both sides are contributing.

The Bipartisan Dynamic

Gillibrand and Lummis have been working together on this for four years, sharing staff and meeting constantly. As Gillibrand put it, they were "on an island" when they started, but they share excitement about the industry and agree on almost everything.

The partnership matters because in a place where division dominates the daily news cycle, this bill represents genuine bipartisan coalition-building. It's the first financial services innovation law to come out of the Senate Banking Committee in eight years, and the first significant changes to financial law since the 2008-2009 financial crisis.

Both senators emphasized that this needs to remain nonpartisan. The opportunities the technology creates for the US economy, for access to capital in underbanked communities, and for democratizing finance require regulatory certainty that can only come from durable, bipartisan legislation.

What Happens Next

The Senate needs at least seven Democrats to vote yes, and probably more (60 to 80 votes) to be truly durable.

Behind the scenes, Senate staffers have been clear about what helps: be direct about what works and what doesn't. They need to understand which issues are existential threats to business models versus which are merely uncomfortable preferences. And they need specificity on technical details.

When the draft drops this week, industry will have limited time to review before markup next week. Both senators stressed that this is the moment to set aside time, comb through the bill carefully, and provide detailed feedback quickly.

The timeline is ambitious. If both committees move their bills by year-end and produce a merged Senate bill, we could see a Senate floor vote in Q1 2026. After that comes reconciliation with the House CLARITY Act.

Looking Beyond Market Structure

Assuming market structure passes, tax reform is likely to be next. Lummis has put together a comprehensive tax package for digital assets that Senate Finance has already held hearings on. The House Ways and Means Committee has also embraced the approach.

The strategy makes sense: establish what these assets are under market structure legislation, then figure out how to tax them. In her appearance today at the Blockchain Association's Policy Summit, Lummis predicted this will happen in 2026.

The Bottom Line

After four years of work, the Senate's market structure bill is ready for public review. The draft coming this week will show how the Senate plans to create what Gillibrand called "the best regulatory framework in all jurisdictions worldwide."

The window is narrow, and with fewer than 10 legislative days left in 2025, momentum matters. This is the moment when years of negotiation become actual legislative text that industry can read, assess, and respond to.

As Lummis put it today, "We are at prime time."

Brazil is entering a new phase for crypto oversight. With the Central Bank of Brazil (BCB) publishing Resolutions 519, 520 and 521, Virtual Asset Service Providers (VASPs) finally have a clear rulebook for how they are expected to operate.

On 24 November, Notabene’s Regulatory & Compliance team brought together regulators, legal experts and market leaders who are directly involved in crafting, interpreting and applying these rules. This recap pulls together the main points from that discussion and what they mean in practice for firms operating in or serving Brazil.

We were joined by:

• Pedro Henrique Nascimento Silva, Coordinator, Financial System Regulation Department, Central Bank of Brazil
• Marcos Coelho da Rocha, Partner, Veirano Advogados
• Nicole Dyskant, Co-Founder & CEO, RegDoor
• Bruno Antoniolli, Director of Risk, Controls & AML, Mercado Bitcoin

Moderated by Lana Schwartzman and Catarina Veloso from Notabene’s Regulatory & Compliance team.

1. How we got here: Brazil’s path to a full framework

Pedro opened by walking us through the path that brought us to this critical regulatory milestone. .

• In 2022, Brazil passed its virtual asset law. It set AML expectations and made clear that there would be a specific authority responsible for supervising virtual asset service providers.
• In mid-2023, a presidential decree formally designated the Central Bank of Brazil as that authority.
• From there, the BCB did something unusual for its regulatory process: instead of starting with a draft rule, it began with 38 open questions to the market.

That consultation step mattered. Market participants, including Notabene and many of our customers, have highlighted practical challenges and risks that only become apparent once you are deeply entrenched  in operations. The BCB used that input to shape three core pieces of regulation:

1. The authorization process for VASPs and related entities
2. The business rules for VASPs and for other regulated institutions that offer virtual asset services
3. The FX perimeter, defining when virtual asset activity is treated as foreign exchange

Across these, the BCB chose to align the new regime with existing financial sector regulation wherever possible: cybersecurity, AML/CFT, governance, risk management and vendor oversight. For VASPs, the framework also introduces three basic business models:

• Intermediary
• Custodian
• Exchange / combined model

2. Upcoming Milestones: What is Coming in 2026?

Nicole focused on what most firms are currently asking: what happens next and when.

Here is the high-level timeline as it stands today:

• February 2026: Resolutions come into effect. Firms can start submitting license applications.
• By end of October 2026: 
  • Existing VASPs that are already operating in Brazil must apply for authorization under one of the new categories.
  • Eligible authorized institutions (e.g., banks, broker-dealers) do not require a separate license, but must notify the BCB of the provisioning of crypto asset services and adjust procedures as needed. 
  • Foreign firms serving Brazilian clients and seeking to maintain that activity must also transfer activities to an eligible authorised instituion or a existing VASP.

During this transition period, firms should be working toward:

• Clear internal mapping to the correct license type
• Governance, risk and control frameworks that match the BCB’s expectations
• Consistent AML, sanctions, reporting, accounting and corporate governance practices
• Documentation that reflects reality, not “what we plan to do later”

Nicole stressed one point in particular: because the timelines are generous, the BCB expects applications to be substantive, not placeholders. Submitting an incomplete file and promising to “fix it later” is likely to result in a refusal.

3. How a major VASP is preparing: Mercado Bitcoin’s view

Bruno brought the operator angle, sharing how Mercado Bitcoin is preparing internally.

A few themes stood out:

• Much of the work started years ago. Mercado Bitcoin already runs annual cybersecurity audits, has listing and delisting processes, and maintains established AML and risk frameworks.
• The new regime is less about starting from scratch and more about elevating documentation and governance: making sure processes are written down, reviewed regularly and escalated through the right committees.
• One key challenge is ensuring a unified view of risk: linking on-chain monitoring, off-chain financial flows, and customer behaviour into a single methodology and risk scoring system.

On prudential rules, Bruno flagged that this will be a critical piece to watch. VASPs do not operate like banks, so the calibration of these rules will matter. The BCB’s Public Consultation no. 125/2025 on prudential treatment is open until 30 January 2026.

4. Travel Rule: What Resolution 520 actually requires

As this was a Notabene-hosted webinar, we dedicated part of the session to reviewing the Travel Rule and its implications. Catarina provided an overview of the obligations set out in Resolution 520:

• The Travel Rule applies to all virtual asset transfers, regardless of amount.
• The originator institution must transmit identifying information about both the originator and the beneficiary.
• The required data includes a richer set of information on the originator (your own customer) and a more limited set on the beneficiary (as provided by your customer).

On top of the data elements themselves, the resolution reinforces two core obligations:

1. Suspicious activity reporting

   The Travel Rule is there to support detection of illicit activity, not to create a data-sharing exercise for its own sake. Firms should design their implementation so that Travel Rule data meaningfully strengthens AML and sanctions controls.

2. Reporting of non-cooperative counterparties

   If a BCB-supervised counterparty prevents you from complying with the Travel Rule, you are required to notify the central bank. That gives the BCB visibility into systemic obstacles and repeat offenders.

Phased rollout: domestic first, cross-border next

Article 89 sets out a phased approach over two years:

• Phase 1: February 2026 to February 2027

  Travel Rule applies to domestic transfers between institutions operating in Brazil.

• Phase 2: February 2027 to February 2028

  Travel Rule extends to cross-border transfers involving foreign institutions.

• From February 2028, full compliance is expected.

Throughout both phases, VASPs can rely on documented self-declarations from customers when dealing with self-hosted wallets, provided those declarations are properly documented and can be produced to the BCB on request.

Pedro highlighted that Travel Rule compliance is non-negotiable and called attention to an important milestone: by 2 February 2027, any firm operating legally in Brazil will either already be licensed or be in the licensing process, and will be expected to comply with Travel Rule requirements for domestic activity.

5. Notabene’s Brazil Travel Rule Testnet

From Notabene’s experience in other regions, we know Travel Rule implementation cannot be left to the last minute. It affects transaction flows, customer UX, sanctions screening and counterparty relationships all at once.

In this context, during the webinar, we announced that we are launching a Brazil-specific Travel Rule testnet program. This will allow Brazilian VASPs and global firms serving Brazil to:

• Test Travel Rule data exchange aligned with Resolution 520
• Trial customer journeys and transaction flows before go-live
• Identify and fix counterparty frictions early

We have seen how powerful this approach can be. In 2023, we supported two successful rounds of testing in the UK under the FCA’s sandbox, which helped firms enter enforcement with fewer surprises in production. 

We’re now bringing that proven model to Brazil, tailored specifically to the obligations and technical realities of Resolution 520.

Any institution is welcome to join the program by signing up below.

It’s a unique opportunity for the industry to prepare together before full enforcement begins. Register your interest to join the Brail Travel Rule Testnet today.

6. Stablecoins: Where the rules stand today

The BCB has made it clear that stablecoins dominate crypto flows in Brazil, with an estimated 80–90 percent of volume in recent years involving stablecoin pairs.

Marcos outlined how the resolutions handle this reality:

• Algorithmic stablecoins are banned. Brazilian VASPs will not be allowed to offer or intermediate purely algorithmic pegs.
• The rules focus on fiat-backed stablecoins, defined as virtual assets backed by reserve assets and intended to maintain a peg to a specific fiat currency.
• VASPs must carry out and document due diligence on:
  • The issuer's compliance with the token with the offering and public markets regulations of its home jurisdictions
  • The issuer’s regulatory and legal status
  • The structure and quality of the reserve
  • Concentration risks in those reserves
  • The stabilization mechanism and its track record
  • Audited financial statements of issuers and custodians
• Finally, Article 65 also requires VASPs to publicly disclose their methodology for selecting and maintaining stablecoin listings. The intention is that customers can evaluate whether a firm’s criteria align with their own risk appetite.

Pedro noted that stablecoins will be a central regulatory priority for 2026. He explained that although assets like Bitcoin and Ethereum once dominated Brazil’s crypto market, stablecoins have now become the primary vehicle for transactions. According to the BCB’s early, though still incomplete, data analysis, USD-denominated stablecoins account for the overwhelming majority of activity. Congress is debating several bills specific to stablecoins. Depending on which proposals advance, the BCB’s mandate may expand or shift, potentially requiring a more comprehensive regulatory framework governing issuance, reserve structures, and overall oversight.

What firms should be doing now

Across all speakers, a few practical messages were repeated:

• Map your activities to the new categories. Assess whether you are an intermediary, custodian, combined broker or a regulated financial institution expanding into virtual assets.
• Start license preparation early. Governance, documentation, audits and risk assessments take time.
• Treat Travel Rule as a core compliance project, not an add-on. It touches customer onboarding, transaction monitoring, sanctions, product and engineering.
• Take stablecoin due diligence seriously. Given their dominance in Brazilian flows, they will be a major focus for supervisors.

At Notabene, we will keep working with both Brazilian and global firms as they prepare for this next phase, including through our Brazil Travel Rule testnet and ongoing regulatory updates.

If you would like to participate in the testnet program or want a more tailored discussion on how these rules affect your specific business model, our team would be happy to talk to you today.

Blockchain-based payments have reached an inflection point. Tokenization and stablecoins are no longer experiments—they’re actively shaping the future of payments. 

Yet beneath the optimism lies a stark reality. Despite their potential for speed, cost savings, and global reach, stablecoins make up just 0.03% of B2B payments. The gap is due to missing infrastructure, not lack of interest. Today’s blockchain rails don’t provide the basic elements businesses need: trust, context, and authorization.

The Hidden Barriers Slowing Stablecoin Adoption in B2B Payments

Despite their obvious advantages for speed, cost, and global reach, as of June 2025, stablecoins accounted for just 0.03% of B2B payments. While adoption is trending upward, this gap between potential and reality reveals a fundamental challenge: blockchain transactions, in their native form, lack three essential elements that businesses require.

1. Institutions demand counterparty trust
   When large established institutions transact, whether it be fiat or crypto, they demand a level of counterparty trust that has been missing from crypto-native payment flows. The crypto Travel Rule was introduced in 2019 in part to replicate the trust mechanisms that have been established in traditional finance for decades, and not being able to easily and confidently verify who is on the other side of a transaction is a deal-breaker for institutional players.
2. Blockchain transactions lack context
   What you see on a public ledger tells you nothing about the counterparty or what invoice a payment satisfies. For businesses that need to match payments to contractual obligations, this absence of information creates operational chaos.
3. Blockchain transactions lack authorization flows
   Traditional blockchain transactions are unilateral—whoever holds the private keys decides if settlement happens. As a receiver, you don't get a say in whether you want to accept those funds. This creates significant compliance and risk management challenges for regulated institutions.

Without these elements of trust, context and authorization, crypto rails are simply unable to power real-world business payments. The opportunity now is to add these missing layers without losing the efficiency of blockchain settlement.

The next era for payments: TradFi meets stablecoins

At the Federal Reserve’s first-ever Payments Innovation Conference last October, policymakers and market leaders sent a clear and unified signal that the convergence of traditional finance and decentralized systems is here. Federal Reserve Governor Chris Waller captured the shift succinctly when he urged conference attendees to “embrace the disruption.”

As Paxos CEO Charles Cascarilla noted in a panel on stablecoin use cases and business models, "We're in a bit of a strange interregnum, with stablecoins proliferating while regulatory frameworks like the GENIUS Act prepare to bring clarity and standardization to the market.”

Of course, since October this momentum has accelerated even more and the US market in particular seems to be closer than ever to the long-awaited crypto market structure bill aiming to remove any remaining regulatory uncertainty slowing efforts by traditional finance firms to fully embrace crypto and merge the worlds of TradFi and crypto.

This convergence creates tremendous opportunity, but also adds complexity. The question now isn't whether these worlds will merge, but how quickly and seamlessly that integration will happen and whether we can build the trust layer that enables blockchain payments to function like traditional business payments.

The Travel Rule as a catalyst

To understand how the industry can solve for this, we need to go back to the Travel Rule, introduced in June 2019 to require regulated VASPs (Virtual Asset Service Providers) to exchange originator and beneficiary information before or during value transfers. While initially seen by some crypto-native organizations as a regulatory burden, we recognized it as an opportunity. An opportunity to build the trust mechanisms, contextual messaging layer, and authorization flows that would truly enable crypto to become part of the everyday economy.

By mid-2025, 85% of jurisdictions with material crypto activity had implemented or were implementing Travel Rule requirements, according to the Financial Action Task Force (FATF). As compliance obligations expanded, so did the underlying authorization flows. In fact, the Notabene network alone has processed over $2 trillion in authorized transactions to-date.

But a critical problem remained: authorization wasn't enforceable. According to Notabene's 2025 State of Crypto Travel Rule Report, 61.6% of surveyed VASPs receive few or no incoming transactions with required Travel Rule data. Institutions could not block non-compliant transfers because traditional blockchain rails don’t allow receivers to control what hits their wallets.

Notabene Flow fundamentally changes this model with an innovation that is simple but transformative: no one receives a settlement address until authorization is complete.

Unlike with traditional crypto transactions, where anyone can send funds to your wallet address whether you want them or not, Notabene Flow only shares settlement addresses with counterparties after authorization.

This ensures that all due diligence, consent, and compliance checks complete before settlement, giving institutions control over their deposit flows while maintaining the efficiency benefits of blockchain settlement. This ability to ensure fully Travel Rule-compliant flows is critical for regulated entities to adopt stablecoins as an efficient and B2B payment method in regulated jurisdictions.

What makes Notabene different? It’s open network

Notabene Flow isn’t a point-to-point payments solution. It’s a network. In fact, it is the same powerful network that connects our more than 2,000 counterparties already transacting compliantly across the globe. We sidestep the cold start problem that new payment networks will encounter by leveraging the active open network that we’ve been building for the past 5 years. Any participant can transact with any other participant using shared standards, common authorization flows, and built-in compliance.

Notabene Flow is built on our open foundations:

• TAP (Transaction Authorization Protocol): An open-source messaging standard defining how institutions communicate about transactions
• Global Network: Regulated entities transacting digital assets across 100+ jurisdictions who have already processed over $2T in transaction volume
• Embedded compliance: Travel Rule requirements for 50+ jurisdictions built directly into the system

This approach is as practical as it is philosophical. We heard repeatedly throughout last fall’s Payments Innovation Conference, as well as every other event since, that this open-loop network design and protocol interoperability is crucial. The industry clearly doesn’t see a world with "one stablecoin to rule them all," but rather a variety of trusted assets and rails, all sharing clear standards for how they interact. Notabene Flow is designed for this multi-rail future.

Building the trust layer for stablecoin payments

As Tim Spence of Fifth Third Bank noted in October, innovation in payments comes down to "whether the incumbents get the innovation faster than the disruptors get distribution." Flow addresses both sides of this equation.

• For traditional institutions: A compliant gateway to blockchain-based payments without building infrastructure from scratch.
• For crypto-native companies: Enterprise-grade reliability and regulatory compliance that opens doors to institutional adoption.
• For businesses of all types: The ability to choose the best payment method for each transaction while maintaining necessary controls.

It's no longer a question of if traditional finance and blockchain will converge, but when and how.

The missing piece has always been trust. Stablecoins offer a fast, global settlement layer, but without counterparty confidence, businesses cannot fully leverage them.

Notabene Flow provides that missing trust layer by embedding authorization flows, delivering transaction context tied to real-world obligations, and ensuring compliance with Travel Rule requirements for virtually all payments on our open network with standardized protocols for seamless interoperability.

With three core payment types supporting the full range of business needs, Notabene Flow enables companies to embrace the efficiency of stablecoin payments today while maintaining the risk management and compliance frameworks they require. This is how we bridge the 0.03% gap to mainstream adoption—not by compromising on efficiency or control, but by building the infrastructure that provides both.

To learn more about Notabene Flow or explore partnership opportunities, visit notabene.id or contact our team.

On November 10, 2025, the Banco Central do Brasil (BCB) published three major resolutions — 519, 520, and 521 — establishing a comprehensive regulatory framework for virtual asset service providers (VASPs), officially termed “sociedades prestadoras de serviços de ativos virtuais” (SPSAVs).

This marks a historic milestone in Brazil’s journey toward implementing Law No. 14,478/2022, the country’s legal foundation for virtual assets, and positions Brazil among the most advanced jurisdictions in Latin America in providing legal certainty on how digital asset service providers can operate.

Scope of the New Resolutions

• Resolution 519/2025 – This resolution defines the authorization process for SPSVAs. It clarifies how entities must apply for approval by the BCB before engaging in virtual-asset services.
• Resolution 520/2025 – This key regulation governs how SPSVAs and other authorised institutions can operate within Brazil’s virtual-asset market. It covers the types of services, governance, risk management, anti-money-laundering (AML) and counter-terrorist-financing (CTF) obligations (including Travel Rule requirements), and transition provisions.
• Resolution 521/2025 – This resolution integrates virtual-asset activities into Brazil’s foreign-exchange (FX) regime. It recognizes operations such as cross-border payments, stablecoin transactions and transfers involving self-hosted wallets as falling under the FX regulatory framework in Brazil.

Who Can Operate in Brazil’s Virtual Asset Market?

1. Sociedades Prestadoras de Serviços de Ativos Virtuais (SPSAVs)

Under Article 4 of Resolution 520, SPSAVs must be authorized by the BCB and may be classified as:

• Virtual Asset Intermediaries — Entities facilitating the purchase, sale, exchange, and management of virtual assets, including staking and FX-related operations.
• Virtual Asset Custodians — Entities responsible for safeguarding assets and private keys, maintaining records, and executing client instructions.
• Virtual Asset Brokers — Entities performing both intermediary and custodial functions.

2. Eligible Authorized Financial Institutions

The following already-regulated financial institutions may also offer virtual asset services, provided they formally notify the BCB in accordance with the established procedures:

• Commercial, investment, and “bancos multiplos”, as well as Caixa Econômica Federal.
• Securities brokers, distributors, and foreign exchange dealers.

These are henceforth referred to as eligible authorized institutions.

Transition and Grandfathering: Preparing for Compliance

Institutions currently offering virtual asset services in Brazil must transition into the new regulatory regime established by the BCB. To ensure business continuity, the framework allows these entities to continue operating provided that they meet the following obligations by October 30, 2026 (270 days from the entry into force of Resolution 520 on February 2, 2026):

• Eligible authorized institutions (e.g., banks, brokers, distributors) must notify the BCB of their intent to continue providing virtual asset services.
• Other institutions currently providing virtual asset services must apply for authorization from the BCB to operate as SPSAVs.
• Foreign institutions offering virtual asset services to Brazilian clients must migrate their operations and customer base to either:(i) an eligible authorized institution, or
• (ii) an SPSAV already operating or established to carry out these activities.

To benefit from the grandfathering period, institutions must have already been offering virtual asset services before February 2, 2026.

After October 30, 2026, any institution that has not complied with the transition requirements will no longer be permitted to operate in Brazil’s virtual asset market and must cease operations within 30 days.

Finally, it is worth noting that Article 88 of Resolution 520 establishes an adjustment period between February 2, 2026 and the BCB’s decision on phase 1 of the authorization process, during which SPSVAs must demonstrate compliance with a defined set of obligations. These include:

• Implementing a risk-management framework covering market, credit (where applicable), operational, and liquidity risks.
• Maintaining a cybersecurity policy, an incident-response and action plan, and appropriate data processing, storage, and cloud-computing arrangements.
• Establishing internal controls to prevent the use of the Brazilian Financial System and Payment System for money laundering or asset-concealment crimes.
• Implementing procedures to comply with Law 13,810/2019 regarding UN Security Council sanctions.
• Adopting the accounting and audit standards applicable to financial institutions authorized by the Central Bank of Brazil.
• Complying with any additional requirements expressly imposed by regulation for institutions in the adjustment phase.

Once the aforementioned adjustment period has ended, SPSVAs must fully comply with the provisions of Law No. 14,478 of December 21, 2022, and with the regulations issued by the Central Bank of Brazil, even if no final decision has yet been made regarding their authorization request.

Travel Rule Implementation: Timeline and Requirements

Under Article 44 of Resolution 520, SPSAVs must comply with AML/CTF obligations and the Travel Rule, ensuring that identifying information accompanies virtual asset transfers.

Requirements

For each transfer, the originator’s institution must transmit data on both the originator and the beneficiary, as follows:

The resolution explicitly establishes the obligation to report suspicious activities and to notify the BCB of any difficulties in complying with the Travel Rule that stem from the practices adopted by counterparties authorized by the BCB.

Two-Year Phased Implementation

Travel Rule implementation will occur in two stages between 2026 and 2028, according to Article 89 of Resolution 520:

During both phases, SPSAVs may rely on self-declarations from clients to identify the transacting parties and the purposes of the transactions, provided these are documented and accessible to the BCB.

Full compliance will be mandatory starting February 2, 2028.

The illustration below provides an overview of the grandfathering timeline and the phased implementation schedule for Travel Rule requirements.

Self-Hosted Wallets and FX Integration

Resolution 521 defines self-hosted wallets (“carteiras autocustodiadas”) as wallets where the user controls the private keys without a third-party intermediary.

Under the resolution, the provision of services that include transfer to or from a self-hosted wallet is subject to Brazil’s foreign exchange (FX) framework, and SPSAVs are required to identify the wallet owner.

Key Takeaways

• Brazil’s Central Bank (BCB) is assuming full regulatory responsibility for the country’s virtual asset ecosystem, establishing clear rules for authorization, operation, and supervision.
• A grandfathering period allows existing providers to continue operating compliantly, provided they meet the notification and authorization requirements outlined in the resolutions by October 30, 2026.
• The two-year phased rollout of Travel Rule obligations offers the industry a measured timeline to adapt systems, processes, and counterpart relationships to the new compliance expectations.
• The requirement to identify self-hosted wallet owners under the foreign exchange (FX) regime represents a move toward comprehensive transaction traceability across the digital asset ecosystem.
• By implementing these measures, Brazil aligns its framework with global AML and Travel Rule standards, setting a regional benchmark for regulatory modernization in Latin America.

Prepare your business for Brazil’s new Travel Rule requirements.

Notabene helps virtual asset service providers automate compliance, exchange Travel Rule data securely, and stay aligned with local and global regulations. 

👉 Register for our upcoming webinar: How to Prepare for Brazil’s New Crypto Regulatory Framework if you operate in Brazil or support customers who do. This session will help you understand what’s changing and what comes next.

Stack Chats Episode 3: The Future of Payments and the Rise of Money 3.0‍

In this episode of Stack Chats, Notabene CEO Pelle Braendgaard sits down with Kevin Lehtiniitty, CEO of Borderless.xyz, to explore how stablecoins are evolving from speculative assets into functional payment infrastructure. Kevin shares insights on building the foundational rails that connect global stablecoin networks to local financial systems, unlocking seamless interoperability and real-world utility. Watch the full episode below:

‍

From the limitations of traditional cross-border payments to the promise of “Money 3.0,” this conversation dives deep into how Borderless is making stablecoin adoption practical—and compliant—for fintechs, wallets, and regulated entities.

📌 Topics include:

• Bridging stablecoin networks with local payment systems
• Regulatory interoperability and compliance-by-design
• What “Money 3.0” means for the future of finance
• Building for developers and scaling across jurisdictions

Pelle and Kevin set the stage by looking at where stablecoins fit into today’s financial landscape and why so many companies are turning to them as part of their core infrastructure. Their conversation moves from the challenges businesses face today to the emerging solutions shaping the next generation of payments. What follows is a look at the key themes they explored and why they matter for anyone building or using stablecoin-based systems. Read on for a breakdown of the rest of the discussion points:

Why global payments still feel local

Once the conversation begins, one theme emerges right away. Even though stablecoins let value move across the world as easily as sending an email, the financial systems around them remain deeply local. Stablecoins operate on global, always-on networks. But banks, licensing regimes and national currencies still function in country-by-country silos.

Kevin has watched this play out throughout his years in the industry. Whether working on issuance, custody, collateral or payments, the same challenge appears: as soon as stablecoins touch the real world, companies encounter a maze of regulatory requirements, fragmented liquidity and inconsistent banking access.

This is the problem Borderless.xyz set out to solve. Rather than becoming another regional on or off ramp, Borderless focuses on the connective layer between them. A single integration gives companies access to diverse liquidity providers, payment partners and banking channels across many markets. Instead of every business rebuilding the same integrations repeatedly, Borderless abstracts that work into one unified network.

The hidden cost of pre-funding in global money movement

A major theme Pelle and Kevin explore is the role of pre-funding in today’s payments ecosystem. For most cross-border flows, especially in emerging markets, companies must lock funds in multiple partner accounts to simulate real-time settlement.

This creates several issues:

• Large amounts of capital sit idle across bank accounts in many countries.
• That capital is exposed to local banking risk.
• Treasury teams face constant operational pressure to balance and rebalance accounts.

Kevin shares examples of remittance companies holding more than four hundred million dollars in pre-funded balances simply to keep corridors running. This cost ultimately flows to end users through fees.

Stablecoins change the equation. Because they can move globally in near real time, they allow companies to:

• Reduce pre-funding from days of coverage to a few hours.
• Move liquidity around the clock, including weekends and holidays.
• Unlock capital that can go back into product, growth or customer acquisition.

Businesses do not have to overhaul their existing treasury workflows to gain these benefits. Stablecoins simply let them operate with far more flexibility and lower capital cost.

Open networks outpace closed loops

As the discussion evolves, Pelle and Kevin look closely at the difference between closed loop payment networks and open ones. Closed networks are controlled by a single company that determines participation and flow. They can work in limited contexts, but their total value is capped by the value of the operator controlling them.

Open networks grow far larger because value is created by everyone participating, not just the administrator. Kevin highlights several historical examples:

• The shift from isolated charge-card programs to the Visa consortium.
• The standardization of rail gauges that unlocked interstate commerce.
• The rise of Linux as the foundation of cloud computing and modern devices.

Stablecoins and public blockchains follow the same pattern. They create shared standards that many companies can build on, which expands use cases far beyond what any one entity could design.

Notabene takes the same approach. Its Transact product is built on TAP, an open messaging protocol that supports different transaction types and authorization flows without locking users into a closed database or proprietary environment. This keeps innovation open to the entire ecosystem while providing strong compliance controls.

Moving stablecoins from simple transfers to real business workflows

Most stablecoin payments today are push-only. Tokens sit in a wallet and move only when someone signs a transaction. This works for one-time transfers, but not for the full range of business payments the world runs on.

Traditional payments rely heavily on pull flows, such as:

• Subscriptions and recurring billing.
• Invoicing and accounts receivable versus accounts payable processes.
• Automated treasury and liquidity management.
• Merchant settlement and reconciliation.

Card networks became central to commerce not only because they moved money, but because they integrated directly into business systems and workflows.

This is the missing capability in stablecoin-based payments today. It is also where the partnership between Borderless.xyz and Notabene becomes important.

By combining:

• Borderless’s connectivity to stablecoin and fiat liquidity in more than seventy countries.
• Notabene’s open messaging and compliance layer built on TAP.

They are bringing stablecoin pull payments, treasury automation and workflow connectivity to businesses that want to move beyond one-off transfers. The result is a stablecoin infrastructure layer that mirrors how businesses already operate, while taking advantage of global, always-on settlement.

Money 1.0, Money 2.0 and the arrival of Money 3.0

Kevin introduces a simple framework for understanding how global money movement has evolved.

Money 1.0

Traditional networks like Swift and card schemes created the first generation of cross-border connectivity. These systems were built before the internet era. Settlement is slow, fragmented and expensive.

Money 2.0

Fintech companies improved the experience but did not change the underlying rails. To cover the limitations, they added layers of pre-funding, user-friendly interfaces and workflow tools. This produced many successful companies but did not solve the core infrastructure challenges.

Money 3.0

With blockchains and stablecoins, payments can finally be modernized at the foundation. Instead of adding more band-aids, value can move directly between counterparties that support the same stablecoin and blockchain network. This removes unnecessary intermediaries and supports real-time global settlement.

Pelle and Kevin argue that the next five to ten years will determine whether global payments continue relying on legacy patches or shift decisively to this new model.

What the next decade could look like

As stablecoin adoption accelerates across remittance providers, PSPs and global businesses, the need for an open, infrastructure-ready payments layer becomes clearer. The vision that Notabene and Borderless share is grounded in a few core ideas:

• Stablecoins can settle business payments directly.
• Local liquidity can be accessed without each company rebuilding the same integrations.
• Workflows and compliance can run on open messaging networks like TAP.
• Money can finally move at the speed of the internet rather than the speed of legacy rails.

For businesses exploring stablecoins, this episode offers a practical look at what it takes to move from experimentation to production. Money 3.0 is not a distant idea. It is already taking shape, and the companies building it are laying the groundwork today.

Episode breakdown

Here is a quick minute-by-minute guide to the conversation:

• 00:00 - 03:00
• Introductions. Pelle and Kevin talk about their history in stablecoins and why stablecoin adoption has felt like "it is coming next year" for nearly a decade.
• 03:00 - 08:00
• Global assets vs local fragmentation. Why regulatory licenses, banking rails and central bank currencies will always remain local, and what that means for anyone building on stablecoins.
• 08:00 - 15:00
• On and off ramps as the next generation of banks. Borderless’ view of orchestrators, market makers and local liquidity partners, and why building the same integrations again and again adds no real enterprise value.
• 15:00 - 22:00
• Where stablecoins deliver the most value today. Dollarization and the "store of value" use case in emerging markets versus the much bigger opportunity in global payments.
• 22:00 - 30:00
• Pre-funding and the illusion of real-time. How correspondent banking actually works, the risks of pre-funding in different markets and why stablecoins can release hundreds of millions in trapped capital.
• 30:00 - 36:00
• Open networks vs closed loops. Visa, railroads and Linux as case studies for why open systems outcompete walled gardens over time, and what that means for stablecoin ecosystems.
• 36:00 - 42:00
• TAP, open messaging and Flow / Flow Forward. How Notabene uses an open protocol rather than a closed database, and how that supports many use cases from payments to trade settlement on the same compliance rails.
• 42:00 - end
• Money 1.0, 2.0 and 3.0. Kevin’s framework for the future of money, and how Borderless XYZ and Notabene think about success over a 5 to 10 year horizon.

‍

🎙️ Stack Chats is Notabene’s video series for product leaders, fintech builders, and infrastructure innovators shaping the next generation of blockchain-based payments.

We are standing at the edge of a defining opportunity for the crypto industry. The Travel Rule is still perceived by many as a burdensome obligation that should be met with a check-the-box approach. But in reality, it is the catalyst for building critical infrastructure needed to unlock stablecoin payments at global scale and connect digital assets to the real economy. Once it is understood in this light - not as another compliance obligation, but as the foundation of the next phase of market infrastructure - its effective implementation becomes a strategic imperative deserving of united industry action. Only collective alignment around interoperability and openness will make effective implementation possible.

The Value of the Travel Rule: A Catalyst for Real-World Adoption

The Travel Rule requires financial institutions to securely exchange originator and beneficiary information before or in parallel with a virtual asset transfer. At first glance, this might seem like a regulatory nuisance, another box to check. In reality, it introduces a profound change in how crypto transactions work.

Natively, crypto payments are unilateral and context-free: senders can move value without the receiver’s consent, and the information recorded on the blockchain provides no information about who was transacting or why. These characteristics have slowed down the adoption of crypto rails for business and institutional use cases that depend on context, authorization, and risk controls.

The Travel Rule changes that. By requiring counterparties to exchange information before settlement, it introduces, for the first time, an opportunity to build a pre-transaction authorization flow into crypto transactions. Institutions must communicate before funds move. This creates the missing messaging layer that connects transactions to compliance processes, payment context, and counterparties.

What began as a regulatory requirement has become a forcing function for the infrastructural upgrade that crypto has been missing. Through the Travel Rule, the industry is building the same kind of pre-settlement messaging rails that power traditional payments, where transactions carry context, receivers can approve or reject transfers, and value and information travel together.

In this sense, the Travel Rule is more than a compliance requirement - it serves as the catalyst for building the missing foundations of institutional trust in crypto. By requiring institutions to exchange information before settlement, it opens the door to systems that restore control and risk management to both sides of a transaction. By mandating data exchange, it attaches real-world context to payments. And by making counterparties visible, it creates a trust fabric that allows institutions to confidently transact with third-parties in open loop systems, opening up business opportunities.

Together, these shifts establish the trust layer that crypto has been missing and unlock its potential to move beyond speculative markets and power the next generation of global payment systems.

Why Travel Rule Implementation Has Stalled

Since its adoption by the FATF in 2019, the Travel Rule has been implemented as a regulatory requirement for virtual asset transactions across jurisdictions worldwide. The FATF reports that 99 jurisdictions have passed or are in the process of passing Travel Rule legislation¹. Regulatory clarity is no longer the barrier. The barrier is infrastructure and whether the industry will choose a future defined by open connectivity, or fragmentation and control.

From the outset, interoperability has been cited as a primary barrier to Travel Rule implementation. In hindsight, this was almost inevitable.

Travel Rule information pipelines are emerging as the financial messaging backbone of the crypto economy. In traditional finance, we have clear precedents: SWIFT is classified as a systemically important messaging network deserving of cooperative oversight by G10 central banks, the European Central Bank, and the chair of the G10 Committee on Payment and Settlement Systems². Control over the Travel Rule messaging layer is highly attractive as it ultimately provides control over market access. Thus far, the fight for control has come at the expense of effective Travel Rule implementation, with limited coordination toward establishing open standards or interoperability.

As a result:

• Compliance silos persist,  reflecting not just the lack of interoperability and open standards, but also the fragmented pace of Travel Rule adoption and enforcement worldwide. According to the 2025 State of Crypto Travel Rule survey, over 60% of respondents reported that almost none or only a small portion of incoming transactions include the required Travel Rule information

  

• Law enforcement lacks access to critical information, limiting the ability to investigate and disrupt illicit activity
• Crypto cannot fulfill its potential because it lacks the infrastructure necessary for integration into the global economy, as further explained in the above section

A Moment of Choice: Network Effects or Network Control

Overcoming the challenges in Travel Rule adoption is not simply about regulatory compliance; it is about unlocking crypto’s role as the next-generation backbone of global finance.

The core promise of crypto lies in openness: borderless settlement and universal reach. These advantages are only realized if the supporting messaging layer is equally open. Just as the internet scaled through universal protocols rather than private networks, crypto adoption can only reach its potential through open standards.

History has already shown that open networks win:

• SWIFT and ISO 20022 created a shared messaging language that enables thousands of financial institutions to transact globally.
• HTTP for web browsing, SMTP for email, and critically, SSL for secure transactions allowed any computer to connect to any other, regardless of service provider, enabling the open web to flourish and creating exponentially more value than the closed systems they replaced.

Crypto must follow this path. The messaging layer for Travel Rule compliance and transaction authorization cannot be proprietary and controlled by a handful of market actors. It must be built on open standards that allow every institution to connect, transact, and innovate without seeking permission from a competitor. Closed, proprietary protocols create fragmentation, entrench market power, and suppress innovation, preventing crypto from fulfilling its economic potential.

Advantages of Open Standards

Innovation through competition

Open networks eliminate lock-in. Institutions can choose service providers freely without risking access to counterparties. This forces innovation to flourish as providers must compete on service quality, not network control. 

Connectivity over control

Open, neutral messaging standards ensure every institution retains autonomy over counterparties, risk rules, and transaction authorization, without ceding control to a central operator. An open messaging layer also creates the network effects that allow the industry to prosper. Every new participant increases the value of the network for all others.

The Cost of Fragmentation

The alternative is a fragmented ecosystem that undermines the value-add of crypto. Imagine if, instead of a unified network like SWIFT, the global financial system had evolved into dozens of incompatible, closed messaging networks,  each unable to communicate with the others. Payments would stall at borders, institutions would struggle to reach counterparties, and innovation would be stifled by inefficiency. This is precisely the path crypto risks taking without open standards. Competing silos may deliver short-term advantages to a few, but they erode the collective value for all. For a technology built on openness and global connectivity, allowing fragmentation to persist would mean falling short of its original promise. Without interoperability, crypto cannot fulfill its potential as a truly borderless financial system, and we risk setting the industry back by years.

A Call to the Industry

If the Travel Rule messaging layer is built on proprietary networks, the industry will remain trapped in compliance silos. Travel Rule will become a regulatory burden that slows down business, instead of a catalyst to build the infrastructural upgrade that crypto has been missing.

But if we embrace open standards, we can turn Travel Rule into an opportunity to adopt an open authorization and messaging layer that connects counterparties, unlocks network effects and  powers real-world adoption.

Solving Travel Rule interoperability is not only a compliance urgency, it is a strategic imperative for the industry to flourish. And it requires a collective endorsement of open standards.

Notabene is committed to an open and interoperable future. Our platform is powered by the Transaction Authorization Protocol (TAP), an open standard purpose-built for transaction authorization and Travel Rule compliance in digital assets. We invite all industry participants, regulators, and innovators to join us in advancing this standard, and we reaffirm our commitment to ensuring full interoperability with other open standards that share our vision for a connected and transparent digital finance ecosystem.

¹ FATF, June 2025, VIRTUAL ASSETS: TARGETED UPDATE ON IMPLEMENTATION OF THE FATF STANDARDS, Figure 1.11.  

² https://www.ecb.europa.eu/press/financial-stability-publications/fsr/focus/2005/pdf/ecb~d573ca68c6.fsrbox200512_18.pdf 

Few technologies have captured the imagination of the financial world quite like stablecoins. They promise to make money programmable, borderless, and instant. With blockchain as their foundation, stablecoins can streamline settlement, reduce costs, and open up a new era of global commerce.

Yet despite their growing adoption, stablecoins represent only 0.03% of the $120 trillion B2B payments market. The reason is simple: on their own, stablecoins don’t constitute a full payment system.

Businesses need more than fast transfers. They need context—the ability to link payments to contracts, invoices, and compliance data. Institutions processing payments for businesses also need to operate with counterparty trust and robust compliance frameworks.

The potential of stablecoins to revolutionize payments will remain largely untapped until these missing layers are built.

Why Stablecoin Payments Need Authorization and Context

Traditional payment systems have long relied on authorization—the ability to approve a transaction before settlement. When a card is swiped or a wire is initiated, institutions verify funds, screen for fraud, and apply compliance checks. This two-step process—authorization first, settlement later—is what makes payments reliable, reversible when needed, and compliant.

Equally important is the context: the information that moves alongside the funds. Payment messages transmit essential information for compliance and business operations, including Travel Rule data, invoice numbers, merchant details, and customer identifiers. This context allows businesses to reconcile payments with contracts, match them with invoices, and meet AML/CTF requirements.

Crypto transactions, by contrast, are unilateral and lack context. Whoever holds the private keys decides has full control to decide whether settlement happens. Without a pre-transaction authorization step or counterparty context, institutions have no way to vet, approve, or refuse incoming funds. Additionally, blockchains record only the amount, asset, and wallet addresses—no information about the counterparty, purpose, or which invoice it references.

Without a pre-transaction authorization step or counterparty context, crypto rails can’t power real-world payments. Businesses need to know who they’re transacting with, why a payment is being made, and whether it meets compliance criteria before funds move.

This is a key limitation stablecoins face today. They enable instant, global value transfer, but lack the context, trust signals, and institutional coordination that make payments truly work for businesses.

How the FATF Travel Rule Became a Catalyst for Crypto Authorization

When the FATF introduced the Travel Rule in 2019, it created the perfect conditions to build a compliant authorization layer for crypto. The rule requires counterparties in a virtual asset transaction to exchange originator and beneficiary information before settlement.

For the first time, crypto institutions were required to collaborate before a transaction occurred, mirroring the same pre-transaction authorization and due diligence flows that underpin traditional finance.

At Notabene, we saw this as a pivotal opportunity. The Travel Rule isn’t just a regulatory requirement—it’s an architectural upgrade. It gives the industry a shared standard to exchange trusted information, unlock counterparty confidence, and enable compliant, authorized crypto transactions at scale.

We’ve Already Built It: Pre-Transaction Authorization as Best Practice

Over the past five years, Notabene has turned Travel Rule compliance into an operational standard for the industry.

Today, more than 2,000 institutions across 100+ jurisdictions rely on Notabene’s open Transaction Authorization Protocol (TAP) to exchange verified transaction data and pre-transaction authorizations. To date, the Notabene Network has powered more than $1.5 trillion in compliant transaction volume.

Within our network, pre-transaction authorization has become an established best practice. Counterparties exchange compliance data, verify each other’s risk profiles, and explicitly approve transactions before funds move.

The Dilemma: Global Travel Rule Adoption Still Faces Gaps

Since the FATF introduced the Travel Rule in 2019, global implementation has expanded rapidly but unevenly.

According to the FATF’s June 2025 targeted review, 85 jurisdictions now enforce or have enacted Travel Rule legislation, up from 65 in 2024. 99 out of 117 jurisdictions had either passed or were in the process of passing relevant legislation at the time of the report.

However, only 35 jurisdictions have initiated active enforcement or supervisory actions. Nearly 60% of jurisdictions with legislation have yet to begin active Travel Rule enforcement.

Even where rules exist, VASPs face structural barriers to compliance. Because public blockchains are open settlement layers, VASPs cannot fully control the origin of incoming transfers. Many VASPs still lack the ability to reject deposits that arrive without verified Travel Rule data or from untrusted counterparties, which undermines their ability to maintain consistent counterparty risk controls.

This fragmented and inconsistent implementation, coupled with persistent technical interoperability challenges, limits the Travel Rule’s full potential. To unlock the next generation of payments, authorization and compliance must become built-in properties of the transaction, not optional layers added after the fact.

Notabene Flow: Stablecoin Payments with Authorization Built In

Enter Notabene Flow, the open stablecoin payments platform that makes authorization and Travel Rule compliance native to every payment.

Flow uses an addressless payments architecture: settlement addresses are revealed only after all Travel Rule information is exchanged and the required due diligence, consent, and compliance checks are completed. No address, no payment—and as a result, no possibility of unauthorized or non-compliant settlements.

Here’s how it works in a Pull Payment scenario:

1. Payment initiation – The merchant’s payment service provider (PSP) issues an invoice and payment request in Flow, automatically generating a Travel Rule message that includes payee data and transaction details.
2. Payment response – The payer selects their payment provider, who adds payer information to the Travel Rule record.
3. Dual authorization – Both counterparties conduct compliance and risk checks.
4. Settlement and disclosure – Once both counterparties have completed their compliance checks and authorized the transaction, the agent representing the payee sends an authorization message back to the agent representing the payer. This message includes the settlement address, which is revealed only at this stage. .

This model elevates pre-transaction authorization from a best practice to a built-in feature of every Flow payment. It also transforms the Travel Rule from an isolated compliance task into a requirement enforced by the design of the payment itself.

By revealing settlement addresses only after both sides complete authorization and exchange verified information, Flow makes it technically impossible to receive unvetted or non-compliant deposits. Institutions regain full control over inbound payment flows, strengthening their ability to apply consistent counterparty risk policies, prevent unwanted exposure, and enforce compliance at the protocol level.

Business-Ready Stablecoin Payments—Built for the Real World

Notabene Flow transforms stablecoins from fast settlement tools into a fully authorized, compliant, and business-ready payment network.

By combining the instant settlement of stablecoins with a pre-transaction authorization and compliance layer, Flow delivers what neither can achieve alone:

• Instant, borderless settlement without intermediaries
• Pre-transaction authorization, counterparty verification, and Travel Rule compliance
• End-to-end control and transparency across every transaction

With Flow, companies can finally unlock the efficiency of stablecoins — without sacrificing oversight, trust, or regulatory alignment.

This is the foundation for the future of B2B payments: instant, compliant, and ready for the real world.

Explore Notabene Flow and apply to become a Notabene Flow founding partner.

‍

‍

How Notabene Flow makes authorization and Travel Rule a built-in component of Stablecoin Payments

Few technologies have captured the imagination of the financial world quite like stablecoins. They promise to make money programmable, borderless, and instant. With blockchain as their foundation, stablecoins can streamline settlement, reduce costs, and open up a new era of global commerce.

Yet despite their growing adoption, stablecoins represent only 0.03% of the $120 trillion B2B payments market. The reason is simple: on their own, stablecoins don’t constitute a full payment system.

Businesses need more than fast transfers. They need context—the ability to link payments to contracts, invoices, and compliance data. Institutions processing payments for businesses also need to operate with counterparty trust and robust compliance frameworks. 

The potential of stablecoins to revolutionize payments will remain largely untapped until these missing layers are built.

Why Stablecoin Payments Need Authorization and Context

Traditional payment systems have long relied on authorization—the ability to approve a transaction before settlement. When a card is swiped or a wire is initiated, institutions verify funds, screen for fraud, and apply compliance checks. This two-step process—authorization first, settlement later—is what makes payments reliable, reversible when needed, and compliant.

Equally important is the context: the information that moves alongside the funds. Payment messages transmit essential information for compliance and business operations, including Travel Rule data, invoice numbers, merchant details, and customer identifiers. This context allows businesses to reconcile payments with contracts, match them with invoices, and meet AML/CTF requirements.

Crypto transactions, by contrast, are unilateral and lack context. Whoever holds the private keys decides has full control to decide whether settlement happens. Without a pre-transaction authorization step or counterparty context, institutions have no way to vet, approve, or refuse incoming funds. Additionally, blockchains record only the amount, asset, and wallet addresses—no information about the counterparty, purpose, or which invoice it references. 

Without a pre-transaction authorization step or counterparty context, crypto rails can’t power real-world payments. Businesses need to know who they’re transacting with, why a payment is being made, and whether it meets compliance criteria before funds move.

This is a key limitation stablecoins face today. They enable instant, global value transfer,  but lack the context, trust signals, and institutional coordination that make payments truly work for businesses.

How the FATF Travel Rule Became a Catalyst for Crypto Authorization

When the FATF introduced the Travel Rule in 2019, it created  the perfect conditions to build a compliant authorization layer for crypto. The rule requires counterparties in a virtual asset transaction to exchange originator and beneficiary information before settlement.

For the first time, crypto institutions were required to collaboratebefore a transaction occurred, mirroring the same pre-transaction authorization and due diligence flows that underpin traditional finance.

At Notabene, we saw this as a pivotal opportunity. The Travel Rule isn’t just a regulatory requirement—it’s an architectural upgrade. It gives the industry a shared standard to exchange trusted information, unlock counterparty confidence, and enable compliant, authorized crypto transactions at scale.

We’ve Already Built It: Pre-Transaction Authorization as Best Practice

Over the past five years, Notabene has turned Travel Rule compliance into an operational standard for the industry.

Today, more than 2,000 institutions across 100+ jurisdictions rely on Notabene’s open Transaction Authorization Protocol (TAP) to exchange verified transaction data and pre-transaction authorizations. To date, the Notabene Network has powered more than $1.5 trillion in compliant transaction volume.

Within our network, pre-transaction authorization has become an established best practice. Counterparties exchange compliance data, verify each other’s risk profiles, and explicitly approve transactions before funds move.

The Dilemma: Global Travel Rule Adoption Still Faces Gaps

Since the FATF introduced the Travel Rule in 2019, global implementation has expanded rapidly but unevenly.

According to the FATF’s June 2025 targeted review, 85 jurisdictions now enforce or have enacted Travel Rule legislation, up from 65 in 2024. 99 out of 117 jurisdictions had either passed or were in the process of passing relevant legislation at the time of the report.

However, only 35 jurisdictions have initiated active enforcement or supervisory actions. Nearly 60% of jurisdictions with legislation have yet to begin active Travel Rule enforcement.

Even where rules exist, VASPs face structural barriers to compliance. Because public blockchains are open settlement layers, VASPs cannot fully control the origin of incoming transfers. Many VASPs still lack the ability to reject deposits that arrive without verified Travel Rule data or from untrusted counterparties, which undermines their ability to maintain consistent counterparty risk controls.

This fragmented and inconsistent implementation, coupled with persistent technical interoperability challenges, limits the Travel Rule’s full potential. To unlock the next generation of payments, authorization and compliance must become built-in properties of the transaction, not optional layers added after the fact.

Notabene Flow: Stablecoin Payments with Authorization Built In

Enter Notabene Flow, the open stablecoin payments platform that makes authorization and Travel Rule compliance native to every payment.

Flow uses an addressless payments architecture: settlement addresses are revealed only after all Travel Rule information is exchanged and the required due diligence, consent, and compliance checks are completed. No address, no payment—and as a result, no possibility of unauthorized or non-compliant settlements.

Here’s how it works in a Pull Payment scenario:

1. Payment initiation – The merchant’s payment service provider (PSP) issues an invoice and payment request in Flow, automatically generating a Travel Rule message that includes payee data and transaction details.
2. Payment response – The payer selects their payment provider, who adds payer information to the Travel Rule record.
3. Dual authorization – Both counterparties conduct compliance and risk checks.
4. Settlement and disclosure – Once both counterparties have completed their compliance checks and authorized the transaction, the agent representing the payee sends an authorization message back to the agent representing the payer. This message includes the settlement address, which is revealed only at this stage. .

This model elevates pre-transaction authorization from a best practice to a built-in feature of every Flow payment. It also transforms the Travel Rule from an isolated compliance task into a requirement enforced by the design of the payment itself.

By revealing settlement addresses only after both sides complete authorization and exchange verified information, Flow makes it technically impossible to receive unvetted or non-compliant deposits. Institutions regain full control over inbound payment flows, strengthening their ability to apply consistent counterparty risk policies, prevent unwanted exposure, and enforce compliance at the protocol level.

Business-Ready Stablecoin Payments—Built for the Real World

Notabene Flow transforms stablecoins from fast settlement tools into a fully authorized, compliant, and business-ready payment network.

By combining the instant settlement of stablecoins with a pre-transaction authorization and compliance layer, Flow delivers what neither can achieve alone:

• Instant, borderless settlement without intermediaries
• Pre-transaction authorization, counterparty verification, and Travel Rule compliance
• End-to-end control and transparency across every transaction

With Flow, companies can finally unlock the efficiency of stablecoins — without sacrificing oversight, trust, or regulatory alignment.

This is the foundation for the future of B2B payments: instant, compliant, and ready for the real world.

Explore Notabene Flow and apply to become a Notabene Flow founding partner, accepting applicants until January 2026.

In this episode of Stack Chats, a new video series from Notabene, Pelle sits down with Anoosh Arevshatian, CPO of Zodia Custody, to talk about the complex world of custodial services in the digital assets space.

On September 29, Notabene Summit 2025 brought stablecoin operators, payment innovators, and compliance experts together in New York City to explore a critical question: how do we build the trust infrastructure that turns global stablecoin payments into a reality?

Against the Manhattan skyline, industry leaders gathered to discuss the $120 trillion B2B payments opportunity, and the role that stablecoins will play in capturing it. The timing couldn't be better. With regulatory clarity emerging in the US and institutional adoption accelerating globally, the conversation around stablecoin adoption has shifted from "if" and “when”, to "how."

These were the three defining insights from the day:

1. Trust Infrastructure Unlocks Institutional Adoption

Regulatory clarity was the first domino to fall. With the GENIUS Act now law and broader market structure legislation advancing, the US is finally signaling openness to innovation. As Chris Shimizu, AML Program Manager for Robinhood, put it after 14 years in crypto compliance: “It’s amazing to finally see this level of openness in the US.” 

Now comes the harder part: turning that clarity into operational reality.

In the first two panels of the day, leaders from Blockchain Association, the US Treasury Department, Anchorage Digital, Talos, Apollo, Digital Asset, and DRW outlined what needs to happen next. Christine Moy from Apollo described the institutional trust challenge: 

"You couldn't trust the technology because it was new and parametrically different from anything that you ever built internally at a centralized financial institution." —Christine Moy, Partner, Strategy (Digital Assets, Data, AI), Apollo

Mark DuBose from Anchorage summed up the moment: 

"GENIUS was good for the United States. Clarity will be really good for the industry." 

Regulatory progress opened the door. Now institutions need the tools to walk through it.

The operational barriers are formidable:

• Travel Rule compliance is required across jurisdictions with differing implementations
• Real-time counterparty verification is needed for multiple transaction participants
• Due diligence at scale is a significant operational burden

The principle repeated throughout the day was clear: trust can’t be outsourced to a closed network. Institutions need open, interoperable tools that let them enforce their own policies while operating at scale.

Regulation provides the framework. Trust infrastructure makes it work.

2. B2B Stablecoins Face a $120T Opportunity

The numbers are staggering: $120 trillion in annual B2B payment flows, and stablecoins currently capture 0.03% of it. The gap isn’t demand. It’s infrastructure that doesn’t yet serve real business needs. 

During the Summit, Alice Nawfal walked through a simple example: a Portuguese clothing manufacturer paying a Turkish fabric supplier. This simple transaction involves five intermediaries, six SWIFT messages, transfer fees, and operational overhead at every step.

"Traditional banking rails were designed to optimize for domestic payments, not the kind of fast global trade businesses need today," Notabene's Pelle Braendgaard added.

Stablecoins natively solve one half of the settlement problem with 24/7 availability, low costs, and instant finality for sending payments. But their "push-only" transaction model leaves out essential B2B workflows: no pull payments, recurring billing, payment requests, nor dispute resolution.

The closing panel—featuring leaders from Walapay, Bitso, Mastercard, and Borderless—dialed up the urgency. Kevin Lehtiniitty of Borderless noted that one of the most common questions from TradFi companies is how to enable requests for payments — a capability that, until now, hasn’t existed. "How can we stop moving money on Telegram, please, as an industry," he pled with the audience.

Announced live at the Summit, Notabene Flow is the our next major product evolution: an open coordination layer for trusted B2B stablecoin payments. Built on Notabene's existing network of 2,000+ regulated entities processing $1.5 trillion annually, Flow combines three elements:

• Context - Provided by secure data messaging between entities, related to the transaction, and facilitated by the open-source TAP protocol
• Trust - Provided by 2,000+ trusted entities completing Travel Rule-compliant transactions on the Notabene Network today
• Authorization - Via Notabene Transact’s automated transaction authorization platform that allows counterparties to use custom policy engines to approve, reject, or flag transactions based on their own unique business needs and risk factors.

The combination of these three key elements is what allows us to build a payments layer on top of our existing network that can enable pull payments. This payment type, which includes recurring billing, payment requests, and subscription flows, is an essential capability that traditional businesses rely on —and a key reason that stablecoins have not yet been able to make a dent in the massive B2B payments market.

The result is near-100% straight-through processing rates and a pathway to scale compliant stablecoin payments across borders with no need for costly and burdensome bilateral banking relationships in each jurisdiction.

Anoosh Arevshatian from Zodia Custody (one of twelve Founding Partners of Notabene Flow, also including Bitso, Borderless.xyz, Dfns, Flutterwave, Gnosis, Monerium, Orbital, Portal, Walapay, Yellow Card) said of the launch: 

"Compliance and trust aren't optional—they're the foundation of how we operate. That's why we value working with partners like Notabene, who embed instant counterparty trust into every transaction."

Mukul Tripathi from Mastercard added, "Notabene is very uniquely positioned to solve some of the very pressing pain points that exist in the industry with compliance first... making the whole ecosystem trustworthy."

Notabene CEO Pelle's Brændgaard summarized the vision: 

"This is really why I got into crypto in the first place 15 years ago. We're going from being SWIFT for crypto to let's just be a better SWIFT."

3. Open Architecture Drives Adoption 

The way payment networks are structured isn’t just a technical choice. Architecture determines which institutions can participate and how efficiently they can operate.

Kevin Lehtiniitty of Borderless.xyz highlighted the industry shift: 

"A year and a half ago, VCs were saying 'you have issuers, blockchains, and on-ramps—we're done.' Now with Circle CPN and Fireblocks Network launching, people are circling back: 'Wait, maybe there's more to this.'"

Payment networks need to evolve in an open context rather than creating a series of walled gardens. Without that openness, the industry risks returning to the same limited structures that blockchain was supposed to improve.

The open vs. closed question is practical, not philosophical. Closed networks force binary choices: join our ecosystem on our terms, or build everything yourself. The practical benefits of open networks are clear:

• Implement your own counterparty verification policies
• Connect to multiple liquidity sources simultaneously
• Work with preferred compliance and custody providers
• Operate across jurisdictions with different requirements

Across the Summit, examples illustrated how open networks unlock real-world B2B payments. Ben Reid from Bitso is creating on-ramps for Mexican peso and Brazilian real stablecoins. Tom Borgers of Walapay is connecting emerging market corridors. Kevin Lehtiniitty of Borderless.xyz is building scalable transaction processing infrastructure. And Notabene Flow provides the coordination layer that ties it all together.

The pieces only work together if they're interoperable.

As Brændgaard put it: 

"Crypto should be open, stablecoins should be open, payments should be open."

What’s Next?

The decisions made today will determine whether stablecoins scale in B2B payments or remain a promising but limited technology. To realize the opportunity, three building blocks must come together:

1. Trust infrastructure that institutions can build on: Not just compliance checkboxes, but tools for real-time counterparty verification and risk management at scale.

2. Payment coordination that serves real business needs: Pull payments, recurring billing, dispute resolution—the real-world capabilities that make large payment volumes work.

3. Open networks that preserve control: Interoperable infrastructure that lets participants maintain their own policies while gaining the benefits of coordination.

The validation throughout the 2025 Notabene Summit suggested that the industry recognizes what's needed. The companies building these solutions aren't waiting for permission. They're solving immediate problems for customers who need better payment rails today.

Stablecoins will transform B2B payments. The only question is how quickly we build the infrastructure needed to make it happen.

Let’s build it together.

Notabene Flow testnet is live, APIs and documentation ready, and Founding Partners already integrated. To learn more and join the open network, visit notabene.id/flow.

Notabene Flow introduces new business payment capabilities like pull payments and recurring subscriptions, enabling its fast growing network to tackle the huge addressable B2B payment market. The launch is backed by founding partners Bitso, Borderless.xyz, Dfns, Flutterwave, Gnosis, Monerium, Orbital, Portal, Walapay, Yellow Card, and Zodia Custody.

NEW YORK — September 29, 2025
Notabene, the trust layer for global money movement, today announced the launch of Notabene Flow—the first open stablecoin payments platform built for high-value cross-border business payments, on its active network of 2,000+ regulated entities processing over $1T annually.

The $120T global B2B payments market is massive, and while stablecoins provide faster and more efficient transactions, they account for only a tiny 0.03% of this volume. Their role remains limited because today’s crypto rails lack the trust infrastructure that traditional payment systems provide—capabilities like coordination, authorization, invoicing, and dispute resolution. Without these, companies struggle to prevent fraud, block illicit activity, and manage payment reversals. The result: stablecoin businesses are locked out of the larger B2B market or limited to one-way, push-only payments.

Notabene Flow unlocks this market by delivering the payment coordination and authorization layer missing from crypto rails. It introduces pull payments, recurring subscriptions, and compliant multi-party flows, all built on the strength of the Notabene Network—the world’s largest regulated crypto network, active in 100+ jurisdictions and processing over $5B in transaction volume a day.

“At Bitso, we have seen firsthand how stablecoins are a foundational layer for the next evolution of financial infrastructure, particularly in Latin America. But in addition to the value layer provided by stablecoins and the movement layer enabled by blockchain, an interoperability and compliance layer is required to fully bring this evolution to the most demanding institutional payment flows. Notabene addresses this directly with Notabene Flow, and building on a trusted existing network that provides the necessary layers of security and transparency is crucial for Bitso's growth strategy in cross-border business payments.”
—Ben Reid, Head of Stablecoins at Bitso

Having already tackled one of the industry’s toughest challenges—cross-border Travel Rule compliance—Notabene is now transforming their compliance core into a revenue engine. Notabene Flow’s open-loop network and transparent economic model incentivizes verified participants through revenue-sharing on competitively priced, stablecoin-powered transactions and reduced operational overhead and compliance costs, creating a virtuous cycle of adoption that rewards network participants while fueling sustainable growth of B2B stablecoin payments worldwide.

“Cross-border B2B payments have always been slow, expensive, and complex. Stablecoins are the first real opportunity to change that—but these high-value payments need a trust framework to succeed at scale. Notabene Flow delivers that framework, giving businesses the ability to run trusted, compliant payment flows with the efficiency of stablecoins and the reliability they expect from traditional finance.”
—Pelle Braendgaard, CEO, Notabene

Notabene Flow delivers immediate value through a single API integration that unlocks Travel Rule–compliant, multi-party B2B payment flows—making launching cross-border digital payments as simple as flipping a switch. With one integration, businesses gain instant access to an established and trusted global network that combines regulatory certainty with the flexibility of stablecoin and digital-asset payments.

“At Zodia Custody, compliance and trust aren’t optional—they’re the foundation of how we operate. Our institutional clients demand the same. That’s why we value working with partners like Notabene, who embed instant counterparty trust into every transaction. With Notabene Flow, a single integration point provides us the opportunity to expand stablecoin payments in a way that meets the highest standards of security and interoperability, with no heavy technical lift on our end."
—Anoosh Arevshatian, Chief Product Officer, Zodia Custody

Through a partnership with the Global Legal Entity Identifier Foundation (GLEIF), entity verification is anchored to the internationally recognized LEI standard, giving every participant a reliable foundation of counterparty trust. As of mid-September 2025, the Global LEI Index records just over 3.05 million LEIs issued worldwide, with more than 93% (~2.85 million) active. This reach and interoperability allows institutions to implement custom policy-based workflows aligned to their risk tolerance and jurisdictional needs—strengthening compliance while enabling faster, more scalable growth. 

Notabene Flow is open-loop by design and built on the Transaction Authorization Protocol (TAP)—an open messaging standard that enables any verified entity to transact securely with trusted participants. Open-loop means no gatekeeping: no restrictions on assets, blockchains, jurisdictions, or membership tiers. Standardized messaging across the ecosystem enables trusted payment coordination with built-in Travel Rule compliance, eliminating the regulatory and operational burden of setting up separate entities, licenses, or bilateral agreements. Just as SWIFT standardized financial messaging for banks, TAP provides a common language for transaction authorization in the digital asset economy.

"As the first and one of the largest stablecoin payment networks, we believe mass adoption requires open standards - not additional walled gardens that create more fragmentation and slow growth. Companies already face a patchwork of providers, regulations, and jurisdictions, and the limits of push-only payments are clear. Having rolled out our network with leading stablecoin providers across 70+ countries, including Bridge, Bitso, and Yellow Card, we have seen firsthand the need for pull and recurring payments. We’re excited to partner with Notabene Flow to make this possible across our global on- and off-ramp network."
—Kevin Lehtiniitty, CEO, Borderless.xyz

Notabene Flow builds on the proven scale of the Notabene Network, trusted for over 5 years by more than 240 institutions to power fully compliant, multi-party transactions with straight-through processing rates above 85%. With the launch of Notabene Flow, Notabene cements its position as the de facto trust layer for global money movement—expanding beyond compliance to solve the broader challenge of enabling trusted, interoperable transactions across stablecoin rails.

Businesses can join the network today at notabene.id/flow.

‍

‍

About Notabene

Notabene is the trust layer for global crypto money movement, powering the largest Travel Rule-compliant transaction authorization network for regulated institutions globally. Our platform enables regulated entities across 100+ global jurisdictions to securely and seamlessly verify counterparties, authorize transactions, and comply with regulations—ensuring trust in every transaction.

With SOC-2 certification, ISO27001 compliance, and a strong focus on privacy and user experience, Notabene provides industry-leading tools for stablecoin payments, real-time transaction authorization, counterparty sanctions screening, and self-hosted wallet identification.

Headquartered in New York, Notabene operates globally with a presence in Switzerland, Singapore, Germany, and the United Kingdom. Trusted by over 240 companies, including Copper, Luno, Crypto.com, and Bitstamp, Notabene helps institutions build trust into every transaction while ensuring compliance with evolving regulatory frameworks.

Learn more at Notabene.id

Connect with us on LinkedIn | X

‍

‍

‍

‍

US banks have long faced uncertainty over whether they could legally and safely hold and manage crypto assets for clients. Until 2025, national banks navigating crypto custody risked operating in a regulatory gray area with no clear guidance on authority or compliance expectations, leaving many institutions hesitant to offer digital asset safekeeping services.

That uncertainty is now resolved. In a July 2025 joint statement, the OCC, Federal Reserve, and FDIC issued a coordinated set of guidance and clarifications that make it clear: national banks can provide crypto custody services, as long as they implement robust risk management and compliance frameworks.

This alignment of US banking regulators is a clear turning point. Banks now have confirmed authority, defined operational and compliance expectations, and a path to compete with crypto-native custodians in a trust-sensitive, highly regulated market.

Timeline of Regulatory Clarifications for Crypto Custody

A series of regulatory milestones between March and July 2025 transformed the landscape for banks considering crypto custody:

• March 7, 2025 – OCC Interpretive Letter 1183: Rescinded the requirement for pre-approval before engaging in crypto-asset custody activities, confirming banks can operate within their existing charter authority. Specific statement: “crypto-asset custody, distributed ledger, and stablecoin activities are permissible” 
• May 7, 2025 – OCC Interpretive Letter 1184: Explicitly confirmed that OCC-regulated banks have full authority to provide crypto custody services. Specific statement: "confirm that banks may buy and sell assets held in custody at the custody customer’s direction and are permitted to outsource bank-permissible crypto-asset activities, including custody and execution services to third parties, subject to appropriate thirdparty risk management practices."
• July 14, 2025 – OCC, Federal Reserve, and FDIC Joint Interagency Statement: Issued detailed guidance on crypto-asset safekeeping, emphasizing enterprise-grade risk management, governance and board oversight, cybersecurity, operational resilience, and compliance with BSA, AML, OFAC, CFT, and Travel Rule obligations. Specific statement: "These laws and regulations require banking organizations to verify customer identity, perform due diligence to understand the nature and purpose of the customer relationship, perform ongoing monitoring to identify and report suspicious activity, block transactions in accordance with OFAC sanctions, and follow the “Travel Rule.”
  

Together, these milestones establish both the authority to offer crypto custody and the supervisory expectations banks must meet to operate safely and securely.

Operational and Compliance Priorities for Banks Offering Crypto Custody

Regulatory clarity now enables banks to offer crypto custody, but success depends on translating guidance into concrete operational practices. Key areas for banking professionals to focus on include:

• Enterprise-grade risk management: Implement continuous risk assessment frameworks that cover market volatility, operational errors, and cyber threats specific to digital assets.
• Travel Rule Compliance & Identity verification: Ensure robust processes for capturing and transmitting verified originator and beneficiary information in compliance with the Travel Rule and AML/CFT obligations.
• Policy-based transaction controls: Embed automated approval workflows and transaction limits that enforce compliance policies consistently across all custody operations.
• Board oversight and governance: Establish clear accountability structures, reporting lines, and periodic reviews to align management, compliance, and operational teams on risk and regulatory obligations.
• Operational resilience and cybersecurity: Design custody infrastructure to withstand operational disruptions and cyberattacks while maintaining secure access and transaction integrity.

Notabene Approach to Scalable Compliance and Trust Infrastructure

Banks entering crypto custody need regulatory guidance, but they also need infrastructure that translates compliance into everyday operations. 

As banks enter the crypto custody space, regulatory clarity is only part of the challenge. Institutions also need infrastructure that operationalizes compliance—embedding it directly into how digital asset transactions are authorized, monitored, and secured.

Notabene Transact provides exactly that. It’s a transaction authorization platform purpose-built for regulated financial institutions managing digital asset flows. Through automated pre-transaction decisioning and robust data security, Transact helps banks meet evolving Travel Rule requirements while turning compliance into a strategic advantage—improving efficiency, strengthening data integrity, and unlocking new revenue opportunities.

With the largest active network of Travel Rule–compliant entities worldwide, Notabene offers the industry’s only solution that combines compliance-grade assurance with the scalability and adaptability needed for the high-growth, high-trust demands of digital asset markets. As regulations mature globally, Notabene Transact enables institutions to build trust infrastructure that grows with their business — ensuring every transaction is compliant, authorized, and secure by design.

Building Operational Readiness and Trust in Digital-Asset Custody

The 2025 regulatory clarifications from the OCC, Federal Reserve, and FDIC establish clear authority and supervisory expectations for banks offering crypto custody. Enterprise-grade risk management, governance, cybersecurity, and compliance are now baseline requirements, not optional best practices

These clarifications set a clear standard for securely managing digital assets with operational resilience and regulatory compliance. Banks that embed risk management and compliance at the core of their operations today are positioned to compete confidently and sustainably in the crypto market.

In this first episode of Stack Chats, a new video series from Notabene, Pelle sits down with Clarisse Hagége, CEO & Co-Founder of Dfns, to talk about stablecoin payments infrastructure and unique institutional needs.

US banking regulators have sent their clearest signal yet: the Travel Rule now applies to all banks offering crypto custody services.

In a July 2025 joint statement on crypto-asset safekeeping, the OCC, Federal Reserve, and FDIC outlined expectations for cybersecurity, operational resilience, and risk management. But one line in particular caught the attention of compliance teams: for the first time, US regulators explicitly named the Travel Rule as a compliance requirement for banks providing crypto custody.

Shifting US Regulatory Expectations for Crypto Custody and Travel Rule Compliance

The Travel Rule, first implemented under the Bank Secrecy Act (BSA) in 1996, requires financial institutions to transmit verified originator and beneficiary information with qualifying transfers. In traditional finance, it’s a cornerstone of AML compliance.

In the digital asset space, however, its application has long been debated. In the US, crypto (as “convertible virtual currency”) became explicitly subject to the Travel Rule when FinCEN issued guidance in 2013 and again in 2019, but the rule itself dates back to 1996. Many in the crypto industry have treated it as a requirement specific to crypto companies—something that only virtual asset service providers (VASPs) need to worry about, not banks.  

The July 14 statement changes that. For the first time, US regulators have written the Travel Rule directly into formal interagency guidance for banks engaged in crypto custody:

“Crypto-asset safekeeping relationships are subject to applicable Bank Secrecy Act/anti-money laundering (BSA/AML), countering the financing of terrorism (CFT), and Office of Foreign Assets Control (OFAC) requirements … and follow the Travel Rule.”

— OCC, Federal Reserve, and FDIC, Interagency Statement on Crypto-Asset Safekeeping, July 14, 2025

This explicit mention transforms what was once implicit under broader BSA and AML obligations into a direct supervisory expectation.

How This Fits Into the Broader Regulatory Progression

This joint statement builds on a broader sequence of federal actions that have opened the door for national banks to offer digital-asset custody services. Find the complete timeline in our article on US banking regulators formally clearing national banks to engage in crypto custody.

What matters for this update is the regulatory trajectory: for the first time, the Travel Rule is explicitly written into interagency guidance for crypto-asset safekeeping, marking a shift from implied obligations to clear supervisory expectations.

Implications of Travel Rule Guidance for Banks

For banks entering or expanding crypto custody services, the joint statement removes longstanding ambiguity about compliance expectations. It makes clear that digital asset safekeeping is subject to the same regulatory rigor as traditional banking activities.

Key takeaways for compliance teams and leadership include:

• Compliance is explicit. The Travel Rule is now a named regulatory obligation, not an interpretive assumption.
• Identity-linked data sharing is required. Banks must be able to transmit verified originator and beneficiary information between counterparties.
• Architecture matters. Custody and ledger systems must support Travel Rule compliance, enabling secure data exchange and counterparty verification.
• Governance is essential. Boards, BSA officers, and compliance teams must integrate these requirements into their crypto risk management frameworks.

In short, Travel Rule compliance has evolved from a crypto industry best practice into a baseline expectation for banking supervision.

A Broader Signal for the Industry

The interagency statement doesn’t introduce new supervisory powers. It does, however, codify regulators’ view that Travel Rule compliance is integral to “safe and sound” digital-asset operations.

By positioning the Travel Rule alongside AML, CFT, and OFAC controls, regulators are signaling a convergence: the path forward for crypto custody depends on interoperable compliance infrastructure. Financial institutions will need solutions that make identity sharing seamless across ledgers, institutions, and jurisdictions.

Travel Rule Compliance as a Banking Baseline

The Travel Rule is moving from a crypto-industry guideline to a core requirement in US banking compliance. Firms entering or expanding crypto custody services must treat it not as an optional standard, but as a baseline obligation.

Compliance with the Travel Rule and transaction authorization need to be embedded from day one to operate safely, securely, and in line with regulatory expectations. Meeting these standards will be critical for both operational integrity and regulatory readiness.

Notabene Transact: The Trusted Approach to Travel Rule Compliance

Regulatory clarity is only half the challenge. Banks also need infrastructure that makes compliance operational. Notabene Transact provides that foundation.

Purpose-built for regulated financial institutions, Transact embeds pre-transaction authorization, counterparty verification, and Travel Rule compliance directly into the transaction flow. It automates decisioning before funds move, ensuring every crypto custody transaction is compliant, authorized, and secure.

With the world’s largest active network of Travel Rule–compliant entities, Notabene enables institutions to scale confidently as digital asset regulations mature. Notabene Transact turns Travel Rule compliance into a competitive advantage and a driver of trust. As regulators align expectations across traditional finance and digital assets, embedding trust and transparency into transaction infrastructure will determine which institutions lead the next phase of crypto adoption.

Today, Hong Kong just raised the bar for stablecoin regulation worldwide. The Hong Kong Monetary Authority's (HKMA) new AML/CFT guidelines for licensed stablecoin issuers established a comprehensive Travel Rule framework, which will come into effect on 1 August 2025, and it has significant implications for the global stablecoin ecosystem.

Compliance with the Guidelines is enforced through the Stablecoins Ordinance and the AMLO. A licensee who fails to comply with this Guideline may be subject to disciplinary or other actions under the Stablecoins Ordinance and/or the AMLO.

Zero Tolerance for Compliance Gaps

Unlike jurisdictions that set minimum thresholds for Travel Rule compliance, Hong Kong takes a zero-threshold approach. Travel Rule compliance is required for every stablecoin transfer, no matter the value. 

Ordering Institutions

Ordering institutions, meaning those initiating the stablecoin transfer, bear the most extensive obligations. They must “obtain and record” detailed originator and recipient information for all transactions. 

For transfers above $8,000:

• Issuers must obtain and record the originator's name, account number (or unique reference number), address (geographical, registered office, or principal place of business), customer identification number or ID document number (or date/place of birth for individuals), the recipient's name, and the recipient's account number (or unique reference number).  
• The submitted originator information must be accurate, meaning it has been verified as part of the customer due diligence (CDD) process. 
• Additionally, for occasional transfers ≥ $8,000, the originator's identity must be verified. 

Before executing a transfer, the ordering institution must securely and immediately transmit this data to the beneficiary institution. 

• "Securely" means protecting the integrity, availability, and confidentiality of the information from unauthorized access or disclosure. This involves counterparty due diligence, potential bilateral data sharing agreements, encryption, and adequate information security controls. 
• “Immediately” means the information must be sent before or simultaneously with the transfer.

For transfers below $8,000: 

• Issuers must must obtain and record the originator's name, account number (or unique reference number), the recipient's name, and the recipient's account number (or unique reference number).  
• Occasional transfers under the threshold don’t require identity verification unless linked transactions collectively exceed the threshold or if suspicious activity is suspected.

Execution cannot proceed unless all these requirements are met. Ordering institutions must also keep detailed records to demonstrate how they fulfilled the transmission, security, and timing obligations.

Intermediary Institutions

Intermediary institutions, those participating in the transfer chain the transaction, must retain all originator and recipient information they receive and transmit it unchanged to the next party in the chain, whether another intermediary or the final beneficiary institution. This information must be submitted securely and immediately, mirroring the expectations placed on ordering institutions. They cannot modify or delay this transmission.

Beneficiary Institutions

Beneficiary institutions, those receiving the stablecoin transfer on behalf of the recipient, must obtain and record the information transmitted to them. If the transfer equals or exceeds HKD 8,000 and the recipient has not been previously verified under customer due diligence, they must complete that verification. They must also confirm that the recipient’s name and account number match the data received, and follow up with appropriate measures if any discrepancies arise.

This eliminates the compliance fragmentation we see in other markets where different thresholds and enforcement timelines create operational complexity. When dealing with Hong Kong-licensed stablecoin issuers, there's no guessing about when Travel Rule applies—it always does (see Notabene’s 2025 State of Crypto Travel Rule Report for a global comparison of thresholds and regulatory approaches).

Handling Incoming Transfers Lacking Required Information

Instructed institutions, meaning intermediary or beneficiary institutions, must implement robust procedures for handling incoming stablecoin transfers that lack the required originator or recipient information. They are expected to proactively identify such transfers through reasonable measures, which may include real-time or post-event transaction monitoring. Once identified, the institution must apply a risk-based approach to determine whether to proceed with the transfer, temporarily suspend the funds, or return the stablecoins to the sender. These policies should also guide what follow-up actions are appropriate based on the severity and context of the deficiency. Institutions must attempt to obtain the missing information from the instructing institution as soon as reasonably practicable. If the information cannot be retrieved, they should evaluate whether to restrict or terminate the relationship or apply other risk mitigation steps to address potential money laundering or terrorist financing risks. Additionally, if any submitted data is found to be incomplete or nonsensical, the institution must take prompt and reasonable actions to address the resulting ML/TF exposure.

Technology Providers: No Safe Harbor

Here's where things get particularly interesting for our industry. The guidelines make crystal clear that stablecoin issuers remain fully liable for Travel Rule compliance even when using third-party technology solutions. There's no safe harbor for outsourcing compliance.

The HKMA requires issuers to conduct thorough due diligence on any Travel Rule technology provider, evaluating:

• Identify a transfer: Can the solution accurately identify stablecoin transfer counterparties and securely submit and retrieve required originator and recipient information in real time—including in cross-jurisdictional scenarios where data may be incomplete or missing. 
• Interoperability: Can the solution communicate with other systems?
• Scalability: Will it handle high transaction volumes reliably?
• Security: Does it adequately protect transmitted information?
• Compliance integration: Can it support ongoing monitoring and sanctions screening?

Additionally, the solution should support counterparty due diligence workflows, facilitate information requests between institutions, and maintain robust record-keeping capabilities. 

Counterparty Due Diligence Gets Serious

Perhaps the most operationally challenging aspect is the comprehensive counterparty due diligence requirements. The HKMA makes it clear: the risk doesn’t end at the licensee’s perimeter. It extends to any other financial institution or VASP involved in a stablecoin transfer. The objective is twofold: prevent transfers to or from illicit actors or sanctioned entities, and ensure Travel Rule compliance throughout the transaction chain.

Before a licensee conducts a transfer or makes stablecoins available to a recipient, it must assess the ML/TF risk posed by the stablecoin transfer counterparty. This involves determining whether the transfer involves another regulated entity or an unhosted wallet, and if it’s the former, identifying the counterparty using public registries of licensed or registered institutions. A risk-based approach (RBA) must be used to evaluate several factors: the nature of the counterparty’s business, customer base, geographic footprint, and most importantly, the strength of its AML/CFT controls and the regulatory oversight in its jurisdiction.

The due diligence doesn’t stop at identification. Licensees must verify that the counterparty can meet its obligations under the Travel Rule, especially in cross-border scenarios. This includes confirming whether the counterparty is subject to equivalent regulatory requirements, has implemented robust controls to protect personal data, and can reliably exchange originator and beneficiary information. Institutions deemed higher-risk such as those operating in weak regulatory jurisdictions, lacking licensing or registration, or connected to suspicious activities—must be monitored more closely.

Importantly, this due diligence process isn’t required for every single transaction. If a counterparty has already been vetted and no new risks have emerged, the licensee can rely on existing due diligence. But ongoing monitoring is mandatory. That means watching for red flags, such as unexpected behavior, transaction anomalies, or adverse media, and regularly updating the risk profile. If new risks emerge, the licensee must reassess whether it can continue to transact with the counterparty and, if necessary, impose stricter controls or terminate the relationship entirely. The bottom line is clear: if a counterparty cannot be trusted to meet baseline compliance obligations, the licensee is expected to walk away.

Unhosted Wallets Get Enhanced Scrutiny

The regulatory framework treats unhosted wallets with particular scrutiny. These wallets allow users to hold their own private keys and transact peer-to-peer without an AML/CFT-regulated intermediary, making them an attractive tool for illicit actors seeking to exploit gaps in oversight. The HKMA takes a cautious but risk-based approach: if licensees want to interact with unhosted wallets, they must prove that their controls work.

For stablecoin transfers involving unhosted wallets held by customer stablecoin holders, licensees must collect detailed information. If a customer initiates a transfer to an unhosted wallet, the licensee must capture the customer’s name, account number, and identifying information, along with the recipient’s name and wallet address. If the transfer is from an unhosted wallet into the licensee’s ecosystem, similar information must be recorded, but now it’s the originator’s wallet address and the recipient’s account with the licensee that come into focus. For transfers under HKD 8,000, certain identity elements can be omitted—unless the transactions appear linked or suspicious.

But collecting data is only one part of the equation. Licensees must actively manage the risks posed by customer wallets used for issuance or redemption. This includes verifying that the customer owns or controls the wallet through mechanisms like cryptographic signature proofs, micropayment tests or message signing. They must also screen wallet addresses for connections to sanctioned entities or suspicious activity. If a wallet is flagged as high risk, enhanced controls are required. These aren’t theoretical expectations. The HKMA encourages firms to maintain internal lists of wallet addresses that have triggered scrutiny to enable swift action when risk surfaces again.

The takeaway is clear: in Hong Kong, interacting with unhosted wallets doesn’t exempt firms from AML/CFT standards. It raises the bar. Controls must be evidence-based, continuously monitored, and capable of scaling with the evolving threat landscape.

Real-Time Compliance Required

The guidelines mandate "immediate" transmission of Travel Rule information—meaning before or simultaneously with the transfer, not after blockchain settlement. This aligns with global regulatory trends toward pre-transaction risk assessment, but it's technically challenging for many existing systems.

Traditional post-transaction Travel Rule implementations won't cut it in Hong Kong. Systems need to support real-time authorization flows where compliance checks happen before funds move.

Global Implications

Hong Kong's approach signals where global stablecoin regulation may be heading. The jurisdiction is positioning itself as a compliant stablecoin hub, but only for issuers willing to meet the highest standards.

The zero-threshold approach also has practical implications for global stablecoin operations. As more jurisdictions adopt comprehensive frameworks, we're moving toward a world where Travel Rule compliance becomes universal rather than threshold-based.

The Cautious Regulator's Dilemma

The HKMA's "risk-based but cautious approach" reflects a broader regulatory reality: authorities want to enable innovation while preventing regulatory arbitrage. 

The guidelines repeatedly emphasize that issuers must prove their systems work. This evidence-based approach to compliance represents a significant shift from checkbox exercises toward measurable risk mitigation.

What This Means for the Industry

For stablecoin issuers eyeing Hong Kong licenses, compliance-by-design isn't optional—it's the entry requirement. The days of bolting on Travel Rule capabilities as an afterthought are over.

 Generic Travel Rule solutions won't suffice; systems need to handle the specific requirements of the Hong Kong framework, including zero thresholds and enhanced unhosted wallet controls.

Most importantly, this framework shows that comprehensive stablecoin regulation is not only possible but practical. Hong Kong is proving that you can maintain the speed and efficiency of blockchain-based payments while meeting the highest AML/CFT standards.

The question now is which other jurisdictions will follow Hong Kong's lead—and whether the global stablecoin ecosystem will converge around similarly comprehensive standards.

Notabene has submitted a detailed response to the US Treasury’s recent advance notice of proposed rulemaking (ANPRM) on GENIUS Act implementation—guidance that will shape how stablecoin issuers meet illicit finance requirements in the United States. Alongside our October 17 response to Treasury’s request for comment on innovative methods to detect illicit activity involving digital assets, our recommendations on GENIUS ACT implementation center on one main goal: shifting stablecoin compliance from after-the-fact detection to pre-transaction prevention.

By opening this rulemaking to public comment, Treasury is giving the industry a rare chance to surface operational challenges, propose technical solutions, and shape how compliance obligations become law. The decisions made in the coming months will directly influence how issuers, banks, and digital asset service providers design programs and manage risk.

In our response, we call for authorization-before-settlement, clarified Travel Rule expectations, open and interoperable standards, alignment with global frameworks, and outcome-based supervision. Drawing on operational data from our network—over $1.5 trillion in transactions across 2,000+ institutions in 100+ jurisdictions—we argue for controls that stop illicit payments before they reach the blockchain.

.

What the GENIUS Act Means for US Stablecoin Regulation

The GENIUS Act, signed into law on July 18, 2025, established the first federal framework for payment stablecoins. It sets reserve, disclosure, and supervisory requirements designed to align stablecoin issuance with banking law principles like capital adequacy and consumer protection.

Most importantly for compliance teams, the GENIUS Act designates stablecoin issuers as financial institutions under the Bank Secrecy Act (BSA), bringing them under the same AML/CFT obligations as banks and other covered entities.

Since enactment in July, Treasury has been working to translate the statute into enforceable regulations. This process opened with two major consultations: a request for comment on innovative methods to detect illicit activity involving digital assets (required by the GENIUS Act) with a comment deadline of October 17, and an ANPRM on GENIUS Act implementation released September 18 with a comment deadline of November 4.

Two Consultations, One Goal: Preventing Illicit Finance

Treasury's ANPRM on GENIUS Act implementation sought public comment across six major categories: 

• Stablecoin issuers and digital asset service providers (issuance, treatment and requirements for payment stablecoins)
• Illicit finance
• Foreign payment stablecoin issuers
• Taxation
• Insurance
• Economic data

This consultation moved the conversation from law on paper to rulemaking and implementation, giving theindustry an opportunity to highlight practical challenges and propose technical solutions before final regulations are written. The most important sections for compliance leaders and market participants centered on illicit finance and Travel Rule compliance, where Treasury explicitly sought input on how stablecoin issuers and their partners should design AML/CFT frameworks.

The separate request for comment on innovative methods to detect illicit activity asked specifically about tools that regulated financial institutions use or could use to detect illicit activity involving digital assets. Treasury highlighted APIs, artificial intelligence, digital identity verification, and blockchain monitoring as areas of particular interest. The GENIUS Act requires Treasury to use public comments to inform research on the effectiveness, costs, privacy and cybersecurity risks, and other considerations related to these tools.

Together, these consultations signal Treasury's focus on operational readiness and AML/CFT safeguards as stablecoin regulation moves from statute to practice.

Illicit Finance and Travel Rule: Treasury's Compliance Expectations for Stablecoins

The ANPRM reiterates that stablecoin issuers will be treated as financial institutions under the BSA, making them subject to the full range of AML/CFT obligations including customer identification, due diligence, Travel Rule, and reporting requirements.

By opening the door to public comment, Treasury is providing the industry with an opportunity to highlight practical challenges, propose technical solutions, and influence how compliance frameworks will be written into law. For issuers, banks, and digital asset service providers, this means that the decisions made over the coming months will directly affect how they design compliance programs, structure partnerships, and approach risk management. In other words, the ANPRM is where law begins to meet practice.

Treasury's ANPRM invited comments on whether distributed ledger design creates barriers to meeting AML/CFT obligations. The request for comment on innovative methods asked directly about the role of APIs, AI-driven monitoring, blockchain analytics, and digital identity solutions in enabling compliance at scale.

These consultations signal that both stablecoin issuers and banks are converging under a shared set of expectations for mitigating illicit finance risk.

What We Told Treasury

Our responses to both consultations focused on a fundamental compliance challenge: crypto's "settle first, ask questions later" architecture. Traditional payments authorize before settling. Blockchain transactions invert this. Once a private key holder initiates a transaction, it executes without the recipient's consent, leaving minimal opportunity for preventive controls.

In our ANPRM response, we recommended five core measures for stablecoin regulation:

1. Mandate authorization before settlement. Require Travel Rule data exchange, sanctions screening, and beneficiary verification before a permitted payment stablecoin issuer reveals a settlement address or executes a transfer. This restores standard payment discipline and creates a window to block illicit payments before they happen.

2. Clarify Travel Rule obligations for stablecoin issuers. Issuers should collect, verify, and transmit originator and beneficiary data pre-transaction. They should verify beneficiary information before execution and collect minimally necessary counterparty information to enable sanctions screening.

3. Require open, interoperable standards. Issuers should use open messaging and authorization standards like IVMS-101 for data format and TAP for pre-transaction authorization. This prevents proprietary fragmentation and enables cross-border interoperability.

4. Coordinate with global precedents. Align US requirements with FATF Recommendation 16 and frameworks in jurisdictions like Hong Kong, Singapore, and the EU so US-regulated stablecoins can interoperate globally.

5. Measure what matters. Evaluate issuers on pre-transaction authorization rates, time-to-respond, Travel Rule responsiveness, and freeze actions taken, not just SAR counts.

How Innovative Tools Enable Compliance at Scale

In our response on innovative methods to detect illicit activity, we demonstrated how APIs, the Travel Rule, and pre-transaction authorization protocols work together to prevent illicit finance rather than merely detecting it after the fact.

APIs serve as the critical infrastructure for real-time compliance data exchange—connecting systems, counterparties, and authorization processes. They allow institutions to perform crucial checks in milliseconds, such as querying sanctions databases via API keys and verifying counterparty information to coordinate rapid authorization decisions. This speed is essential given blockchain’s near-instant settlement finality, and is particularly important for sanctions enforcement, where timing determines whether illicit transactions can be intercepted.

When implemented securely through APIs and pre-transaction authorization, the Travel Rule enables the transmission of compliance information at scale using standardized formats such as IVMS-101.

Most importantly, APIs enable holistic, pre-transaction risk assessment. Our system integrates connections to multiple risk intelligence sources—including sanctions screening providers and blockchain analytics platforms—into a configurable policy engine. This allows institutions to embed their own risk frameworks into automated decisioning. The result is an automated, pre-settlement risk determination that reflects each institution’s compliance posture while ensuring illicit finance risks are identified and mitigated before blockchain settlement occurs.

The Travel Rule as Prevention Control

The Travel Rule, formally codified in FinCEN's regulation 31 CFR § 1010.410(f), requires financial institutions to obtain, hold, and transmit required originator and beneficiary information for transactions of $3,000 or more. When implemented pre-transaction, the Travel Rule becomes a prevention control rather than an after-the-fact record-keeping rule.

Through the Transaction Authorization Protocol (TAP), originator and beneficiary institutions exchange data and settlement instructions before a transaction is broadcast. Both sides screen for sanctions and other AML/CFT risks. This prevents inadvertent transfers to designated parties and gives institutions a defensible basis to halt or refuse settlement in real time.

FATF guidance makes clear that the Travel Rule's core purpose extends beyond information transmission. Institutions must use this information to "take freezing actions and prohibit transactions with designated persons and entities." When correctly implemented through pre-transaction authorization, institutions gain the ability to screen both originators and beneficiaries against OFAC's SDN List before any funds move, detect indirect exposure to sanctioned parties through the payment chain, block transactions in real time before irreversible settlement, and maintain compliance even when customers attempt to send funds to sanctioned counterparties.

Beyond Illicit Finance: Foreign Issuers, Taxation, and Economic Data

The ANPRM solicits input on several additional fronts. One is the oversight of foreign stablecoin issuers, a category that raises questions about cross-border supervision and market access. Another is the treatment of taxation and insurance, which could affect both issuers' reporting requirements and consumer protections. Treasury is also asking how to design economic data collection frameworks that can capture the systemic and macroeconomic impacts of stablecoins.

These areas show that regulators are thinking beyond compliance mechanics to the wider implications of stablecoins for financial stability, market integrity, and consumer confidence.

What This Means for Stablecoin Issuers, Banks, and Compliance Teams

For the US market, these consultations create stronger incentives for onshore issuance under a compliant framework. For banks, they clarify partnership opportunities with issuers but also raise diligence requirements as both sides come under converging AML/CFT obligations.

For compliance teams, the message is clear: Travel Rule readiness and robust AML infrastructure are now table stakes.

Our platform enables secure interoperability between issuers, banks, and intermediaries by supporting counterparty identification, identity verification, and compliant transaction data-sharing. These are the capabilities Treasury is emphasizing as essential for stablecoin issuers to meet regulatory expectations. With proper implementation, stablecoin systems can prevent illicit activity before settlement rather than detecting it afterward, provide transparency through immutable audit trails while preserving legitimate privacy, and enable real-time compliance at global scale.

Read our full response to Treasury here.

Sources

• Treasury ANPRM Press Release
• Unpublished Federal Register PDF
• Treasury RFC (Aug 18, 2025)

The Financial Action Task Force (FATF)’s recent revision of Recommendation 16 (R.16) highlights a fundamental weakness in the global fight against illicit finance: the lack of transparency across today’s payment systems.

Today, as a single payment might travel through a maze of facilitators, processors, and service providers, each additional layer increases complexity and cost. More critically, each step in the payment chain increases opacity and makes illicit activity harder to detect. Bad actors thrive in these gaps.

This structural opacity is the real barrier to effective oversight. And it’s a barrier that crypto, if used intentionally, has the unique potential to solve.

The Promise and Risk of TradFi-Crypto Bridges

We’re seeing exciting progress in how crypto plugs into everyday life. Crypto cards are already handling millions in transactions, making it possible to buy a coffee with stablecoins.

But there’s a catch: behind every tap or swipe of a crypto card, there can be more than a dozen entities involved. 

While accessible solutions like crypto cards accelerate adoption, they also risk rebuilding the very patchwork of intermediation that makes illicit activity detection so difficult in the first place.

The alternative? True open-loop payments.

Imagine scanning a QR code to send USDC directly to a merchant's provider. Settlement happens in seconds, with only 3–4 parties involved instead of a dozen. Costs fall, risks fall, and transparency increases.

To avoid rebuilding the same opaque payment structures, we must lean into what makes blockchain unique: openness and transparency by design.

Making Open Payment Systems Work

Openness should not mean chaos. It still requires compliance, controls, and oversight. The challenge is enforcing these standards without closing the system back down.

That’s where the Transaction Authorization Protocol (TAP) comes in.

TAP is designed as a neutral, open protocol: no single company, consortium, or jurisdiction controls it. Regulators can engage without sovereignty concerns, and industries can apply regional requirements without fragmenting the ecosystem.

By aligning authorization and settlement in a single transparent flow, TAP ensures that controls and accountability coexist with speed and openness.

Building the Right Future for Payments

The fight against illicit finance requires us to rethink how payments are built, and to prioritize:

• Open, transparent systems by default;
• Fewer intermediaries who add value rather than opacity;
• Embedded compliance that preserves trust without undermining openness.

Blockchains gives us the tools to get there if we choose to lean into openness rather than falling back into consolidation, control and opacity.

Introducing Notabene Transact: The Next Generation of Transaction Authorization for Complex Crypto Transactions

New York, London, Singapore - July 1, 2025 – Notabene, the trust layer for global money movement, today announced the launch of Notabene Transact, the next evolution in secure, real-time transaction authorization, purpose-built for regulated entities navigating complex digital asset flows. Built on an open network powered by the innovative new Transaction Authorization Protocol (TAP), Notabene Transact transforms transaction authorization from a reactive Travel Rule obligation into a trusted, strategic engine for growth. Designed for how crypto actually moves today, Notabene Transact effortlessly manages the reality of complex multi-party transactions, giving institutions the confidence to scale securely, compliantly, and faster than ever before.

Built for the new rules of crypto

2025 marks a turning point. Regulatory clarity in key markets is accelerating institutional adoption, but with growth comes greater complexity—and compliance is now a baseline expectation. To enable compliant, real-time transaction flows with minimal friction, institutions need powerful authorization infrastructure running in the background, making decisions at the speed of business.

Most transaction authorization tools were built for simple peer-to-peer transfers, not the complexity of today’s digital asset flows. Notabene Transact is purpose-built for the real world, supporting multi-party transactions across intermediaries, custodians, and self-hosted wallets. It automates compliance across jurisdictions and delivers real-time, policy-based decisions—enabling compliant, scalable transactions by design.

A powerful element of Notabene Transact is the combination of two key capabilities: an innovative discovery and verification system that identifies all counterparties in a transaction flow, and a customizable policy engine that automates decisions based on an institution’s risk appetite, regulatory obligations, and trusted business relationships. This system of trust enables faster approvals, lower friction, and increased transaction throughput, unlocking growth across global borders.

“As the leader in Travel Rule compliance, we’ve had a front-row seat to the challenges institutions face as the crypto industry matures,” said Pelle Brændgaard, CEO of Notabene. “We didn’t just build Notabene Transact as a product, we took on the responsibility of building the open infrastructure this industry needs. By working hand-in-hand with customers, regulators, and the wider market, we created a solution that accelerates adoption, lowers risk, and sets the foundation for global growth on an innovative new open messaging protocol. With the Transaction Authorization Protocol (TAP) at its core, Notabene Transact moves the industry into a future defined by trust, openness, speed, and scalability.”

Built on TAP: Open, secure, ready to scale

The Transaction Authorization Protocol (TAP) is the open source, decentralized messaging protocol powering Notabene Transact. Unlike SWIFT and other closed-loop or outdated messaging systems, TAP is purpose-built for today’s multi-party, real-time digital asset economy. It enables secure, policy-based data exchange across any blockchain, asset, or protocol—without locking institutions into closed infrastructure.

TAP’s architecture includes a fully segregated, end-to-end encrypted data model, no central points of control, and seamless interoperability across evolving regulatory and operational environments. Combined with the Notabene Network, the largest ecosystem of regulated crypto institutions, Notabene Transact gives businesses the confidence, visibility, and flexibility to authorize transactions globally, scale across jurisdictions, and future-proof their operations.

Leading with uncompromising security

Notabene Transact delivers industry-leading security by design. Built on TAP’s decentralized, end-to-end encrypted architecture, it ensures that every data exchange is auditable, every authorization decision is traceable, and every workflow is optimized for straight-through processing. This dramatically reduces manual effort and operational risk for high-volume institutions operating at global scale.

“Security and speed aren't trade-offs in our architecture, they're both intrinsic,” Pelle Brændgaard added. “When institutions trust their infrastructure and their counterparties, they can move faster. And when they can move faster with full compliance, they can scale volumes globally without friction.”

With Notabene Transact, institutions now have the infrastructure to move faster, authorize with confidence, and scale across jurisdictions, without compromise. Powered by TAP, Notabene Transact sets the standard for secure, trusted, real-time transaction flows in the global digital asset economy.

Notabene Transact is available now. Learn more here: https://notabene.id/transact

About Notabene

Notabene is the trust layer for global crypto money movement, powering the largest Travel Rule-compliant transaction authorization network for regulated institutions globally. Our platform enables regulated entities across 100+ global jurisdictions to securely and seamlessly verify counterparties, authorize transactions, and comply with regulations—ensuring trust in every transaction.

With SOC-2 certification, ISO27001 compliance, and a strong focus on privacy and user experience, Notabene provides industry-leading tools for real-time transaction authorization, decision-making, counterparty sanctions screening, and self-hosted wallet identification.

Headquartered in New York, Notabene operates globally with a presence in Switzerland, Singapore, Germany, and the United Kingdom. Trusted by over 240 companies, including Copper, Luno, Crypto.com, and Bitstamp, Notabene helps institutions build trust into every transaction while ensuring compliance with evolving regulatory frameworks.

Start for free with the world’s largest VASP Network at Notabene.id.

Connect with us on LinkedIn | Twitter

Media Inquiries

Sacha Lowenthal
[email protected]

The Financial Action Task Force (FATF) has finalized revisions to Recommendation 16 (R16), delivering the a substantial overhaul of international payment transparency standards. These changes address two urgent imperatives: modernizing cross-border payment infrastructure to meet G20 objectives of faster, cheaper, and more inclusive transactions, while simultaneously combating an explosive surge in fraud that now represents the dominant proceeds-generating crime worldwide.

The regulatory shift is immediately apparent in the standards' evolution from "wire transfers" to "payment transparency"—a deliberate expansion signaling FATF's intent to capture all payment methods and value transfer mechanisms in our increasingly digital financial ecosystem.

The fraud crisis driving these changes cannot be understated. FATF's own research, including the 2023 report "Illicit Financial Flows from Cyber-Enabled Fraud," reveals staggering growth in both the frequency and monetary impact of fraudulent schemes. This threat has fundamentally rewritten the financial crime playbook, elevating fraud prevention and detection to primary regulatory objective, now standing alongside traditional anti-money laundering efforts as a core pillar of the revised standards.

What Changes? Key Requirements That Will Transform Payment Flows

The revised Recommendation 16 represents a fundamental shift in cross-border payment compliance. This section outlines the key changes introduced by the revision, evaluates how current industry capabilities measure up to the new standards, and demonstrates how the Transaction Authorization Protocol (TAP) is purpose-built to meet the policy objectives behind the update.

Standardized Information Requirements for Cross-Border Transfers and Mandatory Beneficiary Geographic Information

The revised R16 introduces standardized information requirements for cross-border transfers above specified thresholds:

For Originators:

• Name
• Account number (fallback: unique transaction reference)
• Address (fallback: country and town name or nearest option)
• Date of birth (fallback: year of birth)

For Beneficiaries:

• Name
• Account number or unique transaction reference
• Country and town name (or nearest option)

A significant expansion from current requirements, beneficiary geographic information is now mandatory. Previously, there was no obligation to transmit beneficiary geographic information under R16. With the revisions, country and town name are required minimum fields.

FATF's original proposals would have mandated full geographic addresses for both originators and beneficiaries, but extensive industry feedback, including from Notabene, successfully argued that such requirements would create financial exclusion and unnecessary friction, raise data protection concerns, and provide limited anti-money laundering benefit. The final standards reflect significant wins: For originators the year of birth can be provided as a fallback to full date of birth and country and town serve as acceptable alternatives when full addresses aren't available.  For beneficiaries, only country and town are required.

Mandatory Beneficiary Information Verification

One of the most significant changes is the explicit requirement for beneficiary financial institutions to verify information alignment to mitigate the risk of misdirected payments. Combating fraud is now an explicit objective of R16, acknowledged as a key target predicate offense. Institutions must now implement at least one of these approaches:

1. Post-validation checks - Verify name and account number alignment for each transaction
2. Holistic ongoing monitoring - Conduct risk-based monitoring to identify anomalous accounts and misaligned information
3. Pre-validation mechanisms - Use systems like Confirmation of Payee to verify beneficiary information aligment

🔖 Industry benchmark

VASPs in the Notabene network blocked over $696 million in transactions due to incorrect beneficiary information, demonstrating that the industry is leading the way in implementing pre-transaction beneficiary matching procedures that effectively leverage Travel Rule compliance to prevent fraud.

Positive Requirement for Payment Messages to Enable FI Identification

Information in payment messages must now make it possible for all institutions and authorities to identify which financial institution is servicing originator and beneficiary accounts and in which countries these institutions are located. 

🔖 Industry benchmark

Current implementations of R16 by VASPs rely on wallet addresses that provide no institutional identification as account identifiers, forcing VASPs to use imperfect methods like blockchain analytics and customer input to identify counterparties. 

💡 TAP Solution

TAP solves this by replacing address-based transactions with transfer requests that include complete beneficiary institution identification upfront.
Instead of sharing a blockchain address, recipients create secure transfer requests containing full institutional details—eliminating the guesswork and ensuring R16 compliance from the start.

Cross-Border Cash Withdrawal Requirements

R16 extends beyond wire transfers to include requirements for cross-border cash withdrawals. A targeted framework now requires issuing financial institutions to provide cardholder names  within three business days upon request when suspicious transactions are detected through monitoring systems.

This change addresses a significant transparency gap exploited by money launderers who open accounts in foreign countries, obtain payment cards, then return to their home country to make frequent ATM withdrawals—fragmenting their activity across jurisdictions to avoid detection. The new requirements enable acquiring institutions to request cardholder information when suspicious activity is detected, closing this critical intelligence gap.

Upgrades to Purchase of Goods and Services Exemption

The exemption scope has been clarified: when cards are used to fund other types of payment or value transfer (such as person-to-person transfers), the relevant R16 information requirements will apply. Additionally, card networks must now give financial institutions access to directories containing information on card issuing and merchant acquiring financial institutions.

Enhanced Payment Chain Definition

The revised standards clarify that payment chains begin with the financial institution that receives instructions from the customer and end with the institution that services the beneficiary's account or provides cash to the beneficiary. This definition aims to ensure complete information flows throughout complex cross-border payment chains, preventing the fragmentation that has historically hindered effective monitoring.

💡 TAP Solution

TAP's non-deterministic multi-party authorization flow provides full visibility into complex transaction flows, including all intermediaries. The protocol's non-deterministic approach allows any participant to add or replace agents during the discovery process, ensuring complete transparency before authorization.

This non-deterministic multi-party authorization structure enables the inclusion of all agents in the payment chain.

1. Additionally, the local subsidiary (VASP B UK) uses the services of an Institutional Custody provider to secure its customer funds. Therefore, it add the Institutional Custody provider as an agent (Intermediary VASP).
2. The beneficiary customer has an account with a local subsidiary (VASP B UK) and, hence, the parent entity replaces itself with that local subsidiary (the correct beneficiary agent).

   However, in reality:

For example, in the transaction illustrated below, the parent entity of an exchange (VASP B Global) is identified as the beneficiary VASP.

Revised Net Settlement Conditions

New clarification states that where net settlement results from customer transactions, information about underlying transactions is not required to accompany the net settlement. However, R16 requirements still apply to the underlying individual transactions themselves.

Implementation Timeline and Industry Impact

• Late 2026: Publication of comprehensive guidance paper on payment transparency
• Late 2030: Final deadline for R16 implementation across all jurisdictions
• Application to VASPs: Requirements will apply indirectly through R15, with potential updates to maintain alignment. 

The Broader Context: A Platform Shift in Financial Services

The revised FATF R16 signals a recognition that payment transparency must adapt to the realities of modern financial infrastructure. These regulatory changes occur against the backdrop of a fundamental platform shift in financial services - from legacy rails to programmable, real-time, blockchain-enabled networks.

TAP positions itself at the forefront of this transformation, serving as the critical authorization layer that bridges the robust controls of traditional finance with blockchain efficiency.

As the industry progresses toward the 2030 R.16 implementation deadline, TAP is uniquely positioned to help VASPs lead - not lag - in meeting the new standards. Unlike legacy institutions constrained by decades-old systems, TAP is building from a greenfield. This allows us to innovate without compromise, designing solutions purpose-built for today’s regulatory and technological realities. 

The platform shift is underway. The regulatory framework is evolving. TAP bridges both: meeting compliance demands while unlocking the full potential of blockchains as payment rails.

When the Financial Action Task Force (FATF) released revisions to Recommendation 16 (R.16) earlier this year, the headlines focused on “modernizing cross-border payment rules” and “championing transparency.” These goals sound good on paper, but the reality for financial institutions and virtual asset service providers (VASPs) is more complicated.

Compliance with R.16 is no longer just about transmitting fields like originator and beneficiary names. It’s about ensuring that every participant in a transaction is known, verified, and accountable. This requires standardized, high-quality information to flow seamlessly through complex global payment chains, while also embedding fraud prevention in every transaction.

The new standards demand greater coordination across financial intermediaries and technological innovation to handle evolving payment methods, including virtual assets, in a way that maintains both security and user privacy. This raises operational challenges but also opens the door for new solutions designed for the realities of crypto compliance.

Rules without real-world tools

The latest R.16 revisions aim to close gaps in payment transparency, requiring financial institutions to collect and transmit originator and beneficiary information throughout the payment chain. In practice, crypto payments and transfers are much harder than traditional currency to track.

Virtual IBANs and distributed wallets don’t map neatly to legal entities. Beneficiary verification, which is now a R.16 requirement, can be delayed or incomplete in instant-settlement crypto networks. Rigid data mandates, such as requiring geographic addresses, often do little to improve identification, and can even harm privacy or financial inclusion.

Without practical infrastructure, compliance becomes a checkbox exercise rather than a safeguard against fraud, money laundering, or sanctions violations. And without the right controls, real-world financial transactions can get messy, slow, or risky. That’s where the Transaction Authorization Protocol (TAP) comes in.

How TAP address real-world R.16 security challenges

TAP is an open-source, decentralized messaging protocol designed to securely and privately authorize and authenticate complex, multi-party digital asset transactions in real time. This enables compliant, scalable, and transparent global transaction flows across regulated entities, VASPs, DeFi, and self-hosted wallets.

TAP separates authorization from settlement, and gives institutions and VASPs the tools to build flexible, auditable workflows that meet their business needs while staying fully compliant with FATF regulations. It’s a protocol designed to address the practical challenges that FATF R.16 aims to solve, specifically with cross-border payments and virtual assets.

Here’s how TAP addresses the requirements established by R.16:

Separation of authorization and settlement. 

R.16 emphasizes full transmission of originator and beneficiary information throughout the payment chain. TAP allows each transaction to be authorized before settlement, ensuring that all parties have verified the required information (names, IDs, compliance data) before funds move. This is especially important for crypto transactions, which settle instantly and irreversibly.

Built-in security and trust.

TAP creates a robust security layer that operates before any blockchain transaction is executed. By enabling the exchange of necessary information and requiring mutual agreement before settlement, TAP effectively mitigates the risks associated with unilateral and irreversible blockchain transactions. This pre-settlement framework allows for the detection and rejection of fraudulent or high-risk transactions, providing a crucial safety net that is often absent in standard cryptocurrency transfers.

Composable transaction workflows. 

TAP supports flexible, threaded workflows (Transfers, Payments, Escrow, Swaps, Connect) that allow multiple participants to interact in a structured way. Each step references the previous one, creating an auditable chain of transactions that aligns with R.16’s goal of transparency in the payment chain.

Enhanced verification and compliance. 

TAP enables pre-settlement verification: beneficiary institutions can confirm the accuracy of payment details and reject or authorize transactions as needed. Supports FATF-required data fields natively, making compliance built-in rather than an afterthought.

Dynamic participant discovery. 

TAP allows for real-time discovery of all participants, including intermediaries and service providers. This ensures that the entire payment chain is known and auditable, solving the R.16 challenge of hidden participants and incomplete information flow.

Privacy and selective disclosure. 

Sensitive data is shared only with authorized parties, allowing R.16 compliance without exposing unnecessary personal information.

Adaptable to virtual assets. 

TAP solves key VA-specific R.16 challenges like virtual IBANs and blockchain addresses by using transfer requests instead of relying solely on account identifiers. Ensures accurate identification of counterparties and supports Travel Rule implementation for VASPs.

Making crypto payment transparency operational

TAP provides the infrastructure that makes full R.16 compliance feasible, especially for fast, complex, crypto transactions. It operationalizes transparency, verification, and compliance without slowing down transactions or compromising privacy. TAP also ensures pre-settlement verification and regulatory transparency without locking users into one system or region.

Open, permissionless, and auditable—TAP empowers financial institutions, VASPs, and regulators to move money with trust. 

Download the whitepaper to learn more about the protocol.

When the Financial Action Task Force (FATF) extended the Travel Rule to crypto in 2019, most of the industry saw it primarily as a new compliance burden. At Notabene, we saw something bigger: a catalyst for building the transaction authorization layer crypto has been missing since day one.

Travel Rule: A Stepping Stone to Fix a Structural Gap in Crypto

Traditional finance has a fundamental separation between authorization and settlement. Settlement occurs only after a chain of processes (clearing, authorization, risk management) have been completed. This sequencing creates space to prevent fraud, block illicit activity, and reverse transactions when necessary.

Blockchains invert this logic. Once a user signs and submits a transaction, and it is confirmed by the network, it becomes irrevocable regardless of whether proper checks were conducted beforehand.

This inversion leaves crypto exposed to preventable risks like fraud, financial crime, sanctions breaches, and operational bottlenecks.

This same structural gap also explains much of the friction VASPs face when implementing the Travel Rule. But the Travel Rule itself isn’t the problem. In fact, it’s the perfect opportunity to solve it. By requiring VASPs to exchange compliance data before settlement, the FATF created a catalyst to build crypto’s missing authorization layer.

TAP: The Transaction Authorization Protocol

We founded Notabene in 2020 with a clear mission: to build crypto's transaction authorization layer that enables its integration into the everyday economy.

The Transaction Authorization Protocol (TAP) is a fundamental piece of that mission. TAP is an open messaging protocol that provides the missing authorization layer, enabling pre-settlement coordination between multiple parties while preserving blockchain networks' open and permissionless nature.

How?

• Transaction Context: Every transaction carries structured metadata that ensures business meaning, compliance, and reconciliation travel seamlessly with the payment.
• Authorization Flow: TAP enables flexible, policy-driven authorization where each party enforces its own requirements through signed message exchanges.
• Agent Architecture: Specialized agents transparently enforce regulations, business rules, value-added services, and legacy connectivity within TAP flows.
• Payment Transparency: TAP guarantees full visibility and authenticated traceability of all participants, preserving auditable transaction chains for compliance and risk management.

Laying the Foundation for Mainstream Stablecoin Payments

TAP transforms the Travel Rule from a compliance burden into competitive payment infrastructure. By embedding regulatory checks directly into the transaction flow, stablecoin payments become not only faster and cheaper than traditional rails, but also inherently safer.

Its open nature also creates powerful network effects: the more institutions that adopt TAP, the more seamlessly their customers can transact across the entire ecosystem. This is where the strength of our active and open network of more than 2,000 institutions really comes into focus. Unlike proprietary solutions that create walled gardens, TAP's open protocol design enables global adoption and true interoperability.

A standardized, interoperable authorization layer enables blockchain’s transparency, automation, and programmability to be harnessed in service of safer, lower-cost financial infrastructure.

TAP makes possible what the industry has been working toward: regulatory-compliant stablecoin payments that are faster, cheaper, and safer than existing alternatives. This transforms regulatory requirements from market barriers into competitive advantages for blockchain-based payments.

By solving the authorization gap, TAP doesn't just enable Travel Rule compliance, it is much more than that - it creates a new kind of open infrastructure for mainstream stablecoin adoption and the next generation of compliant global payments.

Want to see TAP in action? Contact us to learn more about how Notabene is helping VASPs and institutions future-proof crypto compliance and transform payment infrastructure for good.

Today marks the half-year anniversary of the European Union’s Transfer of Funds Regulation (TFR). As we reach the mid of 2025, it’s worth looking back at the path that shaped today's regulatory reality. The year 2023 was defined by the entry into force of the Travel Rule in the UK. In 2024, the EU followed suit. Now, six months into this new phase, the time is ripe to assess the progress of the TFR, draw comparisons with the UK’s experience, and uncover the lessons that can guide the effective implementation of Travel Rule regimes.

What the Data Tells Us

In 2023, our team at Notabene was fully mobilized to prepare the UK crypto industry for the arrival of the Travel Rule compliance, set to take effect on September 1, 2023. We engaged across multiple fronts: running testnets with cohorts of VASPs under the FCA's regulatory sandbox, co-chairing the Travel Rule working group within CryptoUK, and participating in numerous industry events, both as hosts and speakers.

By year’s end, true to our usual practice, we started examining the results of our annual State of Crypto Travel Rule Survey. It was one of those gratifying moments when the effort feels justified: the data showed that 100% of UK respondents reported being compliant with the Travel Rule, a clear signal that industry readiness had been achieved.

In 2024, with equal dedication, we turned our focus to supporting the rollout of the Travel Rule across the European Union. Our approach was similarly comprehensive: we published detailed guides, launched an in-depth certification course dedicated to EU Travel Rule requirements, delivered a three-part webinar series covering the regulations, hosted an EU-wide testnet for CASPs and regulators, and ran a series of targeted workshops for our customers.

Yet, when we reviewed the latest survey data, the results were surprising. Despite the significant groundwork, 71.2% of EU respondents indicated they were not yet compliant with the Travel Rule, with 40.4% identifying the first quarter of 2025 as their intended compliance timeline.

These figures stood in contrast to the momentum we observed within our own Network. In the months leading up to the TFR’s enforcement date of December 30th, 2024, we witnessed a marked increase in Travel Rule activation among EU CASPs. Between January 2024 and January 2025, transaction volumes originating from EU entities on the Notabene network surged by 200x, compared to the 8x growth seen in non-EU originated volumes over the same period. This contrast reflects the significant role the EU Transfer of Funds Regulation in catalyzing Travel Rule adoption within our network.

However, looking beyond our immediate ecosystem, it is clear that the UK rollout achieved a higher degree of readiness at an earlier stage. With children, we often say that each develops at their own pace and should not be compared. But with regulatory frameworks, understanding why one implementation advanced more rapidly than another can offer valuable insights.

With that in mind, the following sections explore how the UK and EU approaches diverge. We’ll examine their defining features, points of friction, and attempt to trace the root causes behind the differences in industry readiness.

The Road to Travel Rule Implementation: Centralised in the EU and Industry-led in the UK

🇬🇧 UK

When the UK implemented the Travel Rule on September 1, 2023, it followed a legislative and regulatory process that deliberately placed industry expertise at the centre.

The Money Laundering and Terrorist Financing (Amendment) (No. 2) Regulations 2022 (MLRs) introduced Travel Rule obligations for crypto firms registered with the FCA, covering both inter-cryptoasset transfers and unhosted wallet transactions.

What set the UK approach apart was the collaborative model that followed. The Joint Money Laundering Steering Group (JMLSG), a private sector body made up of UK financial trade associations, led the drafting of practical guidance for firms. To support the efforts by JMLSG, CryptoUK established a dedicated Travel Rule working group, co-chaired by Notabene, bringing together compliance officers, legal experts, and operational teams to directly work with JMLSG to shape the guidance based on day-to-day implementation realities.

This industry-developed guidance was reviewed and validated by the FCA and HM Treasury, ensuring alignment with regulatory expectations while keeping operational challenges front and centre.

Furthermore, in August 2023, just before the rule took effect, the FCA published targeted guidance to clarify issues raised during the grace period, most notably the “sunrise issue” involving transactions with jurisdictions that had not yet adopted the Travel Rule.

The result was a regulatory framework supported by practical, actionable guidance. 

This collaborative process - combining early regulatory engagement and industry ownership - played a decisive role in the UK achieving high levels of readiness by the time the Travel Rule came into force.

🇪🇺 EU

The EU set out to tackle a far more ambitious task than the UK: introducing uniform Travel Rule obligations across all 27 Member States through a single, binding regulation. This was achieved via the recast of Regulation (EU) 2015/847, better known as the Transfer of Funds Regulation (TFR), which was formally adopted on May 31, 2023 to extend the Travel Rule to crypto transfers.

The creation of detailed implementation guidelines was primarily led by the European Banking Authority (EBA). 

The EBA made several efforts to incorporate industry perspectives. A public consultation on the Travel Rule Guidelines launched on November 24, 2023, alongside public hearings and the formation of Technical Expert Groups (TEGs)—which included industry representatives like Notabene.

However, unlike the UK’s process, where industry actors drafted the practical guidance with regulatory validation, in the EU it was the reverse: regulators drafted the guidelines, and the industry was invited to provide feedback along the way. While this structure provided transparency and some opportunity for dialogue, it inevitably limited the extent to which day-to-day operational challenges of CASPs could shape the final rules.

Takeaway

Guidance developed by industry practitioners and backed by regulatory oversight delivers the hands‑on, pragmatic advice firms need for readiness. In contrast, a top‑down model can miss key nuances encountered in day‑to‑day operations.

Using Grace Periods Strategically

EU CASPs were granted nearly six additional months to prepare compared to their UK counterparts. A long grace period in the EU was the right approach given the complexity of implementing uniform requirements across 27 Member States.

However, based on our experience, the length of a grace period is far less important than how that time is used. A grace period should serve as structured preparation time for both regulators and industry, particularly with the Travel Rule, which directly affects transaction flows, operational processes, and customer experience.

🇬🇧 UK

The UK offers a textbook example of this. Throughout the 13-month grace period, the FCA worked closely with the industry. This started with the acceptance of Notabene's Travel Rule testnets into the FCA regulatory sandbox. This hands-on engagement allowed the FCA to better understand the technical and operational nuances of implementing Travel Rule programs. The FCA also conducted targeted outreach to VASPs, requesting detailed implementation plans and offering feedback based on insights gained from the testnets. As a result, potential gaps were identified early and firms had time to adjust, which led to the high compliance rates we saw post-deadline.

🇪🇺 EU

It would be unrealistic to expect the same degree of coordinated engagement across the EU, where the regulation had to be rolled out simultaneously across 27 jurisdictions and regulatory bodies. However, the grace period fell short even in resolving fundamental questions - for example, when exactly do Travel Rule obligations start to apply?

Even after the Travel Rule formally entered into force on December 30, 2024, confusion persisted among industry participants:

• Some CASPs misinterpreted the transitional period outlined in the EBA Guidelines, assuming it postponed Travel Rule obligations entirely until 31 July 2025. In reality, this period only allows temporary technical limitations in solutions, but full compliance with the TFR is expected regardless of technical limitations.
• Others argued that the TFR only applies once a CASP obtains full authorisation under MiCA, meaning firms operating under transitional arrangements were exempt. The EBA explicitly rejected this interpretation in its July 2024 response to public comments, stating:

  "The EBA stresses that non-compliance with Regulation (EU) 2023/1113 is not accepted."

Takeaway

The UK experience offers a clear takeaway: the success of a regulatory rollout is not defined by how long the grace period is, but by how strategically that time is used. The UK's collaborative, proactive use of its grace period - bringing together regulators and industry to stress-test real-world implementation - was instrumental in achieving early, widespread readiness.

Managing Self‑Hosted Wallets: Risk‑Based Principles or Prescriptive Rules?

🇬🇧 UK

The UK has adopted a non-prescriptive, principles-based approach to regulating interactions with self-hosted wallets, built around risk assessments and operational discretion. Under Regulation 64G(2) of the MLRs, crypto-asset businesses (CBs) are required to assess the risks associated with unhosted wallet transactions and determine whether collecting additional customer information is appropriate.

The JMLSG provides further operational guidance, encouraging CBs to seek additional information when dealing with self-hosted wallets in higher-risk situations. Factors such as transaction size, frequency, and the overall customer relationship inform these assessments. Where higher risks are identified, CBs are expected to apply enhanced due diligence, which may include verifying control over the self-hosted wallet using mechanisms such as micro-deposits or cryptographic signatures.

Crucially, the UK’s framework avoids imposing rigid or overly prescriptive requirements. This allows CBs to adjust their controls based on risk assessments. As a result, UK market participants have largely maintained the ability to support these types of transactions while remaining compliant and adopting robust risk-mitigation policies.

🇪🇺 EU

The EU has taken a more prescriptive stance toward regulating self-hosted wallets, with obligations set out in the TFR and further operational detail provided by the EBA Travel Rule Guidelines.

Under the TFR, crypto-asset transfers involving self-hosted wallets are subject to escalating requirements based on transaction size. For transactions exceeding €1,000, CASPs must verify that their customer owns or controls the receiving self-hosted wallet. The EBA Guidelines elaborate on this obligation by providing a non-exhaustive list of acceptable verification methods, while also making clear that at least one method must be applied in all applicable cases.

A key source of market friction stems from the disconnect between the TFR’s legislative text and the EBA guidelines in what concerns third-party self-hosted wallet transfers. While the TFR does not explicitly impose verification requirements for transactions involving third-party self-hosted wallets, the EBA Guidelines extend obligations to these transactions, creating expectations for due diligence that many CASPs find impractical or disproportionate to implement. 

The result has been a marked trend toward de-risking within the EU. According to Notabene's 2025 State of Crypto Travel Rule Report, VASPs in the EU are 55% more likely to prohibit transactions with self-hosted wallets compared to the global average, reflecting a significant de-risking trend driven by regulatory uncertainty. Faced with operational uncertainty and the high cost of compliance, 15.4% of EU-based VASPs have implemented complete prohibitions on such transactions, compared to a global average of 9.9%.

Takeaway

In this rapidly evolving industry, prescriptive rules often struggle to keep pace with technological change, leading to unintended consequences such as market exclusion and de-risking. The UK's principles-based, risk-driven approach to regulating self-hosted wallets demonstrates how flexible frameworks can promote compliance without stifling innovation or market participation. By contrast, the EU's more prescriptive model has amplified operational uncertainty, prompting many VASPs to restrict legitimate transactions to avoid having to navigate complex, often impractical requirements. Striking the right balance between risk mitigation and operational feasibility requires regulation that empowers firms to apply proportionate and evolving controls.

Counterparty Due Diligence Obligations: All or Nothing?

🇬🇧 UK

In the UK, Counterparty VASP Due Diligence (CVDD) is not explicitly required under the Travel Rule, nor is it addressed in the JMLSG or FCA guidance. This was a conscious decision by UK regulators, who determined that existing frameworks such as data privacy laws and sanctions compliance already provide sufficient oversight. The UK’s approach aims to avoid introducing additional, potentially duplicative obligations that could complicate compliance without clear added benefit.

While this streamlined framework reduces regulatory burden, the lack of specific CVDD guidance may create operational uncertainty for VASPs.

🇪🇺 EU

In contrast, Article 38 of the EU’s TFR amends the 4th Anti-Money Laundering Directive (AMLD4) to expand the definition of correspondent relationships and explicitly include those established for transactions or transfers in crypto-assets. Recital 60 further clarifies that relationships between CASPs and third-country entities executing crypto-asset transfers share similarities with correspondent banking relationships and should be subject to enhanced due diligence measures similar in principle to those applied in traditional banking.

The EBA further issued the EBA/GL/2024/01 Guidelines to specify firms’ obligations where the respondent or its customers are providers of services in crypto-assets, other than CASPs authorised under MiCA, or where they are deemed to present an increased ML/TF risk.

Takeaway

The UK's decision to avoid prescriptive Counterparty VASP Due Diligence (CVDD) requirements reflects a desire to avoid duplicating existing oversight mechanisms. However, the absence of explicit CVDD expectations in the Travel Rule context can create operational uncertainty for VASPs navigating cross-border interactions.

Conversely, the EU’s approach imposes comprehensive CVDD obligations rooted in correspondent banking standards. As the FATF itself acknowledges, Travel Rule compliance requires a more proportionate approach. Unlike in the banking sector, many cross-border VASP-to-VASP transfers happen without an established, ongoing relationship, making traditional correspondent banking due diligence ill-suited in this context.

Neither extreme - a complete absence of guidance nor rigid, banking-style obligations - proves effective. Instead, CVDD requirements should be proportionate and aligned with the realities of the crypto-asset sector.

Reporting Non-compliant Counterparties

🇬🇧 UK

Beneficiary and intermediary CBs are required to report repeated failures by counterparties to provide required Travel Rule information to the FCA. Reporting must include details of both the non-compliance and the remedial steps taken. The UK applies a risk-based approach, allowing firms to determine what constitutes “repeated failure” based on transaction volumes, size, or frequency.

By the time the Travel Rule regulations came into force, formal processes for reporting non-compliant counterparties had not yet been established by the FCA. These procedures are currently being rolled out in the UK.

🇪🇺 EU

In the EU, Article 17(2) of the TFR mandates that CASPs assess whether non-compliance is repeated, using both quantitative criteria (e.g., percentage of missing data transfers, unanswered follow-ups) and qualitative criteria (e.g., cooperation level, reasons for non-provision).

If repeated non-compliance is identified, CASPs must report repeatedly non-compliant counterparties to the relevant AML/CTF authority within three months. Reports should include details on the VASP’s identity, the nature and frequency of breaches, explanations given, and actions taken.

Similarly to the UK, EU CASPs faced uncertainty as the Travel Rule entered into force without clear reporting processes fully established by regulators. The operationalization of these requirements is now underway in key markets like Germany.

Takeaway

Both the UK and EU frameworks mandate reporting non-compliant counterparties as a key enforcement mechanism. However, the absence of established reporting processes at the regulation’s start created uncertainty for VASPs in both regions. While the UK is now actively rolling out clearer reporting protocols, EU jurisdictions still face fragmented implementation.

According to the Notabene State of Travel Rule Report, only 32.7% of EU respondents are prepared to report non-compliant counterparties, including 26.9% who have set up reporting processes but have yet to use them. Actual reporting is low, at just 5.8%, likely reflecting regulatory ambiguity and operational challenges. Additionally, 15.4% of respondents indicate a lack of clear guidance in their jurisdiction.

This highlights the need for streamlined procedures to enable VASPs to fulfil reporting obligations effectively.

Lessons Learned

As we mark six months since the Travel Rule came into force in the EU and reflect on the UK’s earlier experience, several clear lessons emerge from the comparative rollout of these pivotal regulations:

1. Industry‑Led Operational Guidance Drives Readiness

   Regulatory frameworks grounded in operational realities succeed. Industry practitioners are well positioned to lead the drafting of practical implementation guidelines, with regulators providing validation and oversight. This collaborative model yields actionable, context-sensitive rules that help firms achieve compliance more effectively.

2. Grace Periods Work Only When Used Strategically

   The duration of a grace period is far less important than how the time is utilised. Structured, ongoing engagement between regulators and industry is critical to turning a grace period into a true window of preparation rather than merely a delay.

3. Principles-Based, Risk-Driven Approaches Outperform Rigid Prescription

   In fast-evolving sectors like crypto-assets, flexible, risk-based frameworks outperform one-size-fits-all mandates. Such principles-led approaches enable firms to calibrate controls proportionate to risks, fostering compliance without stifling innovation or excluding legitimate market participants.

4. Feasibility of Implementation Is Key to Compliance

   Regulatory mandates that are operationally impractical - such as the overly stringent obligations for third-party self-hosted wallets or unclear procedures for reporting non-compliant counterparties - drive firms toward non-compliance or excessive de-risking. Clear, feasible requirements and well-established processes are essential to avoid unintended consequences that undermine regulatory goals.

A combination of principle-based legislative mandates, industry-crafted operational playbooks, and purposeful, collaborative transition periods is key to building effective frameworks that serve both regulatory goals and industry realities, turning compliance from a challenge into a foundation for sustainable innovation and trust.

US lawmakers have introduced long-awaited market structure legislation in the form of the “Digital Asset Market Clarity Act of 2025” or “CLARITY Act of 2025”, for short. US Representative French Hill announced the bi-partisan market structure bill for digital assets on May 29, 2025.

The bill was drafted by the House Committee on Financial Services, who previously penned the FIT21 Act, which passed in the House of Representatives but ultimately failed to clear the Senate. The CLARITY Act follows months of hearings on the matter within the Subcommittee on Digital Assets, Financial Technology, and Artificial Intelligence.

The bill aims to remove longstanding ambiguity related to digital assets oversight by clarifying the roles of both the United States Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC). While much can change from the point of introduction to the ultimate passage of legislation, a comprehensive framework like the CLARITY Act has the potential to reshape crypto regulation entirely by enabling clear pathways for institutional and retail adoption to scale in a legal and compliant way across the entire US market.

The bill gained momentum following a June 4th House Committee hearing titled "American Innovation and the Future of Digital Assets: From Blueprint to a Functional Framework," where industry experts and former regulators debated the legislation's merits and challenges.

“How decentralized is it?” is the new “Is it a security?”

One of the principal innovations of the proposed legislation is that instead of asking "Is crypto a security?" the CLARITY Act asks “How decentralized is this system?”. This is key because the level of decentralization would ultimately determine jurisdiction underneath either the SEC (for early-stage tokens with centralized control designated as "Investment Contract Assets."), or the CFTC (for more mature and fully decentralized blockchain network tokens designated as "Digital Commodities.")

In other words: As assets become more decentralized, they transition from SEC to CFTC jurisdiction. 

Stablecoins are singled out

The emergence of stablecoins as crypto’s killer use case warrants special consideration, as we can see recognized by the creation of a third tier of assets called Permitted Payment Stablecoins. This class of digital asset is subject to light regulation due to the asset being adopted widely by consumers warranting some level of protection.

This creates a three-tier framework for digital asset regulation:

TradFi players can get in the game

One of the biggest unlocks of such a comprehensive market structure bill is a regulatory framework for traditional finance players to get into the crypto game without exposing themselves to unnecessary regulatory and compliance risk.

Under the proposed CLARITY Act, banks would be able to custody crypto without balance sheet liability, as well as trade more complex crypto financial instruments.

Clear pathway for crypto-native companies

The bill provides concrete guidance for crypto companies that have been operating in regulatory limbo. Key provisions include:

• $75 million fundraising exemption with a 4-year maturity timeline
• Founder trading restrictions until networks reach maturity
• Provisional registration pathways allowing companies to operate while agencies develop detailed regulations

For VASPs already operating in our compliance network, these provisions validate the approach we've been advocating for: building robust compliance frameworks from day one, even when regulations are still evolving.

DeFi is clearly addressed

Decentralized finance protocols receive explicit recognition and protection under the CLARITY Act. The bill includes self-custody rights and anti-fraud enforcement while acknowledging that truly decentralized protocols operate differently from traditional financial entities. This recognition is crucial for the DeFi ecosystem's maturation and integration with traditional finance systems.

Hearing insights

Support and skepticism

During the June 4th hearing, we saw both strong support and pointed criticism:

Former SEC Commissioner Elad Roisman called the bill a "significant step forward to providing the needed clarity" to digital markets.

Former CFTC Chairman Rostin Behnam agreed that current federal law has left regulatory gaps, urging Congress to address this void with "targeted legislation."

However, former CFTC Chairman Timothy Massad raised significant concerns, particularly around anti-money laundering provisions. When directly asked if the bill addresses AML adequately, Massad responded "not sufficiently," pointing to critical gaps:

• The bill only applies Bank Secrecy Act requirements to centralized intermediaries
• Crypto assets can be transferred without going through intermediaries, creating enforcement gaps
• Treasury needs more authority over decentralized protocols and foreign platforms
• Stablecoin issuers should be required to monitor suspicious wallet activity

"We've got to give the Treasury Department and other regulators adequate tools to deal with those risks. And I don't think we've done that yet," Massad emphasized, citing examples of Russian smugglers using Tether and Hamas using crypto funding.

The AML challenge: Where traditional frameworks meet DeFi

One of the most contentious aspects of the June 4th hearing centered on anti-money laundering provisions. Democratic members pressed witnesses on whether the CLARITY Act provides adequate safeguards against illicit finance, particularly in decentralized systems.

The Core Challenge: Traditional AML frameworks rely on intermediaries like banks to monitor and report suspicious activity. DeFi protocols, by design, operate without centralized intermediaries, creating what critics see as regulatory blind spots.

Representative Lynch directly asked: "Does this bill address anti-money laundering adequately?" The responses revealed a fundamental split in thinking about crypto compliance.

Industry Perspective: UniSwap's Katherine Minarik argued that blockchain analytics provide superior tools for tracking illicit activity in real-time, claiming traditional BSA requirements are "broken and in many ways dying." She emphasized that sanctions screening requirements still apply to all US companies, and blockchain's transparency offers better visibility than traditional finance.

Regulatory Skepticism: Former regulators expressed doubt that existing frameworks adequately address decentralized systems. The concern isn't just about tracking funds after the fact, it's about preventing illicit activity before it happens.

For institutions operating in our compliance network, this debate highlights why robust Travel Rule implementation is crucial. While regulatory frameworks evolve, institutions with comprehensive compliance programs, including pre-transaction screening and counterparty verification, position themselves ahead of whatever requirements emerge.

Balanced priorities: Innovation, consumer protection, and law enforcement

The CLARITY Act aims to achieve a critical balance of three important priorities:

• Market Innovation: Providing clear pathways for crypto-native businesses to grow and thrive
• Consumer Protection: Establishing safeguards without stifling legitimate innovation
• Law Enforcement Authority: Ensuring regulators have tools to combat illicit activity

However, the hearing revealed this balance remains contentious. Critics argue the bill creates enforcement gaps in DeFi, while supporters contend it improves on the status quo by bringing centralized crypto activities under Bank Secrecy Act coverage.

A critical week ahead: June 10 committee markups

The CLARITY Act faces a pivotal moment on June 10, when both the House Financial Services Committee and House Agriculture Committee are scheduled to hold markups of the legislation. This dual committee approach reflects the bill's comprehensive scope where the Financial Services handling securities and market structure issues, while Agriculture addresses commodity futures aspects.

These markups represent the first major procedural hurdle for the legislation. Success in both committees would provide significant momentum for floor votes and eventual Senate consideration.

What to expect next

While the June 10 markups represent crucial first steps, this is only the beginning of the CLARITY Act's legislative journey. With many procedural hurdles ahead, expect the bill's contents to evolve as it moves through Congress. The June 4th hearing revealed both strong bipartisan support and areas where compromise will be necessary. Expect to see the contents of the bill change shape as it makes its way through Congress, as the finer details and subsequent implementation of the bill will be critical for its long-term potential to reshape the industry in a positive way. 

For years, the US crypto industry has bemoaned the lack of clarity from regulators and displayed an appetite for following the rules if only they existed. This is our collective chance to put those rules in place for an important market in the global crypto economy, and provide the long-awaited opportunity for American crypto companies to remain competitive while ensuring that the regulatory clarity also allows international crypto firms to tap into the growing US market.

The bill's success could provide the long awaited opportunity for American crypto companies to remain competitive while ensuring regulatory clarity allows international firms to tap into the growing US market with confidence.

For institutions already building compliant crypto operations, the CLARITY Act validates the approach of implementing robust compliance frameworks before they're required. Those who've invested in comprehensive Travel Rule compliance, counterparty due diligence, and risk management systems will find themselves ahead of the curve as these requirements become standardized.

At Notabene, we've been building the infrastructure that will support this regulatory future. Our open-loop Transaction Authorization Protocol (TAP) and comprehensive compliance platform are designed for exactly the kind of regulated, interoperable crypto ecosystem that the CLARITY Act envisions.

The CLARITY Act isn't just about providing regulatory certainty, it's about building the foundation for crypto's integration into the broader financial system. For institutions ready to operate in this environment, the opportunity is enormous.

Read the full bill here

New York, London, April 23, 2025 — Notabene, a leading provider of Travel Rule compliance infrastructure, today released its annual State of Crypto Travel Rule: 2025 Report, revealing a decisive industry shift: compliance is no longer optional, it is the cost of doing business.

Based on survey data from 91 Virtual Asset Service Providers (VASPs) and 10 regulatory bodies, the report shows that 100% of firms plan to be Travel Rule compliant by the end of 2025. Nearly 9 in 10 expect to meet requirements in the first half of the year, reflecting a broad and urgent move toward regulatory alignment.

Compliance is now directly tied to reaching your counterparties. In the past year, VASPs have become significantly more assertive in their counterparty requirements. The report found a 431% year-over-year increase in VASPs blocking withdrawals until beneficiary information is confirmed, jumping from 2.9% in 2024 to 15.4% today. Additionally, 19.8% of VASPs now return deposits if the originator fails to provide the required Travel Rule data.

In the lead-up to the EU Transfer of Funds Regulation (TFR) enforcement date of December 30, 2024, the Notabene network saw a dramatic surge in activity from EU-based firms. Transaction volumes originating from EU Crypto Asset Service Providers increased by 200x, compared to an 8x increase in non-EU-originated volume during the same period. While 71% of EU Crypto Asset Service Providers missed this deadline, many are catching up fast. One third have implemented processes to identify and report repeat non-compliant counterparties to regulators, creating spillover pressure on global peers.

“This isn’t about checking a regulatory box. It’s about securing your place in the future of crypto finance,” said Pelle Brændgaard, CEO of Notabene. “The network of compliant institutions is growing, and those who aren’t part of it are already being left behind.”

The message from this year’s report is clear: Compliance is no longer a future requirement or a regulatory checkbox. It is now a gatekeeper for business. Firms that fail to meet expectations are being excluded from transactions, losing counterparties, and watching volumes slip away. 

Download the full report here.

ENDS

Media Contact: [email protected]

About Notabene:

Notabene is the trust layer for global money movement, powering the largest Travel Rule-compliant network of regulated crypto institutions. Our mission is to make crypto transactions a part of the everyday economy. We provide a nuanced view of the regulatory landscape by leveraging industry expertise, insights from our annual survey, and extensive research on public sector data. We aim to equip businesses and other industry stakeholders with the knowledge and tools necessary for success in a dynamic environment.

Our platform enables businesses to securely and seamlessly verify counterparties, authorize transactions, identify self-hosted wallets, and comply with global regulations. With SOC-2 certification, ISO27001 compliance, and a strong focus on privacy and user experience, Notabene ensures trust in every transaction.

Headquartered in New York, Notabene operates globally, with a presence in Switzerland, Singapore, Germany, and the United Kingdom. Trusted by over 200 companies, including Copper, Luno, Crypto.com, and Bitstamp, Notabene helps institutions build trust into every transaction while ensuring compliance with evolving regulatory frameworks.

Start for free with the world’s largest transaction authorization network at Notabene.id.

Connect with us: LinkedIn | Twitter

Five years ago today, we began our journey with the founding of Notabene.

At the time, FATF had just introduced the Travel Rule for crypto – the first globally coordinated regulatory framework for digital asset transactions. We immediately realized that the Travel Rule wasn’t just a compliance requirement, but rather the first step in achieving global regulatory clarity. Our experience in crypto gave us the foresight to see that this regulatory clarity would one day be a turning point for the entire industry, allowing crypto to truly scale and become a part of the everyday economy. We knew that for digital assets to move beyond speculation and into real-world utility, they needed the same infrastructure and safeguards that traditional global finance relies on – without losing the openness that makes crypto transformative.

In response to FATF’s Travel Rule, a fragmented ecosystem emerged. Implementation of the Travel Rule was made difficult by multiple competing closed protocols, lack of clarity from various jurisdictions, and mismatched timeframes for the rollout of regional rules – often referred to as the Sunrise Period. While most saw it as an impossible challenge, we saw it for what it was: the unlock for integrating crypto into the global economy. So we leaned in.

Our key innovation in solving the Travel Rule problem was to build open infrastructure to facilitate counterparty trust at scale. We did this with an open protocol (TAP) and a best-in-class pre-transaction authorization platform. By embedding trust into every transaction for our customers, we created the largest active network of regulated crypto institutions in the world, trusted by leading financial institutions at the forefront of crypto, from retail exchanges and on/off ramps, to custody infrastructure providers, and payment service providers across more than 95 jurisdictions across the globe. We’ve supported nearly $1 trillion in Travel-Rule compliant transaction volume and helped define the industry standard for secure, trusted, scalable compliance.

But our ambition was never limited to innovating in the compliance and RegTech space. From the start, we saw the Travel Rule as a gateway — the first step toward the regulatory clarity needed to drive crypto adoption across the entire financial ecosystem.

Fast-forward to today, and our prediction is coming true. Regulatory clarity is finally arriving. In the EU, APAC, Latin America, and now the US, we are seeing true clarity and support emerge from governments and regulators. As predicted, this is building momentum in the industry as traditional financial institutions mature their digital asset strategies, core infrastructure is built, and consumer adoption of stablecoins continues to skyrocket. The building blocks are nearly all in place: regulation, infrastructure, product-market fit. 

Trust is the final missing piece. 

Regulatory compliance is key, but isn’t enough on its own. Counterparties don’t exchange value with each other simply because they are allowed to, they do it because they want to. They do it when they have the confidence to transact with each other in a safe and secure manner. Without real trust between counterparties, nothing scales – not institutional adoption, and not consumer adoption.

The next generation of financial infrastructure isn’t just about speed or scale. It’s about trust.

And so we will continue to evolve — expanding our work beyond compliance to help build the trust layer for global money movement. This will be the core financial infrastructure that enables institutions to verify counterparties, authorize transactions, and unlock new markets — with trust embedded from the start. It’s the foundation that will make our vision a reality.

The building blocks are in place. The opportunity is enormous. And we’re just getting started.

We’re proud of what we’ve built, and even more excited to keep building it alongside our customers and partners.

To everyone who’s helped us get here, thank you.

Here’s to the first five years of Notabene — and to everything ahead.

–Pelle and Alice, Co-Founders, Notabene

At Notabene, we believe compliance shouldn’t come at the expense of innovation. That’s why we’re working closely with global regulators to help shape smarter rules for the future of finance.

Recently, the Financial Action Task Force (FATF) solicited a second round of feedback on proposed revisions to its Recommendation 16 (R16) and the corresponding interpretive note, which covers how financial institutions share information to prevent illicit activity.

On April 15, Notabene’s Regulatory and Compliance team responded with insights based on years of experience helping VASPs comply with the Travel Rule across jurisdictions.

Read our full response here

Here’s a quick breakdown of what’s changing, what it means for the crypto industry, and what we think needs more attention.

Why Requiring Geographic Address is Ineffective 

The FATF wants cross-border payments or value transfers above the applicable threshold to always include the originator's and beneficiary's geographic addresses. Notabene raised concerns in both FATF consultations about mandating geographic addresses in originator and beneficiary data.

In our first response, Notabene argued that addresses are unreliable identifiers, difficult to verify, and not useful for sanction screening. Their inclusion raises privacy concerns and could harm financial inclusion, especially in regions without standardized address systems. Notabene proposed removing the address requirement and instead allowing a risk-based approach to selecting identifiers.

In the second feedback round, the FATF introduced flexibility by allowing country and town as alternatives when full addresses aren't available. While this has been seen as an improvement, Notabene maintained that addresses are still problematic, and suggested that the FATF provide further guidance for cases where even town-level data is unavailable. We also recommended considering more reliable, standardized alternatives like phone numbers.

Virtual Account Numbers Can’t Hide the Source

In response to the FATF’s concerns about virtual IBANs and account identifiers, Notabene initially recommended enforcing accurate country designation. The FATF’s revised proposal improves on this by clarifying that account numbers should not obscure the country of fund origin, placing responsibility on the issuing institution.

In our response, Notabene supported this shift, but pushed for a bigger rethink: it’s time to move away from relying solely on account numbers to track money and promote more transparent models like transfer requests. We recommended recognizing solutions like the Transaction Authorization Protocol (TAP), which enables better counterparty identification—especially critical in complex virtual asset transactions. TAP is a decentralized, pre-transaction messaging system that helps identify counterparties before money moves. TAP gives everyone in the payment chain the information they need before a transaction is finalized, reducing fraud and improving transparency.

Pre-Validation is a Must in Crypto Transfers

Once a transaction hits the blockchain, it’s permanent. That’s why we support the FATF’s emphasis on pre-validation measures like verifying beneficiary info before a transfer goes through.

We also recommended that when a receiving institution detects a mismatch, they should notify their counterparty right away. This small change could go a long way in stopping fraudulent or misdirected transactions before they happen.

Defining the Payment Chain from Start to Finish

The FATF’s new definition of a “payment chain” is clearer than before, but we flagged one potential issue: what happens when the first institution receiving a payment instruction isn’t directly connected to the originator?

To mitigate this, Notabene recommended that the FATF provide guidance for complex scenarios, proposing principles to ensure complete information flow. These include requiring message originators to identify all known parties, and for each agent to add any missing identifiers and resolve compliance gaps through collaboration. This would strengthen the integrity of the payment chain across varied transaction structures.

Roadmap to Full Compliance by 2030

We appreciated the FATF’s proposal for a multi-year rollout of the new standards, with a target end date of 2030.

We recommended a phased approach for the crypto industry, focused first on the highest-risk areas (like verifying beneficiary info), and allowing time for organizations to adapt and improve throughout a learning period where good-faith compliance efforts are recognized before enforcing strict technical requirements.

How do FATF Recommendations Affect You?

Notabene welcomed the FATF’s decision to keep VASPs under the existing Regulation 15 framework while updating its interpretive note to reflect R16’s evolving information requirements. This approach ensures continuity while allowing tailored Travel Rule implementation through the Virtual Assets Contact Group (VACG).

To support this process, Notabene recommended using TAP as a testing ground for R16 application in the virtual asset space.

Leading the Future of Compliant Payments

The FATF’s proposed updates to R16 mark a turning point in global financial compliance. While traditional financial institutions may struggle with the transition due to entrenched systems, VASPs and stablecoin PSPs have a clear advantage. Operating on modern, programmable infrastructure, they are not only better equipped to meet evolving regulatory standards, but also to redefine what compliant, cross-border payments can look like in the digital age. By embracing these changes early and building compliance into their core operations, VASPs and stablecoin PSPs can lead the charge toward a more transparent, efficient, and secure global financial system.

At Notabene, we believe that regulation and innovation can go hand in hand, and that compliance tools should make financial services more accessible, not less.

Schedule time for a free consultation with our regulatory experts to learn more about the FATF’s proposed revision to R16, or about Notabene’s TAP solution for counterparty identification.

AOPP: Constraints, Limitations, and Adoption Challenges

The Address Ownership Proof Protocol (AOPP) emerged as a technical solution for cryptocurrency users to demonstrate wallet address ownership, primarily in response to regulatory requirements. Despite its promising premise, AOPP has struggled to gain widespread adoption across the cryptocurrency wallet ecosystem. This analysis examines why AOPP remains a niche protocol, which wallets have implemented it, and the fundamental limitations that have prevented it from becoming an industry standard.

A Compliance Solution for Self-Hosted Wallets

AOPP emerged as a technical solution designed to automate the process of proving ownership of self-hosted cryptocurrency wallets. By generating cryptographically signed messages without manual intervention, the protocol aimed to streamline compliance with regulations like the Financial Action Task Force's (FATF) Travel Rule. Swiss financial authorities, particularly FINMA, served as the catalyst for AOPP's development, creating a protocol that would theoretically bridge the gap between regulatory demands and cryptocurrency's decentralized nature.

Selective Adoption in a Growing Market

Years after its introduction, AOPP remains implemented in only a small segment of cryptocurrency wallets. Its current footprint in the ecosystem reveals both its niche utility and broader market hesitation:

BitBox02 is one of the protocol’s consistent supporters. This Swiss-developed hardware wallet integrated AOPP early, reflecting geographical alignment with the protocol's origins and the company's compliance-oriented approach.

Specter Wallet, with its focus on privacy and multi-signature implementations, has maintained AOPP support, positioning it as an option for users navigating both security and regulatory requirements.

What's particularly noteworthy is the pattern of reconsideration among several wallet providers. Trezor, a significant player in hardware wallets, initially implemented the protocol but subsequently removed it after user feedback. Blue Wallet and Sparrow Wallet similarly stepped back from AOPP support after community response. These adjustments highlight the complex balance wallet providers must strike between regulatory compliance tools and user preferences.

Self-Hosted Wallet Market Context

Self-hosted (non-custodial) wallets continue to gain popularity as cryptocurrency users prioritize direct control over their assets. The market for these wallets reached approximately $2.5 billion in 2024 and is projected to grow to $15 billion by 2033. Major players in this space include:

• MetaMask: Over 30 million users
• Trust Wallet: More than 60 million downloads
• Ledger: Approximately 6 million devices sold
• Trezor: A significant player in the hardware wallet segment

Notably, none of the market leaders currently support AOPP, significantly limiting its practical utility in the broader ecosystem.

A Solution Without an Audience

AOPP's limited adoption appears to stem from several structural factors that collectively explain its position in the wallet ecosystem.

Regional Orientation in a Global Market

Developed primarily for Switzerland's regulatory environment, AOPP addresses compliance frameworks that aren't universally applicable. For wallet developers serving diverse international jurisdictions, implementing a protocol designed specifically for Swiss compliance presents a challenging value proposition. This regional specificity naturally constrains AOPP's relevance for wallet providers with global user bases operating under different regulatory structures.

Development Resource Considerations

For wallet development teams, AOPP implementation requires specialized message signing and verification processes that introduce additional complexity. This technical requirement creates resource allocation questions, particularly for smaller teams and open-source projects. With limited development bandwidth, many providers have prioritized features with broader user demand over specialized compliance protocols.

User Experience Tradeoffs

Most cryptocurrency wallets already support standard message signing for Web3 interactions, a flexible approach serving multiple purposes beyond compliance. AOPP, while streamlining compliance-related verification, introduces a more structured but less common process. Wallets may prioritize flexibility and user familiarity over integrating a niche compliance-focused protocol.

The Inherent Limitations of AOPP

AOPP's trajectory reveals structural challenges that extend beyond simple market preferences to more fundamental design considerations.

The Adoption Challenge

AOPP faces a circular implementation challenge: its utility as a standard depends significantly on widespread adoption, yet achieving that adoption requires demonstrating consistent utility across use cases. With major wallet providers like MetaMask, Trust Wallet, and Ledger not implementing the protocol, AOPP lacks the critical mass necessary to function as a universal verification standard. This creates practical limitations for users, regulators, and exchanges seeking standardized verification methods.

Technical Scope Considerations

Even where AOPP is implemented, questions remain about its comprehensive effectiveness. The protocol cannot prevent all potential verification workarounds, which leads to questions about its practicality as a compliance tool. These limitations have factored into wallet providers' implementation decisions, particularly when weighing development resources against potential benefits.

Alternative Approaches in the Ecosystem

While AOPP has found limited implementation, the cryptocurrency ecosystem has naturally evolved toward verification approaches that align with both compliance needs and user expectations:

Standard Cryptographic Signatures have emerged as a widely implemented solution. Protocols like EIP-191, BIP-137, and Ed25519 provide similar proof-of-ownership capabilities with broader compatibility across wallet types. Their flexibility allows them to serve multiple purposes beyond regulatory compliance, creating natural incentives for both developers and users.

Extended Public Key Verification offers another approach that addresses regulatory goals through different technical means. By verifying xPubs, platforms can confirm wallet control while maintaining a seamless user experience—a balance that has gained traction across the ecosystem.

Micro-Transaction Verification, also known as the Satoshi Test, has emerged as another alternative that confirms wallet control by having users send specific amounts within designated time windows. This method works with virtually any wallet that can send transactions, providing broader coverage than protocol-specific approaches like AOPP.

Multi-Method Verification Systems have also gained traction, with companies like Notabene offering comprehensive solutions that combine several verification methods. These systems typically include cryptographic signature proofs similar to AOPP's approach, but complement them with alternative verification methods such as micro-transactions, visual verification through screenshots, and self-declaration options. This layered approach provides flexibility for users across different wallet types and technical expertise levels.

The Path Forward: Beyond AOPP

AOPP represents a thoughtful attempt to address the regulatory challenges facing cryptocurrency users and exchanges. However, its limited adoption reflects not just technical considerations but deeper questions about how compliance mechanisms integrate with cryptocurrency's core principles and user expectations.

As the cryptocurrency industry continues to mature, verification solutions will likely evolve along paths that balance regulatory requirements with user experience priorities. While AOPP may maintain relevance in specific regulatory contexts, particularly in Switzerland, the industry appears to be moving swiftly toward more flexible, multi-method approaches to wallet verification.

Companies like Notabene have recognized this need for flexibility by developing verification systems that work across virtually any wallet type, including popular hardware wallets like Ledger and Trezor that don't support AOPP. Their approach demonstrates that compliance and security don't necessarily come at the expense of user experience, particularly when various verification methods are available depending on the specific wallet technology.

The experience with AOPP provides valuable lessons for future protocol development. It demonstrates that successful compliance tools must consider not only regulatory requirements but also technical implementation costs, user experience impacts, and alignment with the diverse expectations of the cryptocurrency community. Looking ahead, the most successful verification approaches will likely be those that provide multiple options rather than requiring wallets to implement specific protocols, ensuring that Travel Rule compliance remains accessible regardless of which wallet technology users prefer.

Notabene, a leading provider of crypto compliance solutions, today announced a new partnership with Mastercard to bring simplicity and enhanced safety to their powerful crypto compliance tools. Through a pilot program with M2, a prominent Abu Dhabi-based virtual assets service provider (VASP) regulated by the Financial Services Regulatory Authority (FSRA) within the Abu Dhabi Global Market (ADGM), Notabene will integrate Mastercard Crypto Credential into its SafeTransact platform, facilitating the secure and privacy-preserving exchange of transaction metadata for M2’s digital asset trading services.

Mastercard Crypto Credential verifies transactions among consumers and businesses using blockchain networks, providing the assurance that a user has met a set of verification standards and confirming that the recipient’s wallet supports the transferred asset. The solution simplifies the consumer experience by allowing crypto exchange users to send and receive digital assets – such as stablecoins being leveraged for remittances, a growing use case – using simple aliases, instead of the typically long and complex blockchain addresses. This empowers people to enjoy peace of mind knowing they are transacting with verified users, while reducing the risk of losing assets due to typos or incompatible assets. It also brings greater trust and certainty to crypto transactions through the exchange of metadata and Travel Rule information.

This integration between Notabene, M2 and Mastercard aims to significantly improve counterparty identification rates, ensuring compliance with the Travel Rule while reducing friction in VASP-to-VASP and cross-border transactions. By employing advanced encryption and data minimization practices, the integration will help ensure that sensitive information is protected while also enabling convenient and compliant transactions. The pilot aims to showcase how VASPs and traditional financial institutions can come together to mitigate risks associated with digital asset transfers while maintaining operational simplicity for institutions and their retail customers.

Pelle Braendgaard, CEO of Notabene, commented on the partnership: "Our collaboration with Mastercard represents a significant leap forward in making crypto transactions as safe and straightforward as traditional financial operations. By combining our expertise in crypto compliance with Mastercard's global reach and digital assets capabilities, we're setting a new standard for consumer trust in crypto payments. This partnership is not just about solving today’s compliance challenges but also lays the groundwork for supporting innovations such as self-hosted wallet integrations, further expanding the scope of secure and trusted crypto transactions."

"As the digital assets ecosystem matures, Mastercard is continuing to innovate to stay ahead while ensuring safe, compliant, and trusted interactions,” said Raj Dhamodharan, executive vice president, Blockchain & Digital Assets at Mastercard. “By integrating Mastercard Crypto Credential with Notabene’s industry-leading compliance solutions, we're enhancing connectivity and trust to foster the adoption and integration of a range of digital assets – from Bitcoin to stablecoins – into the global financial ecosystem. This partnership with Notabene and M2 expands our reach and interoperability across the crypto landscape."

In collaboration with M2, Mastercard and Notabene are demonstrating practical applications of this joint solution. Deepak Garg, Chief Compliance Officer at M2, adds: "As a leading virtual assets service provider, we are committed to staying aligned with global regulatory standards while enhancing the user experience for our customers. By partnering with Notabene and Mastercard, we can bring even more secure and compliant digital asset transactions to a global audience. This approach not only strengthens trust with our customers, but also opens new opportunities for growth by expanding the network of reliable counterparties for safe and secure transactions."

The pilot program is currently limited to select regions, including the United States, Brazil, Mexico, Argentina, and several European countries, with plans for expansion in the near future.

Interested in integrating Mastercard Crypto Credential into your transaction authorization workflow? Visit notabene.id/mastercard to learn more.

Media Contact
Clay Fain, Notabene
[email protected]

About Notabene
Notabene is the crypto industry’s premier platform for pre-transaction authorization and decision-making, empowering customers to detect and prevent high-risk activities before they occur. With SOC-2 and ISO27001 security certification and a strong focus on privacy and user experience, Notabene’s flagship product, SafeTransact, offers a comprehensive suite of features, including real-time authorization, decision-making, counterparty sanctions screening, and self-hosted wallet identification. Headquartered in New York, Notabene operates globally and has a presence in Switzerland, Singapore, Germany, and the United Kingdom.

Trusted by over 200 companies, including Copper, Luno, Crypto.com, and Bitstamp, Notabene offers a full suite of Travel Rule compliance tools to ensure compliance with global and local regulations.
www.notabene.id

About M2
Headquartered in Abu Dhabi, M2 has a mission to drive virtual asset adoption within the UAE by delivering a secure and transparent trading environment for investors. The platform provides investors with a growing suite of virtual asset products while ensuring strict regulatory compliance. Regulated by the Financial Services Regulatory Authority (FSRA) located in the Abu Dhabi Global Market (ADGM), M2 Limited and M2 Custody Limited are committed to ensuring a safe trading experience, upholding the highest standards of regulatory compliance.

www.m2.com

About Mastercard

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re building a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

www.mastercard.com

‍

DORA and the Future of Digital Resilience: What It Means for ICT Providers Like Notabene

As the financial sector becomes increasingly digital, its dependency on resilient infrastructure is under the microscope. Cyber threats are rising, and regulators are responding. The EU’s Digital Operational Resilience Act (DORA), which took effect on January 17, 2025, establishes a new, binding standard for operational security across 20 categories of financial institutions and their third-party ICT (Information and Communications Technology) service providers.

What sets DORA apart is its shift from guidance to obligation. Operational resilience is no longer a best practice—it’s a legal requirement. Systems must be secure, regularly tested, and prepared to withstand real-world attacks and disruptions.

For ICT providers like Notabene, which supports financial institutions and VASPs with compliance infrastructure, the message is clear: trust begins with security, and resilience is now essential.

What DORA Means for ICT Providers

DORA introduces a unified framework that ensures every link in the financial services supply chain is built for resilience. Key requirements include:

• Resilience testing by default: ICT vendors must undergo penetration testing, simulated threat scenarios, and security assessments to demonstrate that they can handle operational disruption.
• Faster, clearer incident reporting: When incidents occur, financial institutions are required to report them promptly. Their ICT partners must support these disclosures with detailed technical input.
• Stricter oversight of third-party vendors: Institutions are expected to evaluate and continuously monitor their ICT providers to ensure alignment with both regulatory and contractual standards.

For companies serving banks, VASPs, and other regulated institutions, meeting these expectations signals more than compliance. It shows preparedness and earns trust.

Notabene’s Security-First Mindset

At Notabene, security isn’t an afterthought or a reactive measure—it has always been foundational. Long before DORA came into effect, we invested in the infrastructure, policies, and safeguards that operational resilience requires.

Here’s how we go beyond the baseline:

Bank-grade due diligence

Our infrastructure undergoes rigorous reviews by global financial institutions. We align with the same standards they apply to their own systems.

Third-party audits and continuous testing

We work with independent security firms to conduct regular penetration tests, vulnerability scans, and compliance checks. These audits help us proactively identify and mitigate risk.

Global compliance alignment

We maintain SOC 2 and ISO 27001 certifications, and follow industry-leading practices in encryption, access controls, and system integrity.

Resilient by design

Our incident response protocols are structured for speed and transparency:

• Real-time threat detection to identify anomalies early
• Streamlined escalation processes to coordinate responses internally and externally
• Client-facing communication tools to share timely updates and mitigation plans

We’ve built these systems not because regulations demanded it, but because our clients do.

Why DORA Compliance Matters for Financial Institutions & VASPs

With DORA now in force, regulated institutions are reevaluating their partnerships. Compliance checklists are no longer enough—they need demonstrable resilience, backed by action and transparency.

This shift will raise expectations across the board. Financial institutions will gravitate toward ICT providers who can prove operational readiness through certifications, audits, and clear governance.

At Notabene, we’re already there. Security and trust are embedded in everything we do. And as compliance becomes a foundational layer of financial infrastructure, we’re proud to support our clients in meeting and exceeding evolving standards.

DORA is reshaping how financial institutions and technology partners think about operational resilience. ICT providers that fail to meet its expectations will be left behind. But for those who embrace it, there’s an opportunity to lead with trust, security, and readiness.

For Notabene, DORA is not a challenge—it’s validation. The systems we’ve built were designed with this level of scrutiny in mind from the very beginning.

Let’s talk about how we can help your institution stay ahead of these expectations and build resilience that lasts.

As crypto compliance reaches its tipping point due to key jurisdictions enforcing Travel Rule regulations such as the European Union, Turkey, Seychelles, South Africa, and others – the Travel Rule has become a critical focus for Virtual Asset Service Providers (VASPs). The requirement to securely share and verify sender and recipient information along with crypto transactions is a foundational step toward fostering trust in the ecosystem. However, the methods employed to meet these requirements vary widely—and not all are sustainable.

One approach, the email-based method for data exchange, has gained traction among some platforms and VASPs. While this method might seem efficient on the surface, it faces significant scalability, security, and operational challenges that limit its effectiveness in the long term. 

Why do email-based solutions fall short? And what critical decisions should VASPs make in order to future-proof their compliance operations? 

Let's explore.

Operational Scalability: The Breaking Point

At the heart of the Travel Rule is the exchange of information between originating and beneficiary VASPs. Email-based systems satisfy this basic minimum requirement and typically follow a process like this:

1. The originator VASP sends a notification email to the beneficiary VASP.
2. The beneficiary receives the email, verifies their identity (often through a code or similar mechanism), and accesses the shared information.
3. The information is presented in a downloadable file, such as a JSON object.

While this process may work for VASPs with low transaction volumes, its scalability crumbles under the real-world demands that come with substantial daily transaction volume:

• Manual Verification: Each transaction requires individual attention, from opening emails to entering verification codes. For VASPs handling hundreds or thousands of transactions daily, this approach is operationally infeasible.
• File Processing Overload: Beneficiaries often receive raw data files, leaving them responsible for integrating the information into their systems. This creates additional friction and inefficiency.
• Lack of Automation: Without robust integration options, email-based solutions force compliance teams into repetitive manual workflows, increasing the risk of human error and missed deadlines.

In today’s fast-paced crypto environment, these limitations make it clear that email-based methods cannot support the industry’s growing needs.

Security and Privacy Risks

Another critical challenge for email-based solutions is ensuring data security and privacy—an area of increasing scrutiny in jurisdictions like the EU, where compliance is non-negotiable. Key concerns include:

• Data Exposure: Email, while widely used, is not inherently secure. Even with encrypted attachments, the transmission of sensitive customer information via email introduces vulnerabilities.
• PII Handling: Downloading and storing Personally Identifiable Information (PII) on local machines can lead to unintended breaches. Once the data leaves the secure confines of a system, it’s much harder to track and control.
• End-to-End Encryption: True end-to-end encryption, where data is encrypted from the point of origin to its final destination, is often missing in email-based systems. This leaves a critical gap in protecting sensitive information.

In fact, email-based systems are particularly vulnerable to cyberattacks, making them a less secure option for handling sensitive information. According to a Forbes article, in 2023, more than 94% of organizations reported email security incidents.

Poor User Experience for Beneficiaries

While many email-based systems focus on the needs of the originating VASP, they often neglect the beneficiary’s experience. This creates friction and decreases the likelihood of successful data exchange:

• Cumbersome Processes: Beneficiaries are required to open emails, verify their identity, and process files manually. For smaller VASPs with limited resources, this process can be overwhelming.
• No Response Mechanism: Many email-based systems lack a way for beneficiaries to confirm or reject transactions, leaving originating VASPs in the dark about the status of their requests.
• No process for handling missing information: These systems often fail to address scenarios where information is incomplete or inaccurate. Beneficiaries have no standardized way to request corrections or additional details, further complicating the process and risking regulatory non-compliance. This lack of flexibility increases frustration for compliance teams and hampers successful collaboration between VASPs.

The Path Forward: Scalable Alternatives

To overcome these challenges, VASPs need to embrace solutions designed for scalability, security, and efficiency. Key features of a robust Travel Rule compliance system include:

• Automation: Eliminating manual processes through API integrations and automated workflows reduces friction and increases scalability.
• Real-Time Verification: Direct communication between VASPs enables faster responses and better alignment with regulatory requirements.
• End-to-End Encryption: Protecting data at every stage of the process ensures compliance with GDPR and other privacy regulations.
• Feedback Mechanisms: Allowing beneficiaries to confirm or reject transactions creates a complete compliance loop, enhancing trust and transparency.

The Bottom Line

The crypto industry is at a crossroads. As compliance requirements become more stringent, the need for scalable, secure, and user-friendly solutions is greater than ever. 

Email-based Travel Rule solutions, while functional in limited scenarios, cannot support the industry’s growth or the regulatory demands of tomorrow. 

VASPs must prioritize modern, scalable platforms that address the full range of operational, security, and compliance needs. Now is not a time to settle for the bare minimum in terms of Travel Rule compliance, because security and scalability are not things you settle on. 

By considering needs beyond the most basic check-the-box requirements, VASPs can not only meet today’s compliance obligations but also build a foundation for a more efficient, secure, and compliant future for their business.

It’s official—Turkey has introduced FATF-aligned Travel Rule regulations to its cryptocurrency framework! These updates mark a major milestone for the crypto industry in the region, strengthening transparency and security for digital asset transactions. As leaders in this space, we're here to help you navigate what this means for your organization.

What You Need to Know

Travel Rule in Turkey will be in effect as of February 25, 2025.

Note: This is a summary of the new guidelines. For a full picture of Travel Rule compliance in Turkey, please visit our comprehensive Turkey jurisdiction page, or schedule time for a free consultation with our regulatory experts.

Regulating Body and Regulated Entities

The Financial Crimes Investigation Board (MASAK), under the Ministry of Treasury and Finance, is the primary regulatory authority overseeing cryptocurrency in Turkey. MASAK is responsible for implementing anti-money laundering (AML) and counter-terrorism financing (CTF) regulations, including the enforcement of the FATF-aligned Travel Rule. As such, Virtual Asset Service Providers (VASPs) in Turkey are required to register with MASAK and comply with its AML and CTF framework. Notably, MASAK has expanded the definition of regulated entities to include certain financial transactions and service providers, including e-commerce platforms and large-scale intermediary service providers.

What is the minimum threshold for the Crypto Travel Rule in Turkey?

While the Crypto Travel Rule in Turkey applies to all transfers, there is a wider scope of information that needs to be transmitted for transfers of 15,000 TL or above. Additionally, no information verification is required for transfers below 15,000 TL.

What personally identifiable information is required to be shared for the Crypto Travel Rule in Turkey?

Transfers ≥15,000 TL must include:

Originator:

• Name or entity name
• Wallet address or transaction reference number
• One of the following identifiers:
  • Address
  • Date and place of birth
  • Customer number
  • National identification number (e.g., citizenship number, passport number, or tax identification number)

Beneficiary:

• Name or entity name
• Wallet address or transaction reference number

Transfers <15,000 TL must include:

Originator and Beneficiary:

• Name or entity name
• Wallet address or a transaction reference number

Handling Missing Information

Crypto service providers must request missing details. Transfers with unresolved deficiencies will be returned or rejected, and persistent non-compliance could result in business restrictions.

Risk-Based Measures

VASPs must perform enhanced due diligence for high-risk transactions, collecting additional information and restricting transfers if necessary.

Unregistered Wallets

Transfers to and from unregistered wallets now require a customer declaration, ensuring all transactions comply with AML measures.

Implications for Compliance Teams

Businesses operating in Turkey must prepare for operational changes, such as:

✅ Updating systems to verify sender details for qualifying transactions.

✅ Implementing enhanced due diligence for high-risk transfers.

✅ Collecting declarations for unregistered wallet transactions.

What about VASPs outside of Turkey?

When dealing with foreign providers not obligated to share sender/recipient details, obtain customer declarations with similar identifiers. This means that non-Turkish VASPs will need to be prepared to respond to Travel Rule requests from any customers of Turkish VASPs, even if they are not operating in a regulated jurisdiction, or else face the potential of returned transfers, the rejection of future transactions or termination of business relationships.

Why It Matters

MASAK’s proactive measures create a more transparent and secure ecosystem for virtual assets, enabling trust between service providers and users. But with stricter requirements comes the need for robust compliance solutions.

💡 That’s where Notabene comes in. Our platform offers seamless compliance management, helping VASPs navigate these changes while reducing operational friction.

How is your team preparing for these changes?

To discuss how Notabene can support your compliance journey, schedule time for a free consultation with our regulatory experts

Notabene’s 2024 in Review: Scaling Trust, Compliance, and Innovation

As 2024 comes to a close, we reflect on a year where compliance, trust, and global connectivity reached new heights. From record-setting growth to major strides in regulatory clarity, Notabene helped pave the way for a more secure and compliant crypto ecosystem. While we celebrate this progress, we’re also looking ahead—toward a future where stablecoins and institutional adoption transform global payments.

2024 in Review

Record Platform Growth

In 2024, Notabene eclipsed $500 billion in total transaction volume, representing a 10x growth from the previous year. This includes over 32 million secure and compliant transfers across 85+ jurisdictions, and over 190 customers across the globe. We’re proud of what these numbers mean for us as a business, but just as importantly, they underscore the rapid acceleration of Travel Rule across the globe.

Of course, growth is not a singular measure of success in our space. Delivering on our core promise of helping our customers transact safely, our platform has now proactively identified and prevented over $1 billion in high-risk transactions!

Leadership in Regulatory Engagement

2024 was a pivotal year for advancing regulatory compliance in the virtual assets industry. Notabene played a critical role in supporting stakeholders worldwide by:

• Guiding 60+ customers in achieving readiness for major Travel Rule deadlines, including the EU’s Transfer of Funds Regulation (TFR)
• Facilitating regulatory sandbox sessions with the European Banking Authority (EBA) to explore solutions for compliance hurdles
• Engaging with regulators across 42 meetings in 2024 to foster industry-friendly solutions
• Responding to 14 regulatory consultations, shaping critical frameworks that impact the virtual asset ecosystem
• Producing 16 webinars, 8 conferences, and welcoming 935 new learners into our Notabene Academy Certification programs, bringing industry insights together with actionable industry activation of Travel Rule compliance and FATF guidance
• Supporting customers in making sense of new Travel Rule implementation plans across the globe including Australia, Isle of Man, Kazakhstan, New Zealand, Qatar, Seychelles, South Africa, Turkey, and beyond

Notabene continues to serve as a trusted partner, helping clients and regulators navigate the evolving landscape of compliance with innovative tools and deep expertise.

Inaugural Notabene Summit

This year, we hosted the Notabene Summit in Barcelona, a landmark event that brought together leaders in crypto, traditional finance, and regulation to collaborate on the future of compliant digital payments. The Summit featured in-depth discussions on regulatory frameworks, interoperability, and institutional trust, with insights from partners including Coinbase, Fireblocks, and Circle.

The event underscored the industry’s collective momentum in scaling global compliance solutions and driving adoption of secure, interoperable systems.

We can’t wait to share the details on our 2025 Summit—more information will be announced soon!

Product Innovation in Travel Rule Compliance

At Notabene, we’re continually raising the bar for what’s possible in compliance technology.

Next-Generation Self-Hosted Wallet Solutions
Our enhanced self-hosted wallet verification solutions deliver an unmatched user experience by providing four robust proof methods of verification for infinite self-hosted wallets, to seamlessly manage counterparty risk while providing a smooth user experience for our customer’s users

Introduced SafeTransact for Networks
We announced SafeTransact for Networks to improve network reachability and accelerate Travel Rule adoption by enabling a seamless VASP-to-VASP compliance layer directly on top of existing networks where trusted transactions are already occurring.

Expanded Open Protocols
We built the open-source Transaction Authorization Protocol (TAP) to further accelerate the industry’s movement towards open protocols and, along with the interoperability of our SafeGateway solution, enable more VASPs to easily connect across various protocols and networks.

Strengthened Network Security
We prioritized robust security measures to safeguard data and ensure trust across our platform. Notabene is SOC 2 compliant and ISO27001 certified, adhering to globally recognized standards for information security. Our platform incorporates advanced safeguards, including encryption, firewalls, and multi-factor authentication (MFA), ensuring the highest levels of data protection for our customers and their users.

Looking Ahead: 2025 and Beyond

With our recent $14.5 million Series B funding, led by DRW VC and supported by funds managed by Apollo, Nextblock, Wintermute, Jump Capital, Illuminate Financial, as well as participants from previous rounds, Notabene is poised to accelerate growth and innovation in 2025 and beyond. With this investment, we aim to accelerate our growth while focusing on what we believe will be a few prevailing industry trends in 2025.

Stablecoins have evolved from a niche use case to a critical component of the global payments ecosystem. Institutions and regulators are taking note, with major players entering the space and governments racing to establish clear guidelines.

For institutions, stablecoins offer a unique opportunity: fast, transparent, and cost-efficient cross-border transactions that integrate seamlessly into existing financial systems. However, they also bring new regulatory requirements that businesses must meet to operate confidently in this growing market.

Notabene is leading the way by providing tools that enable institutions to adopt stablecoins with compliance and trust at the core. With features like enhanced transaction monitoring, counterparty validation, and scalable compliance solutions, we’re helping businesses unlock the true potential of stablecoins in global payments.

With the EU’s Transfer of Funds Regulation (TFR) and MiCA taking center stage, 2024 marked a tipping point for regulatory clarity in the crypto space. As these frameworks set the tone for global compliance, momentum is building for 2025 to be a year of rapid progress.

In Europe, the December 30, 2024 enforcement of the TFR will bring uniformity to crypto asset transfers across the EU’s 27 member states (and 3 EEA members), forcing businesses inside and outside of the EU to adapt to stricter compliance requirements. Meanwhile, the U.S. is preparing to expand the Travel Rule to Registered Investment Advisers (RIAs) on January 1, 2026, signaling growing regulatory focus across major jurisdictions.

Beyond the EU and U.S., we anticipate further progress globally as more countries align their frameworks with FATF standards. The industry is entering what we call the “Dawn of the Travel Rule,” where trust and compliance will drive broader adoption of crypto assets on a global scale.

This trend isn’t just about meeting compliance mandates—it’s about unlocking opportunities for businesses operating in regulated environments. By leveraging Notabene’s solutions, companies can stay ahead of these changes, ensuring both compliance and competitive advantage.

We hear from customers all the time about the frustrating and avoidable challenges that result from closed Travel Rule protocols walled off by gatekeepers in the industry. This is why we have invested in developing decentralized protocols like TAP and solutions like SafeTransact for Networks.

Open protocols will increase the one metric that matters most to crypto businesses: reachability—the ability for VASPs and institutions to not only connect, but actually facilitate the exchange of information across different systems and networks. By removing technical and regulatory barriers, open protocols make it easier to transact securely and at scale.

We believe strongly that only open protocols can eliminate these barriers and enable institutions to transact securely and at scale—helping to realize our shared vision of a future where crypto is a part of the everyday economy. We’re beginning to see others follow our lead here towards a truly open future.

Join Us in Shaping the Future

To our customers, partners, and team: thank you for your trust and collaboration. Together, we are paving the way for a world where secure, seamless, and compliant crypto payments unlock new opportunities across borders and industries.

Ready to shape this future together? 

Book a call to learn more about our industry-leading Travel Rule solution

Contact us to learn more about partnership opportunities

Join our team as we hire across multiple departments in 2025

Here’s a roundup of what you need to know from the last week in global crypto regulatory news.

🌎 Americas

🇺🇸 United States

President-elect Trump appoints AI and crypto czar. President-elect Donald Trump has named David Sacks, a venture capitalist and former PayPal executive, as the White House’s artificial intelligence and cryptocurrency czar. Sacks is expected to lead the administration’s policies on AI and digital assets, signaling a proactive approach to emerging technologies.

President-elect Trump shifts SEC leadership. President-elect Donald Trump has nominated Paul Atkins, a former SEC commissioner and advocate for digital assets, to replace Gary Gensler as SEC chair. Atkins is expected to bring a more crypto-friendly approach to regulation.

🌍 EMEA

🇬🇧 United Kingdom

FCA unveils crypto regulation roadmap. The Financial Conduct Authority (FCA) released a detailed plan for comprehensive crypto regulations by 2026. Findings show over 12% of U.K. adults hold crypto, emphasizing the need for clear regulatory frameworks.

🇪🇺 European Union

EBA publishes explainer on AML/CFT in crypto. The European Banking Authority (EBA) released a comprehensive explainer on preventing money laundering and terrorism financing in the EU’s crypto-assets sector. The document highlights key requirements under MiCA and the latest AMLD amendments, including the implications of the grandfathering clause. This resource offers essential insights into the EBA’s efforts to align crypto compliance with EU standards.

💡Go deeper with our recent article on debunking the myth of the Grandfathering Clause for the European Travel Rule.

🇲🇦 Morocco

Morocco drafts crypto regulations. Bank Al-Maghrib introduced regulations developed with World Bank support, focusing on financial inclusion and long-term CBDC exploration.

🌏 APAC

🇹🇼 Taiwan

Taiwan accelerates AML compliance for VASPs. The Financial Supervisory Commission (FSC) moved the AML registration deadline for Virtual Asset Service Providers (VASPs) to November 30, 2024. Updated guidelines include tracking suspicious activities and unusual transactions.

🌐 Global Highlights

Global Blockchain Business Council (GBBC)

GBBC launches GSMI 5.0, mapping blockchain regulation. The latest edition of GSMI 5.0 features global regulatory developments, taxonomy for 391 key terms, and in-depth reports on sustainability, AI convergence, and decentralized finance.

Questions? Contact [email protected]

Verifying self-hosted wallet ownership is a critical step in ensuring regulatory compliance while maintaining user trust and convenience. 

At Notabene, we offer 4 proof methods, each tailored to different needs and scenarios. 

Read on to learn more about these options, how they work, and why a user might choose each method depending on their circumstances.

1. Digital Signature: The Gold Standard for Blockchain Verification

Digital signatures use cryptographic algorithms to prove ownership of a blockchain address directly from the wallet. This method is highly secure, seamless, and widely supported across blockchains. While the specific signature standards vary by blockchain, the overall logic and flow remain similar, ensuring consistent user experience.

Advantages

• Highly secure and proof
• Fully automated for faster verification

Supported Wallets

• EVM-Compatible: MetaMask, WalletConnect, Ledger, Trezor, etc.
• Bitcoin: Electrum, Ledger, Trezor, BlueWallet, etc.
• Solana: Phantom, Solflare, etc.
• Other Blockchains: TronLink (Tron), Daedalus (Cardano)

Digital signatures are the gold standard for wallet ownership proof when security, versatility, and compliance are critical.

2. Microtransaction: Blockchain-Recorded Proof

Microtransaction (often referred to as the Satoshi Test) involves sending a small transaction from the wallet to confirm ownership. This method relies on blockchain records and is particularly useful for wallets that do not support signing messages.

Advantages

• Transparent proof recorded on the blockchain
• Works for any wallet capable of making transactions
• Ideal for cases where digital signature is unavailable

Supported Wallets

• No restrictions, if wallet cable to send transactions :)

Microtransactions provide a robust alternative when digital signatures are unavailable, offering trustless verification through the blockchain.

3. Screenshot: Quick and Visual Proof

The screenshot method involves capturing the wallet interface to visually prove ownership of the wallet. This method is simple and accessible, especially for non-technical users.

Advantages

• Quick and easy to perform
• Works for any wallet with a graphical user interface
• Accessible for less tech-savvy users

Supported Wallets

• Any wallet with a GUI, including mobile and desktop wallets.

4. Self-Declaration: Simple and Declarative Proof

Self-declaration involves a user’s assertion of wallet ownership through a signed checkbox. While less secure than other methods, it’s useful for jurisdictions or cases with no strict compliance requirements

Today, the European Banking Authority (EBA) released an explainer entitled Preventing Money Laundering and Terrorism Financing in the EU’s Crypto-Assets Sector. As the crypto landscape evolves, the EU is tightening its grip on compliance with the introduction of MiCAR (Markets in Crypto-Assets Regulation) and its accompanying AML/CFT rules, including the Transfer of Funds Regulation (TFR).

One common misconception among crypto-asset service providers (CASPs) is that MiCAR includes a “grandfathering” exemption under the new European Travel Rule. 

Let’s set the record straight: this is definitively not the case.

▶︎ Watch this special video message from Lana Schwartzman, Head of Regulatory & Compliance at Notabene, explaining why compliance with TFR is so important, as what consequences may face CASPs that fail to comply.

What Does Article 143(3) of MiCAR Really Say?

The much-discussed Article 143(3) states:

“Crypto-asset service providers that provided their services in accordance with applicable law before 30 December 2024, may continue to do so until 1 July 2026 or until they are granted or refused an authorization pursuant to Article 63, whichever is sooner.”

At first glance, this might appear to grant a blanket reprieve for CASPs operating before the cut-off date. In reality, the provision is far more limited in scope.

What This Provision Actually Means

While this transitional clause provides a limited window for CASPs to continue operating while applying for MiCAR authorization, it is not a free pass to avoid compliance. CASPs operating under existing frameworks—such as AMLD (Anti-Money Laundering Directive) or domestic AML/CFT regimes—must still adhere to all applicable AML/CFT requirements and that includes the Regulation (EU) 2023/1113, also know as the Transfer of Funds Regulation (TFR).

In simple terms:

• Yes, CASPs can keep operating during the transitional period.
• No, this does not exempt them from complying with the updated AML/CFT framework (including TFR).

The same stringent rules that apply to credit and financial institutions also apply to “grandfathered” CASPs.

The Travel Rule is Here to Stay

A major component of these regulations is the European Travel Rule, requiring CASPs to ensure that crypto transfers include comprehensive information about both originators and beneficiaries with the goal of preventing illicit activities like money laundering and terrorist financing in the crypto ecosystem and reporting it. This rule is non-negotiable and applies equally to CASPs during the transitional period.

Furthermore, CASPs engaging in transactions with self-hosted wallets or operating across borders will need to implement robust measures to trace and verify transfers.

Why Compliance Matters Now

While the transitional period may offer some operational flexibility, CASPs that delay in meeting compliance requirements risk jeopardizing their long-term viability. Here’s why:

• Increased Scrutiny: The EBA and upcoming EU AML Authority are tasked with enforcing strict compliance.
• Reputation at Stake: Operating without adherence to AML/CFT standards could harm trust with customers, partners, and regulators. As a matter of fact, we published earlier this year the results of our State of Crypto Travel Rule Report which showed from the survey that 66% of VASPs restrict withdrawals that do not comply with Travel Rule requirements
• Operational Risks: Failure to comply could lead to service suspension, fines, or denial of authorization.

For more on the risks of not complying with TFR, read our recent article on the Consequences of Non-Compliance with EU's Travel Rule After December 30th.

The Path Forward for CASPs

For CASPs looking to thrive under the new regime:

1. Act Now: Begin implementing Travel Rule solutions and robust AML/CFT measures immediately.
2. Understand the Framework: Familiarize yourself with MiCAR, Regulation (EU) 2023/1113, and the EBA Travel Rule Guidelines.
3. Prepare for Licensing: Gather the necessary documentation and establish a compliance-first culture to streamline your MiCAR authorization process.

Debunking the Myth

The takeaway is clear: there is no blanket “grandfathering clause” exempting CASPs from compliance. The transitional provision simply ensures continuity while maintaining full AML/CFT obligations.

As the compliance deadline of December 30, 2024 approaches, proactive measures will separate the leaders from those left scrambling to catch up. The time to act is now—ensure your operations are Travel Rule-ready and compliant with the evolving regulatory landscape.

Let’s work together to build a safe, compliant, and thriving crypto ecosystem in the EU. 🌍

As the EU’s Travel Rule regulations continue to advance, other global regions are beginning to feel the ripple effects. The Transfer of Funds Regulation (TFR), notably Regulation (EU) 1113/2023, sets stringent requirements on crypto asset service providers (CASPs) within the EU to mitigate risks of money laundering, terrorist financing, and other financial crimes. 

Yet, the effects of these rules extend beyond EU borders, influencing jurisdictions worldwide as they adapt to the standards set forth by these robust regulations.

Let’s have a look at some of the ways the EU’s TFR could impact regions globally.

A Surge in Global Compliance Demand

North America

VASPs in the US and Canada are closely observing the EU’s strict stance, with regulators considering updates or FAQs to enhance their own frameworks. The EU’s Travel Rule has set a benchmark, making it difficult for non-compliant entities to serve EU-based customers without adhering to similar standards.

Asia-Pacific

Countries like Singapore and Japan, which have already implemented Travel Rule provisions, are likely to refine their compliance measures further to align with EU requirements. This is especially important as EU-based financial institutions increasingly demand verification of counterparties in these regions.

Strengthening Due Diligence and AML Practices

The EU’s TFR mandates comprehensive due diligence for CASPs, which has led other jurisdictions to adopt or enhance similar anti-money laundering (AML) practices. For instance, LATAM countries, particularly those with high remittance flows, are tightening scrutiny on VASP activities to align with FATF recommendations and TFR influences.

For example, according to Reuters, Argentina’s cryptocurrency transactions have surged to $85.4 billion in the past year, raising concerns about money laundering. In response, the government is implementing new regulations, including a July 2024 fiscal package offering tax amnesty for individuals declaring up to $100,000 in registered crypto assets. This initiative aims to align with Financial Action Task Force (FATF) standards and prevent Argentina from being placed on the FATF’s grey list, which could deter foreign investment and harm the economy. Additionally, the government is amending laws related to money laundering and reporting entities to strengthen oversight of the crypto market. Regionally, the Financial Action Task Force of Latin America (GAFILAT), comprising 18 countries from South, Central, and North America, is enhancing anti-money laundering frameworks to align with global standards.

These efforts ensure that transactions from different regions meet EU standards, thereby reinforcing global AML practices.

Influencing Emerging Economies and Adoption Challenges

For emerging markets, particularly in Africa, the drive toward compliance is becoming essential as EU-based users and entities prefer to transact only with VASPs in compliance with their own regulatory standards. 

This could either foster rapid compliance adoption or limit market access for non-compliant VASPs in these regions. This was also noted in our State of Crypto Travel Rule Report where survey results showed that VASPs are increasingly intolerant towards transacting with counterparties that do not comply with the Travel Rule. In fact, over 66% of VASPs somehow restrict withdrawals that don't comply with Travel Rule requirements.

In Nigeria, a leading African cryptocurrency market, VASPs face pressure to align with international standards to maintain global market access. In December 2023, the Central Bank of Nigeria (CBN) issued guidelines for VASPs, lifting a two-year restriction on financial institutions operating accounts for cryptocurrency service providers or processing crypto-related transactions. However, smaller VASPs often struggle with the financial and operational burdens of compliance, creating a dichotomy:

• Rapid Compliance Adoption: VASPs that can afford necessary compliance measures may gain a competitive advantage by attracting EU-based clients and partners, thereby expanding their market reach.
• Limited Market Access: Conversely, VASPs unable to meet these standards risk exclusion from transactions with EU entities, limiting their growth potential.

This dynamic underscores the importance for African VASPs to invest in compliance infrastructure. While initial costs may be high, the long-term benefits include maintaining access to international markets, fostering trust with global partners, and enhancing the overall credibility of the African cryptocurrency market, which can attract more investors and users.

Increasing Demand for Compliance Technology

As VASPs worldwide aim to meet EU standards, the demand for compliance technology is surging. Many are adopting regtech solutions to streamline KYC, AML, and data-sharing processes, enabling efficient alignment with international standards, particularly for cross-border transactions. This trend is reshaping how global VASPs approach compliance.

The Road Ahead: Potential Challenges and Opportunities

The EU’s TFR is reshaping the regulatory landscape, creating both challenges and opportunities for global VASPs. Increased regulatory pressure may lead to market consolidation, where larger entities excel while smaller players struggle to adapt. However, harmonized regulations promise more secure, trustworthy global transactions, offering users a safer and more navigable digital asset ecosystem.

This evolving environment demands proactive investment in compliance solutions. For VASPs, adapting to these changes is not just a regulatory necessity—it’s an opportunity to enhance credibility, foster innovation, and help standardize the global digital transaction landscape.

If your business is located outside of the EU and you would like to speak with our team about implementing a TFR-compliant Travel Rule program, you can schedule a free demo of our solution at notabene.id/demo

Lately, we’ve been hearing a recurring question from our customers and prospects: Is the EU Transfer of Funds Regulation (TFR) being postponed by six months? Let’s set the record straight.

The short answer: No, the TFR is not being delayed.

Understanding the Source of the Confusion

This misunderstanding likely stems from recent discussions around MiCA (Markets in Crypto-Assets) regulatory technical standards (RTS). As members of BlockchainForEurope, we’ve joined others in addressing concerns about MiCA’s RTS and its implementation timeline. The letter we co-signed with other industry members highlights several key challenges that MiCA introduces, including:

1. Timing and Legal Uncertainty: With less than two months left before MiCA’s application on December 30, 2024, delays in RTS adoption have left both national competent authorities (NCAs) and CASPs scrambling to prepare.
2. Inconsistent Transitional Periods: Divergent “grandfathering” clauses across Member States create a compliance patchwork—5 months in Lithuania versus 18 months in France—undermining the intended harmonization.
3. Foreseeable Delays and Risks: Without coordinated measures, we risk regulatory uncertainty, market disruptions, and reputational harm, detracting from MiCA’s goals.
4. Operational Challenges: CASPs face impractical requirements, such as applying in all Member States, while some states have ceased accepting pre-MiCA applications.
5. Proposed Mitigations: The letter calls for ESMA to issue a “no action” letter to promote consistency among NCAs and extend transitional arrangements.

How Does This Relate to TFR?

It’s crucial to understand that MiCA and TFR are separate regulations. While MiCA includes transitional or “grandfathering” clauses for existing CASPs, the TFR does not.

For TFR, there is no "traditional" transitional period. Under the EBA Travel Rule Guidelines, until July 31, 2025, CASPs may exceptionally use infrastructures or services with technical limitations, but are required to implement additional technical steps to ensure full compliance with the requirements. This does not exempt them from Travel Rule compliance. CASPs using such infrastructures are required to take additional technical steps to ensure full compliance with the Travel Rule during this period. This means that all existing CASPs, regardless of their new status, must fully comply with the TFR requirements by the official application date. Any delays or mitigations proposed under MiCA will not directly impact TFR timelines.

Failing to comply with the TFR by the December 30, 2024, deadline carries serious consequences, including the potential for service disruptions, reputational damage, and regulatory penalties. We recently explored this topic in detail in our article: The Consequences of Non-Compliance with the EU’s Travel Rule After December 30th. If you’re preparing for compliance, it’s worth a read.

At Notabene, we’re committed to helping businesses navigate these regulatory complexities. If you have questions or concerns about preparing for the TFR, we’re here to help. Feel free to reach out to our Regulatory & Compliance team at [email protected] 

Compliance is no longer optional in today's regulatory landscape. It's table stakes. For organizations managing operations across multiple jurisdictions, the burden of maintaining localized compliance programs is staggering. 

The costs of managing these complexities aren’t always visible up front, but they add up quickly: legal fees, resource allocation, fragmented workflows, and the ever-present risk of penalties for non-compliance. These challenges often divert focus away from core business priorities. If not properly managed, they can stifle growth—and in the fast-moving crypto industry, slowed growth is simply not an option.

At Notabene, we see a better way forward. Simplifying compliance isn’t just about checking regulatory boxes. It's about enabling businesses to scale confidently while saving time, money, and resources.

Here are some of the key areas where these hidden costs tend to surface.

The True Cost of Global Compliance

For crypto companies, financial institutions, and virtual asset service providers (VASPs) alike, compliance demands vary greatly depending on local regulations. These are only some of the factors that add up to make multi-jurisdictional compliance programs so costly:

1. Fragmented Workflows
   Managing compliance across jurisdictions often leads to disconnected processes, inefficiencies, and duplicated efforts. Without a centralized approach, teams spend valuable time piecing together compliance obligations instead of working on growth priorities.
2. Heavy Resource Strain
   Organizations routinely hire specialized teams, engage external advisors, and coordinate internally to ensure compliance—creating significant operational overhead and expense.
3. Risk Amplification
   The likelihood of missteps—missed reporting deadlines, incomplete documentation, or mishandled data—grows exponentially with jurisdictional complexity. Non-compliance penalties not only erode profits but also tarnish brand reputation.
4. Diverted Focus
   The time, money, and energy poured into compliance complexities are resources that could be better spent scaling operations, innovating products, and expanding market presence.

Many of our customers say that taking a clear, realistic look at these hidden costs helped them understand the ROI of using an integrated Travel Rule compliance platform like Notabene—one that streamlines and automates multi-jurisdictional compliance.

The Value of Simplified Compliance

Simplifying compliance through a robust, end-to-end platform like Notabene reduces complexity and translates directly to measurable value.

Key benefits:

• Administrative Overhead Eliminated
  Automation streamlines workflows and centralizes reporting, enabling compliance teams to manage requirements more efficiently.
• Lower External Costs
  A globally consistent compliance framework reduces dependency on legal experts and consultants, delivering substantial long-term savings.
• Enhanced Operational Focus
  With regulatory compliance consolidated, teams can shift their focus back to business-critical initiatives, like driving customer acquisition and product growth.
• Reduced Risk and Greater Predictability
  Automated systems minimize manual errors, ensure adherence to evolving regulations, and safeguard reputation by mitigating fines and penalties.

Why Streamlined Compliance Is a Competitive Advantage

The regulatory environment for crypto and digital assets is evolving rapidly, but forward-looking companies are already adapting. Simplified, automated compliance platforms give organizations a competitive edge—lowering costs, minimizing risks, and enabling confident, global growth.

At Notabene, we’re helping companies transition from manual compliance management to scalable, automated solutions. Our platform simplifies regulatory obligations so your organization can stay ahead of the curve, save resources, and focus on the future.

Book a call with us today to see how Notabene can streamline your compliance operations.

Celebrating 25 Million Transfers and $500B in Transaction Volume Processed on the Notabene Network

We’re so proud to announce that Notabene has reached a significant milestone – processing over 25 million transactions and $500B in transaction volume through our secure Travel Rule compliance solution. This achievement underscores our position as the industry’s largest active Travel Rule network, as well as our commitment to facilitating secure and compliant cryptocurrency transactions on a global scale.

As a leader in Travel Rule compliance since 2020, Notabene has been at the forefront of enabling Virtual Asset Service Providers (VASPs) to meet regulatory requirements while maintaining the efficiency and speed that crypto users expect. Our solution has become an integral part of the crypto ecosystem, bridging the gap between traditional financial regulations and the innovative world of digital assets.

Reaching 25 million transactions is not just a number—it's a testament to the scale and impact of our solution in the crypto compliance industry. This milestone has far-reaching implications for the broader crypto ecosystem. It demonstrates that large-scale compliance is not only possible but can be achieved without sacrificing the speed and efficiency that are hallmarks of cryptocurrency transactions. It also shows that the industry is maturing, with VASPs increasingly prioritizing regulatory compliance as part of their operations.

By facilitating 25 million compliant transactions, Notabene has played a crucial role in driving Travel Rule compliance within the crypto industry. This has contributed to increased trust and legitimacy in the eyes of regulators and traditional financial institutions, while enabling our customers to grow their business in a scaleable way.

Our Journey to 25 Million

The path to 25 million transactions has been marked by continuous innovation, strategic partnerships, and overcoming significant challenges in partnership with our valued customer base. Along the way, we have:

• Launched our first Travel Rule solution in 2020
• Expanded our network to include VASPs from over 50 countries
• Implemented support for multiple blockchain protocols and countless crypto wallets
• Launched first of its kind Phased Implementation Plan to aid VASP roll out of Travel Rule
• Launched the first Travel Rule Certification program in the crypto industry
• Engaged extensively with regulators and industry associations to address some of the most complex challenges in implementing the Travel Rule
• Developed and released the Transaction Authorization Protocol (TAP), a decentralized protocol solution for the entire industry
• Launched our innovative SafeTransact for Networks, bringing a layer of compliance to the robust networks where transactions already occur
• Built a best-in-industry self-hosted wallet solution that provides end-users with an elegant UX with a simple and powerful embeddable component

And we’re just getting started.

We will continue to rapidly grow our network volume by adapting to rapidly evolving regulations, ensuring interoperability with various VASP systems, and maintaining the highest standards of data security and privacy.

As we celebrate this milestone, we want to highlight our commitment to being the leading provider of Travel Rule solutions in the cryptocurrency space. This achievement would not have been possible without the trust and collaboration of our partners, clients, and the dedicated Notabene team.

To VASPs not yet on our network, there’s never been a better time. Join the largest and most far-reaching Travel Rule compliance network in the crypto industry.

Contact our team to learn how Notabene can help your organization meet Travel Rule requirements and be part of the next 25 million transactions.

For compliance professionals across Europe, the Transfer of Funds Regulation (TFR) plays a pivotal role in enhancing transparency and combating money laundering and terrorist financing. While its primary objective is to align with the Financial Action Task Force’s (FATF) “Travel Rule” for European Union (EU) member states, it’s equally important—but sometimes overlooked—that it also applies to the European Economic Area (EEA) member states, namely Norway, Iceland, and Liechtenstein. This blog post delves into how the TFR extends to the EEA, ensuring a homogeneous regulatory framework across the region.

TFR in the EEA: Not Just an EU Regulation

The TFR was first established under Regulation (EU) 2015/847*, mandating that financial service providers share information accompanying transfers of funds. This regulation is designed to combat money laundering and terrorist financing by ensuring transparency in financial transactions. When the regulation was introduced, the EEA Joint Committee, responsible for aligning EEA non-EU members with relevant EU regulations, formally incorporated it into the EEA Agreement.

EEA Joint Committee Decision No. 198/2016*, adopted on 30 September 2016, amended Annex IX (Financial Services) of the EEA Agreement to include the TFR, thereby extending its applicability to Iceland, Liechtenstein, and Norway. This decision ensured that non-EU EEA members implement the TFR within their financial systems, thus aligning their AML measures with EU standards.

The Complete List of EEA Countries Impacted by the TFR

Understanding which countries the TFR applies to is key for compliance. Here’s the full list of EEA member states:

EU Member States (27 countries): 

• 🇦🇹 Austria
• 🇧🇪 Belgium
• 🇧🇬 Bulgaria
• 🇭🇷 Croatia
• 🇨🇾 Cyprus
• 🇨🇿 Czech Republic
• 🇩🇰 Denmark
• 🇪🇪 Estonia
• 🇫🇮 Finland
• 🇫🇷 France
• 🇩🇪 Germany
• 🇬🇷 Greece
• 🇭🇺 Hungary
• 🇮🇪 Ireland
• 🇮🇹 Italy
• 🇱🇻 Latvia
• 🇱🇹 Lithuania
• 🇱🇺 Luxembourg
• 🇲🇹 Malta
• 🇳🇱 Netherlands
• 🇵🇱 Poland
• 🇵🇹 Portugal
• 🇷🇴 Romania
• 🇸🇰 Slovakia
• 🇸🇮 Slovenia
• 🇪🇸 Spain
• 🇸🇪 Sweden

EEA EFTA States (3 countries): 

• 🇮🇸 Iceland
• 🇱🇮 Liechtenstein
• 🇳🇴 Norway
  

It’s worth noting that 🇨🇭 Switzerland, although part of the European Free Trade Association (EFTA), is not a member of the EEA and is therefore not directly subject to the TFR.

How the TFR Enhances AML/CFT Measures Across the EEA

The TFR strengthens AML and Counter Financing of Terrorism (CFT) measures by requiring payment service providers to attach detailed payer and payee information to transfers of funds. For the EEA as a whole, this means consistent AML compliance standards for financial institutions across both EU and non-EU EEA states.

When Regulation (EU) 2023/1113* updated the TFR, it further extended these obligations specifically for virtual asset service providers (VASPs), bringing them under the same AML/CFT standards. This update is part of the EU’s broader Markets in Crypto-Assets (MiCA) framework, which aims to regulate cryptocurrency service providers consistently across the EEA.

This update extended obligations to VASPs across the EEA as part of the region’s coordinated AML/CFT strategy and ensured that virtual asset transfers include necessary information about the originator and beneficiary, aligning with the FATF’s Travel Rule.

Implications of the TFR for Financial Institutions and VASPs in the EEA

The TFR’s incorporation into the EEA Agreement means that financial institutions, including VASPs in Iceland, Liechtenstein, and Norway, must now comply with the same AML requirements as those in the EU. This uniformity is essential for:

1. Legal Alignment: Ensuring a homogenous legal framework across all EEA member states.
2. Compliance Requirements: Enforcing the same level of scrutiny for fund transfers within the EEA, enhancing transparency and reducing regulatory disparities.
3. AML/CFT Strengthening: Bolstering defenses against money laundering and terrorism financing across borders, especially in high-risk sectors like virtual assets.

Why Compliance Professionals Shouldn’t Overlook EEA Obligations

For compliance officers, particularly those dealing with cross-border transactions, it’s essential to remember that the TFR’s obligations span the entire EEA. Ignoring the non-EU EEA countries—Norway, Iceland, and Liechtenstein—can lead to gaps in compliance, risking penalties and reputational damage. Every compliance framework and transaction protocol should therefore account for the TFR’s reach across these territories.

The TFR is not just an EU obligation; it applies to the entire EEA, including Iceland, Liechtenstein, and Norway. Its aim is to create a consistent and robust AML framework across Europe, aligning the EEA non-EU members with the EU’s AML/CFT standards. Compliance professionals and financial institutions should ensure that their policies and procedures reflect this broader scope of the TFR, safeguarding against regulatory and operational risks in today’s complex financial landscape.

Where to Find Further Guidance on EEA Compliance

The EFTA Secretariat offers access to legal texts and guidance on implementing EU regulations within the EEA, including the TFR. Additionally, each EEA EFTA state’s financial supervisory authority provides national guidelines to help institutions comply with the regulation’s requirements.

For more detailed information on the TFR’s integration into the EEA, refer to EEA Joint Committee Decision No 198/2016, published in the EEA Supplement to the Official Journal of the European Union. The official EFTA website also provides a repository of EEA-related legislative documents, ensuring that compliance professionals have the resources they need to meet EEA-wide AML standards.

*Sources

Regulation (EU) 2015/847 - https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32015R0847#ntr2-L_2015141EN.01000101-E0002

EEA Joint Committee Decision No. 198/2016 -  https://www.efta.int/sites/default/files/documents/legal-texts/eea/other-legal-documents/adopted-joint-committee-decisions/2016%20-%20English/198-2016.pdf

Regulation (EU) 2023/1113 - 3 https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32023R1113

NEW YORK, NY – November 12, 2024 – Notabene, a leading provider of cryptocurrency compliance solutions, today announced it has raised $14.5 million in a Series B funding round led by DRW VC, with participation from funds managed by Apollo, Nextblock, and Wintermute, along with existing investors CMT Digital, F-Prime, Green Visor Capital, Illuminate Financial, Jump Capital, ParaFi Capital, Signature Ventures, and Y Combinator. The funding will accelerate Notabene’s mission to make crypto payments a part of the everyday global economy by fostering open, secure, and compliant transactions.

Regulators now require crypto companies such as exchanges, wallet providers, and payment processors to securely exchange information about sender and receiver, just like they already do in traditional payments. This so-called Travel Rule is now a requirement in most global financial centers.

Having already helped process half a trillion dollars worth of transactions, Notabene is the leading global platform and network for compliant crypto payments. By automating the secure transfer of sensitive data between institutions, Notabene simplifies this complex process that is virtually impossible for companies to implement independently.

Kimberly Trautmann, Partner and Head of DRW VC, the round’s lead investor, emphasized the significance of Notabene’s work in this emerging financial ecosystem:

“Notabene offers a comprehensive and efficient way to track and disclose who an asset is being sent to, which is critical for those who facilitate the exchange, transfer, safekeeping, and administration of virtual assets (Virtual Asset Service Partners or VASPs) and need to be compliant with the Travel Rule. We believe Notabene is positioned to be the provider-of-choice, as it allows users to achieve real-time compliance, is protocol agnostic and does not require exposing sensitive information to other market participants.”

Notabene is expanding its focus to support the growing number of traditional financial institutions moving into digital payments. With over $20T in stablecoin transactions processed last year, global adoption is on the rise and poised to be crypto’s long-awaited killer use case. The key to unlocking stablecoins’ potential as fast, low-cost, borderless payments is a secure and transparent system – one that’s open and not controlled by any single entity. Notabene offers the essential infrastructure for compliance, reconciliation, and safety, enabling open, interoperable payment networks that will drive the next wave of adoption.

Notabene’s CEO, Pelle Brændgaard, underscores the company’s vision for the future of payments:

“We’ve already established ourselves as a pioneer in Travel Rule compliance, and now, as regulatory clarity grows and adoption scales, we are positioned to do the same for payments. By enabling secure, compliant, and open digital asset transactions, we’re helping shape the next generation of global financial infrastructure. Our philosophy of building open networks to maximize reachability between transacting counterparties will be a key driver of adoption with both crypto-native organizations, as well as incumbent players in traditional finance that are showing an increased interest in digital assets and blockchain payment solutions.”

Notabene’s platform has seen a rapid 10x increase in transaction volumes over the past year, totaling nearly $500 billion in transaction volume—solidifying the company’s role as a trusted provider in the compliance space. With over 165 companies using the platform, including some of the largest virtual asset service providers (VASPs) globally such as Copper, OKX, and Robinhood, as well as working relationships with regulatory bodies across hundreds of global jurisdictions, Notabene has built the largest network of transacting counterparties in the market today.

Alexander Ross, General Partner, Head of NYC for investor Illuminate Financial, added:

“As the existing market leader for Travel Rule compliance, we believe Notabene has the potential to become the “SWIFT network” for blockchain transactions. There is a desperate need for a secure network to share all transaction metadata. This will enable compliance with global regulations and is a key pillar to unlocking mass adoption of stablecoins for payments. We have been working with the founders since 2021 and believe they are the best positioned to execute this vision.”

With this raise, Notabene is set to continue its mission to bring crypto and stablecoins into everyday global payments. It will help grow the industry's only open compliant payments network to support more use cases and new market entrants.

“With $20 trillion in stablecoin transactions processed last year, stablecoins are emerging as the preferred method for fast, low-cost global payments,” said Pelle Brændgaard, Notabene CEO. “As regulatory clarity expands, traditional financial institutions are beginning to recognize stablecoins’ potential. Notabene’s role as a trusted compliance provider is critical to unlocking this potential and establishing stablecoins as a legitimate payment medium worldwide.”

About Notabene

Notabene is the leading crypto payment authorization network, enabling secure, transparent, and compliant transactions for financial institutions around the world. With a platform that facilitates transactions in over 80 jurisdictions, supports over 165 companies, and has processed half a trillion dollars in transaction volume, Notabene is setting the standard for compliant transactions in the digital asset space.

For more information, please visit notabene.id.

‍

Nearly five years ago when Alice, Ania, Andrés, and I sat down to start our journey to making crypto part of the everyday economy, we realized it was an amazing opportunity for us to really solve some of the foundational issues we saw were inherent in crypto and the crypto industry of 2020.

Trust between the many varied crypto native institutions, traditional finance, and global regulators seemed missing and, frankly, not many people cared back then. As early Bitcoin and Web3 developers, we believe in the importance of decentralization and people managing their own keys. And yet we also realized that institutions are as critical to scaling and making crypto safe for regular people and use-cases as they are in the cash-based economy.

Thus, our simple plan: to help crypto native companies trust each other and allow regulators to feel safe and comfortable for their constituents to entrust their money with this new generation of crypto native fintechs. This is ultimately about adoption of crypto and stablecoins globally with everyone and everywhere. 

Announcing our Series B

Today marks a significant milestone in Notabene's journey, as we announce our $14.5 million Series B funding round led by DRW VC, with participation from funds managed by Apollo, Nextblock, and Wintermute, along with existing investors CMT Digital, F-Prime, Green Visor Capital, Illuminate Financial, Jump Capital, Signature Ventures, and Y Combinator. This investment is a testament to our vision of building a trust infrastructure that enables all financial institutions—from crypto natives to traditional banks—to transact securely and confidently in the digital age.

It's noteworthy that DRW, Wintermute, and Jump (who co-lead our Series A) are all major players in providing the critical underlying liquidity that powers the crypto ecosystem. Their participation underscores their deep understanding of the importance of institutional trust infrastructure in driving the industry forward.

Our Journey So Far

We recognized early that the future of finance would require a new kind of trust infrastructure. Traditional finance relies on centralized gatekeepers, while crypto operates on trustless technology. We saw the need for a middle ground—a way for institutions to build trust through transparency and verifiable credentials while maintaining their autonomy.

What started as helping companies implement the Travel Rule has evolved into something much more fundamental: a decentralized trust network that enables any financial institution to verify, trust, and transact with counterparties globally. Today, having processed nearly $500B in transactions through our Transaction Authorization Network, we've proven that compliance and transaction volume can go hand in hand when built on the right foundation.

Why Institutional Trust Infrastructure Matters More Than Ever

The financial industry stands at a crossroads. Crypto natives have built incredible technology but struggle with trust. Traditional financial institutions have deep trust relationships but are constrained by legacy infrastructure. Fintech companies are bridging the gap but need better tools to build trust with both sides. These dynamics create the perfect conditions for a new kind of financial infrastructure built on verifiable trust rather than centralized gatekeepers.

Nowhere is this more evident than in the evolution of stablecoins. While stablecoins solve the fundamental challenge of instant, 24/7 settlement, they can only replace traditional settlement rails if institutions can trust who they're transacting with before they send funds. This is where our pre-transaction authorization infrastructure becomes crucial—enabling institutions to verify counterparty identity, assess risk, and ensure compliance before a single dollar moves.

What excites me most is seeing how our trust network enables entirely new ways of collaboration between different types of financial institutions. When a crypto exchange can instantly verify the compliance credentials of a traditional bank, when a fintech can prove its trustworthiness to multiple partners simultaneously, when institutions can maintain their high standards while embracing innovation—that's when we know we're building something transformative.

Building the Trust Network

This funding will accelerate our vision in three key areas:

1. Network Expansion: Our network of 165 customers and 1,600 profiles is just the beginning. We're building the world's most comprehensive network of verified institutional identities, enabling any financial institution to find and trust counterparties globally.

2. Trust Infrastructure: We're investing heavily in our pre-transaction authorization platform and decentralized trust infrastructure. This enables institutions to comply with regulations and build verifiably trusted relationships at the scale needed for stablecoins to become the next generation of settlement rails. By solving the "trust gap" that has held back institutional stablecoin adoption, we're helping create a future where instant, global settlement is the norm, not the exception.

3. Global Standards: We're working with regulators and industry leaders, particularly in the EU with MiCA and the US, to establish standards for institutional trust that work for everyone - from the most innovative crypto native to the most conservative bank. These standards will be crucial as stablecoins increasingly become part of the core financial infrastructure.

A Foundation Built on Trust

Our success comes from understanding that trust can't be enforced - it must be earned and verified. We've built a team that deeply understands both traditional finance's trust requirements and decentralized technology's innovative potential. This unique perspective allows us to bridge the gap between stablecoins' instant settlement capabilities and institutional finance's trust requirements.

DRW's Kimberly Trautmann captures this well: "Notabene offers a comprehensive and efficient way to track and disclose who an asset is being sent to, which is critical for Virtual Asset Service Partners. We believe Notabene is positioned to be the provider of choice."

To Our Stakeholders

To our customers: Thank you for your trust. We're committed to being your long-term partner in building compliant digital payment infrastructure. This funding will help us serve you better and support your growth.

To our team: Your dedication to solving hard problems while maintaining the highest compliance and security standards has brought us here. We're just getting started.

To our investors: Thank you for believing in our vision. We're building infrastructure that will reshape how value moves around the world.

The Road Ahead

The next phase of finance will be defined by how successfully different types of institutions can work together. This isn't just about compliance or technology, it's about building an ecosystem where traditional banks, fintechs, and crypto companies can each maintain their identity while building meaningful trust relationships with others.

We see a clear path to stablecoins becoming the backbone of institutional settlement. The technology for instant, 24/7 settlement exists today—what's missing is the trust infrastructure to make it work at scale. By solving the critical challenges of pre-transaction authorization and institutional trust, we're removing the final barriers to widespread stablecoin adoption.

We're creating a world where a bank can instantly verify a crypto exchange's compliance credentials, a fintech can prove its trustworthiness to multiple partners simultaneously, and innovation doesn't come at the cost of trust. A world where institutions don't need centralized gatekeepers to trust each other because they have the tools to verify trust directly. A world where settling a cross-border payment is as instant and simple as sending an email but with all the trust and security that institutions require.

Our journey continues, and we're more excited about what's ahead. If you're interested in being part of building this trust-based future - whether as a customer, partner, or team member - we'd love to hear from you.

The future of finance is being built today, and it's being built on verifiable trust relationships between sovereign institutions. We're proud to be leading the way. Our vision of crypto being a key part of the everyday economy is closer than ever.

‍

‍

Pelle Brændgaard is the CEO and co-founder of Notabene. Follow him on Twitter @pelleb for more insights on the future of compliant digital payments.

When I spoke about the Dawn of Travel Rule at the GBBC Members Forum, I spoke about the importance of not only sending and receiving Travel Rule messages, but responding to them as well.

Why is this so important? Simply put, at this point in our Travel Rule timeline (5 years since first adoption), supervisory authorities are starting to evaluate the effectiveness of Travel Rule. This means taking a closer look at one key requirement, which is responding to Travel Rule messages. Depending on the jurisdiction, it is no longer okay to only send a transfer and state to a regulator that “As a VASP, I am Travel Rule Compliant”. You will have to also demonstrate that you have been responding to incoming messages from counterparties.

Why Responding Matters

As the industry evolves, responding accurately to Travel Rule requests is not just a "nice-to-have" feature; it’s a compliance obligation that can impact a firm’s ability to do business. Let’s take a closer look at some of the key reasons why.

1. Compliance Requirements

Many jurisdictions have regulations explicitly mandating that VASPs engage in a two-way dialogue for Travel Rule compliance. This means that merely sending the required information is not enough—you must also respond to missing or incomplete data, and provide follow-up information when requested by counterparties or authorities. Failure to do so can put your business at risk of non-compliance and possible subject to fines or penalties.

Let’s take a look at just a few jurisdictional regulations (this is not the exhaustive list) that emphasize not only the need to send and receive required information but also the importance of responding to travel rule messages. You might note that these rules are primarily in the context of providing required transfer details back when there is incomplete or missing information.

European Union

The EU’s Transfer of Funds Regulation (TFR) goes beyond requiring accurate originator and beneficiary information. It mandates that CASPs (Crypto Asset Service Providers) request missing details and actively respond to counterparty requests to rectify discrepancies. Specifically, Article 16(1) and Article 17 of the TFR require prompt follow-up and compliance checks. Full details at the bottom of this article.

United States

The FinCEN Travel Rule requires U.S.-based VASPs to provide specified information for transactions over $3,000. This includes responding to any queries or compliance checks from counterparties. Ignoring such requests or failing to engage can be seen as regulatory non-compliance, particularly in the context of suspicious transactions. Full details at the bottom of this article.

United Kingdom

Under the Money Laundering Regulations (MLR), VASPs are required to take proactive steps if information is missing or incomplete. For example, if a discrepancy is detected, the VASP must request the missing information, delay the transaction, or, in some cases, even return the crypto assets. Such procedures necessitate a robust response mechanism. Full details at the bottom of this article.

Singapore

Under the Payment Services Act (PSA), the Monetary Authority of Singapore (MAS) implements FATF’s Travel Rule. VASPs must gather, verify, and transmit required information, and are expected to “provide value transfer information” by a certain time frame which can only be done through a response. For example, the legislation states that “In a value transfer where the amount to be transferred is below or equal to S$1,500…….the ordering institution shall provide the value transfer originator information and value transfer beneficiary information set out in paragraph 13.4(a) to (d) within 3 business days of a request for such information…” Full details at the bottom of this article.

Across these global regulations, the emphasis is clear: while sending and receiving information is essential, responding to travel rule transfers is equally important. This includes engaging with counterparties to verify, request additional information, and ensure compliance with AML/CFT obligations. A lack of response or failure to follow up on incomplete or suspicious transfers can result in non-compliance and regulatory scrutiny.

2. Counterparty Trust and Business Relationships

VASPs are increasingly choosing to limit their transactions to compliant counterparties. This trend is evident in Notabene’s own research, where 66% of surveyed VASPs reported restricting withdrawals with entities that do not comply with the Travel Rule. Failing to respond to a Travel Rule message sends a strong signal to your counterparties that your business may not be fully committed to compliance, leading them to potentially cut off transactions altogether.

3. Operational Efficiency and Risk Management

Failing to respond promptly to Travel Rule messages can create bottlenecks in your transaction workflows, resulting in increased operational costs and slower settlements. Having an automated system like Notabene’s SafeTransact that not only sends and receives messages but also monitors and responds to them can help streamline compliance processes and reduce the risk of human error.

Real-World Implications: What Happens When You Don’t Respond?

If a VASP fails to respond to a Travel Rule message, several scenarios could unfold:

Regulatory Penalties and Fines

Non-compliance can result in significant fines or penalties from regulatory bodies.

Counterparty De-Risking

If a counterparty sees that you are not responding to compliance messages, they may choose to de-risk by ceasing all business activities with your VASP, resulting in lost revenue and a damaged reputation.

Loss of Market Access

As global jurisdictions begin implementing stricter compliance rules, VASPs that are flagged for non-compliance may find themselves unable to operate in key markets.

Notabene’s Approach: Streamlining and Automating Responses

The complexity of responding to Travel Rule messages often stems from inconsistent regulations across jurisdictions. Notabene’s solution simplifies this by offering a unified platform that helps businesses automatically detect missing or incomplete data, sends requests for clarification, and ensures compliance through automated responses.

Notabene’s SafeTransact for Networks automates the end-to-end compliance process, enabling customers to respond to Travel Rule requests in real-time, ensuring compliance without disrupting business operations.

Responding to Travel Rule messages is not just about meeting regulatory expectations; it’s about building trust in the industry. As the market matures, businesses that invest in compliance today will be best positioned to thrive tomorrow.

By actively responding to Travel Rule messages, your business is not only complying with global regulations but also paving the way for more secure and efficient transactions, making you a preferred partner for other VASPs and financial institutions.

Want to learn more about how Notabene’s solution can help streamline your Travel Rule compliance? Book a call with our team today.

‍

‍

Addendum

European Union (EU) - Transfer of Funds Regulation (TFR) (Regulation (EU) 2015/847)

Articles 16(1) and 17 of the Transfer of Funds Regulation outline the responsibilities of Crypto Asset Service Providers (CASPs) to ensure that all transfers include accurate and complete originator and beneficiary information. They also specify that CASPs must request missing information  from the sender's VASP and actively engage when information is incomplete. Responding  to these situations is crucial for compliance.

“crypto-asset service providers should ensure that the information on the ... originator and the beneficiary is not missing or incomplete.” (Par. 28)

“With the aim of assisting payment service providers and crypto-asset service providers to put effective procedures in place to detect cases in which they receive transfers of funds or transfers of crypto-assets with missing or incomplete information on the payer, payee, originator or beneficiary and to take effective follow-up action, “ (Par. 51)

“To enable prompt action to be taken in the fight against money laundering and terrorist financing, payment service providers and crypto-asset service providers should respond promptly to requests for information on the payer and the payee or on the originator and the beneficiary from the authorities responsible for combating money laundering or terrorist financing in the Member State where those payment service providers are established or where those crypto-asset service providers have their registered office” (Par. 53)

Further, according to the final Travel Rule Guidelines¹ by the European Banking Authority that accompany the TFR paragraph 56 states:

“Where the PSP, IPSP, CASP or ICASP requests required information that is missing, it should set a reasonable deadline by which the information should be provided. This deadline should not exceed three working days for transfers taking place within the Union, and five working days for transfers received from outside of the Union, starting from the day the PSP, CASP, IPSP or ICASP identifies the missing information”

¹https://www.eba.europa.eu/sites/default/files/2024-07/6de6e9b9-0ed9-49cd-985d-c0834b5b4356/Travel%20Rule%20Guidelines.pdf

‍

United States - Financial Crimes Enforcement Network (FinCEN) Travel Rule (31 CFR 1010.410)

The FinCEN Travel Rule mandates U.S. based VASPs (CVC’s) and financial institutions to collect, retain, and transmit specified information on fund transfers over $3,000. Responding to requests for additional details or missing information is required, particularly in suspicious cases or incomplete transfers.

“The money transmitter must obtain or provide the required regulatory information either before or at the time of the transmittal of value, regardless of how a money transmitter sets up their system for clearing and settling transactions, including those involving CVC” (Fincen Guidance FIN-2019-G001)

United Kingdom - The Money Laundering and Terrorist Financing (Amendment) (EU Exit) Regulations 2019

The UK’s Money Laundering Regulations (MLR) require VASPs to ensure full compliance with AML/CTF requirements, including receiving and transmitting required travel rule information.  Further, there are requirements around reporting to FCA those that do not provide the required information back. Hence this really underscores the responsibility of VASPs to respond to inquiries from counterparties and authorities when information is missing or insufficient.

“(2) Where the cryptoasset business of the beneficiary becomes aware that any information required by regulation 64C to be provided is missing or does not correspond with information verified by it under Part 3, the cryptoasset business of the beneficiary must— (a) request the cryptoasset business of the originator to provide the missing information; (b) consider whether to make enquiries as to any discrepancy between information received and information verified by it under Part 3; and (c) consider whether— (i) to delay making the cryptoasset available to the beneficiary until the information is received or any discrepancy resolved; and (ii) if the information is not received or discrepancy resolved within a reasonable time, to return the cryptoasset to the cryptoasset business of the originator. (3) In deciding what action to take under paragraph (2)(c) the cryptoasset business must have regard to— (a) the risk assessments carried out by the cryptoasset business under regulations 18(1) (risk assessment by relevant persons) and 18A(1) (risk assessment by relevant persons in relation to proliferation financing); and (b) its assessment of the level of risk of money laundering, terrorist financing and proliferation financing arising from the inter-cryptoasset business transfer……."

(5) The cryptoasset business of a beneficiary must report to the FCA repeated failure by a cryptoasset business to provide any information required by regulation 64C as well as any steps the cryptoasset business of the beneficiary has taken in respect of such failures.  (Par 64D)

Singapore - Payment Services Act (PSA) and FATF Travel Rule Implementation

Under the Payment Services Act (PSA), the Monetary Authority of Singapore (MAS) implements FATF’s Travel Rule. VASPs must gather, verify, and transmit required information, and are expected to “provide value transfer information” by a certain time frame which can only be done through a response. For example,  “In a value transfer where the amount to be transferred is below or equal to S$1,500…….the ordering institution shall provide the value transfer originator information and value transfer beneficiary information set out in paragraph 13.4(a) to (d) within 3 business days of a request for such information…….”

As of 30 December 2024, compliance with the Transfer of Funds Regulation (TFR) and respective EBA Guidelines is mandatory for any CASPs operating in the EU.

▶︎ Watch this special video message from Lana Schwartzman, Head of Regulatory & Compliance at Notabene, explaining why compliance with TFR is so important, as what consequences may face CASPs that fail to comply.

A common misconception that we hear is that there is a “grace period” that delays the need to comply until July of this year. While it is true that the EBA guidelines foresee a transitional period until July 31, 2025, during which CASPs may exceptionally use infrastructures or services with certain technical limitations, this does not exempt them from Travel Rule compliance. CASPs using such infrastructures are required to take additional technical steps to ensure full compliance with the Travel Rule during this period.

This provision from the EBA Guidelines gave rise to misinterpretations that many are now incorrectly viewing as a grace period or exemption. The EBA already clarified that this is not the case. In page 51 of the final Guidelines “the EBA stresses that non-compliance with Regulation (EU) 2023/1113 is not accepted”. In fact, paragraph 24 of the EBA Guidelines clearly states that the technical limitations “need to be compensated by additional technical steps or fixes to fully comply with these Guidelines”.

It is therefore very clear that the TFR obligations must be fully complied with as of December 30, 2024. 

CASPs that repeatedly or systematically fail to accompany crypto-asset transfers with the required information on the originator and beneficiary may face severe penalties and consequences under the Transfer of Funds Regulation and related EU directives. All told, the risks that a company faces by not complying with TFR are substantial. 

Let’s have a look at the potential consequences of non-compliance with the TFR.

1. Financial Penalties

One of the most immediate and tangible consequences of non-compliance is the imposition of financial penalties. These can be substantial and may vary depending on the severity of the breach and the specific regulations in each EU member state. The regulation allows for substantial monetary sanctions:

• Standard Penalty: A maximum administrative fine of at least twice the amount of the benefit derived from the breach (if determinable) or a minimum of €1,000,000.
• Enhanced Penalties for Financial Institutions: For CASPs classified as credit or financial institutions, the penalties can be more severe:
  • Legal Persons: Fines of up to €5,000,000 or 10% of the total annual turnover, whichever is higher.
  • Natural Persons: Fines of up to €5,000,000

Keep in mind that penalties can accumulate, potentially resulting in daily fines. In addition, increased compliance costs and operational burdens may be necessary to resolve deficiencies, resulting in additional financial burden.

*Source: Article (3) of Directive (EU) 2015/849

2. Criminal and Administrative Sanctions

In more severe cases, particularly those involving deliberate non-compliance or gross negligence, entities and individuals may face criminal or administrative sanctions. This can include:

• Criminal liability for Chief Compliance Officers (CCOs) or executives responsible for overseeing AML/CFT protocols
• Administrative sanctions that could significantly impact business operations
  • Public Statement: Authorities may issue a public statement identifying the CASP and detailing the nature of the breach.
  • Cease and Desist Order: The CASP may be ordered to stop the non-compliant behavior and refrain from repeating it.
  • Authorisation Suspension or Revocation: For authorized CASPs, their operating license may be suspended or withdrawn entirely.
  • Managerial Ban: Individuals responsible for the breach, including those in managerial positions, may face a temporary ban from exercising managerial functions in obliged entities.

  *Source: Article 29 of the TFR and Article 59(2) and (3) of Directive (EU) 2015/849)

3. Regulatory Sanctions

While exact details may vary, it's likely that regulatory sanctions for non-compliance could be severe:

• Suspension or revocation of operating licenses within the EU
• Restrictions on certain activities or prohibitions on cross-border crypto-asset transfers

4. Reputational Damage

In the highly regulated EU market, reputation is crucial. Non-compliance can lead to:

• Loss of trust from customers and partners
• Negative publicity that can be challenging to overcome
• Long-term impact on business relationships and growth opportunities

5. Heightened Regulatory Scrutiny

Entities found to be non-compliant will likely face increased attention from regulators:

• More frequent audits and inspections
• Increased reporting obligations, adding administrative burdens and costs
• Requirements to submit additional documentation to demonstrate compliance improvements

6. Counterparty Risks

Non-compliance can also affect business relationships, as partners may be hesitant to work with non-compliant entities, leading to lower transaction volumes and overall business success.

• Counterparties may report non-compliance to regulators. CASPs must report the repeatedly non-compliant counterparties to the competent authority responsible for Anti-Money Laundering/Counter-Terrorist Financing (AML/CTF) supervision within three months of identifying the non-compliance.
• Counterparties of CASPs that repeatedly or systematically fail to accompany crypto-asset transfers with the required information on the originator and beneficiary may be required to reject incoming transfers and terminate the existing business relationship or all reject future transfers from the non-compliant counterparty.

While no one has a crystal ball, the consequences of non-compliance with the EU's TFR after December 30th, 2024, are far-reaching and potentially severe. From financial penalties to reputational damage, the possible risks suggest that CASPs and other obligated entities should take seriously the need to be fully prepared with a TFR-ready Travel Rule solution when the regulation comes into force.

As the Head of Regulatory and Compliance at Notabene, I've been at the forefront of discussions about one of the most pressing issues keeping compliance officers awake at night: How do you handle non-compliant deposits under the Travel Rule in the EU and other jurisdictions?

The implementation of the Travel Rule is an essential step in ensuring compliance with anti-money laundering (AML) and counter-terrorist financing (CTF) regulations. But this regulatory evolution brings a real challenge—how should Crypto Asset Service Providers (CASPs) respond when they receive non-compliant deposits? The issue isn’t only theoretical; it’s something that every CASP will face.

The Challenge of Non-Compliant Deposits

With the implementation of the Travel Rule, non-compliant deposits are an inevitable reality. These can arise from various scenarios(^1) that beneficiary CASPs must be prepared to address such as:

1. Deposits originating outside of approved CASPs
2. Deposits from approved CASPs with insufficient Travel Rule information
3. Deposits from approved CASPs with inconsistent beneficiary information
4. Deposits from approved CASPs where the originator is not an allowed person 

Without a clear policy or well-defined workflow, the risks are high and these issues can disrupt the user experience, complicate operations, and even lead to asset loss. Each scenario requires a well-thought-out policy and workflow to address it effectively while minimizing disruption to user experience.

Non-Compliance Under the EU’s TFR (Regulation 1113/2023)

In the EU, Travel Rule under the TFR (Regulation 1113/2023)(^2) places significant responsibility on beneficiary CASPs. Articles 14, 16, and 17 of the regulation clearly outline the need for accurate originator and beneficiary information to be included with each transaction. The challenge lies in the fact that beneficiary CASPs can't proactively block incoming deposits. They must rely on the originating CASP's compliance to meet their obligations. This creates a complex situation where beneficiary CASPs must navigate between regulatory compliance and customer service. Despite beneficiary CASPs having less control over incoming deposit flows than originating CASPs, they must still enforce compliance, using methods such as post-monitoring or suspending suspicious transactions.

Under Article 17, CASPs must implement risk-based procedures to determine whether to execute, reject, return, or suspend transfers of crypto-assets that lack the required information. Non-compliant transactions must be carefully reviewed, with potential responses ranging from requesting missing data to returning the crypto-assets to the originator.

But the process isn't simple. For instance, a transfer may originate from a wallet that no longer belongs to the sender. Or, the originator may have no account with an approved CASP. How do you return the funds then? The answers are not always straightforward, and the EU’s TFR leaves room for a risk-based approach to address these scenarios.

Developing a Policy for Travel Rule Non-Compliant Deposits

At the heart of handling non-compliant deposits is the necessity of a clear, risk-based policy which is part of every industry best practice. This policy must account for several key steps:

1. Withhold assets until compliance is achieved: If the necessary Travel Rule information is missing, the assets should not be made available to the beneficiary until compliance is ensured. This may require collecting additional information or performing enhanced due diligence.
2. Return non-compliant assets promptly: Where compliance cannot be achieved, CASPs should have clear procedures for returning the assets to the originator. This process should be timely to avoid user frustration while ensuring that the return itself is secure and complies with AML/CTF obligations.
3. Avoiding technical complications in the return process: Blockchain transactions, particularly those involving aggregated wallets, present additional challenges. Simply sending the funds back to the originating address may not always be feasible or safe. Instead, CASPs should establish secure, alternative methods to return funds while protecting against illicit activity.
4. Reassess relationships with non-compliant counterparties: CASPs should monitor their counterparties’ compliance levels. Repeated non-compliance from a particular CASP may necessitate reevaluating the relationship, issuing warnings, applying enhanced due diligence, or even terminating the partnership. And let's not forget that there is a requirement of reporting of non-compliance of CASPs to national authorities. 
   

The Return Dilemma

One of the most challenging aspects of handling non-compliant deposits is the return process. The FATF guidance and local regulations don't prescribe specific requirements for return policies, leading to varied practices among VASPs.
Key considerations for a return policy include:

1. Where to return the assets
2. Who to return the assets to
3. Whether Travel Rule compliance applies to the return transaction

While there’s no universally accepted answer, the principle of reliability and a risk-based approach may guide your actions. For instance, can you confidently rely on a blockchain address used in a Travel Rule message for returning assets? Often, the answer is no. Wallet addresses change, can become dormant, and may result in commingled assets. 

A more cautious approach is to confirm the originator’s identity and account details through both on-chain screening and direct communication with the counterparty. This ensures that the return process doesn’t inadvertently violate AML/CTF rules.

These are the practical steps for compliance that you can take:

1. Develop clear policies for handling non-compliant deposits
2. Implement robust monitoring systems to detect non-compliant transactions
3. Establish a detailed workflow for the return process
4. Communicate policies clearly to users to minimize disruption
5. Regularly reassess relationships with repeatedly non-compliant counterparties

Notabene’s Role: Helping CASPs Navigate Non-Compliance

At Notabene, our platform helps CASPs identify and manage non-compliant CASPs with precision. By offering insights into missing Travel Rule data and alerting users to potential non-compliant transactions, we help CASPs maintain compliance while minimizing disruption. Additionally, our reporting tools allow CASPs to generate comprehensive lists of non-compliant transactions, simplifying their decision-making process and enhancing their regulatory reporting.

The Path Forward: A Risk-Based Approach

Handling non-compliant deposits under the Travel Rule is complex, but not insurmountable. As the regulatory landscape continues to evolve, staying informed and adaptable will be key to success in the world of crypto compliance. The road ahead may be challenging, but with the right policies, workflows, and tools such as Notabene in place, compliance can be achieved without sacrificing user experience. At Notabene, we’re committed to helping CASPs and regulators strike this critical balance.

If you would like to speak with Notabene about  implementing a risk-based compliance solution for your unique needs, book a call with our team today.
‍

References

^1 This is not an inclusive list
^2 https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32023R1113

Differences between national Travel Rule requirements can be challenging for VASPs to navigate. Various regulators have interpreted and applied the Travel Rule differently, leading to various approaches across jurisdictions regarding:

• Timeline for enforcement of Travel Rule requirements

• Required originator and beneficiary information

• Compliance thresholds

• Transactions to/from self-hosted wallets

• Counterparty VASP due diligence obligations

• Transacting during the Sunrise Period

A transaction could be within the scope of Travel Rule requirements for one counterparty and outside the scope for the other. This issue is especially complex during the Sunrise Period. Even after the Travel Rule is fully implemented, national framework differences will likely continue to cause friction for VASPs.

‍

Practical examples to illustrate these challenges

In Estonia, virtual asset service providers (VASPs) are not required to collect or transmit beneficiary names. However, a beneficiary VASP in another jurisdiction may expect to receive beneficiary information and could be obliged to reject transactions where this information is missing.

Canadian originator VASPs must collect and transmit the beneficiary’s physical address. However, originator VASPs in other jurisdictions may not have this requirement. As a result, Canadian VASPs may often receive incomplete information that nonetheless meets the requirements of the originator VASP’s domestic framework.

In the United States, an originator VASP is required to collect and transmit Travel Rule information only when the transaction exceeds $3,000. In contrast, a beneficiary VASP in the European Union requires this information for transactions of any value.

‍

A non-exhaustive list of the differences in required originator and beneficiary information across jurisdictions

Approaches to the Challenges of Cross-Border Transactions

Below we discuss what can be done about the challenges associated with cross-border transactions, initiatives that are already in place, and which stakeholders are best positioned to drive solutions to these challenges:

FATF

Although global harmonization of Travel Rule requirements would certainly solve these challenges for VASPs, this is not a realistic solution and is not something that the Financial Action Task Force (FATF) would or could mandate. National frameworks will also inevitably vary because, as the FATF points out, regulators take into account different risk profiles, contexts, and approaches to risk mitigation. [1] As such, the FATF Standards permit variation from the FATF’s Travel Rule, provided the minimum requirements are met.

REGULATORS

It is essential that regulators implement clear Travel Rule requirements for VASPs and that the frameworks address how VASPs should treat cross-border transactions where the requirements vary.

The U.K.’s Joint Money Laundering Steering Group's (JMLSG) guidance addresses this by ignoring cross-border discrepancies in the Travel Rule’s application. For instance, if a U.K. VASP complies with U.K.-specific requirements, it’s considered compliant even when dealing with jurisdictions that have more stringent rules. ^[2] On the other hand, if a U.K. VASP receives a deposit with incomplete or incorrect information, it must seek the missing details, irrespective of the originating VASP’s local thresholds. ^[3] 

We encourage the adoption of a more flexible deposit policy than the one that theJMLSG has adopted to facilitate smoother cross-border transactions. For example, a more lenient policy could permit VASPs to accept deposits without full Travel Rule information for transactions below the threshold set in the originating VASP’s country based on a risk assessment.

TRAVEL RULE SOLUTIONS

Travel Rule solutions are generally best positioned to ease some of the challenges for VASPs in facilitating cross-border transactions, especially when these transactions are happening at scale.

Notabene embeds jurisdictional requirements from more than 20 jurisdictions. Specifically, the system has encoded the applicable compliance thresholds and required information scope in each supported jurisdiction. This allows VASPs to validate their Travel Rule transfers against the Travel Rule requirements applicable in both their own and their counterparty’s jurisdiction. Using the available settings, VASPs can decide whether a Travel Rule transfer is required for a given transaction. They can make this decision based on their own compliance threshold or by considering the lowest threshold amount of the jurisdictions involved in the transaction.

VASPS

VASPs’ Travel Rule policies and processes should proactively address cross-border transactions. These policies need to take into account the differences across national frameworks and what actions are mandated by applicable domestic regulations. Additionally, partnering with the right Travel Rule solution can remove some of the operational complexity associated with cross-border transactions. When assessing different options, VASPs should closely assess the solution’s jurisdiction coverage and functionality when it comes to cross-border transactions.

‍

Notabene’s 2024 status check

‍

From a technical perspective, the differences in Travel Rule requirements across jurisdictions can be effectively reconciled. Solutions like Notabene’s jurisdictional validation are key in the process. However, from a policy perspective, it is crucial to ensure that VASPs are free to transact with foreign counterparties, despite the differences in requirements.

A risk-based approach that allows decisions on whether to accept transactions with missing information should be adopted. This flexibility is necessary in cases where the originator VASP is not legally obligated or able to provide the required information. Adopting stricter approaches might, in practice, prevent VASPs from accepting a significant number of transactions from their foreign counterparts.

‍

{{report2="/cta-components"}}

‍

The Travel Rule requires Virtual Asset Service Providers (VASPs) to identify and conduct due diligence on their counterparty VASP or financial institution. However, national Travel Rule frameworks tend to be silent or vague on this topic.

Conducting VASP due diligence generally involves obtaining information about the counterparty VASP’s registration/licensing status, its ability to securely hold Travel Rule information, whether it is tied to illicit actors or sanctioned persons, and its level of anti-money-laundering, counter-terrorism financing (AML/CTF) compliance. The aim of performing this due diligence is to ensure that VASPs avoid dealing with illicit or sanctioned actors and to gain assurance that a counterparty VASP can comply with the Travel Rule and protect the confidentiality of shared information.

‍

Counterparty VASP Due Diligence Challenges Faced by VASPs

VASPs face three main challenges in implementing due diligence processes:

1. Difficulty Accessing Information

Beyond identifying counterparties, VASPs struggle to make risk-based decisions due to the scarcity of publicly available information. Verifying whether a counterparty VASP is licensed or registered is particularly hard given the limited number of public registers. Furthermore, assessing a VASP’s adherence to AML/CTF standards is challenging without directly engaging each potential counterparty, which becomes impractical at scale.

2. Lack of Standardization

Currently, there is no uniform standard for conducting VASP due diligence. Additionally, national frameworks for the Travel Rule often lack clear criteria for due diligence.

3. Operational Costs

Conducting VASP due diligence requires resources, which involve either purchasing the relevant compliance tools (to the extent they are available) and/or allocating personnel to perform these due diligence assessments.

‍

The FATF acknowledged these challenges in its June 2023 Targeted Update, reporting that VASPs struggle to effectively conduct due diligence on counterparty VASPs ^[1]. This difficulty is further exacerbated by the existence of unregulated and unlicensed VASPs, making it even more challenging to gather information to assess these entities’ possible connections to illicit activities or sanctioned individuals, as well as their compliance with AML/CTF standards. Notabene’s industry survey supports these observations. Despite the significant drop in prominence since last year, a notable percentage of respondents (29%) continues to send Travel Rule information transfers to all VASPs, regardless of any due diligence assessment. Additionally, counterparty due diligence ranks as the least adopted compliance check among respondents, only ahead of the options “None” and “Other” (see Chapter 3, Section 8 of Notabene’s 2024 State of Crypto Travel Rule Compliance Report).

Approaches to VASP Due Diligence Challenges

FATF

The FATF can do little to solve the operational challenges associated with a VASP’s due diligence process apart from sharing recommendations on how a jurisdiction should implement VASP due diligence requirements. As such, the FATF does the following:

• Makes a clear distinction between the due diligence process required for establishing a correspondent relationship and the process required for Travel Rule purposes ^[2].
• Strongly encourages jurisdictions to maintain and publicize information on VASPs that are registered or licensed in their jurisdiction, to give VASPs access to information needed to perform counterparty due diligence in line with Recommendations 16 and 13 ^[3].
• Clarifies that VASPs need to independently perform due diligence ^[4] — a contentious point that has hindered Travel Rule interoperability efforts. Operators of Travel Rule protocols may resist interoperability to maintain control over the network. However, the FATF emphasizes that VASPs must still independently assess counterparty risk, highlighting that being part of closed Travel Rule networks does not eliminate a VASP’s need to verify information and meet domestic obligations.
• Suggests that the Wolfsberg Correspondent Banking Due Diligence Questionnaire be used as a starting point for the VA industry to develop its own risk-based best practices ^[5].

Regulators

It is not desirable that national regulators specify prescriptive criteria for conducting VASP due diligence, yet it is necessary that regulators understand the current challenges associated with evaluating counterparty VASPs and thus provide VASPs with practical guidance. In 2023, Hong Kong’s SFC offered valuable granularity in their detailed guidance on counterparty due diligence measures ^[6], identifying several criteria that VASPs should consider to determine whether a counterparty is eligible, such as the quality and effectiveness of regulations and supervision, the Travel Rule status in their jurisdiction, and the existent AML/CTF and data protection controls.

‍
National legislators and regulators should also strive to adhere to FATF guidelines on this topic to facilitate the emergence of a global standard for VASP due diligence. However, the European Transfer of Funds Regulation deviates from FATF guidelines by labeling the relationships between domestic CASPs and foreign VASPs as correspondent relationships due to their “ongoing and repetitive” nature. This divergence raises concerns about proportionality and scalability.
‍

Regulators may also consider incorporating exceptions for carrying out due diligence when appropriate, such as in the context of transactions between domestic VASPs that are both supervised by the same authority, or prescribing scenarios where simplified due diligence measures are permissible.

Joint Industry Initiatives

Finding solutions to some of the challenges associated with VASP due diligence can be championed by joint industry initiatives. In fact, there is already work underway to address this.
‍

In 2023, the Global Digital Finance (GDF) members association published the GDF Virtual Asset Due Diligence Questionnaire ^[7]. The questionnaire was designed to provide an overview of a VASP’s AML policies and practices, and it is suggested that VASPs use it to onboard counterparty VASPs or that financial institutions use it to onboard VASPs.

Travel Rule Solutions

Travel Rule solutions and other service providers can offer tools to assist VASPs in operationalizing and scaling due diligence efforts.

‍
Notabene customers can easily access and monitor their counterparties within the Notabene Network. By integrating with VASPNet and Global Legal Entity Identifier Foundation (GLEIF), Notabene provides real-time, verified data about counterparty VASPs’ regulatory statuses and incorporation information. Furthermore, VASPs can also request, review, and share an adapted version of GDF’s questionnaire between selected parties in a secure and encrypted manner.

‍

{{cta-learnmore10="/cta-components"}}

‍

VASPs

VASPs are encouraged to engage in global and local industry initiatives focused on VASP due diligence. Considering the significant impact of VASP due diligence on Travel Rule compliance, it is important that VASPs keep this in mind when selecting a Travel Rule solution to partner with.

Additionally, VASPs should cooperate with their counterparty’s due diligence efforts by providing any requested information. Ideally, VASPs should make their information available to as wide a network of trustworthy counterparties as possible. This would enable other VASPs to conduct due diligence more efficiently.

Notabene’s 2024 Status Check

In 2023, there was significant progress in clarifying and operationalizing counterparty due diligence obligations. The FATF clarified that this due diligence must be carried out independently, which helped the industry to advance with a unified understanding of these obligations. The publication of GDF’s questionnaire was a substantial contribution toward standardizing VASP due diligence. As detailed in Chapter 3, Section 8, our survey results indicate a substantial shift: the proportion of VASPs sending Travel Rule transfers to all counterparts without specific criteria dropped from 52% in 2023 to 29% in 2024. This change highlights a growing commitment to counterparty due diligence obligations.

‍

{{report2="/cta-components"}}

With the European Union’s Transfer of Funds Regulation (TFR) taking effect on December 30, 2024, virtually all Crypto/Virtual Asset Service Providers (CASPs/VASPs) transacting with European customers must ensure compliance or face operational halts. Reachability and responsiveness are crucial for regulated VASPs, as non-responsiveness will prevent future transactions. We’re now at a critical juncture, as this regulation marks the end of the sunrise period and shifts the focus from protocol interoperability to compliant counterparty responsiveness.

At Notabene, we’re thrilled to announce a major milestone in our mission to integrate crypto transactions into the everyday economy. Our latest innovation, SafeTransact for Networks, aims to enhance counterparty responsiveness and bring Travel Rule compliance to existing ecosystems where transactions are already occurring today.

Notabene is uniquely positioned to deliver on this vision, as our extensive network already spans 27 countries, enabling us to process $71 billion worth of transactions in May 2024 alone. With 143 companies actively transacting daily, our clients have successfully integrated with us, setting up robust compliance processes and collaborating effectively with regulators.

Shifting Focus: From Interoperability to Reachability

It is widely understood that the fragmented nature of Travel Rule protocols has impeded widespread adoption. Initially, the industry thought solving protocol interoperability would boost Travel Rule adoption rates. This hypothesis seemed reasonable enough at the time, but it became evident that building a new network from scratch was very difficult. With many protocols with restricted access, low activity, or too few users, VASPs constantly struggle to reach all of their counterparties and achieve full compliance. We have since learned from experience in real-world applications from customers and regulators that the value of protocol interoperability is only as strong as the user adoption that protocols are able to achieve. 

Despite the impressive logos associated with various initiatives, we recognized that many of the biggest names in Travel Rule protocols had little to no activity occurring. To solve this, we shifted our focus from interoperability to reachability. This meant rethinking our approach entirely and not falling into the same trap of inventing yet another competing protocol, but instead solving our customers' core business needs – reaching and receiving responses from transaction counterparties.

Introducing SafeTransact for Networks

‍

‍

Instead of creating a new Travel Rule messaging network from scratch, SafeTransact for Networks integrates a compliance layer into existing networks, where millions of transactions already occur daily. This allows institutional custodians, settlement networks, multi-party computation (MPC) wallets, service providers, and stablecoin issuer ecosystems to seamlessly offer Travel Rule compliance. Networks can now integrate SafeTransact and offer Travel Compliance on top of their transactions. Members can perform checks and screen transactions to make automated authorization decisions without pure technical integration. SafeTransact for Networks helps businesses become compliant faster and seamlessly transact within the ecosystem.

Addressing Activation with SafeTransact for Networks

SafeTransact for Networks directly tackles the reachability challenge by bringing Travel Rule compliance where crypto businesses already transact with their counterparties today. To make SafeTransact for Networks work and reflect real-world transactions, we expanded the rigid Travel Rule, Alice-to-Bob flow, to transaction intermediaries, like custodians. We introduced flexibility and modularity into SafeTransact's transaction flow, which allows you to add as many transaction participants as real-world use cases require. 

Our solution uniquely operates at scale, managing Personally Identifiable Information (PII) in a compliant, risk-based manner, where only authorized businesses receive PII information. SafeTransact remains the only Travel Rule solution that offers this capability.

How it Works

Here’s a clear example of one multi-party transaction:

1. Initiating the Transaction

• Alice, a customer of BerlinEx, initiates a Bitcoin transfer to Bob.
• BerlinEx initiates the transaction by calling their wallet provider, SIGTrust, registered on the Seychelles.
• SIGTrust, being a network partner at SafeTransact, acts as the initiator for the Transaction authorization flow between the participants.

2. Chain of Intermediaries

• SIGTrust initiates the transfer in SafeTransact for Networks.
• Through our discovery methods, SIGTrust identifies that the recipient’s address belongs to TexEx. A first transfer initiation message is exchanged.
• TexEX responds and adds CryptoTrust, their custodian, to the transaction chain.

Once TexEx responds with adding their Custodian CryptoTrust:

‍

3. Transparency and Policy Implementation

• All parties involved recognize that this is a four-party transfer.
• TexEx establishes policies that require a Travel Rule exchange and flags the Seychelles jurisdiction from SIGTrust.
• The transfer appears in TexEx’s platform, listing all participants and their respective roles.

4. Compliance and Authorization

• The compliance team reviews and authorizes the transfer.
• Responses are sent to all participants to ensure everyone is informed.
• A request for a Travel Rule transfer is sent to the Originators about the Originator.

5. Completion and Notification

• All participants send and receive notifications detailing their roles and authorization policies in the transaction.
• Personally Identifiable Information (PII) is shared only with parties that require it.
• Once policies are fulfilled and the transfer is authorized, the transfer is completed and settled on-chain.

6. Policy Setup and Management

• BerlinEx has the option to apply for a profile with Notabene.
• This profile allows them to set up specific policies, including the ability to authorize or reject future transfers.
• The moment they onboard, they see all the historic transfers that they initiated via SIGTrust.

‍

SafeTransact for Networks ensures that even complex multi-party transactions are handled smoothly and securely, with careful management of PII and compliance with all necessary regulations.

Why Choose SafeTransact for Networks?

• Network Providers (e.g. institutional custodians, settlement networks, MPC wallet providers) deliver incremental value to their customers by offering network members a layer of compliance on top of their existing service. 
• Network members (e.g. exchanges, banks, lending desks) quickly and easily achieve Travel Rule compliance without the need for additional development resources by joining the SafeTransact ecosystem. 
• The Entire Ecosystem benefits from the network effects of expanding compliance reachability from individual networks across all integrated networks. This interconnected approach ensures that businesses can transact safely and compliantly within their existing ecosystems without needing to adjust to new frameworks.
  
  

Bringing the Power of SafeTransact to Established Networks

• Comprehensive Travel Rule Compliance: SafeTransact is designed to meet the stringent requirements of the Travel Rule and other regulatory frameworks. By facilitating the exchange of travel rule information and automating compliance processes, SafeTransact helps businesses stay ahead of regulatory demands. This is particularly important as more jurisdictions globally implement these compliance requirements.
• Pre-Transaction Authorization: SafeTransact enables businesses to make informed authorization decisions before a transaction is completed. This feature allows for instantaneous approvals, flags transactions for review, or rejects them based on predefined criteria. By identifying and screening all counterparties, SafeTransact performs thorough due diligence and risk assessments, ensuring that only legitimate transactions are processed.
• Real-Time Decision Making: One of SafeTransact’s standout features is its ability to make authorization decisions in real-time. This capability is crucial for businesses that need to operate at the speed of digital transactions without compromising security. With SafeTransact, businesses can automate their transaction flows and analyze insights, making the entire process seamless and efficient.

We’re excited to present SafeTransact for Networks as an innovative way of increasing Travel Rule adoption globally by meeting crypto businesses where they transact with their counterparties today. We allow existing networks, like institutional custodians and MPC wallet providers, to offer their customers a layer of compliance on top of their ecosystems. All of this is possible with Notabene’s new transaction flow expanding to intermediary and more complex, real-world use cases.

We believe that reachability, activation, and responsiveness are the most pressing issues facing our industry, which is why we are doubling down on expanding the Notabene Network to give our customers truly global reach. We understand that our industry cannot thrive with a one-size-fits-all approach to regulatory compliance, so we have invested in tools like our new PolicyEngine to enable customers to easily manage their unique workflows.

We are approaching a global tipping point for Travel Rule compliance, driven largely by the December 30 implementation deadline for the EU. We are here to help you prepare for that deadline in any way possible. Whether you are a customer participating in our Travel Rule certification programs or seeking a trusted resource for industry updates and education, please consider us a valuable resource. Our team are experts on these issues and is here to assist you with any questions you might have.

‍

To learn more about how SafeTransact can benefit your business and ensure compliance, contact our team for a custom demo.

On July 9, 2024, the Financial Action Task Force (FATF) released its fifth targeted review of the implementation of FATF Standards on Virtual Assets (VAs) and Virtual Asset Service Providers (VASPs). This review provides an overview of the progress made by countries and the industry, as well as ongoing implementation gaps and concerns.

While the report covers a range of topics, we will focus here on the implementation of the Travel Rule. As a reminder, the Travel Rule requires VASPs and financial institutions to obtain, hold, and transmit specific originator and beneficiary information immediately and securely when transferring virtual assets. 

Let's dive in to the main takeaways from the report.

‍

More jurisdictions are passing Travel Rule legislation 

85% of jurisdictions have passed or are in the process of passing Travel Rule legislation, compared to 69% last year

‍‍Jurisdictions have made progress on implementing the Travel Rule. In fact, 70% of respondents (65 of 94 jurisdictions, excluding those that prohibit or plan to prohibit VASPs explicitly) have passed legislation implementing the Travel Rule.

The methodology used by FATF and the Global Network consists of 205 jurisdictions in total. However, 147 jurisdictions responded to the 2024 survey (35 FATF members and 112 FSRB members). It is worth noting that 58 jurisdictions did not respond to the survey. The report infers that these 58 have not made progress on R.15, including the Travel Rule implementation. Responses were self-reported and not verified.

‍

FATF is urging jurisdictions to make immediate progress to enact and enforce legislation implementing the Travel Rule

Despite the legislation, enforcement remains weak. Of the 65 jurisdictions that have passed legislation implementing the Travel Rule, only 17 have issued findings, directives, or taken enforcement or other supervisory actions against VASPs focused on Travel Rule compliance. ^[2]

The targeted update clarifies that a lack of interoperability and the Travel Rule tool’s deficiencies in comprehensive coverage are not excuses for not being compliant. FATF urges jurisdictions to make immediate progress in enacting and enforcing legislation implementing the Travel Rule. Specifically, the report shares the example that,‍

One jurisdiction shared that although regulated VASPs suffer from the lack of interoperability among Travel Rule compliance tools, non-compliant VASPs would still be penalised for their compliance shortcomings. [Paragraph 65]

Another jurisdiction reported imposing regulatory orders on a VASP for non-compliance related to Travel Rule tool deficiencies such as incomprehensive coverage of VAs or delayed data submission. [Paragraph 24]

In short, the FATF is urging jurisdictions to make immediate progress to enact and enforce legislation implementing the Travel Rule.

‍

FATF highlights specific public and private sector challenges in Travel Rule implementation

Both jurisdictions and VASPs continue to face a range of challenges in implementing the Travel Rule, as highlighted below:

Inconsistent implementation and lack of enforcement

VASPs use Travel Rule obligations to mitigate illicit finance risks. However, inconsistent implementation and lack of enforcement have not sufficiently motivated the private sector to enhance compliance.

Interoperability Issues

Although progress has been made, challenges persist due to architectural differences and data protection requirements. VASPs integrating multiple compliance tools face technical, operational, and financial burdens.

Discreet, rather than interconnected, Travel Rule tools with closed lists of participants (aka closed networks)  may also complicate the identification of counterparty VASPs and could result in the misidentification of a counterparty VASP as an unhosted wallet simply because the counterparty did not use the same Travel Rule compliance tool as the beneficiary. The FATF urges the private sector to progress towards increasing compatibility amongst Travel Rule compliance tools, whether through technological advancements that allow interoperability between tools, or by developing relationships that permit transactions to be made through a chain of interoperable tools or other methods. [Paragraph41]

Notabene’s SafeGateway facilitates VASP-to-VASP interactions across various protocols. 

Complex transactions

The industry reported widespread use of the interVASP Messaging Standards (IVMS) for Travel Rule information, akin to ISO20022 for the VA sector. They see potential in further developing standards to enhance message transitions, such as handling transaction rejections and follow-up queries. The increasing sophistication of VA transfers involving professional traders and over-the-counter brokers indicates that some Travel Rule compliance tools may not suit broader transaction types.

To address this, Notabene launched SafeTransact for Networks, which ensures the smooth handling of complex multi-party transactions, careful management of PII, and regulatory compliance.

Sunrise Issue

The report highlights ongoing challenges with the Sunrise issue, where jurisdictions implement the Travel Rule at different times.

• Phased Implementation and Grace Periods: Among the 80 jurisdictions implementing or planning to implement the Travel Rule, many are adopting a phased approach or granting grace periods with exemptions or flexible compliance expectations for VASPs.
• Interaction Restrictions: Most jurisdictions restrict domestic VASPs from interacting with foreign counterparts that lack Travel Rule legislation to mitigate associated risks.
• Risk Mitigation Measures: Specifically, of the 65 jurisdictions that have passed legislation enacting the Travel Rule, about half have measures in place to ensure domestic VASPs are only transacting with regulated and/or Travel Rule-complaint counterparts or are otherwise mitigating the risks.

‍

Despite the challenges mentioned above, FATF calls on all jurisdictions to rapidly enact and enforce the Travel Rule.

‍

VASP should perform counterparty due diligence, even when Travel Rule obligations differ

In order to transmit the required Travel Rule information, VASPs identify and conduct due diligence on their counterparty VASP. This remains a challenge due to difficulties in identifying the counterparty VASP based on VA wallet addresses and varying counterparty VASP due diligence requirements across jurisdictions. 

The FATF report suggests that for cases in which only one of the originator and beneficiary VASPs has Travel Rule obligations due to differences in national requirements, VASPs should still take steps to comply with targeted financial sanctions obligations. They further suggest to transact with unlicensed/unregistered foreign counterparts only if the originator VASP takes risk mitigating measures in place.

Counterparty due diligence ensures VASPs avoid dealing with illicit or sanctioned actors and helps ensure that a counterparty can comply with the Travel Rule, including protecting the confidentiality of shared information. Note that counterparty due diligence for the purpose of complying with R.16 is distinct from the obligations applicable to cross-border correspondent relationships (R. 13). [Page 22]

‍

FATF highlights issues with some Travel Rule compliance tools

The 2022 and 2023 Targeted Update reports highlighted that while the industry has developed various Travel Rule compliance tools in response to FATF standards, many tools still do not fully meet these standards and face interoperability challenges. Common shortcomings include a failure to transmit information immediately in information transmission, affecting sanctions screening and due diligence. 

Regulators and supervisors are encouraged to engage with VASPs to ensure compliance tools meet all FATF requirements and take enforcement actions for non-compliance. VASPs should “deliberative and make informed decisions and select a compliance tool(s) that will allow them to meet all FATF Travel Rule requirements”. The lack of interoperability between tools can hinder transaction monitoring and counterparty identification. The FATF urges the private sector to enhance tool compatibility through technological advancements or relationships among tool providers.

An increasing number of jurisdictions report VASPs using in-house developed compliance tools. There is interest in understanding how these tools interact with others and concerns about their effectiveness. Collaborative efforts between supervisory authorities, regulated VASPs, and tool providers are recommended to ensure tools meet regulatory requirements before use.

FATF shares guiding questions and considerations for Travel Rule compliance tool providers

‍

VASPs should take a deliberative and informed decision and select a compliance tool(s) that will allow them to meet all FATF Travel Rule requirements. Box 2.1 below sets out guiding questions that VASPs should ask to determine whether potential Travel Rule solution tools will comply with all FATF requirements. [Paragraph 40]

The following chart compares SafeTransact’s capabilities vs the VAGC’s guiding questions. 

‍

FATF proposes revisions to Recommendation 16 and implications for Travel Rule

In February 2024, the FATF initiated a public consultation on proposed changes to Recommendation 16 (R.16) and its Interpretive Note on payment transparency. The revisions aim to align the Standard with evolving payment systems and messaging standards (ISO 20022) while maintaining technological neutrality and the principle of "same activity, same risk, same rules." These updates could impact the VA sector by specifying the required originator and beneficiary information and defining the roles of VASPs in complex payment chains. The final revisions to R.16 will determine any changes to the Travel Rule requirements for VASPs. Read Notabene’s response to the public consultation here.

Summary of Recommendations from FATF to public sector

• Jurisdictions without Travel Rule legislation/regulation should urgently introduce it.
• Jurisdictions with the Travel Rule should quickly operationalize it through effective supervision and enforcement.
• Jurisdictions should publicize information on registered or licensed VASPs to facilitate counterparty due diligence.
• Jurisdictions should engage with the VASP sector to identify and ensure Travel Rule compliance tools meet FATF requirements.
• VASPs and compliance tool providers should review and improve tools to fully comply with FATF requirements and enhance compatibility for effective implementation.
• FATF will update and publish assessments of R.15 compliance by 2025.

‍

If you have any questions about the FATF report, or the implementation of the Travel Rule for your business or jurisdiction, let us know at [email protected].

And if you are in the process of determining the right Travel Rule solution for your needs, we'd be happy to offer a free consultation with our compliance experts.

The European Banking Authority (EBA) has issued new Travel Rule Guidelines to enhance the traceability of fund and crypto asset transfers, aiming to combat money laundering and terrorist financing. Stemming from Regulation (EU) 2023/1113, which aligns EU regulations with FATF standards, the Guidelines aim for consistent implementation across the EU, taking effect on December 30, 2024. After releasing a consultation paper in November 2023, to which Notabene responded, the EBA released the final Travel Rule Guidelines on July 4, 2024.

Relevance of the Travel Rule Guidelines: Aligning Travel Rule Supervisory Practices across the EU

The Guidelines reflect the EBA’s view on appropriate supervisory practices within the European System of Financial Supervision or how EU law should be applied in this area. Authorities should integrate these Guidelines into their practices, including adjusting their legal frameworks or supervisory processes as needed.

‍

Key Takeaways from the EBA’s Final Travel Rule Guidelines - July 2024

Key Takeaways from the EBA’s Final Travel Rule Guidelines - July 2024

‍

1. Flexibility in Originator Information

The final version of the Travel Rule guidelines clarifies that CASPs have the discretion to determine which “alternative information items” about the originator customer to transmit and demand receiving, as long as they achieve unambiguous identification and support sanction screening. This approach is intended to be better suited for cross-border transfers. ^[1]

‍

2. Eased Requirements for Self-Hosted Wallet Transfers Below €1,000

• ‍Consultation Paper: The EBA’s consultation paper required that CASPs “use suitable technical means to cross-match data, including blockchain analytics and third-party data providers, for the purpose of identifying or verifying the identity of the originator or the beneficiary.” ^[2]‍
• Final Guidelines: Now, only information collection obligations apply for self-hosted wallet transfers below 1,000, eliminating the need for technical means like blockchain analytics to cross-match collected data to identify and verify the originator or beneficiary. ^[3]

In response to the public consultation, Notabene argued that this requirement was disproportionate and technically unfeasible to implement. The framework initially proposed was stricter than the one set out in the Transfer of Funds Regulation (TFR), creating disproportionate obligations on small transactions. Additionally, Notabene argued that verifying identities through blockchain analytics is impractical, as these providers lack the capability to link personal identities with wallet addresses. We are pleased that the EBA adopted our suggestion, and this adjustment will make compliance more feasible for smaller transactions.

3. Simplified Verification for 1st-Party Self-Hosted Wallet Transfers ≥ €1,000

• ‍Consultation Paper: The draft guidelines initially required CASPs to use two methods for wallet ownership verification. ^[4] 
• ‍Final Guidelines: The requirement to use two methods for wallet ownership verification has been removed. CASPs are now required to use only one method by default for verifying wallet ownership/control. ^[5]

In our consultation response, we successfully argued that requiring two methods for verifying wallet ownership/control may not enhance the verification process and could force the adoption of potentially inefficient practices. In the final version of the guidelines, CASPs are required to use only one method by default.

Notabene’s product suite includes a pop-up user interface designed to identify and verify Travel Rule counterparties at the point of transaction without impeding the transaction flow. SafeConnect obtains proof of self-hosted wallet (SHW) ownership through cryptographic signatures, one of the methods explicitly permitted in the guidelines. 

‍

{{european1="/cta-components"}}

‍

4. Clarification for 3rd-Party Self-Hosted Wallet Transfers Above €1,000

While the TFR does not specify the requirements for third-party self-hosted wallet transfers above €1,000, the Travel Rule Guidelines clarify that if the SHW is owned or controlled by a third party who is not a customer of the CASP, the requirements outlined in Article 19a(1)/(a) of Directive (EU) 2015/849 (AMLD) apply. [6] 

According to this provision, CASPs must evaluate the risks associated with transfers to or from self-hosted wallets. Additionally, CASPs are required to implement risk mitigation measures commensurate with the identified risks. These measures may include:

1. Verifying the identity of the transfer's originator or beneficiary;
2. Requesting additional information regarding the origin and destination of the transfer;
3. Implementing enhanced ongoing monitoring of the transactions.

Therefore, CASPs should adopt a risk-based approach to transactions involving self-hosted wallets and implement any necessary risk mitigation measures proportional to the identified risks.

‍

5. Full Compliance from December 30, 2024, is Mandatory

Travel Rule obligations apply to crypto asset service providers (CASPs) starting December 30, 2024. The EBA states: “From December 30 2024, CASPs as defined in MiCAR will be subject to the EU’s AML/CFT regime and, therefore, these Guidelines,” emphasizing that “non-compliance with Regulation (EU) 2023/1113 is not accepted.” ^[7]

CASPs may use infrastructures or services with technical limitations until July 31, 2025, provided they fully compensate with additional technical steps to comply with these Guidelines. Full compliance is still mandatory. ^[8]

6. The EBA Provides Criteria to Evaluate Travel Rule Solutions

‍

When choosing the messaging or payment and settlement system(s), CASPs and ICASPs should

take proportionate, risk-sensitive measures to assess: [9]

• Seamless Integration: The system’s ability to communicate with other internal core systems and with the messaging or payment and settlement systems of the counterparty of a transfer and its compatibility with other blockchain networks

‍Notabene’s open network approach and integrations with top blockchain analytics, custodians, and sanction screening providers guarantee this connectivity. Additionally, Notabene’s SafeGateway builds secure clients for each Travel Rule messaging protocol, significantly expanding our users' connectivity and enabling them to engage with VASPs on previously inaccessible protocols. 

• The reachability of the protocol (i.e., the diversity and accuracy of counterparties that can be reached using the protocol – subject to the CASP's own due diligence assessment – and the rate of transfers that would successfully be sent to the intended beneficiary or received from the originator);

Notabene’s robust network ensures high transaction success rates.

• How the system enable the CASP or ICASP to detect a transfer with missing or incomplete information;

Notabene’s SafeTransact excels here, automatically identifying deposits lacking Travel Rule information and promptly requesting the necessary details from the originator VASP. 

The EBA’s final Travel Rule Guidelines mark a significant step in enhancing the traceability of fund and crypto asset transfers across the EU. With full compliance required by December 30, 2024, CASPs must prepare to meet these new requirements. Notabene’s solutions are designed to help CASPs navigate these changes efficiently, ensuring compliance while maintaining smooth transaction flows.

{{european2="/cta-components"}}

The sixth and final Plenary of the Financial Action Task Force (FATF) under the Presidency of T. Raja Kumar of Singapore marked significant progress and established future priorities. Here are the main takeaways from the plenary.

‍

Virtual Assets: Implementation Update

The FATF will release its fifth annual update on the implementation of FATF Standards for virtual assets (VA) and virtual asset service providers (VASPs) in July 2024. Since June 2023, the number of compliant jurisdictions has risen from 25 to 33. Despite this progress, 75% of jurisdictions (97 out of 130) remain only partially or non-compliant, indicating that VASP implementation still lags behind other financial sectors. The FATF urges jurisdictions to achieve rapid, full compliance and will continue providing support to this end.

Payment Transparency

Following a public consultation that ended in May 2024, to which Notabene publicly responded to here, the FATF is revising its standards to align with evolving cross-border payment systems and industry standards like ISO20022. These revisions aim to enhance the speed, cost-effectiveness, transparency, and inclusivity of cross-border payments while maintaining AML/CFT compliance. Further dialogue with experts is needed before finalizing these amendments.

Jurisdictions Under Increased Monitoring

Monaco and Venezuela have been added to the list of jurisdictions subject to increased monitoring. Congratulations to Jamaica and Türkiye which have been removed from this list, reflecting their improved compliance.

High Risk Jurisdictions - Call for Action

The FATF reiterated its concerns over certain high risk jurisdictions in its Call for Action.  Specifically for Democratic People’s Republic of Korea (DPRK), Iran, and Myanmar. 

‍

‍Democratic People's Republic of Korea (DPRK) 🇰🇵‍

FATF remains deeply concerned about the DPRK's failure to address significant AML/CFT deficiencies and the proliferation financing risks posed by its illicit activities related to WMDs. The FATF urges all jurisdictions to:

• Terminate correspondent relationships with DPRK banks.
• Close any DPRK bank branches or subsidiaries.
• Limit financial transactions with DPRK persons.

Greater vigilance and enforcement are required, especially given DPRK's increased financial connectivity and use of front companies to evade sanctions.

‍

Iran 🇮🇷

Since Iran has not completed its action plan, including enacting key conventions, the FATF calls for:

• Enhanced supervisory examination for Iranian financial institutions.
• Systematic reporting of financial transactions.
• Increased external audit requirements.

Until Iran fully implements the required measures, the FATF maintains concerns over terrorism financing risks from Iran.

‍

Myanmar 🇲🇲

Due to slow progress in addressing AML/CFT deficiencies, the FATF calls for enhanced due diligence measures. Financial institutions should:

• Increase monitoring of business relationships.
• Ensure legitimate financial flows, such as humanitarian aid and remittances, are not disrupted.

If no further progress is made by October 2024, the FATF will consider applying countermeasures.

Mutual Evaluation Reports: India and Kuwait

India has achieved a high level of technical compliance with FATF requirements, particularly in understanding ML and TF risks, international cooperation, and access to beneficial ownership information. However, improvements are needed in supervising non-financial sectors. Kuwait is also nearing compliance but requires further progress.

Review of Gatekeepers

FATF will publish its findings on the regulation of gatekeepers in July 2024. These entities, if unregulated, remain exposed to significant criminal risks and may fail to detect money laundering red flags.

Women in FATF and the Global Network (WFGN) Initiative

Notabene commends Minister Indranee Rajah who launched the e-book “Breaking Barriers: Inspiring the Next Generation of Women Leaders,” showcasing the resilience and expertise of women in combating financial crime. This initiative, part of the Women in FATF and the Global Network (WFGN), aims to inspire and support aspiring women leaders and complements the multicultural mentoring program.

Compliance with FATF Standards

The Plenary approved revised criteria for prioritizing countries for the International Cooperation Review Group (ICRG) review process. This will ensure that the listing process remains risk-based, fair, and transparent. Members also agreed on assessment methods for compliance with the revised FATF Standards on asset recovery and related international cooperation, adopted in October 2023.

Incoming Mexican Presidency’s Priorities (2024-2026)

As many know, Elisa de Anda Madrazo, is the incoming President.  She outlined the Mexican Presidency’s priorities, which include:

• Advancing financial inclusion through risk-based implementation of the Standards.
• Ensuring a successful start to the new round of assessments.
• Strengthening the cohesion of the Global Network by fostering transparency and unity.
• Supporting effective implementation of revised FATF Standards, focusing on asset recovery, beneficial ownership, and virtual assets.‍
• Continuing efforts to combat terrorist and proliferation financing.

The outcomes of this Plenary set a robust agenda for the FATF, emphasizing the need for rapid compliance, enhanced transparency, and international cooperation to combat financial crime effectively.  We at Notabene are excited to support this and eager to see how this will unfold in the coming year.

📥 Interested in more content like this? Sign up to receive regular updates via LinkedIn.

Authored by CryptoUK’s Travel Rule Working Group, the Travel Rule Good Practices Guide is a cornerstone document for virtual asset service providers (VASPs), cryptoasset businesses, and digital asset industry participants navigating the regulatory landscape in the UK.

This comprehensive guide is a culmination of the industry’s collective effort. It provides an in-depth overview of compliance strategies and valuable guidance on addressing associated challenges.

The UK’s Pivotal Role in the Travel Rule Compliance Landscape

According to Chainalysis (2023), the UK ranks third globally in transaction volume, with an estimated $252.1 billion received last year. The 44 VASPs currently registered with the FCA must comply with the Travel Rule, which came into force on September 1, 2023. This situation underscores the UK’s significant role in promoting Travel Rule compliance worldwide.

Insights from the 2024 State of Crypto Travel Rule Compliance Report

The UK, with its robust regulatory framework, leads in compliance rates. Our comprehensive State of Crypto Travel Rule Compliance Report 2024 revealed that the UK boasts a 100% compliance rate among surveyed respondents in the EMEA region, reflecting the country’s stringent standards since the rule’s enforcement.

Notabene’s Proactive Role in UK Travel Rule Compliance

Our team at Notabene is dedicated to assisting UK VASPs in understanding and complying with their Travel Rule obligations. In 2023, we spearheaded several initiatives:

• Regulatory Sandbox Testnets: As part of the Financial Conduct Authority's (FCA) regulatory sandbox, we conducted two testnets with firms such as Ramp, Bitstamp, Wirex, CoinPass, Altalix, Hidden Road, Bitpanda, Custody, Uphold, and Zodia Markets.
• Guidance Publication: We published a concise guide summarizing the Travel Rule obligations outlined in the Money Laundering and Terrorist Financing (Amendment) (No. 2) Regulations 2022 (MLTFR 2022.)

Additionally, Notabene has actively engaged in the JMLSG consultation process, submitting a response to contribute to the development of practical and effective compliance strategies for the industry. Our efforts ensure the guidance remains relevant and supports VASPs’ compliance journey.

Key Insights from the Travel Rule Good Practices Guide

The CryptoUK Travel Rule Good Practices Guide is an invaluable resource for navigating the complexities of regulatory compliance in the crypto industry. With contributions from industry experts, this guide provides a clear path for VASPs to achieve and maintain compliance.

Key areas covered include:

• Counterparty VASP Due Diligence: In the absence of regulatory guidelines in this respect, this chapter outlines key considerations and best practices, featuring key insights shared by Notabene’s Head of Regulatory and Compliance Team, Lana Schwartzman.
• Withdrawal and Deposit Flows: Provides an overview of applicable obligations and approaches for operationalizing Travel Rule compliance within withdrawal and deposit flows.
• Unhosted Wallets: Discusses the regulatory framework, associated risks, and potential mitigations.

About the Working Group

The CryptoUK Travel Rule Working Group was established in 2023 to foster knowledge sharing and best practices. 

The group collaborates with policymakers, regulators, and key stakeholders, including HM Treasury, the FCA, the Electronic Money Association, and the JMLSG. The Working Group significantly contributed to the development of the JMLSG’s Guidance on Cryptoasset Transfers, published in August 2023.

For more insights and to stay informed about regulatory developments, download the guide and join the CryptoUK Travel Rule Working Group today.

The European Union's Transfer of Funds Regulation (TFR) and the associated Travel Rule Guidelines from the European Banking Authority (EBA) are set to significantly impact how Crypto Asset Service Providers (CASPs) handle crypto-asset transactions. As these regulations come into effect, it is crucial for CASPs to understand the key requirements and prepare for compliance. 

This blog highlights the top 10 things European CASPs need to know about the upcoming Travel Rule compliance enforcement.

1. Comprehensive Data Collection Requirements

Under Article 14, paragraphs 1 and 2 of the TFR, CASPs must ensure that all transfers include specific details about the originator and beneficiary.

This includes:

Natural persons

Legal persons

This comprehensive data collection ensures that all parties in a transaction can be unambiguously identified.

2. Robust Monitoring Systems

Beneficiary CASPs must implement robust monitoring systems to detect and manage non-compliant transactions. These systems should be capable of identifying missing, incomplete, or meaningless information and should align with the risk levels associated with money laundering and terrorist financing. ^[1]

{{european2="/cta-components"}}

3. Handling Non-Compliant Transactions

When a transaction lacks the required information, CASPs have four options: execute, reject, return, or suspend the transfer. The appropriate action depends on the specific circumstances and the risk assessment results. ^[2]

4. Managing Non-Compliant Counterparties

Repeated non-compliance by counterparties requires CASPs to reassess their relationships. This includes applying stricter monitoring and verification measures, potentially terminating business relationships, and reporting non-compliant counterparties to the relevant authorities. ^[3]

5. Verifying Self-Hosted Wallet Transactions

For transactions involving self-hosted wallets, the requirement to use two methods for wallet ownership verification has been removed. CASPs are now required to use only one method by default for verifying wallet ownership/control. ^[4]

6. Understanding Different Self-Hosted Wallet Transaction Scenarios 

The TFR categorizes self-hosted wallet obligations based on the transaction amount and whether the wallet owner is a customer of the CASP. These scenarios include transactions of 1,000 euros or less, transactions over 1,000 euros where the wallet owner is a CASP customer, and transactions over 1,000 euros where the wallet owner is not a CASP customer.

‍

7. Implementing Appropriate Risk Mitigation Measures on Self-Hosted Wallet Transactions

CASPs should adopt a risk-based approach to transactions involving self-hosted wallets and implement any necessary risk mitigation measures proportional to the identified risks. These measures may include verifying the identity of the transfer's originator or beneficiary, requesting additional information, and conducting enhanced ongoing monitoring of transactions. ^[5]

8. Ensuring Compliance with General Obligations

CASPs must ensure compliance with several general obligations, such as:

• Information transmission infrastructure: Must be fully capable of transmitting information without technical limitations. A transitional period until July 31, 2025, allows for exceptions with compensatory policies in place. ^[6]
• Compliance timing: Information must be transmitted immediately and securely, before or at the same time the crypto-asset transfer is completed. ^[7]
• Joint accounts: Transfers from joint accounts, addresses, or wallets must include information about all holders. ^[8]‍
• Information submission changes: Initial information submissions cannot be changed unless requested by the beneficiary CASP or if an error is identified. Subsequent CASPs must be informed and required to detect any missing or incomplete information. ^[9]

9. Evaluating Payment and Messaging Systems (Travel Rule solutions)

Payment and messaging system requirements: CASPs must evaluate selected messaging or payment protocols based on the following aspects:

• Communication with internal core systems and counterparty messaging or payment systems.
• Compatibility with other blockchain networks.
• Reachability, including the ability to reach counterparties and the success rate of transfers.
• Detection of transfers with missing or incomplete information.
• Data integration, security, and reliability. ^[10]

10. Preparing for the Future

By July 1, 2026, the European Commission will assess the necessity for additional measures to mitigate risks associated with self-hosted wallet transactions. This evaluation will encompass examining the efficacy and proportionality of verification mechanisms and considering potential restrictions. ^[11]

‍

{{european1="/cta-components"}}

‍

The upcoming Travel Rule compliance regulation imposes comprehensive requirements on CASPs to ensure the integrity of crypto-asset transactions. By understanding and adhering to these requirements, CASPs can effectively manage transaction information, monitor compliance, handle non-compliant transactions, and manage relationships with non-compliant counterparties. This regulatory framework not only helps in mitigating risks associated with money laundering and terrorist financing but also fosters a more secure and transparent crypto-asset ecosystem in the European Union.

‍

Want to learn more? Read our blogs on beneficiary VASPs' transaction requirements under the TFR and the upcoming self-hosted wallet requirements.

The European Union’s Transfer of Funds Regulation (TFR) and the European Banking Authority (EBA)’s Travel Rule Guidelines, updated with the EBA’s final Travel Rule guidelines published on July 4, set out specific requirements for transactions involving self-hosted wallets. These wallets, controlled by individuals rather than VASPs, pose unique challenges to regulatory compliance. This article summarizes the obligations for self-hosted wallet transactions under the TFR, focusing on different transaction scenarios and the required verification measures.

‍

Highlights of What Changed in the EBA’s Final Travel Rule Guidelines

1. More Flexibility in the Scope of Required Originator Information:

The final version of the Travel Rule guidelines clarifies that CASPs have the discretion to determine which “alternative information items” about the originator customer to transmit and demand receiving, as long as they achieve unambiguous identification and support sanction screening. This approach is intended to be better suited for cross-border transfers.

2. Eased Requirements for SHW Transfers Below €1,000:

The final version of the Travel Rule guidelines removes verification requirements. Only information collection obligations apply, eliminating the need for technical means like blockchain analytics to cross-match collected data in order to identify and verify the originator or beneficiary.

3. Simplified Verification for 1st-Party SHW Transfers ≥ €1,000:

The requirement to use two methods for wallet ownership verification has been removed. CASPs are now required to use only one method by default for verifying wallet ownership/control.

4. Clarification for 3rd-Party SHW Transfers Above €1,000:

The Travel Rule Guidelines now clarify the requirements, specifying that if the SHW is owned or controlled by a third party who is not a customer of the CASP, the requirements from Article 19a of Directive (EU) 2015/849 apply. Additionally, the originator/beneficiary identity verification required therein is deemed to be fulfilled by collecting additional information from other sources (e.g., blockchain analytics, third-party data, or recognized authorities’ data) or using other suitable means to ensure the originator/beneficiary’s identity is known.

‍

{{european1="/cta-components"}}

‍

Overview of Applicable Obligations

The TFR categorizes obligations based on the transaction amount and whether the wallet owner is a customer of the Crypto Asset Service Provider (CASP). These scenarios include:

• Transactions of 1,000 euros or less.
• Transactions over 1,000 euros where the wallet owner is a CASP customer.
• Transactions over 1,000 euros where the wallet owner is not a CASP customer.

Understanding these categories is crucial for CASPs to ensure compliance with the TFR and the associated Travel Rule Guidelines.

‍

A. Transactions of 1,000 Euros or Less

For transactions of 1,000 euros or less involving self-hosted wallets, the TFR mandates that CASPs collect and hold specific information about the parties involved. As outlined in Articles 14/5 and 16/2 of the TFR, transactions involving self-hosted wallets of 1,000 euros or less require CASPs to obtain and hold information about the parties to the transaction. The scope of information that CASPs are required to collect mirrors that which is mandated for CASP-to-CASP transactions.

The Travel Rule Guidelines clarify in paragraph 80 that this information must be sourced from the CASP’s customer. This includes:

• Full name of the originator and beneficiary

• Distributed ledger address

• Account number

The final EBA Travel Rule Guidelines removed the requirement for CASPs to cross-match this information using suitable methods such as blockchain analytics and third-party data providers to verify the identity of the originator or beneficiary. Now, CASPs are mandated to collect and retain specific pieces of information from their customers. ^[1]

‍

B. Transactions Exceeding 1,000 Euros Where the Wallet Owner is a Customer of the CASP

For self-hosted wallet transactions exceeding 1,000 euros, the TFR requires CASPs to verify whether their customer owns or controls the self-hosted wallet. ^[2] The originator CASP is tasked with evaluating whether the wallet is owned or controlled by the originator, while the beneficiary CASP must determine whether the wallet is owned or controlled by the beneficiary. ^[3]

The Travel Rule Guidelines set a non-exhaustive list of verification methods available to CASPs and mandate the use of at least one method for wallet ownership/control verification, such as:

• Advanced analytical tools
• Unattended verifications (e.g., displaying the address)
• Attended verifications (e.g., live customer interaction)
• Sending a predefined amount from the wallet to the CASP
• Signing a specific message in the account and wallet software
• Other suitable technical means, as long as they allow for reliable and secure assessment. ^[4]

Where one method on its own is not sufficiently reliable to reasonably ascertain the ownership or control of a self-hosted address, the CASP should use a combination of methods. ^[5]

‍

C. Transactions Exceeding 1,000 Euros Where the Wallet Owner is Not a CASP Customer

The TFR does not explicitly address transactions over 1,000 euros involving third-party wallets. However, the Travel Rule Guidelines include a framework governing these transactions. According to the guidelines, the requirements outlined in Article 19a(1)/(a) of Directive (EU) 2015/849—verification of the originator or beneficiary’s identity—are considered fulfilled if the CASP:

• Collects additional information from other sources to verify the submitted information (e.g., from blockchain analytics, third-party data, or recognized authorities’ data)
• Uses other suitable means as long as it is fully satisfied that it knows the originator’s or beneficiary’s identity. ^[6]

‍

Verification and Risk Assessment

CASPs must adopt a risk-based approach to all transactions involving self-hosted wallets. This includes assessing the risks associated with each transfer and applying enhanced due diligence when high ML/TF risks are detected. The verification process involves collecting additional data from various sources, such as blockchain analytics, third-party data providers, recognized authorities, and publicly available information.

‍

General Obligations for Self-Hosted Wallet Transactions

In addition to specific transaction-based requirements, CASPs must adhere to several general obligations when dealing with self-hosted wallets:

1. Self-Hosted Wallet Identification

Use technical methods to discern whether the transaction involves a VASP or a self-hosted wallet. If technical means are insufficient, acquire the necessary information directly from the customer. ^[7]

2. Threshold Calculation

Compute the transaction amount based on the exchange rate prevailing at the time of the transfer. ^[8]

3. Risk Assessment

Assess the risks associated with self-hosted wallet transactions and apply appropriate risk mitigation measures. ^[9]

‍

Additional Context and Considerations

‍

FATF’s Recommendation 16

Transactions between VASPs and self-hosted wallets fall within the scope of FATF’s Recommendation 16, following its revision in October 2021. Unlike VASP-to-VASP transactions, there is no mandate to transmit originator and beneficiary details to a counterpart. Instead, VASPs must adhere to specific obligations, which can vary significantly across jurisdictions.

Regulatory Expectations and Trends

Although regulatory expectations vary significantly across regions, the requirement for VASPs to verify their customer’s or a third party’s control over the wallet address involved in transactions is gaining traction. The TFR’s requirements reinforce this trend, as further detailed in the sections above.

Future Assessments

By July 1, 2026, the Commission will assess the necessity for additional measures to mitigate risks associated with self-hosted wallet transactions. This evaluation will encompass examining the efficacy and proportionality of verification mechanisms and considering potential restrictions.

The EU TFR sets comprehensive requirements for self-hosted wallet transactions to mitigate the risks associated with money laundering and terrorist financing. CASPs must ensure compliance by verifying wallet ownership, implementing robust monitoring systems, and adopting a risk-based approach to all transactions. By doing so, CASPs can enhance the security and transparency of crypto-asset transfers, contributing to a safer financial ecosystem.

‍

{{european2="/cta-components"}}

‍

The EU TFR sets comprehensive requirements for self-hosted wallet transactions to mitigate the risks associated with money laundering and terrorist financing. CASPs must ensure compliance by verifying wallet ownership, implementing robust monitoring systems, and adopting a risk-based approach to all transactions. 

Interested in learning more? Check out our blog on what the TFR says beneficiary VASPs should do when it comes to incoming transactions and the top 10 insights European CASPs need to know about their upcoming Travel Rule compliance framework.

The European Union's Transfer of Funds Regulation (TFR) and the European Banking Authority’s final Travel Rule Guidelines impose stringent requirements on Crypto Asset Service Providers (CASPs) to ensure transparency and security in crypto-asset transactions. Beneficiary CASPs, in particular, have critical responsibilities in managing incoming transactions despite their limited control over deposit flows compared to originating CASPs.

Beneficiary CASPs cannot proactively block incoming deposits and rely on the compliance of the originator CASP to meet obligations. Therefore, it is crucial to evaluate strategies for handling non-compliant deposits. This article focuses on the specific requirements for beneficiary CASPs and strategies for managing transactions that fail to meet compliance standards.

Required Information for Transactions

Under Article 16/1 of the TFR, beneficiary CASPs are obligated to receive specific information about both the originator and the beneficiary of each transaction. Articles 14(1) and 16(1) of the TFR specify the required information, including:

• Full name of the originator and beneficiary
• Distributed ledger address and account number
• Address and official personal document number of the originator
• Additional optional information, such as customer identification number or date and place of birth, to ensure unambiguous identification.

Monitoring Systems for Detecting Non-Compliance

The TFR mandates that beneficiary CASPs implement robust monitoring systems to detect non-compliant transactions. According to the Travel Rule Guidelines, these systems should include:

1. Methods for detecting missing, incomplete, or meaningless information.
2. Pre- and post-monitoring practices aligned with money laundering and terrorist financing (ML/TF) risk levels.
3. Criteria for recognizing risk-increasing factors. ^[1]

Managing Non-Compliant Transactions

Beneficiary CASPs must follow specific procedures to detect a transaction lacking the required information. Article 17 of the TFR outlines four possible actions:

1. Execute: The CASP can proceed with the transaction if the risk assessment allows it.
2. Reject: The transaction can be rejected if it does not meet compliance standards.
3. Return: The funds can be returned to the originator if the necessary information is not provided.
4. Suspend: The transaction can be temporarily suspended while additional information is requested.

The Travel Rule Guidelines provide more granularity on how CASPs should define the appropriate follow-up action:

• Beneficiary CASPs can request missing information from the originator CASP rather than immediately rejecting or returning the transfer. ^[2] 
• If the information is not provided within a specified timeframe (three working days for EU transfers and up to seven days for others), the CASP must decide whether to proceed based on a risk assessment. ^[3] 
• If the rejection is technically impossible (e.g., the crypto-assets have already been received), the transfer should be returned to the originator. ^[4]
• If returning the transfer to the original address is not possible, CASPs should hold the returned assets in a secure, segregated account while communicating with the originator CASP to arrange the proper return of the crypto-assets. ^[4]

‍

Managing Non-Compliant Counterparties

When beneficiary CASPs identify deposits missing Travel Rule data, it not only disrupts the transaction but also strains relationships with non-compliant counterparties. Here’s how CASPs should manage these situations according to Article 17/2 of the TFR:

1. Reassess the Relationship: Evaluate if the counterparty repeatedly fails to provide the required information.
2. Report Non-Compliance: Notify competent authorities about the non-compliance.

Assessment Criteria

To determine the appropriate course of action, CASPs must assess whether the counterparty has repeatedly failed to meet their obligations. The assessment involves both quantitative and qualitative criteria:

• Quantitative: Frequency of incomplete transfers and unanswered follow-up requests. ^[5]
• Qualitative: Counterparty cooperation, agreements for extended time, and reasons for missing data. ^[6]

Steps for Repeated Non-Compliance

1. Issue Warnings: Inform the counterparty of potential consequences and set deadlines for compliance.
2. Enhanced Due Diligence: Apply stricter measures to manage risk.
3. Terminate Relationship: If necessary, end the business relationship or reject future transfers.
4. Report Repeatedly Non-compliant CASPs: CASPs must report non-compliant counterparties within three months of identifying non-compliance and include details of the non-compliant counterparty CASP, nature and frequency of breaches, justifications provided, and actions taken. ^[7] 

‍

General Obligations

Finally, the Travel Rule Guidelines offer a concise overview of supplementary requirements that CASPs should consider when dealing with deposits. 

‍

Pre vs. Post Transaction Monitoring

CASPs are responsible for establishing policies and procedures to determine which transfers require monitoring before or during the transfer process. This decision should consider any factors that may increase risk, as specified in the “EBA’s Guidelines on Money Laundering/Terrorist Financing (ML/TF) Risk Factors.” ^[8]

Meaningless and Inconsistent Information

CASPs should treat information as missing if essential fields are left empty or if the provided information is deemed meaningless or inconsistent. For example, random strings of letters should be considered meaningless information. ^[9]

Communication Systems

When contacting the counterparty for clarification, CASPs should use the same messaging system utilized to transmit the initial information. ^[10]

Self-Hosted Wallet Deposits

For deposits from self-hosted wallets, any requests for clarification should be directed straight to the customer. ^[11]

Interested in learning more? Check out our articles on Self-Hosted Wallet Transaction Requirements Under the EU TFR and Top 10 Insights European CASPs Need to Know About the Upcoming Travel Rule Compliance Regulation.

This article provides an in-depth look at virtual asset service providers' (VASPs) current transaction restrictions and compliance measures as they navigate Travel Rule compliance.

Based on the results from Notabene's 2024 State of Crypto Travel Rule Compliance survey, we explore how crypto businesses and financial institutions are preparing to meet these regulatory requirements. Download the report here to gain deeper insights.

Key Findings

Global Survey Overview
The survey, conducted between October 2023 and January 2024, included 70 companies from Europe, the Middle East, Africa (45.7%), Asia-Pacific (30%), and the Americas (21.4%).

66% of VASPs Enforce Restrictions on Withdrawals That Do Not Comply With Travel Rule Requirements

66% of VASPs enforce restrictions on withdrawals that do not comply with Travel Rule requirements. Notably, 23% do not allow withdrawals unless a Travel Rule message can be sent to the beneficiary VASP, up from 8% last year. This shift reflects a growing trend towards stricter compliance measures within the industry. The percentage of respondents permitting customers to withdraw funds without being able to send Travel Rule messages to the beneficiary VASP has dropped significantly from 37% in 2023 to 19% in 2024. This decrease of 49% underscores a heightened focus on ensuring compliance with regulatory requirements.

Moreover, 40% of respondents adopt a risk-based approach when determining whether to allow a withdrawal. This method reflects an industry-wide effort to balance business considerations with regulatory compliance. Given the persistent limitations that hinder full compliance, such as the Sunrise Issue, this approach is particularly significant. The increasing adoption of stringent compliance measures marks a notable shift in the industry’s approach to risk management, demonstrating a mature, proactive, and compliant stance in navigating the evolving landscape of crypto regulations.

66% of Companies Impose Restrictions on Transactions With Self-Hosted Wallets

66% of companies impose restrictions on transactions with self-hosted wallets. Approximately one-third of companies (33%) exclusively allow first-party transactions with self-hosted wallets and require customers to demonstrate control over the wallet address before authorizing the transaction. Additionally, 27% of companies allow third-party transactions with self-hosted wallets but collect beneficiary information from their customers, showcasing a commitment to due diligence. A minority of 6% of companies outright prohibit transactions with self-hosted wallets. 

There is still a substantial portion of respondents (29%) that do not impose any restrictions on transactions with self-hosted wallets. The “Other” category, comprising 6% of responses, suggests a unique range of approaches that some companies have adopted to handle transactions with self-hosted wallets. The distribution of survey responses illustrates the diversity of approaches that regulators worldwide take when defining rules for transactions involving VASPs and self-hosted wallets.

Over 20% of VASPs Return Deposits Missing Required Travel Rule Information

Handling Deposits

Over 20% of VASPs return deposits missing required Travel Rule information. Specifically, 21% of companies, upon identifying the originator VASP, promptly send requests for missing Travel Rule information. If the information is not received, companies take the decisive step of returning the funds. This approach often creates additional operational challenges for VASPs, which is further discussed in Chapter 5, Section 7 of the report. Another 10% follow a similar protocol but opt to collect the required information directly from their end-customers in the absence of the necessary data, using this as an alternative means to assess transaction risk when counterparty collaboration is lacking.

Nearly half (49%) of the respondents take more lenient approaches. Notably, 30% adopt a risk-based approach, evaluating the associated risks before deciding whether to make the deposit available to end-customers. Meanwhile, 19% of respondents permit their customers to receive deposits without the mandated Travel Rule information. This variation in approach may stem from the need to balance compliance with business needs. A significant portion of deposits from VASPs still lack Travel Rule information due to hindrances like the Sunrise Issue and interoperability issues. For these firms, strict compliance would entail refusing all deposits except from self-hosted wallets, which would have a significant and potentially disproportionate impact on business.

Diverse Compliance Strategies

VASPs employ a range of strategies to manage non-compliant deposits, from providing grace periods to negotiating compliance practices with counterparties. Some respondents revealed ongoing efforts toward implementation, development, or the intention to implement in the future. Strategies included providing grace periods for clients, negotiating compliance practices with counterparties, and adopting selective compliance measures based on specific circumstances. These diverse responses underscore the complex and evolving nature of the regulatory landscape and the varied approaches taken by entities within the crypto ecosystem. This emphasizes the need for continued collaboration and standardization for comprehensive and effective risk mitigation practices.

As the regulatory landscape continues to evolve, VASPs must stay abreast of changes and adopt robust compliance strategies. The increasing adoption of stringent compliance measures marks a significant shift in the industry's approach to risk management, demonstrating a mature, proactive, and compliant stance in navigating the evolving landscape of crypto regulations. For VASPs, staying ahead of these changes will be crucial in maintaining competitive advantage and fostering trust in the digital asset space.

{{report1="/cta-components"}}

This article provides an in-depth look at virtual asset service providers' (VASPs) current implementation challenges as they navigate the Travel Rule.

Based on the results from Notabene's 2024 State of Crypto Travel Rule Compliance survey, we explore how crypto businesses and financial institutions are preparing to meet these regulatory requirements. Download the report here to gain deeper insights.

Protocol Interoperability Emerges as the Top Hurdle to Travel Rule Adoption

Each year, we explore the evolving challenges of implementing the Travel Rule. This year, the lack of interoperability between different protocols has become the foremost challenge, as 34% of respondents highlighted. This underscores the growing necessity for standardized communication to ensure effective compliance with the Travel Rule across various platforms. 

Interestingly, despite identifying interoperability as a major hurdle, 67% of respondents reported not using more than one Travel Rule protocol. This suggests that the impracticality of integrating multiple protocols outweighs the compliance limitations that arise from the lack of protocol interoperability.

Additionally, respondents were asked about their companies’ responses to Travel Rule transfers from other VASPs. Notably, 37% of respondents indicated that they had not received such requests. The lack of incoming Travel Rule transfers points to a fragmented approach to compliance, where many VASPs continue to operate in isolation due to the lack of interoperability.

The survey results highlight a crucial industry dilemma: counterparties may not be using the same Travel Rule protocol and thus may be unaware of Travel Rule requests from others, contributing to significant compliance challenges in deposit flows. This is why it is imperative to address interoperability—to improve compliance and unlock the full transaction potential by ensuring seamless industry-wide communication. This topic is further explored in Chapter 5, Section 5 of the Report.

The Sunrise Issue’s Negative Impact Jumps 74%

The prominence of the Sunrise Issue as a barrier to adopting the Travel Rule has escalated, moving from the third to the second most significant challenge. This marks a 74% increase from the previous year’s findings. Despite expectations that last year’s surge in Travel Rule adoption would mitigate the Sunrise Issue, the opposite has occurred. The rise in adoption has been offset by increasing regulatory demands, leading to more stringent compliance measures.

Even though more VASPs are adhering to the Travel Rule, theoretically easing the Sunrise Issue, regulatory standards have tightened. Previously, VASPs had more leeway in handling non-compliant counterparties, with only 8% opting not to execute transactions when unable to transmit Travel Rule information. Currently, although more VASPs are compliant and able to exchange information, the flexibility in dealing with non-compliant counterparts has diminished. The number of VASPs halting transactions when unable to send a Travel Rule data transfer has nearly tripled this year.

Overcoming the Sunrise Issue requires a universal agreement on implementing the Travel Rule. Without swift and broad enforcement, the negative impacts of the Sunrise Issue are likely to grow due to increased regulatory scrutiny and enforcement in compliant regions. This issue is further examined in Chapter 5, Section 1. The “Regulatory/legal uncertainty” hurdle has shifted to the third position at 16%, marking a measurable decline from its second-place standing of 22% in 2023.

This shift suggests that increased regulatory clarity has eased some hindrances, as evidenced by developments like the U.K. Travel Rule implementation and the definition of the EU Travel Rule framework with the publication of the TFR. However, though this stride forward signals progress, this hurdle still places in the top three, underscoring the need for continued efforts to comprehensively address the clarity of the regulatory guidelines, with the goal of moving it out of the top three.

In the 2023 survey, VASPs highlighted "Lack of technical resources" as the primary hurdle to Travel Rule adoption (at 27%). However, in 2024, the percentage of those citing it as their top concern decreased dramatically to 3%, a staggering 89% decrease. Such a change in position indicates that the challenges relating to this obstacle have been alleviated, possibly due to the increased business commitment to Travel Rule implementation. It could be argued that the rising regulatory urgency fostered an alignment between compliance needs and business objectives. As reported by nearly half of the respondents (47%), Travel Rule adherence has evolved into a prerequisite for obtaining a license to operate in new markets. This is true in pivotal crypto hubs like Hong Kong and the United Arab Emirates, as explored in Chapter 2, Section 1 of the 2024 State of Crypto Travel Rule Compliance Report.

Moreover, Travel Rule adherence plays an increasingly vital role in the due diligence processes of banks and financial institutions—when assessing VASPs for core financial services, such as bank accounts—and regulators and auditors, as further explored on page 56 of the report.

Nearly Half of All Respondents Face Travel Rule Obligations in Multiple Jurisdictions

Last year’s survey results uncovered the global nature of Travel Rule compliance; this year’s findings further support this. A notable finding is that 47% of respondents are now subject to the Travel Rule in multiple jurisdictions, which represents a substantial increase of approximately 104% compared with last year’s 23%. This surge underscores the growing complexity of complying with the Travel Rule on a global scale, as it requires adherence to different regulatory standards across jurisdictions.

A closer examination of the respondents required to comply across multiple jurisdictions reveals a substantial concentration within specific jurisdictions:

• 33% have a presence in the United Kingdom,
• 27% in the United States, and
• 21% in Singapore.This emphasizes the global significance of these key jurisdictions and underscores the urgency of adopting sensible regulatory policies that facilitate seamless cross-border transactions.

Cross-Border Compliance Emerges As a Key Concern

Additionally, as part of the survey, participants were given the option to rank the importance of factors contributing to the success of their Travel Rule solution. The findings indicate that 65% identified “multi-jurisdictional roll-out” among their top two priorities, with 23% ranking it as their primary concern. This trend underscores the significance of cross-border compliance with the Travel Rule.

{{report1="/cta-components"}}

This data highlights the industry’s potential for improved efficiency through a unified and cohesive strategy to navigate diverse regulatory requirements across regions.

This article provides an in-depth look at virtual asset service providers' (VASPs) current compliance status and future planning as they navigate the Travel Rule. Based on the results from Notabene's 2024 State of Crypto Travel Rule Compliance survey, we explore how crypto businesses and financial institutions are preparing to meet these regulatory requirements. 

96% of VASPs Are Travel Rule Compliant or Plan To Be in 2024

The Travel Rule has become a fundamental aspect of the crypto compliance landscape. According to the survey, 96% of respondents are either already compliant or plan to be by Q4 2024. This marks a significant milestone, with over half (52%) of respondents already adhering to the Travel Rule in 2023—a substantial increase from 23% the previous year, indicating a 123% growth in compliance.

A mere 4% of respondents indicated a stance of non-compliance until 2025. This highlights that compliance with the Travel Rule is not only an immediate necessity due to increased regulatory urgency but also a strategic imperative for entities aiming to operate and transact globally in a compliant manner. For a comprehensive analysis and detailed statistics, download the full report.

Team Sizes and Automation

A notable 80% of firms have dedicated Travel Rule compliance teams, reflecting the industry's commitment to meeting these stringent requirements and recognizing the importance of working with specialized personnel to successfully navigate the intricacies of Travel Rule compliance and stay abreast of increased scrutiny and regulatory demands.

The survey also investigated team sizes and the automation of pre-transaction checks, which revealed respondents’ efforts to ensure the efficient operation of their compliance teams.

A large portion of respondents (46%) have significantly automated their systems, with less than 25% of transactions flagged for manual review. Another 24% partially automate, flagging over 25% for manual review. However, 17% manually approve every transaction, and 13% automate without pre-transaction checks.

Nearly half of respondents (47%) had to demonstrate Travel Rule compliance during license applications, indicating its importance in gaining market access.

Additionally, more than half of the respondents (53%) have had their AML and sanctions programs evaluated by local regulators, examiners, or independent reviewers, explicitly focusing on Travel Rule compliance. This standardized assessment process highlights Travel Rule adherence's integral role in the AML framework and its strategic importance within the overarching compliance framework.

The industry's commitment to Travel Rule compliance is evident through dedicated teams, integration into licensing processes, and comprehensive AML assessments, making it a strategic imperative for operational excellence and market credibility.

VASPs Ensure Compliance Where the Travel Rule Is a Licensing Deal-Breaker

A commendable 52% of companies, spanning diverse primary jurisdictions are already complying with Travel Rule requirements. However, a closer examination of survey responses on primary jurisdiction and implementation timelines reveals a clear pattern: VASPs prioritize compliance where Travel Rule compliance is a license “deal breaker.”

EMEA

The EMEA region as a whole, in particular, demonstrates a high compliance rate, with 59% of respondents claiming to be already complying in this region.

In the EMEA region, the U.K. stood out as the primary jurisdiction with the highest percentage of compliant respondents, boasting an exceptional 100% compliance rate among those surveyed. Of these, 89% were already compliant, and the remaining 11% planned to be by the end of 2023 when the survey was issued. This remarkable compliance rate can be attributed to the U.K.’s robust standards since the country began enforcing the Travel Rule on September 1, 2023.

UAE

When looking deeper into the UAE respondents, where Travel Rule compliance is a licensing prerequisite, 60% of companies have already achieved compliance, and an additional 20% anticipate reaching compliance by the second quarter of 2024. These statistics demonstrate that having Travel Rule compliance as a license deal-breaker fosters a proactive commitment to adoption from the industry.

The trend of enforcing strict licensing regimes is positive. An analysis conducted by TRM Labs (2024) found that VASPs in countries with full licensing and supervision regimes have lower rates of illicit activity than those in less regulated jurisdictions.

‍

APAC

It’s crucial to highlight that the rest of the world is keeping pace. Among respondents with primary jurisdictions in APAC, an impressive 86% are already in compliance with the Travel Rule. This includes vital APAC jurisdictions such as Singapore, Hong Kong, India, Japan, and Malaysia.

Of the 39% of APAC respondents that listed Singapore as their primary jurisdiction, 63% are already compliant, while an additional 25% aim for compliance by Q1 of 2024.

U.S.

The U.S. is trailing behind compared to other key jurisdictions. Despite the Travel Rule requirements in the U.S. since 2013, only 50% of companies claim compliance, with an additional 30% expecting compliance by Q1 of 2024. These numbers are particularly striking compared to the 100% compliance rate observed in the U.K., where the measures were implemented only recently, just four months before the survey was issued. This trend may be attributed to regulatory ambiguity and limited enforcement action in the U.S., contrasting with the proactive commitment to adoption seen in other jurisdictions.

However, the increasing counterparty urgency is expected to drive global adoption, particularly in the United States. Our survey data indicated that fewer VASPs are willing to send withdrawals or receive deposits without the ability to transmit or receive relevant Travel Rule information, which means a potential increase in business loss. Such pressure to adapt will hopefully drive industry stakeholders and regulators to take action, especially those in the U.S.

The Number of VASPs Not Implementing Counterparty Due Diligence Processes Has Nearly Halved

Trend Shift

The survey indicates a significant decrease in the proportion of companies willing to send Travel Rule transfers to counterparties without specific criteria, dropping from 52% in 2023 to 29% in 2024. This reflects a growing emphasis on rigorous counterparty due diligence. Another notable trend is the growing emphasis on assessing the regulatory status of counterparties, a number that has seen doubled growth, from 4% to 9%.

Due Diligence Practices

Sixty-four percent of companies perform due diligence pre-transaction. The survey question, “What checks do you perform, if any, on your counterparties prior to initiating Travel Rule transactions?” highlights the industry's maturing commitment to Travel Rule compliance. The majority of respondents conduct:

• Wallet sanction screening (87%)
• Counterparty name sanction screening (77%)
• Evaluation of wallet risk scores (74%)
• VASP due diligence (64%)

Only a minority (6%) reported conducting no checks, underscoring a holistic approach to risk management. However, despite the positive trend, VASP due diligence is still the least adopted measure.

The trends indicate a clear shift toward more rigorous counterparty due diligence, a preference for regulated counterparties, and a strategic move away from indiscriminate transfers to all VASPs. Despite this progress, challenges remain. As outlined in Chapter 5, Section 3, issues such as the least performed measure of VASP due diligence continue to hinder the counterparty due diligence process.

‍

The industry’s growing commitment to Travel Rule compliance is evident with the existence of dedicated teams, integration into regulatory licensing processes, and the core fabric of AML compliance assessments. This trend positions Travel Rule compliance not merely as a regulatory necessity but as a strategic imperative that drives operational excellence and market credibility.

‍

{{report1="/cta-components"}}

‍

The European Union's Transfer of Funds Regulation (TFR) enforces the Crypto Travel Rule to combat money laundering and terrorist financing. This rule, initially mandated by the U.S. Financial Crimes Enforcement Network (FinCEN), was extended in June 2019 by the Financial Action Task Force (FATF) to include virtual assets (VAs) and Virtual Asset Service Providers (VASPs). The Travel Rule requires VASPs to securely obtain, hold, and transmit originator and beneficiary information during VA transfers.

This article provides an overview of the crypto Travel Rule in the European Union, pulling from the Transfer of Funds Regulation (TFR) and the European Banking Authority (EBA)’s draft Travel Rule Guidelines.
‍

{{cta-learnmore1="/cta-components"}}

‍

Regulatory Milestones in the EU

The EU has been proactive in aligning its regulations with FATF’s recommendations:

• FATF Guidance (2019): The FATF issued its first guidance on a risk-based approach to virtual assets and VASPs, marking a significant expansion of AML/CTF measures.
• EU Regulation (2015/847): This regulation was adopted to apply FATF’s requirements uniformly across member states, ensuring fund transfers include payer and payee information.
• TFR Recast (2023): The TFR was extended to include crypto transfers, setting uniform Travel Rule requirements across all 27 EU member states.
• Travel Rule Comes into Force (2024): The European Banking Authority (EBA) will publish final Travel Rule guidelines in June 2024, and crypto Travel Rule obligations will become enforceable on December 30, 2024.

Information Transmission Requirements

The TFR mandates uniform obligations for crypto transfers, regardless of the transaction amount or whether they are cross-border. CASPs must include specific details about the originator and beneficiary in all transfers.

Required Information for Crypto Transfers

‍

Natural Persons

Legal Persons‍

* Note: Regarding the date and place of birth, the EBA does not clarify what would be required instead if the originator is a legal person. In some jurisdictions, VASPs are required to provide a date and place of incorporation, but the EU requirement is unclear. 

‍

{{cta-learnmore1="/cta-components"}}

‍

General Obligations for Information Transmission

CASPs must ensure their information transmission infrastructure is fully capable of compliance without technical limitations. The information should be transmitted immediately and securely before or at the same time as the crypto-asset transfer is completed. For joint accounts, transfers must include information about all account holders. Selected messaging protocols must enable seamless and interoperable transmission of information.

Travel Rule Obligations in Deposits

Beneficiary CASPs also have responsibilities upon receiving a transaction. They must implement robust policies and procedures to detect incoming transactions lacking necessary information and handle such transactions appropriately. If a transaction lacks the required information, beneficiary CASPs can choose to execute, reject, return, or suspend the transfer based on a risk-based approach.

Managing Non-Compliant Counterparties

When deposits lack Travel Rule data, CASPs must reassess their relationships with non-compliant counterparties. If a counterparty repeatedly fails to meet obligations, CASPs should consider enhanced due diligence measures, potentially terminating the business relationship, and reporting the non-compliance to competent authorities.

‍

Self-Hosted Wallet Transactions

Transactions between CASPs and self-hosted wallets fall within the scope of FATF’s Recommendation 16. The regulatory requirements vary depending on the transaction amount and whether the wallet owner is a CASP customer or a third party.

Transactions of 1,000 Euros or Less 

For transactions involving self-hosted wallets of 1,000 euros or less, CASPs must obtain and hold information about the parties to the transaction. This information should be cross-matched using suitable methods, such as blockchain analytics and third-party data providers, to verify the originator's or beneficiary's identity.

Transactions Over 1,000 Euros Where the Wallet Owner is a CASP Customer 

For transactions exceeding 1,000 Euros, CASPs must verify whether the customer owns or controls the wallet. The EBA’s Travel Rule guidelines specify that CASPs must use at least two methods for this verification. Methods include advanced analytical tools, sending a predefined amount from the wallet to the CASP’s account, and signing a specific message in the account and wallet software.

Transactions Over 1,000 Euros Where the Wallet Owner is Not a CASP Customer 

While the TFR is silent on the obligations for transactions involving third-party wallets, the Travel Rule Guidelines provide a framework. CASPs must verify wallet ownership/control and apply risk mitigation measures proportional to the identified risks, such as verifying the originator's or beneficiary's identity and requesting additional information about the transfer.

‍

{{cta-learnmore1="/cta-components"}}

‍

The EU’s implementation of the Travel Rule through the TFR sets a comprehensive regulatory framework for CASPs, ensuring that crypto asset transfers are transparent and secure. By adhering to these requirements, CASPs can help mitigate the risks of money laundering and terrorist financing, fostering a safer and more trustworthy environment for digital asset transactions. As the regulatory landscape evolves, staying informed and compliant with these obligations will be crucial for CASPs operating within the EU.

The Crypto Travel Rule, as mandated by the Financial Action Task Force (FATF), requires Virtual Asset Service Providers (VASPs) to share specific information for transactions over a certain threshold. 

However, the staggered implementation timelines, known as the "Sunrise Period," pose significant compliance challenges across the globe. This blog dives into these challenges and offers strategies for VASPs navigating this difficult time.

Understanding the Sunrise Issue

The Sunrise Period refers to the timeframe during which the Travel Rule is not uniformly implemented across jurisdictions. This period is fraught with challenges as VASPs in different regions are subject to varying compliance timelines. As of the latest FATF updates in June 2023, many jurisdictions have yet to fully implement the Travel Rule, leading to a patchwork of compliance standards worldwide.

Challenges Faced by VASPs During the Sunrise Period

VASPs face significant hurdles during the Sunrise Period due to the practical difficulties encountered in the data transfer process required by the Travel Rule. 

Let's break down these challenges into three main areas:

1. Difficulty Sending a Travel Rule Data Transfer
   Compliance with the Travel Rule necessitates that the originator VASP collects and transmits information about both the originator and the beneficiary to the beneficiary VASP. However, uneven implementation across jurisdictions means that many beneficiary VASPs are not yet equipped to receive and protect this information adequately. 
   
   This gap in compliance capabilities can leave the originating VASP unable to fulfill its core obligations, significantly impacting transaction flows. Recent survey results highlight a shift towards stricter compliance enforcement, with the percentage of VASPs that do not allow withdrawals unless a Travel Rule message can be transmitted to the beneficiary VASP nearly tripling from 8% last year to 23% this year.
   
   
2. Difficulty Receiving a Travel Rule Data Transfer
   The challenges are not only limited to sending information. If the originator VASP has not started transmitting Travel Rule data, the beneficiary VASP faces significant barriers in assessing the information about the originator, which is crucial for completing the transaction in a compliant manner. Depending on the regulatory approach of the country in question, the beneficiary VASP might need to restrict access to these transactions. Such restrictions can have a substantial operational impact on business. 
   
   Furthermore, it's noteworthy that a significant 37% of survey respondents reported that they did not receive any Travel Rule information for a substantial number of transactions, illustrating the scale of this issue.
   
   
3. Difficulty Screening the Transaction’s Counterparty
   The Sunrise Issue also complicates the screening process of the transaction’s counterparty. Typically, an originator VASP would verify the beneficiary's information provided by their customer before attempting to transmit this data. However, without confirmation from the beneficiary VASP that the information is accurate, the originator cannot be sure of its validity. This uncertainty makes the screening results unreliable and the transactions risky. 
   
   Likewise, beneficiary VASPs face challenges when they receive deposits without the required originator information. This scenario makes it easier for illicit actors to exploit the system by using inaccurate counterparty information to bypass VASP screening processes.
   

These challenges underline the intricate difficulties that arise from the staggered implementation of the Travel Rule across different jurisdictions. They not only affect the efficiency of transaction processes but also raise significant compliance and operational risks for VASPs operating internationally.

Regulatory Landscape and Progress

Although the FATF sets the global standards, it does not enforce them directly. Instead, it relies on member countries to implement these standards within their jurisdictions. The FATF continues to issue guidance and monitor progress, but many countries lag behind in their implementation efforts. Specific examples from countries like South Korea, Japan, and the UK illustrate the diverse approaches to implementing the Travel Rule, each with its own set of challenges and solutions.

{{report2="/cta-components"}}

Approaches to Sunrise Issue Challenges 

In this section, we discuss what can be done about the challenges arising from the Sunrise Issue, initiatives that are already in place at various stakeholder levels, and which stakeholders are best positioned to drive solutions to this issue.

The FATF

The FATF’s mandate is to set recommendations that are, themselves, not legally binding. The FATF relies on member jurisdictions to incorporate these recommendations and enforce the Travel Rule for VASPs within the jurisdiction’s regulatory ambit. Thus, the FATF is not in a position to resolve the Sunrise Issue challenges. 

Nonetheless, the FATF uses a number of methods to encourage national regulators and the private sector to action:

1. The FATF has issued a number of guidance documents aimed at helping regulators and VASPs navigate a path toward Travel Rule adoption and tackle some of the more challenging aspects thereof. We’ve highlighted some of these guidance instruments in Chapter 1, which can serve as a very useful tool for stakeholders at all levels. The FATF has also formed the Virtual Assets Contact Group (VACG), which will continue to conduct outreach and provide assistance to low-capacity jurisdictions to encourage their compliance with the Travel Rule.
   
   
2. The FATF has continued to monitor and report progress of Travel Rule adoption. In the FATF’s June 2023 Targeted Update, the FATF reiterated that jurisdictions have made insufficient progress and thus calls on regulators to urgently implement the Travel Rule. [1]
   
   
3. Perhaps the most effective method is the FATF-maintained call-to-action and increased monitoring lists, where it identifies jurisdictions with weak measures to combat AML/CTF. These lists are publicly available and are updated three times a year following the FATF’s review and mutual assessments of jurisdictions. 

   
   For counties on the call-to-action list, the FATF calls on jurisdictions to apply enhanced due diligence (EDD), and in the most serious cases, to apply countermeasures to protect the international financial system from the ongoing money laundering, terrorist financing, and proliferation of financing risks that emanate from the flagged countries. 
   
   The increased monitoring list includes countries that are actively working with the FATF to address money laundering/ terrorist financing deficiencies. Alignment with the FATF’s guidelines on VAs and VASPs, including enforcement of the Travel Rule, is expected to become increasingly relevant for the assessment of a country’s regimes to counter money laundering, terrorist financing, and proliferation of financing risks.

Regulators

The most effective way to resolve the Sunrise Issue challenges is with a swift implementation of the FATF’s requirements.

When implementing the Travel Rule, national regulators are the ones to determine how their Travel Rule framework will address the Sunrise Issue. According to data that the FATF shared in its June 2023 Targeted Update, 11 of 62 jurisdictions that have implemented the Travel Rule or are in the process of doing so have allowed a grace period for Travel Rule compliance, during which there are exemptions or flexibility in how VASPs are expected to comply in order to mitigate the effects of the Sunrise Issue [2]. 

Additionally, some jurisdictions expressly qualify how domestic VASPs can interact with foreign counterparts. 

For example:

• Regulators in South Korea acknowledge that overseas VASPs may not yet be required or prepared to comply with the Travel Rule. To deal with this, the South Korean framework allows Korean VASPs to facilitate transactions with overseas VASPs only when the Korean VASP is able to confirm that the customer is sending funds to an account held in their own name and that the money laundering/terrorism financing risks are low. (Financial Services Commission, 2022).
• In Japan, if the transaction counterparty is located in a region without Travel Rule enforcement, Japanese VASPs have no obligation to share PII. In these cases, Japanese VASPs are still required to collect and retain information about the counterparty and assess money laundering/terrorist financing risks. 
• In the U.K., an FCA statement establishes that when a beneficiary VASP is located in a jurisdiction non-compliant with the Travel Rule, the originator U.K. VASP is still required to collect and retain information about the counterparty and assess money laundering/
  terrorist financing risks but may proceed with the transaction without transmitting the information. Additionally, when a U.K. VASP receives a transaction without the required Travel Rule information, the U.K. framework allows the VASP to make a risk-based determination on whether to make the VA available to the beneficiary, taking into account the status of Travel Rule regulations in the jurisdiction where the originator VASP operates. 
  
  Learn more about the Japanese and British regulatory frameworks in Chapter 2 of the 2024 State of Crypto Travel Rule Compliance Report.

Joint Industry Initiatives

Joint industry initiates also play a role in resolving the Sunrise Issue.
Many industry working groups that operate on a national level, like the CryptoUK Travel Rule Working Group, have successfully engaged with national regulators to encourage the implementation of proportionate measures to mitigate the negative effects of the Sunrise Issue.
Groups like these should continue engaging with VASPs and regulators to encourage rapid implementation. 

Travel Rule Solutions

Similar to joint industry initiatives, Travel Rule solutions like Notabene’s SafeTransact can play a role in resolving the Sunrise Issue by increasing policymakers’ awareness of the problems and proposing creative solutions that facilitate VASPs’ operations during this period.

With these challenges in mind, Notabene launched the SAFE Implementation phases. This step-by-step onboarding program is designed to help our clients navigate the intricacies of Travel Rule compliance efficiently, particularly throughout the Sunrise Period. Throughout their journey using the SAFE Implementation phases, VASPs can gather valuable analytics that they can use to create a clear roadmap toward achieving full compliance. 

Additionally, Notabene offers a free SafeTransact-Rise plan tailored for VASPs that are not yet required to comply with the Travel Rule but wish to avoid being cut off from compliant transaction flows. The SafeTransact-Rise plan allows VASPs to receive and respond to Travel Rule
transfers, with no technical integration effort required.

VASPs

When trying to mitigate the challenges identified above, VASPs tend to take a variety of approaches. These approaches depend largely on what national mandates require or, when these frameworks are silent, what risk-based practices begin to emerge to compensate. 

We uncovered some of these practices in this year’s survey, which are listed below by order of popularity:

In withdrawals:

• 40% of the VASPs surveyed report taking a risk-based approach to determine whether or not to allow a transaction when they are unable to send Travel Rule information to the beneficiary VASP.
• 23% percent of the VASPs surveyed currently do not permit transactions unless they are able to send Travel Rule information.
• 19% of the VASPs surveyed allow their customers to transact, irrespective of whether they are able to send Travel Rule information.
• Only 3% of the surveyed VASPs only proceed with the withdrawal provided that the information can be sent to the beneficiary VASP and a response is received.

In deposits:

• 30% take a risk-based approach to determine whether or not to make a deposit available to the end customer in cases when the required Travel Rule message is not received from the originator VASP.
• Upon detecting a deposit without information/with missing information, some respondents send a request to provide missing information to the originator VASP. In the case the information is not provided, 21% return the funds and 10% opt to collect the information from their end customer.
• Of respondents, 19% allow customers to receive deposits regardless of whether the required Travel Rule information was received.
• 20% of respondents report taking other approaches. By way of example, one respondent reported allowing their customers a grace period before enforcing blockers. Others report only allowing first-party deposits and requiring their customer to demonstrate they control the source wallet.
  

These results indicate that a majority of VASPs currently adopt a risk-based approach to compliance limitations. However, stricter approaches are gaining popularity, possibly because of growing regulatory pressure. Notably, 23% of the surveyed VASPs currently prohibit transactions unless they can send Travel Rule information, and a similar percentage (21%) returns funds unless the required Travel Rule information is received.

2024 Status Check 

At present, some solutions are available to mitigate some of the friction caused by the Sunrise Issue, but its negative impact continues to severely affect VASPs in jurisdictions with Travel Rule obligations. While there is work that can be done by stakeholders at all levels, the power to solve
the Sunrise Issue ultimately lies with national regulators and policymakers in jurisdictions that have not yet introduced Travel Rule legislation/regulation. These regulators need to urgently implement
and operationalize the Travel Rule through effective supervision and enforcement action, using the available FATF resources and in consultation with the industry.

Conclusion

The Sunrise Issue remains a formidable challenge in the path to global Travel Rule compliance. By understanding the complexities involved, staying engaged with regulatory developments, and employing flexible technological solutions, VASPs can navigate this evolving landscape more effectively. As the industry continues to mature, collaborative efforts and adaptive strategies will be key to overcoming these hurdles.

This article explores the intricacies of the crypto Travel Rule, which is not merely an information exchange mechanism but also a powerful tool that companies can use to mitigate pre-transaction risks (including sanctions risks) and unlock new opportunities. We explore the rule’s purpose, objectives, and core components: VASP identification, due diligence, transaction qualification, information collection, and pre-transaction counterparty risk assessment.

‍

‍

The Crypto Travel Rule: A Shield Against Illicit Activities

The Travel Rule presents a robust safeguard against money laundering, fraud, and other illicit activities within the cryptocurrency landscape. Introducing stringent information exchange requirements creates a powerful barrier against criminals seeking to obscure the origin of their funds. However, it is essential to understand that the Travel Rule transcends mere data transmission. When executed effectively, the Travel Rule enables virtual asset service providers (VASPs) to stop potentially illicit transactions before they are created on the blockchain, significantly reducing VASP’s overall risk and exposure to sanctions — a pivotal development for the crypto industry.

‍

Pre-Transaction Travel Rule Implementation: A Defensive Tactic

Crypto transactions are immediate and irrevocable, a sharp contrast to traditional SWIFT payments, where settlements occur at scheduled intervals during the day, allowing beneficiaries time to request fund withholdings in the case of discrepancies, such as a mismatched beneficiary name. In crypto transactions, it’s essential that VASPs exchange information before settling the underlying transaction. Once funds are transferred, remediation becomes operationally burdensome — and in some cases, the risk may already have entered the VASPs’ spheres. 

‍

A pre-transaction implementation of the Travel Rule ensures that VASPs can perform critical risk assessments like beneficiary name matching and sanctions screening before receiving funds and, depending on their systems, before releasing funds to the end customer.

‍

The Travel Rule: Bridging the Gap Between Crypto Transactions and Real-World Entities

In addition to being a powerful counterparty risk mitigation tool, the Travel Rule is an indispensable infrastructure layer for crypto transactions because it establishes a connection between crypto activities and real-life individuals and entities.

Bridging this gap is essential for three reasons:

• Enhancing sanction controls: Before implementing the Travel Rule, VASPs conducted transactions with minimal information about their counterparties, leaving them vulnerable to potential risks. Now, the Travel Rule is a catalyst for reconstructing trust within the crypto space by enhancing sanction controls and counterparty risk management.
  
  
• Enabling new use cases: The Travel Rule opens the door to novel crypto transaction applications previously hindered by the lack of traceability. Traceability is crucial for several use cases (e.g., for accounting purposes) and paves the way for broader adoption of crypto payments and transactions.
  
  
• Preventing fraud: Fraud is a pervasive issue in crypto, and the Travel Rule addresses this problem by fostering collaboration among VASPs. This collaborative effort allows VASPs to verify the parties involved in a transaction collectively. For instance, if Alice initiates a transaction and informs her VASP that the funds are destined for her friend Bob’s account with another VASP, the beneficiary VASP can raise a red flag if the funds are actually being received by Daniel, a fraudster who has deceived Alice. 

‍Ultimately, when strategically implemented as a pre-transaction risk mitigation tool, the Travel Rule boosts the security of crypto transactions and opens up new horizons for the industry that could redefine how we interact with digital assets. 

‍

The Travel Rule is a robust safeguard against money laundering, fraud, and other illicit activities within the cryptocurrency landscape. By fostering a culture of proactive compliance and collaborative risk management, VASPs can unlock new dimensions of trust and operational excellence.

In February 2023, the Financial Action Task Force (FATF) Plenary observed a significant gap in the implementation of its revised Recommendation 15 in what concerns virtual assets (VAs) and virtual asset service providers (VASPs). Despite the October 2018 revision aimed at integrating and extending measures such as the Travel Rule to VAs and VASPs, numerous countries had not yet implemented these updated requirements.

To address this, the Plenary outlined a roadmap aimed at fortifying the implementation of FATF Standards concerning VAs and VASPs. This roadmap included conducting a comprehensive assessment of implementation levels across the global network. Today, the fruition of this commitment comes to light. 

After a 12-month process of collecting and evaluating relevant information, the FATF published a report on the Status of implementation of Recommendation 15 by FATF Members and Jurisdictions with Materially Important VASP Activity. 

This report features a detailed table evaluating various jurisdictions on key components such as:

• Risk assessment pertaining to VAs and VASPs
• Prohibition of VAs and VASPs
• Enacted legislation mandating VASP registration/licensing and application of AML/CTF controls
• Operational registration/licensing of VASPs
• Supervisory inspections on VASPs
• Enforcement/supervisory actions against VASPs
• Implementation of Travel Rule legislation

The jurisdictions under scrutiny include all FATF members and 20 non-FATF member jurisdictions deemed as hosting materially important VASP activities due to meeting the following criteria:

• Trading volume exceeding 0.25% of global trading and/or
• Having over 1 million users of virtual assets.

The evaluation published today is based on the responses provided by jurisdictions to the FATF's 2023 self-reported survey, which have been updated between January and March 2024. The FATF emphasizes that while informative, this data does not substitute a mutual evaluation or follow-up assessment of countries' compliance with Recommendation 15 as it has not been subject to a detailed analysis as per the FATF methodology. 

Three Key Insights from FATF’s Global Evaluation of Virtual Asset Regulation 

The data shared by the FATF provides three significant insights into how jurisdictions with materially important VASP activity are managing the sector:

‍

1. There has been an impressive progress on Travel Rule legislation
‍

Nearly 89% of jurisdictions with materially important VASP activity have either enacted or are in the process of enacting Travel Rule legislation. Only Australia, Iceland, Russia, South Africa, Ukraine, and Vietnam have yet to initiate this process.

‍

2. More than 90% of jurisdiction implement regulatory measures

Over 90% of jurisdictions with materially important VASP activity have implemented crucial measures to regulate and supervise VAs and VASPs. 91.2% conducted a risk assessment covering VAs and VASPs, while 90.7% enacted legislation mandating VASPs' registration or licensing and compliance with AML/CTF requirements. Similarly, 90.7% conducted supervisory inspections on VASPs.

‍

3. Only three jurisdictions prohibit virtual assets

‍
Only three jurisdictions with materially important VASP activity have explicitly prohibited VAs and VASPs: China, Egypt, and Saudi Arabia. 

‍

Goals of FATF’s Global Evaluation

The publication of this report serves three primary objectives:

• Enable the FATF network to assist jurisdictions with materially important VASP activity in regulating and supervising VASP activity;
• Encourage jurisdictions with materially important VASP activity to promptly implement Recommendation 15;
• Aid regulators and the private sector in discerning the status of Recommendation 15 implementation by jurisdictions with materially important VASP activity.

This last objective is particularly pertinent to Travel Rule compliance, especially in cross-border transactions involving VASPs based in jurisdictions not yet enforcing Travel Rule requirements (the Sunrise Issue).

For instance, in the United Kingdom, the Financial Conduct Authority (FCA) issued a communication on August 17, 2023, outlining more flexible obligations for UK VASPs when transacting with counterparts from jurisdictions without enforced Travel Rule requirements. The operationalization of this FCA guidance hinges on understanding the status of Travel Rule implementation in the counterparty's jurisdiction—a task now greatly facilitated by this new resource published by the FATF.

A Roadmap to Move Forward With

In conclusion, the release of FATF's report on the Status of implementation of Recommendation 15 by FATF Members and Jurisdictions with Materially Important VASP Activity marks a significant milestone: insights into the global landscape of crypto regulations shed light on the progress made and areas requiring further attention.

The findings underscore a collective commitment among jurisdictions with materially important VASP activity to enhance regulatory frameworks and compliance measures. Notably, the majority have taken decisive steps towards implementing Travel Rule requirements and strengthening supervision over VAs and VASPs. 

Moving forward, the objectives outlined in the report serve as a roadmap for continued collaboration and improvement towards a more robust and secure ecosystem for virtual assets.

Throughout 2023, the landscape of Travel Rule compliance was marked by a series of developments, from regulatory updates to strategic shifts in countries’ crypto stances. This article provides a comprehensive view of key milestones and strategic changes in various countries, underlining the year's pivotal role in shaping global Travel Rule compliance standards.

‍
An Overview of Key Crypto Travel Rule Milestones and Developments in 2023

NEW YORK, SINGAPORE, LONDON - March 12, 2024

‍‍

- Notabene, the leader in pre-transaction decision-making and Travel Rule compliance solutions, today released its third annual State of Crypto Travel Rule Compliance Report 2024. This year's findings highlight a remarkable compliance milestone: 96% of surveyed financial and crypto institutions are now compliant or on the path to compliance this year, showcasing significant industry-wide progress.

Based on a survey of 70 leading institutions worldwide, the report reveals a substantial increase in regulatory diligence and a commitment to the Travel Rule—an anti-money laundering framework introduced by the Financial Action Task Force (FATF) to virtual asset service providers (VASPs) in 2019. This framework aims to bolster transparency and security in crypto transactions. Notable findings from the report include a 187.5% surge in firms restricting non-compliant transactions and a significant leap in due diligence practices, with 64% of entities now verifying counterparties before transacting.

Pelle Braendgaard, CEO of Notabene, reflects on the progress, stating, "The industry is making great strides towards enhanced security and regulatory compliance. Embracing the insights from the latest State of Crypto Travel Rule Compliance Report will further drive our collective progress towards a unified financial ecosystem."

The report also uncovered that significant challenges, such as protocol interoperability, remain despite these advancements. A significant portion of respondents identified the lack of protocol interoperability as their primary hurdle to full compliance. Additionally, 37% reported never having received a Travel Rule message,  further highlighting interoperability issues. Full compliance for the 37% of VASPs that have not received any Travel Rule messages could bring a significant and potentially disproportionate impact on business, as it would require them not to accept any deposits.

The report offers actionable insights for navigating the complexities of global compliance, advocating for flexible regulatory frameworks and improved technology solution interoperability.

For an in-depth analysis and recommendations, access the complete report on notabene.id.

-ENDS-

For media inquiries or further information about Notabene and Shift Markets, please contact: [email protected]

About Notabene:

Notabene developed the crypto industry's only pre-transaction decision-making platform, enabling customers to identify and stop high-risk activity before it occurs. With a focus on security, privacy, and user experience, Notabene's multi-source data and software enables real-time decision-making, counterparty sanctions screening, self-hosted wallet identification, and more. SOC-2 security certified and trusted by over 100 companies, Notabene operates globally with headquarters in New York, and presence in Switzerland, Singapore, Germany, and the United Kingdom.

Companies like Copper, Luno, Crypto.com and Bitstamp leverage our  SafeTransact platform for Travel Rule compliance, tailored to their needs and aligned with global and local regulations. Our platform builds trust in virtual asset transactions to foster financial growth with minimized risk.

Get started today; sign up for our free SafeTransact Rise plan to respond to regulated transactions for free using the world's largest VASP Network. 

LinkedIn | Twitter

In the past year, the crypto compliance landscape has seen remarkable developments, leading to the widespread adoption of Travel Rule compliance. By the end of 2024, the Travel Rule is expected to see mass adoption, but not without bringing its operational complexities. This article explores critical trends and introduces Notabene's solutions to these evolving regulations.

Global Adoption: Setting the Stage for Universal Compliance

The past year has marked a significant shift towards regulatory alignment on a global scale. The United Kingdom, with the third highest transaction volume worldwide, adopted the Travel Rule, meaning that the regulation will cover a substantial volume of global transactions.

The European Union, through the Transfer of Funds Regulation, has set a new precedent, standardizing crypto Travel Rule requirements across its 27 member states. In the Asia-Pacific region, countries like Hong Kong and the United Aarab Emirates (UAE) have integrated Travel Rule compliance into their crypto business licensing frameworks. Eighty VASPs are currently looking to establish their presence in Hong Kong, and 1000 firms have applied to register under Dubai’s Virtual Asset Regulatory Authority. Given their substantial crypto asset transactions, India and Japan's adoption of the Travel Rule underscores the global momentum towards standardized regulatory practices. Their compliance is particularly noteworthy given the combined $300 billion in crypto assets received. ^[1]

The momentum extends with the Transfer of Funds Regulation coming into effect on December 30, 2024. We expect the Travel Rule to broaden its reach to regions like Latin America, South Africa, Taiwan, Australia, and Qatar. Additionally, Notabene’s “State of Crypto Travel Rule Compliance Report 2024" revealed a strong industry drive towards compliance, with 96% of virtual asset service providers (VASPs) aiming to meet the requirements by year-end, highlighting the critical nature of compliance for business continuity and the potential risks for non-compliant VASPs.

‍

‍

The Multi-Jurisdictional Compliance Challenge

Operating across various regulatory jurisdictions presents unique challenges. Global VASPs must take a nuanced approach to maintain operational fluidity while adhering to diverse regional regulatory implementations. Our yearly report reveals that nearly half of the businesses surveyed navigate Travel Rule obligations in multiple jurisdictions, significantly increasing the complexity of compliance efforts. 

‍

‍

Further, 65% of respondents highlighted a "multi-jurisdictional roll-out" as a critical success factor for their Travel Rule solutions.

‍

‍

‍

Streamlining Compliance with Notabene's Multi-Jurisdictional Tool

Notabene offers tailored solutions to ease the complexities of multi-jurisdictional compliance. Our Multi-Jurisdictional Compliance Tool simplifies the management of compliance obligations across different countries, enabling businesses to integrate new jurisdictions into their operational frameworks with just one click, gain comprehensive insights, and redirect transactions efficiently.

‍

{{cta-learnmore15="/cta-components"}}

‍

Tackling Self-Hosted Wallet Compliance

The Financial Action's Task Force (FATF's) updated guidance now extend the Travel Rule to include self-hosted wallets, requiring businesses to identify and, in some cases, verify the owners. The EU's upcoming Markets in Crypto-Assets Regulation (MiCA) will further enforce this, mandating self-hosted wallet verification for transactions over 1,000 EUR.

‍

Trend Analysis: How VASPs Are Navigating Self-Hosted Wallet Compliance

Our findings indicate a global trend towards mandatory wallet ownership verification, with 66% of companies implementing restrictions on self-hosted wallet transactions. A notable 33% of companies mandate first-party transactions. This means that a third of the businesses surveyed only allow transactions where customers can directly demonstrate control over their wallet addresses.

‍

‍

Enhanced Self-Hosted Wallet Verification: SafeConnect

In response to evolving compliance needs, Notabene has enhanced its SafeConnect tool for self-hosted wallet verification. The latest update introduces Bitcoin Wallet Ownership Proofs and improved capabilities for Ethereum wallets, streamlining the verification process while maintaining transactional ease.

{{cta-learnmore17="/cta-components"}}

‍

Looking Ahead: Ensuring Compliance in the Evolving Regulatory Landscape

As the regulatory landscape continues to evolve, it underscores the need for robust and scalable Travel Rule compliance solutions. Notabene's tailored solutions offer businesses the tools they need to navigate these changes with confidence. Take the first step towards securing your business's future in the evolving crypto landscape. 

As regulations evolve, so do the challenges. Global VASPs increasingly finding themselves at the crossroads of Travel Rule compliance, a task that becomes more daunting as they expand across various jurisdictions. 

The goal of maintaining a global presence while adhering to local regulations is more critical than ever. In response to these evolving demands, Notabene offers a comprehensive Multi-Jurisdictional Compliance tool designed to simplify the management and expansion of VASPs' jurisdictional reach with ease.
‍

Understanding the Multi-Jurisdictional Compliance Landscape

The landscape of Travel Rule compliance is rapidly changing, with a significant uptick in VASPs that are subject to Travel Rule obligations in more than one country. According to our State of Crypto Travel Rule Compliance Report 2024, nearly 50% of VASPs are now navigating the complexities of multi-jurisdictional compliance, marking a 104% increase from the previous year. Further, our survey highlighted that 65% of respondents name ‘multi-jurisdictional rollout’ as their top two factors as they search for Travel Rule compliance solutions, underscoring the growing importance of adaptable and extensive compliance frameworks in today's global market.

Navigating the Challenges of Global Travel Rule Compliance

‍

VASPs operating across multiple jurisdictions encounter a myriad of challenges, including:

• ‍Diverse Compliance Requirements: Each jurisdiction comes with its own set of compliance mandates, from specific Personal Identifiable Information (PII) requirements to varying approaches to self-hosted wallet transactions. This diversity necessitates a bespoke compliance strategy for each jurisdiction, adding layers of complexity to global operations.
  ‍
• Customized Implementation Needs: Expanding into new jurisdictions isn't just about scaling operations; it involves intricate technical implementations, operational adjustments, and comprehensive local staff training to ensure seamless integration into the existing compliance framework.
  ‍
• Complex Organizational Structures: VASPs often operate within complex organizational frameworks, ranging from centralized, nested structures under a single parent entity to independent, un-nested setups that allow for autonomy. Some combine these models to accommodate intricate compliance and operational needs, further complicating the implementation of global compliance strategies.
  ‍
• Accurate Transaction Routing: Ensuring that transactions are correctly associated with the appropriate jurisdiction adds another layer of complexity. This is particularly crucial, as accurately identifying transaction counterparts is the essential first step for Travel Rule compliance. Currently, VASPs utilize a combination of blockchain analytics, customer input, and other discoverability methods to navigate this challenge. However, these methods have limitations, such as the inability of blockchain analytics to pinpoint specific legal entities and the reliance on potentially uninformed end customers for crucial transaction details.

‍

Introducing Notabene's Multi-Entity Support Tool

Notabene introduces the Multi-Jurisdictional Support tool, designed specifically for global VASPs to manage multiple entities and transactions across jurisdictions effortlessly. 


Simplified Jurisdiction Activation and Management

Activating a new jurisdiction is as straightforward as accessing the Notabene dashboard and selecting "activate new jurisdiction." This action seamlessly integrates the specific regulatory requirements of the new jurisdiction into the entity's operations, ensuring compliance with minimal effort.


Deep Regulatory Insight and Automated Compliance

Notabene's platform is enriched with insights from active engagement with regulators and industry experts, ensuring a standardized approach to compliance. With regulatory requirements from over 23 jurisdictions encoded, VASPs can confidently expand their global operations, knowing they are in compliance with local laws.


Flexible Organizational Structuring

The tool accommodates various organizational structures, allowing companies to reflect their real-world setup within the platform:

• Nested Structure: For centralized management, entities can be organized hierarchically within a parent entity.
• Un-nested Structure: Entities can operate independently, providing autonomy and customization.
• Mixed Structure: A combination of nested and un-nested entities supports complex compliance needs.
• Single and Multiple Group Options: Entities can be streamlined under a single group or divided among multiple groups to facilitate the management of diverse business units or subsidiaries.

‍

‍

‍
Streamlined Transaction Routing

Notabene's Multi-Jurisdictional Support tool ensures transactions are automatically allocated to the correct entity, enhancing compliance with local regulatory reporting requirements. Our solution allows the Beneficiary VASP, best positioned to identify the receiving entity, to redirect Travel Rule transfers automatically to the relevant entity. This not only speeds up the pre-authorization of transactions but ensures their accurate delivery, relieving the Originator VASP of the burden of discovery.

Moreover, beneficiary VASPs with multiple entities can allocate deposit transfers automatically with our transaction redirect feature, allowing each entity to manage Travel Rule records tied to their deposits. This facilitates compliance demonstration to auditors and supervisors at the entity level.

Failure to redirect transfers correctly may result in loss of transaction volume for Beneficiary VASPs, as stricter due diligence obligations demand precise identification of transacting parties. Hence, Originator VASPs may hesitate to share Travel Rule information when the specific legal entity is unknown.

‍

‍

Elevate Your Compliance Strategy Today

Prepare your global company for success with Notabene's Multi-Jurisdictional Support tool. For existing customers, please designate a Group Admin to unlock these features. New customers will be guided through this process automatically.

As Travel Rule regulations expand to include more counterparty types, customers engaging in non-custodial need a reliable method to verify self-hosted wallet ownership.

SafeConnect, a flagship offering from Notabene, is stepping up to meet this demand by extending its self-hosted wallet verification capabilities to include Bitcoin wallet verification, aiding virtual asset service providers (VASPs) in compliance with various wallet counterparty types. 

‍

Aligning with Regulatory Developments

In its October 2021 guidance, the Financial Action Task Force (FATF) broadened the Travel Rule's scope to include transactions between VASPs and self-hosted wallets. This extension necessitates collecting and sometimes verifying information about the self-hosted wallet's owner by VASPs. 

Further, the forthcoming Transfer of Funds Regulation in Europe, taking effect this December, stipulates that for transactions exceeding 1,000 EUR, crypto-asset service providers must verify the ownership or control of the self-hosted address by the client conducting the transaction. VASPs facilitating self-hosted wallet transactions in all 27 EU member states must have a solution to verify wallet ownership of the broadest range of self-hosted wallets possible. 

Introducing Bitcoin Wallet Verification Proofs

Our self-hosted wallet verification tool, SafeConnect, enables customers to verify self-hosted wallet ownership on 200+ Ethereum-based wallets. Today, we expand its capabilities to facilitate Bitcoin wallet verification. Previously focused on Ethereum proofs, SafeConnect now transcends this boundary to embrace Bitcoin verification, accommodating a broader spectrum of digital assets. This enhancement is crucial, considering the FATF's emphasis on accommodating all virtual asset types and the TFR's requirement for rigorous verification processes for significant transactions.

‍

How it works

‍

• Customers connect their Ledger or Trezor hardware wallets to SafeConnect.
• SafeConnect automatically searches for the Bitcoin address associated with the transaction.
• Once the address is found, the customer will be are prompted to sign a wallet ownership verification message on their device.
• SafeConnect verifies the signature's authenticity and marks the transaction as ready to send.
  ‍

Improving the Ethereum Proofs

This update also brings enhancements for seamless Ethereum-based wallet proofs. We’re scaling up to support over 300 Web3 wallets and extending our services to more than 10 EVM-based networks. This expansion will significantly broaden our ability to support Ethereum-based wallet ownership proofs.
‍

How to Get Started

Current customers have access to these updates by updating to the latest version of SafeConnect. Other interested parties can book a demo with our team. 

In November 2023, the European Banking Authority (EBA) unveiled a Consultation Paper on the proposed Travel Rule Guidelines, marking a significant step in the evolution of EU financial regulation. This initiative addresses the growing need for clear regulatory frameworks as digital finance transforms the landscape of global transactions.

The EBA presented its proposed Travel Rule Guidelines as a direct response to the mandate outlined in Article 36 of the Transfer of Funds Regulation, which empowered the authority to issue guidelines to Crypto Asset Service Providers (CASPs), aiming to guide entities on how to comply with some of its requirements. 

This article explores the key takeaways of the EBA’s Travel Rule Guidelines and provides enriching insights from Notabene’s presentation at the EBA’s public hearing. 

‍

Key Takeaways from the EBA’s Consultation on Travel Rule Guidelines

‍

1. CASPs must consider interoperability when selecting a messaging protocol

The EBA emphasizes the need for interoperability among protocols used for transmitting Travel Rule information. The EBA advises CASPs to choose messaging protocols that are robust and interoperable, capable of seamless communication across various systems, and in line with industry standards. This approach aims to mitigate data integration challenges and enhance the efficiency of adhering to regulatory mandates.

“When choosing the messaging protocol, CASPs and ICASPs should ensure that the protocol’s architectures are sufficiently robust to enable the seamless and interoperable transmission of the required information by:
a. evaluating the protocol’s interoperability features to ensure it can seamlessly communicate with other systems, both within and outside CASPs and ICASPs;
b. considering the compatibility with existing industry standards, protocols, and blockchain networks to facilitate integration; and
c. assessing data integration and data reliability.”

‍

Notabene’s commentary:

During the EBA’s public hearing, we praised the EBA for recommending interoperability assessments promoting open and interoperable communication standards. This concept aligns with the FATF calling for more interoperability in tools and with surveyed VASPs calling for a global unified approach in travel rule communication and reachability in response to Notabene’s 2023 State of Travel Rule Survey. 

‍

‍

2. Deposits can only be accepted if the received information allows unambiguous identification of all parties involved in the transaction

The EBA outlined the procedures CASPs should implement to manage transfers lacking the required information.

‍

The EBA’s Guidelines for Addressing Missing Information in a Crypto Transaction

‍

Let’s break this down step by step.

Step 1: First, upon detecting missing information, the beneficiary CASP can either straightaway reject/return the transfer or request missing information from the prior CASP in the chain. 
‍

Where the crypto-asset service provider of the beneficiary becomes aware that the information referred to in Article 14(1) or (2), or in Article 15, is missing or incomplete, that crypto-asset service provider shall, on a risk-sensitive basis and without undue delay:
(a) reject the transfer or return the transferred crypto-assets to the originator’s crypto-asset account; or
(b) request the required information on the originator and the beneficiary before making the crypto-assets available to the beneficiary.

‍

Decision Flowchart for Handling Missing Information in Crypto Transfers per the EBA

‍

‍

Step 2: If the beneficiary CASP decides to ask for missing information, it should set a reasonable deadline by which the information should be provided. Transfers within the Union require the information to be provided within three working days, while transfers outside the Union have a deadline of 5 working days. If more than two parties are involved in the transfer flow or at least one CASP is based outside of the EU, the deadline extends to up to 5 working days. Additionally, if a CASP requests information from a prior CASP in the transfer chain, it must notify the prior CASP of the transfer’s suspension due to missing or incomplete information.

Step 3: If the beneficiary CASP asks for missing information and the previous CASP fails to provide it, the beneficiary CASP:

• may only consider accepting the deposit if both the originator and beneficiary are unambiguously identified and
• must evaluate the future treatment of the previous CASP, ICASP, or self-hosted address in the transfer chain for AML/CFT compliance purposes

Where a CASP becomes aware that required information is missing, incomplete or provided using inadmissible characters during the transfer and executes the transfer, based on all relevant risks, and provided that the condition in paragraph 50 is not met, it should document the reason for executing that transfer and, in line with its risk-based policies and procedures, consider the future treatment of the prior CASP or self-hosted address in the transfer chain for AML/ CFT compliance purposes.
Where the payer, payee, originator, or beneficiary cannot be unambiguously identified due to missing or incomplete information or information provided using inadmissible characters, the CASP should not execute the transfer.

‍

Decision Path for Missing Information Response in Crypto Transfers per the EBA

‍

Step 4: In cases where a CASP consistently fails to provide the required Travel Rule information, specific actions are mandated for the beneficiary CASP. Initially, steps such as issuing warnings and setting deadlines must be taken to address the issue. If the required information is still not provided despite these measures, the provider has the authority to reject, restrict, or terminate the transaction per established procedures. Additionally, it is required that the beneficiary CASP reports such failures and the steps taken to the competent authority responsible for monitoring compliance with AML/CTF regulations. This ensures accountability and regulatory oversight in addressing non-compliance issues within the crypto-asset service industry.

‍

Notabene’s commentary:

During the public hearing, Notabene challenged the strict rejection of deposits when the identity of the parties cannot be unambiguously confirmed, proposing a nuanced approach based on risk assessment, particularly in transactions with jurisdictions not yet enforcing the Travel Rule.

‍

3. The EBA provided guidelines for verifying ownership or control of self-hosted wallets in transactions over 1,000 EUR

As established in the TFR, if a crypto-asset transfer is made to/from a self-hosted address, the originator or beneficiary CASP must gather and retain specific information, ensuring the transfer can be tracked individually. If the transfer exceeds EUR 1,000, additional measures must be taken to verify whether the address belongs to the originator or beneficiary. These measures are further specified in the proposed EBA guidelines, which state that the verification should be conducted using at least two suitable methods:

• Advanced analytical tools
• Unattended verifications 
• Attended verification 
• Sending of a predefined amount set by the CASP from and to the self-hosted address to the CASP’s account
• Signing of a specific message in the account and wallet software, which can be done through the key associated with the transfer
• Requesting the customer to digitally sign a specific message into the account and wallet software with the key corresponding to that address
• Other suitable technical means

‍

The guidelines from the EBA appear to introduce the possibility of accepting transactions from third-party self-hosted wallets, a detail not explicitly outlined in the TFR text, which primarily focuses on verifying whether the CASP’s own customer maintains control over the self-hosted wallet. 

Where the self-hosted address is owned or controlled by a third person instead of the CASP customer, the CASP should, in addition to applying the verification requirement in accordance with Article 14 (5) or Article 16 (2) of Regulation (EU) 2023/1113, apply mitigating measures commensurate with the risks identified as per Article 19a of Directive (EU) 2015/849

‍

Notabene’s commentary:

During the public hearing, Notabene suggested that using more than one method for wallet ownership verification should not be required as a rule but recommended only for cases where it proves necessary. We also sought clarification on the treatment of third-party self-hosted wallet transactions.

‍

4. The status of Travel Rule enforcement in the counterparty jurisdiction is a relevant risk factor

The TFR specifies that the beneficiary CASP must establish procedures to detect whether the required Travel Rule information was provided. In turn, the proposed EBA guidelines elaborate on the monitoring process, highlighting the need for beneficiary CASPs to develop policies and procedures for determining which transfers require pre-transfer or post-transfer monitoring. This involves assessing various risk factors, including the regulatory treatment in the counterparty’s jurisdiction, in particular, the Travel Rule implementation status. 

‍

Notabene’s commentary:

Understanding the global status of Travel Rule requirements is thus crucial for a comprehensive Travel Rule policy. Notabene offers valuable resources in this regard, including information on our website and our annual State of Crypto Travel Rule Compliance Report, which features a detailed chart presenting a comprehensive overview of global Travel Rule adoption, including enforcement status in each jurisdiction, compliance thresholds, and obligations related to self-hosted wallets. These are valuable resources for CASPs in establishing procedures aligned with EBA guidelines.  

‍

What's next?

As the European Union ramps up for its Travel Rule enforcement deadline, the EBA’s proposed Travel Rule Guidelines stand as a pivotal development for CASPs and the broader digital finance ecosystem. These guidelines aim to enhance transparency and security in crypto-asset transactions and reflect a collaborative effort to adapt to the digital age’s complexities.

Notabene’s insightful contributions during the public hearing and the industry’s collective feedback underscore the importance of a unified approach to regulatory compliance. As we approach the public consultation deadline and anticipate the final guidelines, it’s crucial for stakeholders to remain engaged and proactive in shaping a regulatory environment that supports innovation while safeguarding integrity.

The EBA’s guidelines will undoubtedly play a crucial role in harmonizing practices across Europe, setting a precedent for global regulatory coherence in the digital finance realm. As we mark our calendars for the key dates leading up to the TFR enforcement, let’s continue to foster dialogue and collaboration, ensuring that the future of trusted crypto transfers is secure, transparent, and inclusive.

Are you grappling with the complexities of the Travel Rule in your jurisdiction? You may be a consultant aiding financial institutions in achieving compliance with recent AML regulations. Given its significant impact on their operations, the necessity of a deep understanding of Travel Rule compliance cannot be overstated. This understanding is vital for maintaining regulatory compliance and the smooth operation of financial institutions.

The increasing frequency of Travel Rule deadlines has amplified the urgency for this knowledge. Moreover, regulators are mandating that Virtual Asset Service Providers (VASPs) establish robust Travel Rule frameworks as a precondition for obtaining operational licenses. This landscape highlights the critical need for specialized and comprehensive education in Travel Rule compliance.

We proudly present the Notabene Travel Rule Fundamentals Certification (NB-TRFC) program to address this need. Designed to infuse your organization with our deep expertise in the Travel Rule, this program equips you with the necessary knowledge and skills for seamless compliance. Our certification course offers a structured path to mastering Travel Rule compliance, providing a strategic advantage in the rapidly evolving industry.

‍

Introducing the NB-TRFC Program

The NB-TRFC program is a carefully designed educational journey aimed at making you an authority in Travel Rule compliance. You can expect:

• Tailored Content: Our curriculum focuses on the distinct regulatory landscapes of the Americas, Europe, the Middle East, Africa (EMEA), and the Asia-Pacific (APAC) regions.
• Holistic Approach: The program consists of three specialized courses, ensuring you gain a comprehensive understanding of every facet of Travel Rule compliance.

‍

Exploring the NB-TRFC Program

You have two options: enroll in the free Foundation course or the paid full program, which would provide you with a professional certification. Your educational journey is meticulously planned to provide an in-depth understanding of the Travel Rule, tailored to the region of your choice. The program includes:

1. Foundation Course: Start your compliance journey with the "Travel Rule—Foundations Course." This module simplifies the Travel Rule's historical context and current implications, laying the groundwork for more advanced strategies.
2. Advanced Compliance: Take your expertise to the next level with the "Travel Rule—Advanced Course." This part focuses on complex compliance scenarios, from Anti-Money Laundering checks to transaction monitoring.
3. Jurisdictional Focus: Conclude with a "Jurisdictional Deep Dive" course in the Americas, APAC, or EMEA region. This section will give you a playbook for localized compliance, highlighting key regulatory nuances in specific markets.
   ‍

Who Should Enroll?

This program is perfect for compliance officers and professionals, regulators, advisory professionals, legal advisors, and financial professionals in the crypto industry. Whether you're a beginner or an experienced professional, the courses offer both foundational and advanced insights.  It is a great way to certify not only yourself and your team!  

How to Get Started

Ready to become a certified expert in Travel Rule compliance? Visit our academy website for details on enrollment, course schedules, and pricing. Take the first step in your certification journey today!

‍

{{training4="/cta-components"}}

‍

Disclaimer

This certification program is for educational purposes only. It does not constitute legal, financial, investment, or any other advice. The digital asset space is dynamic, and some information may become outdated as the industry progresses.

As we kick start the new year, we recognize that 2023 was undeniably a pivotal chapter in the ongoing narrative of crypto compliance. Last year, the space witnessed unprecedented transformations, surmounting challenges, and celebrated key milestones that underscore the industry's commitment to maturity, responsibility, and global cooperation. The challenges faced, lessons learned, and strides made in the pursuit of regulatory clarity have set the stage for a promising future. 

As Notabene's Head of Regulatory and Compliance, and with my background as a Crypto Compliance Officer, my excitement for what lies ahead is palpable. In this piece, I'll revisit some of the standout trends and milestones of 2023 and offer a glimpse into my predictions for the year ahead. 

‍

Global Crypto Regulatory Developments in 2023

‍

Regulatory Maturity and Global Alignment

2023 marked a turning point as regulatory bodies worldwide exhibited a growing understanding of the crypto landscape. Major jurisdictions refined existing frameworks and introduced comprehensive regulations, paving the way for a more mature and structured industry that will continue to support various use cases.

Global regulatory progress in 2023: key regional developments

Commitment in Key Regions: The United Kingdom, Hong Kong, United Arab Emirates, India, Japan, and the EU demonstrated a commitment to fostering a secure and transparent crypto ecosystem.

• Hong Kong: The Securities and Futures Commission (SFC) implemented a regulatory framework for crypto exchanges, where licensed virtual asset portfolio managers are subject to the same regulatory standards as traditional securities firms.
• The UAE: The Dubai Multi Commodities Centre (DMCC) introduced a comprehensive regulatory framework for businesses engaged in crypto-related activities.
• India: Showed an increased interest in blockchain and digital assets; explored the possibilities of a central bank digital currency (CBDC) and developed crypto regulations.
• Japan: Introduced a licensing system for cryptocurrency exchanges overseen by the Financial Services Agency (FSA).

Notabene's Industry Impact: Showcased dedication to building a regulatory framework to address anti-money laundering (AML) concerns and facilitating secure cross-border transactions, with a significant increase in transaction volume in the Notabene system.

‍

Travel Rule Implementation Gained Traction

2023 marked a significant leap forward in Travel Rule implementation. Inspired by FATF guidelines, jurisdictions worldwide have made substantial progress enforcing this essential measure. According to a recent report by Price Waterhouse Cooper, 42 countries have engaged in discussions or enacted cryptocurrency regulations and laws in 2023. These efforts primarily concentrate on four central areas: regulating stablecoins, ensuring compliance with the travel rule, providing clear guidelines for licensing and listings, and developing comprehensive frameworks for cryptocurrency.

Global emphasis on Travel Rule

Across the globe, regulators highlighted the importance of Travel Rule. 

• The UAE: VARA and ADGM emphasize the need for policies and steps related to the Travel Rule for provisional licenses. 
• Hong Kong: the Securities and Futures Commission (SFC) adopted a descriptive approach, outlining specific due diligence requirements for Virtual Asset Service Providers (VASPs). 
• Japan: the amendment to the Act on Prevention of Transfer of Criminal Proceeds (APTCP) amendment established more straightforward Travel Rule obligations for VASPs, contributing to a more defined regulatory landscape.  
• The EU’s revised Travel Rule Framework (TFR) introduced Travel Rule requirements for Crypto Asset Service Providers (CASPs), ensuring harmonization across all 27 member states.

2023 Travel Rule enforcement dates

• February 7, 2023 —  Dubai
• June 1, 2023 — Hong Kong
• June 1, 2023 —  Japan
• September 1, 2023 — United Kingdom

Heightened transparency and cross-border collaboration

These moves have not only heightened transparency but have also laid the groundwork for effective cross-border collaboration. As the latest addition to crypto AML regulations, Travel Rule compliance uniquely offers VASPs transaction-level insights into counterparties, and sanctions. This insight enables VASPs to detect whether clients send transactions to sanctioned entities, wallets, or jurisdictions. Properly implemented, Travel Rule compliance empowers VASPs to halt potential illicit transactions before they are recorded on the blockchain, thereby reducing overall risk exposure and avoiding operational challenges.

‍

Interoperability Challenges Were Addressed

The industry has made significant progress in addressing the interoperability challenges obstructing seamless collaboration between disparate networks and closed systems. Standardization and collaborative initiatives bridged the gaps, fostering a more interconnected and compliant ecosystem.

Key developments in interoperability:

• IVMS102 Updates: The industry's efforts in updating the IVMS102 standard have been noteworthy. IVMS102 is crucial in standardizing messaging formats across different systems, facilitating smoother information exchange, and reducing complexities in multi-system interactions. This standard is critical in ensuring that different platforms can effectively communicate and transact with one another.
• TRP and TRISA Collaboration: The integration of TRP, a decentralized peer-to-peer Travel Rule protocol, with TRISA, is a significant stride forward. VASPs using TRP can effortlessly exchange compliant data with those using TRISA. This marks a monumental step in global compliance and security enhancement.
• Notabene's SafeGateway Solution: Notabene introduced SafeGateway, a noteworthy innovation enhancing Travel Rule compliance. It facilitates seamless interactions between VASPs across various protocols, enabling a unified compliance strategy and efficient access to counterparties, thus simplifying regulatory adherence. This development has been a focal point in Notabene's contributions to the FATF’s Virtual Asset Contact Group discussions.

‍

Technological Advancements in Compliance Tools‍

Did someone say AI?

The rapid evolution of compliance technologies has been a standout feature of the year. Companies have harnessed blockchain analytics, artificial intelligence, and machine learning to develop sophisticated tools. These tools are used for monitoring, reporting, and ensuring adherence to regulatory requirements and transparency for crypto compliance, as demonstrated by the cross-chain investigation tools that blockchain analytics companies can offer.

2024 Projections for Crypto Regulation: Key Trends to Watch

So, what’s on my crystal ball for 2024 projections? Here are a few themes. 

‍

Heightened Scrutiny on Source of Funds Controls

Recent geopolitical events, particularly the Russia-Ukraine conflict, have intensified the focus on sanctions compliance in cryptocurrency transactions. This shift has led to increased regulatory pressure on Virtual Asset Service Providers (VASPs) to monitor the sources of funds more rigorously. Compliance with the Travel Rule plays a pivotal role here, as it empowers Beneficiary VASPs with clear records of fund sources, aiding in mitigating sanctions risks.

• UK Regulations: In the UK, beneficiary VASPs must return funds to the originator if there are discrepancies or missing Travel Rule information, ensuring tighter control and transparency.
• UAE Guidelines: The UAE's Virtual Assets Regulatory Authority requires Beneficiary VASPs to collect and retain detailed information about the originator and beneficiary for transactions exceeding AED 3,500.
• Hong Kong's Approach: A similar emphasis on the verification of fund sources is also observed in Hong Kong.

However, the success of Travel Rule compliance, particularly in deposits, largely hinges on the cooperation of Originator VASPs. Challenges such as the Sunrise Issue and limitations in protocol interoperability present obstacles to effective collaboration and compliance.

Amplified Focus on Custody of Customer Funds

In response to recent fund misappropriation and mismanagement incidents, regulators worldwide are moving towards stricter rules for the custody of customer funds. This shift is particularly evident in the growing requirement for a clear separation between exchange services and the custody of funds, emphasizing the importance of safeguarding investor assets.

Examples of funds segregation regulations:

• Canadian Regulations: The Canadian Securities Administrators have mandated crypto exchanges to segregate user funds and use appropriately qualified custodians to hold them.
• US SEC's Proposal: In the United States, the Securities and Exchange Commission (SEC) has proposed expanding and enhancing the role of qualified custodians to ensure safer custody of investor funds by investment advisors.
• Taiwan's Approach: Taiwan’s financial regulators are considering similar requirements for exchanges to segregate customer funds.
• Japan's Precedent: Japan already has a requirement for the separation of customer funds, a policy that contributed to mitigating the local impact of the FTX collapse.

These examples indicate a global trend towards more robust and transparent practices in the custody of customer funds within the crypto industry, reflecting a move towards increased protection for investors and stakeholders.

‍

Intensified Emphasis on Stablecoin Regulation

Stablecoin regulatory action will continue to increase in 2024. In 2023, various countries and financial bodies were actively working on regulatory frameworks to address stablecoin issuance and usage within their jurisdictions. These regulations may require stablecoin issuers to adhere to specific reserve and reporting requirements. 

In 2023, several countries and organizations advanced their stablecoin regulations:

• Hong Kong Regulators Push for Stablecoin Guidelines - Regulators in Hong Kong began looking to establish guiding principles for stablecoins before the end of 2023.
• The Biden administration in the U.S. proposed stablecoin regulation and the possibility of a digital dollar⁠
• Japan passed regulations allowing investors to trade using certain stablecoins 

• The U.S. House Committee published a draft stablecoin bill⁠ 3
• The Bank of England released stablecoin regulations due to take effect in 2024⁠ 

‍

Widespread Adoption of the Travel Rule

In 2024, we expect a significant surge in the global adoption of the Travel Rule. As more jurisdictions recognize its importance, we anticipate a large comprehensive network of compliant VASPs that will begin seamlessly exchanging information, fostering a safer and more transparent crypto environment. 

Key movements to mobilize compliance in 2024 include the EU's Transfer of Funds regulation, which will unify Travel Rule across EU nations, and LATAM's alignment efforts, highlighted by the Central Bank of Brazil's recent crypto consultations.

‍

Emergence of Unified Global Regulatory Frameworks

The upcoming year is set to witness the evolution of the groundwork laid in 2023 into more extensive, globally aligned regulatory frameworks and the development of more structured and transparent regulatory approaches. This development is expected to streamline cross-border regulatory processes, simplify compliance for crypto businesses, and create a more equitable playing field.

EU's regulatory advances

The EU has made significant strides with the introduction of the Regulation on Markets in Crypto-Assets (MiCA) and the revised Transfer of Funds Regulation (TFR). MiCA establishes a comprehensive framework for diverse crypto assets and service providers, aiming to balance investor protection, financial stability, and innovation. The revised TFR uniformly applies Travel Rule requirements across all EU member states, replacing the previously varied national approaches with a consistent compliance timeline.

UK's holistic approach

In a similar vein, the UK has embraced a comprehensive approach to crypto regulation. In 2023, HM Treasury issued significant updates on several regulatory fronts:

• Future financial service regime for cryptoassets, addressing the early stages of regulating DeFi activities and the regulatory treatment of staking.
• Management strategies for the failure of systemic Digital Settlement Asset firms.
• Plans to regulate fiat-backed stablecoins, with a goal to introduce related legislation by early 2024.

The UK's early and successful implementation of Travel Rule requirements, preceding the EU, highlights a growing trend towards transactional transparency. This development is leading to an increasing market preference for compliant transaction flows in the crypto sector.

These advancements in the EU and UK point to a trend towards more organized and transparent regulatory environments in the crypto industry, with a focus on protecting investors and encouraging innovation.

‍

Blurring Boundaries: Crypto Will Meet Traditional Finance 

The integration between the crypto industry and traditional financial sectors is projected to deepen further. 2024 is poised to be a year where we see heightened collaborative efforts leading to innovative financial products that bridge the gap between conventional and decentralized systems. This will be exciting! 

‍

Enhanced Privacy Measures

As the crypto industry continues to mature, a concerted focus on balancing regulatory compliance with user privacy is expected. We anticipate the  emergence of new privacy-centric technologies and protocols, offering enhanced confidentiality while maintaining adherence to regulatory standards.

‍

Crypto and Compliance Education: A Continuing Focus

Education and awareness programs will remain at the forefront of industry initiatives. As more users join the crypto space, understanding the importance of compliance and responsible practices will become paramount. Expect to see a surge in educational initiatives aimed at users, businesses, and regulators alike. Watch this space.

As we venture into 2024, the industry's commitment to responsible innovation, regulatory adherence, and collaborative growth will shape a future where digital assets seamlessly coexist with traditional finance, offering a dynamic and secure landscape for all stakeholders.

Here's to a year of continued evolution, progress, and positive disruption in the ever-evolving world of crypto compliance.

‍

P.S. When Lambo??

‍

‍

‍

‍

‍

Lana Schwartzman

Notabene is delighted to announce our new partnership with Tap, a rapidly growing fintech provider, specializes in traditional money account management and cryptocurrency settlement solutions for over 250,000 registered users, This a strategic move aimed at bolstering Tap’s compliance operations through SafeTransact's top-tier solutions for continuous adherence to the crypto Travel Rule. 

This collaboration aligns perfectly with Notabene’s mission to make crypto transactions a part of the everyday economy. Our partnership is a testament to Tap's dedication to consumer trust and proactive stance in consistently meeting pre-transaction regulatory requirements.

Enhancing Compliance in the Crypto Industry

The cryptocurrency market is rapidly evolving, increasing regulatory demands for transparency, security, and compliance with local crypto legislation. Tap's strategic decision to partner with Notabene addresses a critical industry need in this context.

Notabene's powerful SafeTransact platform and SafeGateway solution offer distinct advantages:

• SafeTransact: Strengthens identification and mitigation of high-risk activity, empowers compliance teams with data-driven decision-making tools, and seamlessly integrates the Travel Rule into compliance processes.
• SafeGateway: A standout feature that facilitates effective VASP-to-VASP interactions across protocols, positioning Notabene at the forefront of the cryptocurrency compliance solutions sector.

Tap, known for its regulatory-first approach, emphasizes the importance of consumer trust and operational transparency. This partnership with Notabene will enhance Tap's operational efficiency and maintain its competitive edge in the industry.

Leaders’ Insights on the Collaboration

Kriya Patel, CEO of Tap, expressed enthusiasm about this strategic alliance with Notabene. 

“I am delighted to be able to announce our strategic partnership with Notabene and I look forward to growing the relationship together whilst navigating through to meeting and maintaining our current and future regulatory requirements in our industry. 

The partnership with Notabene was a natural one. They share the same values as Tap by focusing on customer-driven product needs, whilst allowing us to maintain a regulated and security-first approach.” - Kriya Patel, CEO of Tap.

Pelle Braendgaard, CEO of Notabene, echoed these sentiments, noting the alignment of Tap's commitment to compliance and customer trust with Notabene’s mission.

"We are pleased to collaborate with Tap, their commitment to compliance and customer trust aligns seamlessly with our mission. Together, we can advance the industry while ensuring the highest standards of security and transparency." - Pelle Braendgaard, CEO of Notabene.

In conclusion, Tap's partnership with Notabene is a forward-thinking move, aligning with the evolving demands of cryptocurrency regulation and reinforcing its commitment to maintaining the highest standards of compliance and customer trust.

As 2024 begins, we at Notabene reflect on a year of substantial milestones from the previous year. 2023 was a turning point, with regulatory clarity in financial hubs like the UK and Hong Kong and an industry-wide push toward trust-building key drivers to its recovery and widespread global adoption.

Of the 42 countries advancing crypto-focused regulations this year, the Financial Action Task Force’s (FATF) Travel Rule was the leading focus area, with 40 countries engaged in passing it as a requirement or having already done so. Virtual asset service providers (VASPs) globally welcome regulatory clarity as they expand their geographical operations.

This is a major inflection point for the industry, with those building trustworthy and compliant businesses best situated to succeed in 2024 and beyond. With Travel Rule compliance now a core requirement for VASP-to-VASP interactions, we have seen a substantial uptick in ‘compliant’ volumes, VASPs, asset types, and jurisdictions.

Notabene has risen to the challenge, improving transaction processing for custodial and non-custodial transactions, automating real-time transaction compliance, broadening our network and service offerings, and reinforcing our leadership in crypto pre-transaction decision-making.

Here’s a look back at some of the key highlights that defined Notabene’s 2023.

Processed Over $43 Billion in Transaction Volume Through SafeTransact

Our monthly transaction volume impressively increased by 760% year-over-year, reaching more than $9 billion. In 2023 alone, SafeTransact processed over $43 billion, significantly expanding our operational scale and impact. This remarkable volume underscores the global crypto community's trust and reliance on our platform. These figures mark a major milestone for Notabene, reflecting the growing adoption of compliant crypto transactions. Additionally, this volume originates from 70+ active VASPs, showing a diverse and non-dependent pattern on any single major VASP.

‍

Expanded Reach to 24 Originator Jurisdictions and More Than 63 Beneficiary Jurisdictions

Over the past year, there has been a significant surge in the number of jurisdictions involved in sending and receiving Travel Rule data transfers. The number of originator jurisdictions has soared by 118%, jumping from 11 in 2022 to 24 now. Simultaneously, beneficiary jurisdictions have increased by 16%, rising from 54 to 63. The top 5 originator jurisdictions by volume are the UK, Gibraltar, USA, Singapore, and Switzerland. This expansion signals considerable progress towards extensive global coverage and indicates an escalating urgency among counterparty responses. Importantly, it powerfully underscores the widespread, cross-global impact of cryptocurrency transactions.

‍

Identified Over 880,000 Self-Hosted Wallet Transactions

We've significantly expanded our services by supporting over 200 types of self-hosted wallets. Our user-friendly pop-up interface, SafeConnect, which efficiently identifies, collects, and verifies counterparty information using cryptographically signed messages, has successfully identified transactions involving more than 880,000 non-custodial wallets. This metric reinforces our commitment to managing and mitigating counterparty risk in crypto transactions beyond fulfilling Travel Rule transmission obligations in VASP-to-VASP transactions.

Supported Transactions in 350 Diverse Virtual Assets, a 162% increase

End-users transacted with 350 diverse asset types, up 162% from 2022. This growth demonstrates clients using more of our Notabene Network’s capabilities, which support over 10,000 asset types. It is also a testament to the expansion of secure crypto transactions to a broader range of crypto assets.

‍

Increased Customer Base to Over 120

Our customer community reached an impressive milestone of 120 members, including tier-one banks, custodians, fiat on/off ramps, and global exchanges, demonstrating the increasing trust and reliance on Notabene’s services.

‍

Launched Pivotal Features Like SAFE Implementation, SafeGateway, and Network Discoverability

In 2023, Notabene enhanced SafeTransact’s platform capabilities through significant features: SAFE Implementation, SafeGateway, and Network Discoverability, alongside numerous supporting enhancements. 

• SAFE Implementation streamlines Travel Rule compliance through a four-phase, rapid setup process, facilitating a smooth transition to full compliance.
• SafeGateway tackles the interoperability challenges of the Travel Rule by facilitating VASP-to-VASP interaction across protocols. 
• Network Discoverability addresses the challenge of identifying counterparties in transactions, offering a privacy-focused solution for VASPs to automatically recognize blockchain addresses, thus bolstering transaction security and efficiency.

‍

Achieved a 86% Transfer Match Rate

SafeTransact demonstrated remarkable efficiency, with 86% of transfers successfully reaching counterparties. This achievement highlights the platform’s noteworthy reachability rates despite the persistent fragmentation on the protocol level.

‍

Continued Our Award-Winning streak 

We continued our award-winning streak, receiving multiple accolades, including Regulation Asia’s “Best Travel Rule Compliance Solution” award for the second consecutive year. Further, several of our teammates—Lana Schwarzman, Alice Nawfal, Catarina Veloso, and Abi Bryant Spolar, were longlisted for Wirex’s 2023 Women in Crypto Power List.

‍

Introduced a Fully Integrated Solution to Process Travel Rule-Compliant Transactions with Fireblocks

This year, Notabene and Fireblocks launched a fully integrated solution for Travel Rule compliance in crypto transactions. This collaboration combines Notabene’s pre-transaction decision-making and Fireblocks’ platform for real-time compliance and adherence to global standards. Integrated into Fireblocks’ Compliance Suite, alongside Chainalysis and Elliptic partnerships, our joint offering delivers holistic pre-transaction risk management and close alignment between Travel Rule flows and transaction settlement. Learn more.