Hong Kong Sets New Standards for Stablecoin Travel Rule Compliance

Today, Hong Kong just raised the bar for stablecoin regulation worldwide. The Hong Kong Monetary Authority's (HKMA) new AML/CFT guidelines for licensed stablecoin issuers established a comprehensive Travel Rule framework, which will come into effect on 1 August 2025, and it has significant implications for the global stablecoin ecosystem.

Compliance with the Guidelines is enforced through the Stablecoins Ordinance and the AMLO. A licensee who fails to comply with this Guideline may be subject to disciplinary or other actions under the Stablecoins Ordinance and/or the AMLO.

Zero Tolerance for Compliance Gaps

Unlike jurisdictions that set minimum thresholds for Travel Rule compliance, Hong Kong takes a zero-threshold approach. Travel Rule compliance is required for every stablecoin transfer, no matter the value. 

Ordering Institutions

Ordering institutions, meaning those initiating the stablecoin transfer, bear the most extensive obligations. They must “obtain and record” detailed originator and recipient information for all transactions. 

For transfers above $8,000:

• Issuers must obtain and record the originator's name, account number (or unique reference number), address (geographical, registered office, or principal place of business), customer identification number or ID document number (or date/place of birth for individuals), the recipient's name, and the recipient's account number (or unique reference number).  
• The submitted originator information must be accurate, meaning it has been verified as part of the customer due diligence (CDD) process. 
• Additionally, for occasional transfers ≥ $8,000, the originator's identity must be verified. 

Before executing a transfer, the ordering institution must securely and immediately transmit this data to the beneficiary institution. 

• "Securely" means protecting the integrity, availability, and confidentiality of the information from unauthorized access or disclosure. This involves counterparty due diligence, potential bilateral data sharing agreements, encryption, and adequate information security controls. 
• “Immediately” means the information must be sent before or simultaneously with the transfer.

For transfers below $8,000: 

• Issuers must must obtain and record the originator's name, account number (or unique reference number), the recipient's name, and the recipient's account number (or unique reference number).  
• Occasional transfers under the threshold don’t require identity verification unless linked transactions collectively exceed the threshold or if suspicious activity is suspected.

Execution cannot proceed unless all these requirements are met. Ordering institutions must also keep detailed records to demonstrate how they fulfilled the transmission, security, and timing obligations.

Intermediary Institutions

Intermediary institutions, those participating in the transfer chain the transaction, must retain all originator and recipient information they receive and transmit it unchanged to the next party in the chain, whether another intermediary or the final beneficiary institution. This information must be submitted securely and immediately, mirroring the expectations placed on ordering institutions. They cannot modify or delay this transmission.

Beneficiary Institutions

Beneficiary institutions, those receiving the stablecoin transfer on behalf of the recipient, must obtain and record the information transmitted to them. If the transfer equals or exceeds HKD 8,000 and the recipient has not been previously verified under customer due diligence, they must complete that verification. They must also confirm that the recipient’s name and account number match the data received, and follow up with appropriate measures if any discrepancies arise.

This eliminates the compliance fragmentation we see in other markets where different thresholds and enforcement timelines create operational complexity. When dealing with Hong Kong-licensed stablecoin issuers, there's no guessing about when Travel Rule applies—it always does (see Notabene’s 2025 State of Crypto Travel Rule Report for a global comparison of thresholds and regulatory approaches).

Handling Incoming Transfers Lacking Required Information

Instructed institutions, meaning intermediary or beneficiary institutions, must implement robust procedures for handling incoming stablecoin transfers that lack the required originator or recipient information. They are expected to proactively identify such transfers through reasonable measures, which may include real-time or post-event transaction monitoring. Once identified, the institution must apply a risk-based approach to determine whether to proceed with the transfer, temporarily suspend the funds, or return the stablecoins to the sender. These policies should also guide what follow-up actions are appropriate based on the severity and context of the deficiency. Institutions must attempt to obtain the missing information from the instructing institution as soon as reasonably practicable. If the information cannot be retrieved, they should evaluate whether to restrict or terminate the relationship or apply other risk mitigation steps to address potential money laundering or terrorist financing risks. Additionally, if any submitted data is found to be incomplete or nonsensical, the institution must take prompt and reasonable actions to address the resulting ML/TF exposure.

Technology Providers: No Safe Harbor

Here's where things get particularly interesting for our industry. The guidelines make crystal clear that stablecoin issuers remain fully liable for Travel Rule compliance even when using third-party technology solutions. There's no safe harbor for outsourcing compliance.

The HKMA requires issuers to conduct thorough due diligence on any Travel Rule technology provider, evaluating:

• Identify a transfer: Can the solution accurately identify stablecoin transfer counterparties and securely submit and retrieve required originator and recipient information in real time—including in cross-jurisdictional scenarios where data may be incomplete or missing. 
• Interoperability: Can the solution communicate with other systems?
• Scalability: Will it handle high transaction volumes reliably?
• Security: Does it adequately protect transmitted information?
• Compliance integration: Can it support ongoing monitoring and sanctions screening?

Additionally, the solution should support counterparty due diligence workflows, facilitate information requests between institutions, and maintain robust record-keeping capabilities. 

Counterparty Due Diligence Gets Serious

Perhaps the most operationally challenging aspect is the comprehensive counterparty due diligence requirements. The HKMA makes it clear: the risk doesn’t end at the licensee’s perimeter. It extends to any other financial institution or VASP involved in a stablecoin transfer. The objective is twofold: prevent transfers to or from illicit actors or sanctioned entities, and ensure Travel Rule compliance throughout the transaction chain.

Before a licensee conducts a transfer or makes stablecoins available to a recipient, it must assess the ML/TF risk posed by the stablecoin transfer counterparty. This involves determining whether the transfer involves another regulated entity or an unhosted wallet, and if it’s the former, identifying the counterparty using public registries of licensed or registered institutions. A risk-based approach (RBA) must be used to evaluate several factors: the nature of the counterparty’s business, customer base, geographic footprint, and most importantly, the strength of its AML/CFT controls and the regulatory oversight in its jurisdiction.

The due diligence doesn’t stop at identification. Licensees must verify that the counterparty can meet its obligations under the Travel Rule, especially in cross-border scenarios. This includes confirming whether the counterparty is subject to equivalent regulatory requirements, has implemented robust controls to protect personal data, and can reliably exchange originator and beneficiary information. Institutions deemed higher-risk such as those operating in weak regulatory jurisdictions, lacking licensing or registration, or connected to suspicious activities—must be monitored more closely.

Importantly, this due diligence process isn’t required for every single transaction. If a counterparty has already been vetted and no new risks have emerged, the licensee can rely on existing due diligence. But ongoing monitoring is mandatory. That means watching for red flags, such as unexpected behavior, transaction anomalies, or adverse media, and regularly updating the risk profile. If new risks emerge, the licensee must reassess whether it can continue to transact with the counterparty and, if necessary, impose stricter controls or terminate the relationship entirely. The bottom line is clear: if a counterparty cannot be trusted to meet baseline compliance obligations, the licensee is expected to walk away.

Unhosted Wallets Get Enhanced Scrutiny

The regulatory framework treats unhosted wallets with particular scrutiny. These wallets allow users to hold their own private keys and transact peer-to-peer without an AML/CFT-regulated intermediary, making them an attractive tool for illicit actors seeking to exploit gaps in oversight. The HKMA takes a cautious but risk-based approach: if licensees want to interact with unhosted wallets, they must prove that their controls work.

For stablecoin transfers involving unhosted wallets held by customer stablecoin holders, licensees must collect detailed information. If a customer initiates a transfer to an unhosted wallet, the licensee must capture the customer’s name, account number, and identifying information, along with the recipient’s name and wallet address. If the transfer is from an unhosted wallet into the licensee’s ecosystem, similar information must be recorded, but now it’s the originator’s wallet address and the recipient’s account with the licensee that come into focus. For transfers under HKD 8,000, certain identity elements can be omitted—unless the transactions appear linked or suspicious.

But collecting data is only one part of the equation. Licensees must actively manage the risks posed by customer wallets used for issuance or redemption. This includes verifying that the customer owns or controls the wallet through mechanisms like cryptographic signature proofs, micropayment tests or message signing. They must also screen wallet addresses for connections to sanctioned entities or suspicious activity. If a wallet is flagged as high risk, enhanced controls are required. These aren’t theoretical expectations. The HKMA encourages firms to maintain internal lists of wallet addresses that have triggered scrutiny to enable swift action when risk surfaces again.

The takeaway is clear: in Hong Kong, interacting with unhosted wallets doesn’t exempt firms from AML/CFT standards. It raises the bar. Controls must be evidence-based, continuously monitored, and capable of scaling with the evolving threat landscape.

Real-Time Compliance Required

The guidelines mandate "immediate" transmission of Travel Rule information—meaning before or simultaneously with the transfer, not after blockchain settlement. This aligns with global regulatory trends toward pre-transaction risk assessment, but it's technically challenging for many existing systems.

Traditional post-transaction Travel Rule implementations won't cut it in Hong Kong. Systems need to support real-time authorization flows where compliance checks happen before funds move.

Global Implications

Hong Kong's approach signals where global stablecoin regulation may be heading. The jurisdiction is positioning itself as a compliant stablecoin hub, but only for issuers willing to meet the highest standards.

The zero-threshold approach also has practical implications for global stablecoin operations. As more jurisdictions adopt comprehensive frameworks, we're moving toward a world where Travel Rule compliance becomes universal rather than threshold-based.

The Cautious Regulator's Dilemma

The HKMA's "risk-based but cautious approach" reflects a broader regulatory reality: authorities want to enable innovation while preventing regulatory arbitrage. 

The guidelines repeatedly emphasize that issuers must prove their systems work. This evidence-based approach to compliance represents a significant shift from checkbox exercises toward measurable risk mitigation.

What This Means for the Industry

For stablecoin issuers eyeing Hong Kong licenses, compliance-by-design isn't optional—it's the entry requirement. The days of bolting on Travel Rule capabilities as an afterthought are over.

 Generic Travel Rule solutions won't suffice; systems need to handle the specific requirements of the Hong Kong framework, including zero thresholds and enhanced unhosted wallet controls.

Most importantly, this framework shows that comprehensive stablecoin regulation is not only possible but practical. Hong Kong is proving that you can maintain the speed and efficiency of blockchain-based payments while meeting the highest AML/CFT standards.

The question now is which other jurisdictions will follow Hong Kong's lead—and whether the global stablecoin ecosystem will converge around similarly comprehensive standards.

Introducing Notabene Transact: The Next Generation of Transaction Authorization for Complex Crypto Transactions

New York, London, Singapore - July 1, 2025 – Notabene, the trust layer for global money movement, today announced the launch of Notabene Transact, the next evolution in secure, real-time transaction authorization, purpose-built for regulated entities navigating complex digital asset flows. Built on an open network powered by the innovative new Transaction Authorization Protocol (TAP), Notabene Transact transforms transaction authorization from a reactive Travel Rule obligation into a trusted, strategic engine for growth. Designed for how crypto actually moves today, Notabene Transact effortlessly manages the reality of complex multi-party transactions, giving institutions the confidence to scale securely, compliantly, and faster than ever before.

Built for the new rules of crypto

2025 marks a turning point. Regulatory clarity in key markets is accelerating institutional adoption, but with growth comes greater complexity—and compliance is now a baseline expectation. To enable compliant, real-time transaction flows with minimal friction, institutions need powerful authorization infrastructure running in the background, making decisions at the speed of business.

Most transaction authorization tools were built for simple peer-to-peer transfers, not the complexity of today’s digital asset flows. Notabene Transact is purpose-built for the real world, supporting multi-party transactions across intermediaries, custodians, and self-hosted wallets. It automates compliance across jurisdictions and delivers real-time, policy-based decisions—enabling compliant, scalable transactions by design.

A powerful element of Notabene Transact is the combination of two key capabilities: an innovative discovery and verification system that identifies all counterparties in a transaction flow, and a customizable policy engine that automates decisions based on an institution’s risk appetite, regulatory obligations, and trusted business relationships. This system of trust enables faster approvals, lower friction, and increased transaction throughput, unlocking growth across global borders.

“As the leader in Travel Rule compliance, we’ve had a front-row seat to the challenges institutions face as the crypto industry matures,” said Pelle Brændgaard, CEO of Notabene. “We didn’t just build Notabene Transact as a product, we took on the responsibility of building the open infrastructure this industry needs. By working hand-in-hand with customers, regulators, and the wider market, we created a solution that accelerates adoption, lowers risk, and sets the foundation for global growth on an innovative new open messaging protocol. With the Transaction Authorization Protocol (TAP) at its core, Notabene Transact moves the industry into a future defined by trust, openness, speed, and scalability.”

Built on TAP: Open, secure, ready to scale

The Transaction Authorization Protocol (TAP) is the open source, decentralized messaging protocol powering Notabene Transact. Unlike SWIFT and other closed-loop or outdated messaging systems, TAP is purpose-built for today’s multi-party, real-time digital asset economy. It enables secure, policy-based data exchange across any blockchain, asset, or protocol—without locking institutions into closed infrastructure.

TAP’s architecture includes a fully segregated, end-to-end encrypted data model, no central points of control, and seamless interoperability across evolving regulatory and operational environments. Combined with the Notabene Network, the largest ecosystem of regulated crypto institutions, Notabene Transact gives businesses the confidence, visibility, and flexibility to authorize transactions globally, scale across jurisdictions, and future-proof their operations.

Leading with uncompromising security

Notabene Transact delivers industry-leading security by design. Built on TAP’s decentralized, end-to-end encrypted architecture, it ensures that every data exchange is auditable, every authorization decision is traceable, and every workflow is optimized for straight-through processing. This dramatically reduces manual effort and operational risk for high-volume institutions operating at global scale.

“Security and speed aren't trade-offs in our architecture, they're both intrinsic,” Pelle Brændgaard added. “When institutions trust their infrastructure and their counterparties, they can move faster. And when they can move faster with full compliance, they can scale volumes globally without friction.”

With Notabene Transact, institutions now have the infrastructure to move faster, authorize with confidence, and scale across jurisdictions, without compromise. Powered by TAP, Notabene Transact sets the standard for secure, trusted, real-time transaction flows in the global digital asset economy.

Notabene Transact is available now. Learn more here: https://notabene.id/transact

About Notabene

Notabene is the trust layer for global crypto money movement, powering the largest Travel Rule-compliant transaction authorization network for regulated institutions globally. Our platform enables regulated entities across 100+ global jurisdictions to securely and seamlessly verify counterparties, authorize transactions, and comply with regulations—ensuring trust in every transaction.

With SOC-2 certification, ISO27001 compliance, and a strong focus on privacy and user experience, Notabene provides industry-leading tools for real-time transaction authorization, decision-making, counterparty sanctions screening, and self-hosted wallet identification.

Headquartered in New York, Notabene operates globally with a presence in Switzerland, Singapore, Germany, and the United Kingdom. Trusted by over 240 companies, including Copper, Luno, Crypto.com, and Bitstamp, Notabene helps institutions build trust into every transaction while ensuring compliance with evolving regulatory frameworks.

Start for free with the world’s largest VASP Network at Notabene.id.

Connect with us on LinkedIn | Twitter

Media Inquiries

Sacha Lowenthal
[email protected]

Today marks the half-year anniversary of the European Union’s Transfer of Funds Regulation (TFR). As we reach the mid of 2025, it’s worth looking back at the path that shaped today's regulatory reality. The year 2023 was defined by the entry into force of the Travel Rule in the UK. In 2024, the EU followed suit. Now, six months into this new phase, the time is ripe to assess the progress of the TFR, draw comparisons with the UK’s experience, and uncover the lessons that can guide the effective implementation of Travel Rule regimes.

What the Data Tells Us

In 2023, our team at Notabene was fully mobilized to prepare the UK crypto industry for the arrival of the Travel Rule compliance, set to take effect on September 1, 2023. We engaged across multiple fronts: running testnets with cohorts of VASPs under the FCA's regulatory sandbox, co-chairing the Travel Rule working group within CryptoUK, and participating in numerous industry events, both as hosts and speakers.

By year’s end, true to our usual practice, we started examining the results of our annual State of Crypto Travel Rule Survey. It was one of those gratifying moments when the effort feels justified: the data showed that 100% of UK respondents reported being compliant with the Travel Rule, a clear signal that industry readiness had been achieved.

In 2024, with equal dedication, we turned our focus to supporting the rollout of the Travel Rule across the European Union. Our approach was similarly comprehensive: we published detailed guides, launched an in-depth certification course dedicated to EU Travel Rule requirements, delivered a three-part webinar series covering the regulations, hosted an EU-wide testnet for CASPs and regulators, and ran a series of targeted workshops for our customers.

Yet, when we reviewed the latest survey data, the results were surprising. Despite the significant groundwork, 71.2% of EU respondents indicated they were not yet compliant with the Travel Rule, with 40.4% identifying the first quarter of 2025 as their intended compliance timeline.

These figures stood in contrast to the momentum we observed within our own Network. In the months leading up to the TFR’s enforcement date of December 30th, 2024, we witnessed a marked increase in Travel Rule activation among EU CASPs. Between January 2024 and January 2025, transaction volumes originating from EU entities on the Notabene network surged by 200x, compared to the 8x growth seen in non-EU originated volumes over the same period. This contrast reflects the significant role the EU Transfer of Funds Regulation in catalyzing Travel Rule adoption within our network.

However, looking beyond our immediate ecosystem, it is clear that the UK rollout achieved a higher degree of readiness at an earlier stage. With children, we often say that each develops at their own pace and should not be compared. But with regulatory frameworks, understanding why one implementation advanced more rapidly than another can offer valuable insights.

With that in mind, the following sections explore how the UK and EU approaches diverge. We’ll examine their defining features, points of friction, and attempt to trace the root causes behind the differences in industry readiness.

The Road to Travel Rule Implementation: Centralised in the EU and Industry-led in the UK

🇬🇧 UK

When the UK implemented the Travel Rule on September 1, 2023, it followed a legislative and regulatory process that deliberately placed industry expertise at the centre.

The Money Laundering and Terrorist Financing (Amendment) (No. 2) Regulations 2022 (MLRs) introduced Travel Rule obligations for crypto firms registered with the FCA, covering both inter-cryptoasset transfers and unhosted wallet transactions.

What set the UK approach apart was the collaborative model that followed. The Joint Money Laundering Steering Group (JMLSG), a private sector body made up of UK financial trade associations, led the drafting of practical guidance for firms. To support the efforts by JMLSG, CryptoUK established a dedicated Travel Rule working group, co-chaired by Notabene, bringing together compliance officers, legal experts, and operational teams to directly work with JMLSG to shape the guidance based on day-to-day implementation realities.

This industry-developed guidance was reviewed and validated by the FCA and HM Treasury, ensuring alignment with regulatory expectations while keeping operational challenges front and centre.

Furthermore, in August 2023, just before the rule took effect, the FCA published targeted guidance to clarify issues raised during the grace period, most notably the “sunrise issue” involving transactions with jurisdictions that had not yet adopted the Travel Rule.

The result was a regulatory framework supported by practical, actionable guidance. 

This collaborative process - combining early regulatory engagement and industry ownership - played a decisive role in the UK achieving high levels of readiness by the time the Travel Rule came into force.

🇪🇺 EU

The EU set out to tackle a far more ambitious task than the UK: introducing uniform Travel Rule obligations across all 27 Member States through a single, binding regulation. This was achieved via the recast of Regulation (EU) 2015/847, better known as the Transfer of Funds Regulation (TFR), which was formally adopted on May 31, 2023 to extend the Travel Rule to crypto transfers.

The creation of detailed implementation guidelines was primarily led by the European Banking Authority (EBA). 

The EBA made several efforts to incorporate industry perspectives. A public consultation on the Travel Rule Guidelines launched on November 24, 2023, alongside public hearings and the formation of Technical Expert Groups (TEGs)—which included industry representatives like Notabene.

However, unlike the UK’s process, where industry actors drafted the practical guidance with regulatory validation, in the EU it was the reverse: regulators drafted the guidelines, and the industry was invited to provide feedback along the way. While this structure provided transparency and some opportunity for dialogue, it inevitably limited the extent to which day-to-day operational challenges of CASPs could shape the final rules.

Takeaway

Guidance developed by industry practitioners and backed by regulatory oversight delivers the hands‑on, pragmatic advice firms need for readiness. In contrast, a top‑down model can miss key nuances encountered in day‑to‑day operations.

Using Grace Periods Strategically

EU CASPs were granted nearly six additional months to prepare compared to their UK counterparts. A long grace period in the EU was the right approach given the complexity of implementing uniform requirements across 27 Member States.

However, based on our experience, the length of a grace period is far less important than how that time is used. A grace period should serve as structured preparation time for both regulators and industry, particularly with the Travel Rule, which directly affects transaction flows, operational processes, and customer experience.

🇬🇧 UK

The UK offers a textbook example of this. Throughout the 13-month grace period, the FCA worked closely with the industry. This started with the acceptance of Notabene's Travel Rule testnets into the FCA regulatory sandbox. This hands-on engagement allowed the FCA to better understand the technical and operational nuances of implementing Travel Rule programs. The FCA also conducted targeted outreach to VASPs, requesting detailed implementation plans and offering feedback based on insights gained from the testnets. As a result, potential gaps were identified early and firms had time to adjust, which led to the high compliance rates we saw post-deadline.

🇪🇺 EU

It would be unrealistic to expect the same degree of coordinated engagement across the EU, where the regulation had to be rolled out simultaneously across 27 jurisdictions and regulatory bodies. However, the grace period fell short even in resolving fundamental questions - for example, when exactly do Travel Rule obligations start to apply?

Even after the Travel Rule formally entered into force on December 30, 2024, confusion persisted among industry participants:

• Some CASPs misinterpreted the transitional period outlined in the EBA Guidelines, assuming it postponed Travel Rule obligations entirely until 31 July 2025. In reality, this period only allows temporary technical limitations in solutions, but full compliance with the TFR is expected regardless of technical limitations.
• Others argued that the TFR only applies once a CASP obtains full authorisation under MiCA, meaning firms operating under transitional arrangements were exempt. The EBA explicitly rejected this interpretation in its July 2024 response to public comments, stating:

  "The EBA stresses that non-compliance with Regulation (EU) 2023/1113 is not accepted."

Takeaway

The UK experience offers a clear takeaway: the success of a regulatory rollout is not defined by how long the grace period is, but by how strategically that time is used. The UK's collaborative, proactive use of its grace period - bringing together regulators and industry to stress-test real-world implementation - was instrumental in achieving early, widespread readiness.

Managing Self‑Hosted Wallets: Risk‑Based Principles or Prescriptive Rules?

🇬🇧 UK

The UK has adopted a non-prescriptive, principles-based approach to regulating interactions with self-hosted wallets, built around risk assessments and operational discretion. Under Regulation 64G(2) of the MLRs, crypto-asset businesses (CBs) are required to assess the risks associated with unhosted wallet transactions and determine whether collecting additional customer information is appropriate.

The JMLSG provides further operational guidance, encouraging CBs to seek additional information when dealing with self-hosted wallets in higher-risk situations. Factors such as transaction size, frequency, and the overall customer relationship inform these assessments. Where higher risks are identified, CBs are expected to apply enhanced due diligence, which may include verifying control over the self-hosted wallet using mechanisms such as micro-deposits or cryptographic signatures.

Crucially, the UK’s framework avoids imposing rigid or overly prescriptive requirements. This allows CBs to adjust their controls based on risk assessments. As a result, UK market participants have largely maintained the ability to support these types of transactions while remaining compliant and adopting robust risk-mitigation policies.

🇪🇺 EU

The EU has taken a more prescriptive stance toward regulating self-hosted wallets, with obligations set out in the TFR and further operational detail provided by the EBA Travel Rule Guidelines.

Under the TFR, crypto-asset transfers involving self-hosted wallets are subject to escalating requirements based on transaction size. For transactions exceeding €1,000, CASPs must verify that their customer owns or controls the receiving self-hosted wallet. The EBA Guidelines elaborate on this obligation by providing a non-exhaustive list of acceptable verification methods, while also making clear that at least one method must be applied in all applicable cases.

A key source of market friction stems from the disconnect between the TFR’s legislative text and the EBA guidelines in what concerns third-party self-hosted wallet transfers. While the TFR does not explicitly impose verification requirements for transactions involving third-party self-hosted wallets, the EBA Guidelines extend obligations to these transactions, creating expectations for due diligence that many CASPs find impractical or disproportionate to implement. 

The result has been a marked trend toward de-risking within the EU. According to Notabene's 2025 State of Crypto Travel Rule Report, VASPs in the EU are 55% more likely to prohibit transactions with self-hosted wallets compared to the global average, reflecting a significant de-risking trend driven by regulatory uncertainty. Faced with operational uncertainty and the high cost of compliance, 15.4% of EU-based VASPs have implemented complete prohibitions on such transactions, compared to a global average of 9.9%.

Takeaway

In this rapidly evolving industry, prescriptive rules often struggle to keep pace with technological change, leading to unintended consequences such as market exclusion and de-risking. The UK's principles-based, risk-driven approach to regulating self-hosted wallets demonstrates how flexible frameworks can promote compliance without stifling innovation or market participation. By contrast, the EU's more prescriptive model has amplified operational uncertainty, prompting many VASPs to restrict legitimate transactions to avoid having to navigate complex, often impractical requirements. Striking the right balance between risk mitigation and operational feasibility requires regulation that empowers firms to apply proportionate and evolving controls.

Counterparty Due Diligence Obligations: All or Nothing?

🇬🇧 UK

In the UK, Counterparty VASP Due Diligence (CVDD) is not explicitly required under the Travel Rule, nor is it addressed in the JMLSG or FCA guidance. This was a conscious decision by UK regulators, who determined that existing frameworks such as data privacy laws and sanctions compliance already provide sufficient oversight. The UK’s approach aims to avoid introducing additional, potentially duplicative obligations that could complicate compliance without clear added benefit.

While this streamlined framework reduces regulatory burden, the lack of specific CVDD guidance may create operational uncertainty for VASPs.

🇪🇺 EU

In contrast, Article 38 of the EU’s TFR amends the 4th Anti-Money Laundering Directive (AMLD4) to expand the definition of correspondent relationships and explicitly include those established for transactions or transfers in crypto-assets. Recital 60 further clarifies that relationships between CASPs and third-country entities executing crypto-asset transfers share similarities with correspondent banking relationships and should be subject to enhanced due diligence measures similar in principle to those applied in traditional banking.

The EBA further issued the EBA/GL/2024/01 Guidelines to specify firms’ obligations where the respondent or its customers are providers of services in crypto-assets, other than CASPs authorised under MiCA, or where they are deemed to present an increased ML/TF risk.

Takeaway

The UK's decision to avoid prescriptive Counterparty VASP Due Diligence (CVDD) requirements reflects a desire to avoid duplicating existing oversight mechanisms. However, the absence of explicit CVDD expectations in the Travel Rule context can create operational uncertainty for VASPs navigating cross-border interactions.

Conversely, the EU’s approach imposes comprehensive CVDD obligations rooted in correspondent banking standards. As the FATF itself acknowledges, Travel Rule compliance requires a more proportionate approach. Unlike in the banking sector, many cross-border VASP-to-VASP transfers happen without an established, ongoing relationship, making traditional correspondent banking due diligence ill-suited in this context.

Neither extreme - a complete absence of guidance nor rigid, banking-style obligations - proves effective. Instead, CVDD requirements should be proportionate and aligned with the realities of the crypto-asset sector.

Reporting Non-compliant Counterparties

🇬🇧 UK

Beneficiary and intermediary CBs are required to report repeated failures by counterparties to provide required Travel Rule information to the FCA. Reporting must include details of both the non-compliance and the remedial steps taken. The UK applies a risk-based approach, allowing firms to determine what constitutes “repeated failure” based on transaction volumes, size, or frequency.

By the time the Travel Rule regulations came into force, formal processes for reporting non-compliant counterparties had not yet been established by the FCA. These procedures are currently being rolled out in the UK.

🇪🇺 EU

In the EU, Article 17(2) of the TFR mandates that CASPs assess whether non-compliance is repeated, using both quantitative criteria (e.g., percentage of missing data transfers, unanswered follow-ups) and qualitative criteria (e.g., cooperation level, reasons for non-provision).

If repeated non-compliance is identified, CASPs must report repeatedly non-compliant counterparties to the relevant AML/CTF authority within three months. Reports should include details on the VASP’s identity, the nature and frequency of breaches, explanations given, and actions taken.

Similarly to the UK, EU CASPs faced uncertainty as the Travel Rule entered into force without clear reporting processes fully established by regulators. The operationalization of these requirements is now underway in key markets like Germany.

Takeaway

Both the UK and EU frameworks mandate reporting non-compliant counterparties as a key enforcement mechanism. However, the absence of established reporting processes at the regulation’s start created uncertainty for VASPs in both regions. While the UK is now actively rolling out clearer reporting protocols, EU jurisdictions still face fragmented implementation.

According to the Notabene State of Travel Rule Report, only 32.7% of EU respondents are prepared to report non-compliant counterparties, including 26.9% who have set up reporting processes but have yet to use them. Actual reporting is low, at just 5.8%, likely reflecting regulatory ambiguity and operational challenges. Additionally, 15.4% of respondents indicate a lack of clear guidance in their jurisdiction.

This highlights the need for streamlined procedures to enable VASPs to fulfil reporting obligations effectively.

Lessons Learned

As we mark six months since the Travel Rule came into force in the EU and reflect on the UK’s earlier experience, several clear lessons emerge from the comparative rollout of these pivotal regulations:

1. Industry‑Led Operational Guidance Drives Readiness

   Regulatory frameworks grounded in operational realities succeed. Industry practitioners are well positioned to lead the drafting of practical implementation guidelines, with regulators providing validation and oversight. This collaborative model yields actionable, context-sensitive rules that help firms achieve compliance more effectively.

2. Grace Periods Work Only When Used Strategically

   The duration of a grace period is far less important than how the time is utilised. Structured, ongoing engagement between regulators and industry is critical to turning a grace period into a true window of preparation rather than merely a delay.

3. Principles-Based, Risk-Driven Approaches Outperform Rigid Prescription

   In fast-evolving sectors like crypto-assets, flexible, risk-based frameworks outperform one-size-fits-all mandates. Such principles-led approaches enable firms to calibrate controls proportionate to risks, fostering compliance without stifling innovation or excluding legitimate market participants.

4. Feasibility of Implementation Is Key to Compliance

   Regulatory mandates that are operationally impractical—such as overly stringent obligations for third-party self-hosted wallets or unclear procedures for reporting non-compliant counterparties—drive firms toward non-compliance or excessive de-risking. Clear, feasible requirements and well-established processes are essential to avoid unintended consequences that undermine regulatory goals.

A combination of principle-based legislative mandates, industry-crafted operational playbooks, and purposeful, collaborative transition periods is key to building effective frameworks that serve both regulatory goals and industry realities, turning compliance from a challenge into a foundation for sustainable innovation and trust.

On June 26th, 2025, the Financial Action Task Force (FATF) released its sixth targeted review of the implementation of FATF Standards on Virtual Assets (VAs) and Virtual Asset Service Providers (VASPs). This targeted review provides an overview of the global progress on implementing anti-money laundering and counter-terrorism financing (AML/CFT) standards for virtual assets (VAs) and virtual asset service providers (VASPs), especially the FATF’s Recommendation 15 (R.15) as well as a section on market developments and emerging risks.

It is worth noting that one of the FATF’s core tools for tackling money laundering and terrorist financing in the virtual asset space is the Travel Rule. As highlighted in FATF’s 2025 update, threats like North Korean state-sponsored hacks, $51 billion in fraud and scam activity, and cross-border laundering networks are thriving partly due to anonymity and fragmented enforcement. Transaction authorization solutions like what we provide at Notabene help VASPs securely exchange the information required by the Travel Rule, identify potentially risky counterparties, and screen wallets linked to scams or sanctions. By making Travel Rule compliance secure and frictionless, Notabene helps regulated financial institutions close off critical pathways used by illicit actors to move and hide funds—whether it’s scam-as-a-service rings, sanctioned regimes, or terror networks exploiting gaps in the system.

As a reminder, Travel Rule applies the FATF’s payment transparency requirements (Recommendation 16) to the Virtual Asset context. The Travel Rule requires VASPs and financial institutions to obtain, hold, and transmit specific originator and beneficiary information immediately and securely before or during the transfer of virtual assets.

Sunrise Issue Narrows as 99 Jurisdictions Advance Travel Rule Legislation

‍‍Jurisdictions have made continued progress on implementing the Travel Rule. In fact, 73% of respondents (85 of 117 jurisdictions, excluding those that prohibit or plan to prohibit VASPs explicitly) have passed legislation implementing the Travel Rule, up from 69% in 2024.

Although the percentage increase from 2024 is small, the number of jurisdictions that have implemented the Travel Rule grew from 65 in 2024 to 85 in 2025. Additionally, another 14 out of 117 jurisdictions said they are currently working on implementation. This would make it a total of 99 out of 117 jurisdictions that have passed or are in the process of passing travel rule legislation which is ultimately closing the gap on the sunrise issue.

What’s the Sunrise Issue?

The “Sunrise Issue” refers to the period when some jurisdictions have implemented the Travel Rule while others haven’t, creating gaps in compliance. This mismatch can make cross-border transactions tricky, as VASPs in compliant countries may struggle to exchange required information with those in non-compliant ones.

However, it's worth to note that 42 of 205 total jurisdictions did not respond to the FATF survey hence indicating that global implementation is still incomplete.

Enforcement Gap: 60% of Jurisdictions with Travel Rule Laws Have Yet to Act

So what does enforcement look like? Of the 85 jurisdictions that have passed legislation on implementing the Travel Rule, only 35 have issued findings or directive or taken enforcement or other supervisory actions against VASPs focused on Travel Rule compliance. That means 50 jurisdictions (nearly 60%) have yet to take formal enforcement steps. This is likely because many jurisdictions have only recently passed Travel Rule laws and are currently focused on establishing supervision frameworks. Jurisdiction may also have ongoing enforcement cases, or working with VASPs to remediate shortcomings.

The effectiveness of the Travel Rule depends on consistent global enforcement. FATF urges jurisdictions that have introduced the Travel Rule to quickly operationalize it, including through effective supervision and enforcement in case of non-compliance. FATF even published a "Best Practice in Travel Rule Supervision" paper to help with this.

The FATF remains committed to working with jurisdictions to facilitate the implementation of Recommendation 15 and mitigate abuse of Virtual Assets and VASPs by illicit actors.

What is Recommendation 15?

Recommendation 15 is FATF’s standard that requires countries to assess and address the risks of virtual assets and VASPs. It’s the foundation for regulating crypto, making sure these businesses follow anti-money laundering and counter-terrorism rules. Strong implementation of R.15 is key to keeping the financial system safer as crypto adoption grows.

Next Steps from FATF:

As part of its ongoing work, the FATF plans to:

• Release short reports on stablecoins, offshore VASPs, and DeFi between October 2025 and June 2026
• Continue helping countries with key challenges, including conducting risk assessments, determining approaches to virtual assets and VASPs, identifying who runs VASP businesses, and putting the Travel Rule into action
• Find better ways to ensure countries are consistently applying, supervising, and enforcing the Travel Rule
• Publish the next major update in 2026, which will show how countries are progressing on Recommendation 15 and responding to new risks in the virtual asset space. This update will also include a revised public table showing which jurisdictions have large VASP activity.

A Closer Look: Which Countries Are Actually Implementing FATF’s Crypto Standards?

In March 2024, the FATF published a table (known as Annex A) showing how FATF members and 20 key countries with materially important VASP activity were doing in applying its standards. The 2025 update adds 9 more non-FATF countries that now meet the criteria. Together, these jurisdictions make up about 98% of the global virtual asset market, making it especially important that they fully follow the FATF rules.

Materially important jurisdictions are based on:

1. Trading volume (over 0.25% of global trading); and/or
2. Jurisdictions with a large virtual asset user base (top 30 jurisdictions with the highest VA ownership and to VA adoption rate).

In total, 9 new non-FATF countries were added: 4 qualified because of high trading volume, and 5 because they have a large number of virtual asset users.

These insights come from countries' responses to FATF’s 2025 self-reported survey. So, what are the key takeaways?

85% of materially relevant jurisdictions have Travel Rule regulation in place or in progress.  Specifically,  from the 67 jurisdictions mentioned in this year's report, a total of 57 have Travel Rule Regulation in place or in progress.

Of the 9 newly added material jurisdictions:

• 3 of them (Bahrain, Czech Republic, El Salvador) have Travel Rule already in place
• 4 of them (Cambodia, Kenya, Pakistan, Saint Vincent and the Grenadines are in process of having TR in place
• 2 of them (Ethiopia and Morocco) explicitly prohibited VAs/VASPs, aligning with similar restrictions reported last year in China, Egypt, and Saudi Arabia.

Additionally, around 94% of the jurisdictions conducted a risk assessment covering VAs and VASPs, while 80% enacted legislation mandating VASPs' registration or licensing and compliance with AML/CTF requirements. Similarly, 79% conducted supervisory inspections on VASPs.

What’s next?

FATF encourages governments to carefully evaluate how virtual assets (VAs) and virtual asset service providers (VASPs) might be used for money laundering or terrorist financing. These assessments can help inform whether to allow or restrict VAs and VASPs, and highlight the importance of clear policies and robust oversight. It’s also crucial to have proper licensing in place, especially for offshore VASPs and those managing stablecoins. As the landscape evolves, authorities are urged to keep pace with new risks—like DeFi platforms, unhosted wallets, and emerging scam tactics such as AI-driven schemes, pig butchering, and address poisoning—by staying informed and proactive.

For more context on FATF’s recent updates to Recommendation 16, check out this related article that breaks down the key changes and what they mean for compliance teams navigating the evolving regulatory landscape.

Read the full FATF Targeted Update here

*Methodology: FATF and the Global Network consist of 205 jurisdictions in total. 163 jurisdictions responded to the 2025 survey. For jurisdictions that did not respond to the FATF’s survey, the FATF has assumed that they have not yet implemented the requirements. For Figure 1.1 on Travel Rule implementation, the data focuses on the 117 jurisdictions that have neither prohibited VASPs nor announced plans to do so.

The Financial Action Task Force (FATF) has finalized revisions to Recommendation 16 (R16), delivering the a substantial overhaul of international payment transparency standards. These changes address two urgent imperatives: modernizing cross-border payment infrastructure to meet G20 objectives of faster, cheaper, and more inclusive transactions, while simultaneously combating an explosive surge in fraud that now represents the dominant proceeds-generating crime worldwide.

The regulatory shift is immediately apparent in the standards' evolution from "wire transfers" to "payment transparency"—a deliberate expansion signaling FATF's intent to capture all payment methods and value transfer mechanisms in our increasingly digital financial ecosystem.

The fraud crisis driving these changes cannot be understated. FATF's own research, including the 2023 report "Illicit Financial Flows from Cyber-Enabled Fraud," reveals staggering growth in both the frequency and monetary impact of fraudulent schemes. This threat has fundamentally rewritten the financial crime playbook, elevating fraud prevention and detection to primary regulatory objective, now standing alongside traditional anti-money laundering efforts as a core pillar of the revised standards.

What Changes? Key Requirements That Will Transform Payment Flows

The revised Recommendation 16 represents a fundamental shift in cross-border payment compliance. This section outlines the key changes introduced by the revision, evaluates how current industry capabilities measure up to the new standards, and demonstrates how the Transaction Authorization Protocol (TAP) is purpose-built to meet the policy objectives behind the update.

Standardized Information Requirements for Cross-Border Transfers and Mandatory Beneficiary Geographic Information

The revised R16 introduces standardized information requirements for cross-border transfers above specified thresholds:

For Originators:

• Name
• Account number (fallback: unique transaction reference)
• Address (fallback: country and town name or nearest option)
• Date of birth (fallback: year of birth)

For Beneficiaries:

• Name
• Account number or unique transaction reference
• Country and town name (or nearest option)

A significant expansion from current requirements, beneficiary geographic information is now mandatory. Previously, there was no obligation to transmit beneficiary geographic information under R16. With the revisions, country and town name are required minimum fields.

FATF's original proposals would have mandated full geographic addresses for both originators and beneficiaries, but extensive industry feedback, including from Notabene, successfully argued that such requirements would create financial exclusion and unnecessary friction, raise data protection concerns, and provide limited anti-money laundering benefit. The final standards reflect significant wins: For originators the year of birth can be provided as a fallback to full date of birth and country and town serve as acceptable alternatives when full addresses aren't available.  For beneficiaries, only country and town are required.

Mandatory Beneficiary Information Verification

One of the most significant changes is the explicit requirement for beneficiary financial institutions to verify information alignment to mitigate the risk of misdirected payments. Combating fraud is now an explicit objective of R16, acknowledged as a key target predicate offense. Institutions must now implement at least one of these approaches:

1. Post-validation checks - Verify name and account number alignment for each transaction
2. Holistic ongoing monitoring - Conduct risk-based monitoring to identify anomalous accounts and misaligned information
3. Pre-validation mechanisms - Use systems like Confirmation of Payee to verify beneficiary information aligment

🔖 Industry benchmark

VASPs in the Notabene network blocked over $696 million in transactions due to incorrect beneficiary information, demonstrating that the industry is leading the way in implementing pre-transaction beneficiary matching procedures that effectively leverage Travel Rule compliance to prevent fraud.

Positive Requirement for Payment Messages to Enable FI Identification

Information in payment messages must now make it possible for all institutions and authorities to identify which financial institution is servicing originator and beneficiary accounts and in which countries these institutions are located. 

🔖 Industry benchmark

Current implementations of R16 by VASPs rely on wallet addresses that provide no institutional identification as account identifiers, forcing VASPs to use imperfect methods like blockchain analytics and customer input to identify counterparties. 

💡 TAP Solution

TAP solves this by replacing address-based transactions with transfer requests that include complete beneficiary institution identification upfront.
Instead of sharing a blockchain address, recipients create secure transfer requests containing full institutional details—eliminating the guesswork and ensuring R16 compliance from the start.

Cross-Border Cash Withdrawal Requirements

R16 extends beyond wire transfers to include requirements for cross-border cash withdrawals. A targeted framework now requires issuing financial institutions to provide cardholder names  within three business days upon request when suspicious transactions are detected through monitoring systems.

This change addresses a significant transparency gap exploited by money launderers who open accounts in foreign countries, obtain payment cards, then return to their home country to make frequent ATM withdrawals—fragmenting their activity across jurisdictions to avoid detection. The new requirements enable acquiring institutions to request cardholder information when suspicious activity is detected, closing this critical intelligence gap.

Upgrades to Purchase of Goods and Services Exemption

The exemption scope has been clarified: when cards are used to fund other types of payment or value transfer (such as person-to-person transfers), the relevant R16 information requirements will apply. Additionally, card networks must now give financial institutions access to directories containing information on card issuing and merchant acquiring financial institutions.

Enhanced Payment Chain Definition

The revised standards clarify that payment chains begin with the financial institution that receives instructions from the customer and end with the institution that services the beneficiary's account or provides cash to the beneficiary. This definition aims to ensure complete information flows throughout complex cross-border payment chains, preventing the fragmentation that has historically hindered effective monitoring.

💡 TAP Solution

TAP's non-deterministic multi-party authorization flow provides full visibility into complex transaction flows, including all intermediaries. The protocol's non-deterministic approach allows any participant to add or replace agents during the discovery process, ensuring complete transparency before authorization.

This non-deterministic multi-party authorization structure enables the inclusion of all agents in the payment chain.

1. Additionally, the local subsidiary (VASP B UK) uses the services of an Institutional Custody provider to secure its customer funds. Therefore, it add the Institutional Custody provider as an agent (Intermediary VASP).
2. The beneficiary customer has an account with a local subsidiary (VASP B UK) and, hence, the parent entity replaces itself with that local subsidiary (the correct beneficiary agent).

   However, in reality:

For example, in the transaction illustrated below, the parent entity of an exchange (VASP B Global) is identified as the beneficiary VASP.

Revised Net Settlement Conditions

New clarification states that where net settlement results from customer transactions, information about underlying transactions is not required to accompany the net settlement. However, R16 requirements still apply to the underlying individual transactions themselves.

Implementation Timeline and Industry Impact

• Late 2026: Publication of comprehensive guidance paper on payment transparency
• Late 2030: Final deadline for R16 implementation across all jurisdictions
• Application to VASPs: Requirements will apply indirectly through R15, with potential updates to maintain alignment. 

The Broader Context: A Platform Shift in Financial Services

The revised FATF R16 signals a recognition that payment transparency must adapt to the realities of modern financial infrastructure. These regulatory changes occur against the backdrop of a fundamental platform shift in financial services - from legacy rails to programmable, real-time, blockchain-enabled networks.

TAP positions itself at the forefront of this transformation, serving as the critical authorization layer that bridges the robust controls of traditional finance with blockchain efficiency.

As the industry progresses toward the 2030 R.16 implementation deadline, TAP is uniquely positioned to help VASPs lead - not lag - in meeting the new standards. Unlike legacy institutions constrained by decades-old systems, TAP is building from a greenfield. This allows us to innovate without compromise, designing solutions purpose-built for today’s regulatory and technological realities. 

The platform shift is underway. The regulatory framework is evolving. TAP bridges both: meeting compliance demands while unlocking the full potential of blockchains as payment rails.

AOPP: Constraints, Limitations, and Adoption Challenges

The Address Ownership Proof Protocol (AOPP) emerged as a technical solution for cryptocurrency users to demonstrate wallet address ownership, primarily in response to regulatory requirements. Despite its promising premise, AOPP has struggled to gain widespread adoption across the cryptocurrency wallet ecosystem. This analysis examines why AOPP remains a niche protocol, which wallets have implemented it, and the fundamental limitations that have prevented it from becoming an industry standard.

A Compliance Solution for Self-Hosted Wallets

AOPP emerged as a technical solution designed to automate the process of proving ownership of self-hosted cryptocurrency wallets. By generating cryptographically signed messages without manual intervention, the protocol aimed to streamline compliance with regulations like the Financial Action Task Force's (FATF) Travel Rule. Swiss financial authorities, particularly FINMA, served as the catalyst for AOPP's development, creating a protocol that would theoretically bridge the gap between regulatory demands and cryptocurrency's decentralized nature.

Selective Adoption in a Growing Market

Years after its introduction, AOPP remains implemented in only a small segment of cryptocurrency wallets. Its current footprint in the ecosystem reveals both its niche utility and broader market hesitation:

BitBox02 is one of the protocol’s consistent supporters. This Swiss-developed hardware wallet integrated AOPP early, reflecting geographical alignment with the protocol's origins and the company's compliance-oriented approach.

Specter Wallet, with its focus on privacy and multi-signature implementations, has maintained AOPP support, positioning it as an option for users navigating both security and regulatory requirements.

What's particularly noteworthy is the pattern of reconsideration among several wallet providers. Trezor, a significant player in hardware wallets, initially implemented the protocol but subsequently removed it after user feedback. Blue Wallet and Sparrow Wallet similarly stepped back from AOPP support after community response. These adjustments highlight the complex balance wallet providers must strike between regulatory compliance tools and user preferences.

Self-Hosted Wallet Market Context

Self-hosted (non-custodial) wallets continue to gain popularity as cryptocurrency users prioritize direct control over their assets. The market for these wallets reached approximately $2.5 billion in 2024 and is projected to grow to $15 billion by 2033. Major players in this space include:

• MetaMask: Over 30 million users
• Trust Wallet: More than 60 million downloads
• Ledger: Approximately 6 million devices sold
• Trezor: A significant player in the hardware wallet segment

Notably, none of the market leaders currently support AOPP, significantly limiting its practical utility in the broader ecosystem.

A Solution Without an Audience

AOPP's limited adoption appears to stem from several structural factors that collectively explain its position in the wallet ecosystem.

Regional Orientation in a Global Market

Developed primarily for Switzerland's regulatory environment, AOPP addresses compliance frameworks that aren't universally applicable. For wallet developers serving diverse international jurisdictions, implementing a protocol designed specifically for Swiss compliance presents a challenging value proposition. This regional specificity naturally constrains AOPP's relevance for wallet providers with global user bases operating under different regulatory structures.

Development Resource Considerations

For wallet development teams, AOPP implementation requires specialized message signing and verification processes that introduce additional complexity. This technical requirement creates resource allocation questions, particularly for smaller teams and open-source projects. With limited development bandwidth, many providers have prioritized features with broader user demand over specialized compliance protocols.

User Experience Tradeoffs

Most cryptocurrency wallets already support standard message signing for Web3 interactions, a flexible approach serving multiple purposes beyond compliance. AOPP, while streamlining compliance-related verification, introduces a more structured but less common process. Wallets may prioritize flexibility and user familiarity over integrating a niche compliance-focused protocol.

The Inherent Limitations of AOPP

AOPP's trajectory reveals structural challenges that extend beyond simple market preferences to more fundamental design considerations.

The Adoption Challenge

AOPP faces a circular implementation challenge: its utility as a standard depends significantly on widespread adoption, yet achieving that adoption requires demonstrating consistent utility across use cases. With major wallet providers like MetaMask, Trust Wallet, and Ledger not implementing the protocol, AOPP lacks the critical mass necessary to function as a universal verification standard. This creates practical limitations for users, regulators, and exchanges seeking standardized verification methods.

Technical Scope Considerations

Even where AOPP is implemented, questions remain about its comprehensive effectiveness. The protocol cannot prevent all potential verification workarounds, which leads to questions about its practicality as a compliance tool. These limitations have factored into wallet providers' implementation decisions, particularly when weighing development resources against potential benefits.

Alternative Approaches in the Ecosystem

While AOPP has found limited implementation, the cryptocurrency ecosystem has naturally evolved toward verification approaches that align with both compliance needs and user expectations:

Standard Cryptographic Signatures have emerged as a widely implemented solution. Protocols like EIP-191, BIP-137, and Ed25519 provide similar proof-of-ownership capabilities with broader compatibility across wallet types. Their flexibility allows them to serve multiple purposes beyond regulatory compliance, creating natural incentives for both developers and users.

Extended Public Key Verification offers another approach that addresses regulatory goals through different technical means. By verifying xPubs, platforms can confirm wallet control while maintaining a seamless user experience—a balance that has gained traction across the ecosystem.

Micro-Transaction Verification, also known as the Satoshi Test, has emerged as another alternative that confirms wallet control by having users send specific amounts within designated time windows. This method works with virtually any wallet that can send transactions, providing broader coverage than protocol-specific approaches like AOPP.

Multi-Method Verification Systems have also gained traction, with companies like Notabene offering comprehensive solutions that combine several verification methods. These systems typically include cryptographic signature proofs similar to AOPP's approach, but complement them with alternative verification methods such as micro-transactions, visual verification through screenshots, and self-declaration options. This layered approach provides flexibility for users across different wallet types and technical expertise levels.

The Path Forward: Beyond AOPP

AOPP represents a thoughtful attempt to address the regulatory challenges facing cryptocurrency users and exchanges. However, its limited adoption reflects not just technical considerations but deeper questions about how compliance mechanisms integrate with cryptocurrency's core principles and user expectations.

As the cryptocurrency industry continues to mature, verification solutions will likely evolve along paths that balance regulatory requirements with user experience priorities. While AOPP may maintain relevance in specific regulatory contexts, particularly in Switzerland, the industry appears to be moving swiftly toward more flexible, multi-method approaches to wallet verification.

Companies like Notabene have recognized this need for flexibility by developing verification systems that work across virtually any wallet type, including popular hardware wallets like Ledger and Trezor that don't support AOPP. Their approach demonstrates that compliance and security don't necessarily come at the expense of user experience, particularly when various verification methods are available depending on the specific wallet technology.

The experience with AOPP provides valuable lessons for future protocol development. It demonstrates that successful compliance tools must consider not only regulatory requirements but also technical implementation costs, user experience impacts, and alignment with the diverse expectations of the cryptocurrency community. Looking ahead, the most successful verification approaches will likely be those that provide multiple options rather than requiring wallets to implement specific protocols, ensuring that Travel Rule compliance remains accessible regardless of which wallet technology users prefer.

US lawmakers have introduced long-awaited market structure legislation in the form of the “Digital Asset Market Clarity Act of 2025” or “CLARITY Act of 2025”, for short. US Representative French Hill announced the bi-partisan market structure bill for digital assets on May 29, 2025.

The bill was drafted by the House Committee on Financial Services, who previously penned the FIT21 Act, which passed in the House of Representatives but ultimately failed to clear the Senate. The CLARITY Act follows months of hearings on the matter within the Subcommittee on Digital Assets, Financial Technology, and Artificial Intelligence.

The bill aims to remove longstanding ambiguity related to digital assets oversight by clarifying the roles of both the United States Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC). While much can change from the point of introduction to the ultimate passage of legislation, a comprehensive framework like the CLARITY Act has the potential to reshape crypto regulation entirely by enabling clear pathways for institutional and retail adoption to scale in a legal and compliant way across the entire US market.

The bill gained momentum following a June 4th House Committee hearing titled "American Innovation and the Future of Digital Assets: From Blueprint to a Functional Framework," where industry experts and former regulators debated the legislation's merits and challenges.

“How decentralized is it?” is the new “Is it a security?”

One of the principal innovations of the proposed legislation is that instead of asking "Is crypto a security?" the CLARITY Act asks “How decentralized is this system?”. This is key because the level of decentralization would ultimately determine jurisdiction underneath either the SEC (for early-stage tokens with centralized control designated as "Investment Contract Assets."), or the CFTC (for more mature and fully decentralized blockchain network tokens designated as "Digital Commodities.")

In other words: As assets become more decentralized, they transition from SEC to CFTC jurisdiction. 

Stablecoins are singled out

The emergence of stablecoins as crypto’s killer use case warrants special consideration, as we can see recognized by the creation of a third tier of assets called Permitted Payment Stablecoins. This class of digital asset is subject to light regulation due to the asset being adopted widely by consumers warranting some level of protection.

This creates a three-tier framework for digital asset regulation:

TradFi players can get in the game

One of the biggest unlocks of such a comprehensive market structure bill is a regulatory framework for traditional finance players to get into the crypto game without exposing themselves to unnecessary regulatory and compliance risk.

Under the proposed CLARITY Act, banks would be able to custody crypto without balance sheet liability, as well as trade more complex crypto financial instruments.

Clear pathway for crypto-native companies

The bill provides concrete guidance for crypto companies that have been operating in regulatory limbo. Key provisions include:

• $75 million fundraising exemption with a 4-year maturity timeline
• Founder trading restrictions until networks reach maturity
• Provisional registration pathways allowing companies to operate while agencies develop detailed regulations

For VASPs already operating in our compliance network, these provisions validate the approach we've been advocating for: building robust compliance frameworks from day one, even when regulations are still evolving.

DeFi is clearly addressed

Decentralized finance protocols receive explicit recognition and protection under the CLARITY Act. The bill includes self-custody rights and anti-fraud enforcement while acknowledging that truly decentralized protocols operate differently from traditional financial entities. This recognition is crucial for the DeFi ecosystem's maturation and integration with traditional finance systems.

Hearing insights

Support and skepticism

During the June 4th hearing, we saw both strong support and pointed criticism:

Former SEC Commissioner Elad Roisman called the bill a "significant step forward to providing the needed clarity" to digital markets.

Former CFTC Chairman Rostin Behnam agreed that current federal law has left regulatory gaps, urging Congress to address this void with "targeted legislation."

However, former CFTC Chairman Timothy Massad raised significant concerns, particularly around anti-money laundering provisions. When directly asked if the bill addresses AML adequately, Massad responded "not sufficiently," pointing to critical gaps:

• The bill only applies Bank Secrecy Act requirements to centralized intermediaries
• Crypto assets can be transferred without going through intermediaries, creating enforcement gaps
• Treasury needs more authority over decentralized protocols and foreign platforms
• Stablecoin issuers should be required to monitor suspicious wallet activity

"We've got to give the Treasury Department and other regulators adequate tools to deal with those risks. And I don't think we've done that yet," Massad emphasized, citing examples of Russian smugglers using Tether and Hamas using crypto funding.

The AML challenge: Where traditional frameworks meet DeFi

One of the most contentious aspects of the June 4th hearing centered on anti-money laundering provisions. Democratic members pressed witnesses on whether the CLARITY Act provides adequate safeguards against illicit finance, particularly in decentralized systems.

The Core Challenge: Traditional AML frameworks rely on intermediaries like banks to monitor and report suspicious activity. DeFi protocols, by design, operate without centralized intermediaries, creating what critics see as regulatory blind spots.

Representative Lynch directly asked: "Does this bill address anti-money laundering adequately?" The responses revealed a fundamental split in thinking about crypto compliance.

Industry Perspective: UniSwap's Katherine Minarik argued that blockchain analytics provide superior tools for tracking illicit activity in real-time, claiming traditional BSA requirements are "broken and in many ways dying." She emphasized that sanctions screening requirements still apply to all US companies, and blockchain's transparency offers better visibility than traditional finance.

Regulatory Skepticism: Former regulators expressed doubt that existing frameworks adequately address decentralized systems. The concern isn't just about tracking funds after the fact, it's about preventing illicit activity before it happens.

For institutions operating in our compliance network, this debate highlights why robust Travel Rule implementation is crucial. While regulatory frameworks evolve, institutions with comprehensive compliance programs, including pre-transaction screening and counterparty verification, position themselves ahead of whatever requirements emerge.

Balanced priorities: Innovation, consumer protection, and law enforcement

The CLARITY Act aims to achieve a critical balance of three important priorities:

• Market Innovation: Providing clear pathways for crypto-native businesses to grow and thrive
• Consumer Protection: Establishing safeguards without stifling legitimate innovation
• Law Enforcement Authority: Ensuring regulators have tools to combat illicit activity

However, the hearing revealed this balance remains contentious. Critics argue the bill creates enforcement gaps in DeFi, while supporters contend it improves on the status quo by bringing centralized crypto activities under Bank Secrecy Act coverage.

A critical week ahead: June 10 committee markups

The CLARITY Act faces a pivotal moment on June 10, when both the House Financial Services Committee and House Agriculture Committee are scheduled to hold markups of the legislation. This dual committee approach reflects the bill's comprehensive scope where the Financial Services handling securities and market structure issues, while Agriculture addresses commodity futures aspects.

These markups represent the first major procedural hurdle for the legislation. Success in both committees would provide significant momentum for floor votes and eventual Senate consideration.

What to expect next

While the June 10 markups represent crucial first steps, this is only the beginning of the CLARITY Act's legislative journey. With many procedural hurdles ahead, expect the bill's contents to evolve as it moves through Congress. The June 4th hearing revealed both strong bipartisan support and areas where compromise will be necessary. Expect to see the contents of the bill change shape as it makes its way through Congress, as the finer details and subsequent implementation of the bill will be critical for its long-term potential to reshape the industry in a positive way. 

For years, the US crypto industry has bemoaned the lack of clarity from regulators and displayed an appetite for following the rules if only they existed. This is our collective chance to put those rules in place for an important market in the global crypto economy, and provide the long-awaited opportunity for American crypto companies to remain competitive while ensuring that the regulatory clarity also allows international crypto firms to tap into the growing US market.

The bill's success could provide the long awaited opportunity for American crypto companies to remain competitive while ensuring regulatory clarity allows international firms to tap into the growing US market with confidence.

For institutions already building compliant crypto operations, the CLARITY Act validates the approach of implementing robust compliance frameworks before they're required. Those who've invested in comprehensive Travel Rule compliance, counterparty due diligence, and risk management systems will find themselves ahead of the curve as these requirements become standardized.

At Notabene, we've been building the infrastructure that will support this regulatory future. Our open-loop Transaction Authorization Protocol (TAP) and comprehensive compliance platform are designed for exactly the kind of regulated, interoperable crypto ecosystem that the CLARITY Act envisions.

The CLARITY Act isn't just about providing regulatory certainty, it's about building the foundation for crypto's integration into the broader financial system. For institutions ready to operate in this environment, the opportunity is enormous.

Read the full bill here

New milestone underscores widespread adoption of Notabene's transaction authorization network and the power of network effects in our rapidly growing ecosytem.

NEW YORK, May 22, 2025 — Notabene, the trust layer for global money movement, today announced it has surpassed $1 trillion in transaction volume on its platform. This significant milestone highlights the accelerating adoption of Notabene's transaction authorization infrastructure due to compounding network effects and increasing regulatory clarity across the globe.

The achievement comes as Notabene continues to power the largest Travel Rule-compliant network of regulated crypto institutions worldwide, with transaction volumes growing at an accelerating rate. The company's unique open network, powered by the TAP (Transaction Authorization Protocol) that it helped develop, creates powerful network effects, where each new financial institution that joins the platform increases the value for all participants.

"Reaching $1 trillion in transaction volume isn't just a number—it's a testament to the network effects we've built into our business model," said Alice Nawfal, Co-founder and President of Notabene. "What's most exciting is the acceleration we're seeing. The trust infrastructure we've created becomes exponentially more valuable with each new participant, which is why we're seeing volumes grow at an increasingly rapid pace. While the first $500 billion took took three and a half years, the second happened in just 6 months."

“…the first $500 billion took took three and a half years, the second happened in just 6 months."

Notabene's platform enables financial institutions to verify counterparties, confirm address ownership, and authorize transactions before execution and blockchain settlement. As regulatory requirements for crypto transactions continue to evolve globally, Notabene's pre-transaction verification approach has become essential infrastructure for VASPs and financial institutions engaging with digital assets.

The milestone comes amid growing regulatory focus on cross-border transactions, particularly with the implementation of the European Union's Transfer of Funds Regulation (TFR) and similar frameworks worldwide highlighted in the recently released 2025 State of Crypto Travel Rule Report. Notabene's unique open protocol approach to verifying counterparty trust across all regulated entities and their intermediary parties has positioned it as critical infrastructure for both crypto-native and traditional financial institutions building out their crypto strategies as demand for stablecoin services surges. 

"What makes this milestone particularly meaningful is that it represents real growth in economic activity moving across borders with confidence and trust," added Nawfal. "Each transaction flowing through our platform represents financial institutions that can now facilitate crypto transactions with certainty, unlocking new ways of orchestrating the flow of digital assets - particularly in the stablecoin space."

Notabene continues to expand its capabilities, including enhanced self-hosted wallet verification, multi-protocol support, and automated policy engine technology that enables compliant cross-border transactions at scale.

About Notabene

New York, London, April 23, 2025 — Notabene, a leading provider of Travel Rule compliance infrastructure, today released its annual State of Crypto Travel Rule: 2025 Report, revealing a decisive industry shift: compliance is no longer optional, it is the cost of doing business.

Based on survey data from 91 Virtual Asset Service Providers (VASPs) and 10 regulatory bodies, the report shows that 100% of firms plan to be Travel Rule compliant by the end of 2025. Nearly 9 in 10 expect to meet requirements in the first half of the year, reflecting a broad and urgent move toward regulatory alignment.

Compliance is now directly tied to reaching your counterparties. In the past year, VASPs have become significantly more assertive in their counterparty requirements. The report found a 431% year-over-year increase in VASPs blocking withdrawals until beneficiary information is confirmed, jumping from 2.9% in 2024 to 15.4% today. Additionally, 19.8% of VASPs now return deposits if the originator fails to provide the required Travel Rule data.

In the lead-up to the EU Transfer of Funds Regulation (TFR) enforcement date of December 30, 2024, the Notabene network saw a dramatic surge in activity from EU-based firms. Transaction volumes originating from EU Crypto Asset Service Providers increased by 200x, compared to an 8x increase in non-EU-originated volume during the same period. While 71% of EU Crypto Asset Service Providers missed this deadline, many are catching up fast. One third have implemented processes to identify and report repeat non-compliant counterparties to regulators, creating spillover pressure on global peers.

“This isn’t about checking a regulatory box. It’s about securing your place in the future of crypto finance,” said Pelle Brændgaard, CEO of Notabene. “The network of compliant institutions is growing, and those who aren’t part of it are already being left behind.”

The message from this year’s report is clear: Compliance is no longer a future requirement or a regulatory checkbox. It is now a gatekeeper for business. Firms that fail to meet expectations are being excluded from transactions, losing counterparties, and watching volumes slip away. 

Download the full report here.

ENDS

Media Contact: [email protected]

About Notabene:

Notabene is the trust layer for global money movement, powering the largest Travel Rule-compliant network of regulated crypto institutions. Our mission is to make crypto transactions a part of the everyday economy. We provide a nuanced view of the regulatory landscape by leveraging industry expertise, insights from our annual survey, and extensive research on public sector data. We aim to equip businesses and other industry stakeholders with the knowledge and tools necessary for success in a dynamic environment.

Our platform enables businesses to securely and seamlessly verify counterparties, authorize transactions, identify self-hosted wallets, and comply with global regulations. With SOC-2 certification, ISO27001 compliance, and a strong focus on privacy and user experience, Notabene ensures trust in every transaction.

Headquartered in New York, Notabene operates globally, with a presence in Switzerland, Singapore, Germany, and the United Kingdom. Trusted by over 200 companies, including Copper, Luno, Crypto.com, and Bitstamp, Notabene helps institutions build trust into every transaction while ensuring compliance with evolving regulatory frameworks.

Start for free with the world’s largest transaction authorization network at Notabene.id.

Connect with us: LinkedIn | Twitter

Five years ago today, we began our journey with the founding of Notabene.

At the time, FATF had just introduced the Travel Rule for crypto – the first globally coordinated regulatory framework for digital asset transactions. We immediately realized that the Travel Rule wasn’t just a compliance requirement, but rather the first step in achieving global regulatory clarity. Our experience in crypto gave us the foresight to see that this regulatory clarity would one day be a turning point for the entire industry, allowing crypto to truly scale and become a part of the everyday economy. We knew that for digital assets to move beyond speculation and into real-world utility, they needed the same infrastructure and safeguards that traditional global finance relies on – without losing the openness that makes crypto transformative.

In response to FATF’s Travel Rule, a fragmented ecosystem emerged. Implementation of the Travel Rule was made difficult by multiple competing closed protocols, lack of clarity from various jurisdictions, and mismatched timeframes for the rollout of regional rules – often referred to as the Sunrise Period. While most saw it as an impossible challenge, we saw it for what it was: the unlock for integrating crypto into the global economy. So we leaned in.

Our key innovation in solving the Travel Rule problem was to build open infrastructure to facilitate counterparty trust at scale. We did this with an open protocol (TAP) and a best-in-class pre-transaction authorization platform. By embedding trust into every transaction for our customers, we created the largest active network of regulated crypto institutions in the world, trusted by leading financial institutions at the forefront of crypto, from retail exchanges and on/off ramps, to custody infrastructure providers, and payment service providers across more than 95 jurisdictions across the globe. We’ve supported nearly $1 trillion in Travel-Rule compliant transaction volume and helped define the industry standard for secure, trusted, scalable compliance.

But our ambition was never limited to innovating in the compliance and RegTech space. From the start, we saw the Travel Rule as a gateway — the first step toward the regulatory clarity needed to drive crypto adoption across the entire financial ecosystem.

Fast-forward to today, and our prediction is coming true. Regulatory clarity is finally arriving. In the EU, APAC, Latin America, and now the US, we are seeing true clarity and support emerge from governments and regulators. As predicted, this is building momentum in the industry as traditional financial institutions mature their digital asset strategies, core infrastructure is built, and consumer adoption of stablecoins continues to skyrocket. The building blocks are nearly all in place: regulation, infrastructure, product-market fit. 

Trust is the final missing piece. 

Regulatory compliance is key, but isn’t enough on its own. Counterparties don’t exchange value with each other simply because they are allowed to, they do it because they want to. They do it when they have the confidence to transact with each other in a safe and secure manner. Without real trust between counterparties, nothing scales – not institutional adoption, and not consumer adoption.

The next generation of financial infrastructure isn’t just about speed or scale. It’s about trust.

And so we will continue to evolve — expanding our work beyond compliance to help build the trust layer for global money movement. This will be the core financial infrastructure that enables institutions to verify counterparties, authorize transactions, and unlock new markets — with trust embedded from the start. It’s the foundation that will make our vision a reality.

The building blocks are in place. The opportunity is enormous. And we’re just getting started.

We’re proud of what we’ve built, and even more excited to keep building it alongside our customers and partners.

To everyone who’s helped us get here, thank you.

Here’s to the first five years of Notabene — and to everything ahead.

–Pelle and Alice, Co-Founders, Notabene

At Notabene, we believe compliance shouldn’t come at the expense of innovation. That’s why we’re working closely with global regulators to help shape smarter rules for the future of finance.

Recently, the Financial Action Task Force (FATF) solicited a second round of feedback on proposed revisions to its Recommendation 16 (R16) and the corresponding interpretive note, which covers how financial institutions share information to prevent illicit activity.

On April 15, Notabene’s Regulatory and Compliance team responded with insights based on years of experience helping VASPs comply with the Travel Rule across jurisdictions.

Read our full response here

Here’s a quick breakdown of what’s changing, what it means for the crypto industry, and what we think needs more attention.

Why Requiring Geographic Address is Ineffective 

The FATF wants cross-border payments or value transfers above the applicable threshold to always include the originator's and beneficiary's geographic addresses. Notabene raised concerns in both FATF consultations about mandating geographic addresses in originator and beneficiary data.

In our first response, Notabene argued that addresses are unreliable identifiers, difficult to verify, and not useful for sanction screening. Their inclusion raises privacy concerns and could harm financial inclusion, especially in regions without standardized address systems. Notabene proposed removing the address requirement and instead allowing a risk-based approach to selecting identifiers.

In the second feedback round, the FATF introduced flexibility by allowing country and town as alternatives when full addresses aren't available. While this has been seen as an improvement, Notabene maintained that addresses are still problematic, and suggested that the FATF provide further guidance for cases where even town-level data is unavailable. We also recommended considering more reliable, standardized alternatives like phone numbers.

Virtual Account Numbers Can’t Hide the Source

In response to the FATF’s concerns about virtual IBANs and account identifiers, Notabene initially recommended enforcing accurate country designation. The FATF’s revised proposal improves on this by clarifying that account numbers should not obscure the country of fund origin, placing responsibility on the issuing institution.

In our response, Notabene supported this shift, but pushed for a bigger rethink: it’s time to move away from relying solely on account numbers to track money and promote more transparent models like transfer requests. We recommended recognizing solutions like the Transaction Authorization Protocol (TAP), which enables better counterparty identification—especially critical in complex virtual asset transactions. TAP is a decentralized, pre-transaction messaging system that helps identify counterparties before money moves. TAP gives everyone in the payment chain the information they need before a transaction is finalized, reducing fraud and improving transparency.

Pre-Validation is a Must in Crypto Transfers

Once a transaction hits the blockchain, it’s permanent. That’s why we support the FATF’s emphasis on pre-validation measures like verifying beneficiary info before a transfer goes through.

We also recommended that when a receiving institution detects a mismatch, they should notify their counterparty right away. This small change could go a long way in stopping fraudulent or misdirected transactions before they happen.

Defining the Payment Chain from Start to Finish

The FATF’s new definition of a “payment chain” is clearer than before, but we flagged one potential issue: what happens when the first institution receiving a payment instruction isn’t directly connected to the originator?

To mitigate this, Notabene recommended that the FATF provide guidance for complex scenarios, proposing principles to ensure complete information flow. These include requiring message originators to identify all known parties, and for each agent to add any missing identifiers and resolve compliance gaps through collaboration. This would strengthen the integrity of the payment chain across varied transaction structures.

Roadmap to Full Compliance by 2030

We appreciated the FATF’s proposal for a multi-year rollout of the new standards, with a target end date of 2030.

We recommended a phased approach for the crypto industry, focused first on the highest-risk areas (like verifying beneficiary info), and allowing time for organizations to adapt and improve throughout a learning period where good-faith compliance efforts are recognized before enforcing strict technical requirements.

How do FATF Recommendations Affect You?

Notabene welcomed the FATF’s decision to keep VASPs under the existing Regulation 15 framework while updating its interpretive note to reflect R16’s evolving information requirements. This approach ensures continuity while allowing tailored Travel Rule implementation through the Virtual Assets Contact Group (VACG).

To support this process, Notabene recommended using TAP as a testing ground for R16 application in the virtual asset space.

Leading the Future of Compliant Payments

The FATF’s proposed updates to R16 mark a turning point in global financial compliance. While traditional financial institutions may struggle with the transition due to entrenched systems, VASPs and stablecoin PSPs have a clear advantage. Operating on modern, programmable infrastructure, they are not only better equipped to meet evolving regulatory standards, but also to redefine what compliant, cross-border payments can look like in the digital age. By embracing these changes early and building compliance into their core operations, VASPs and stablecoin PSPs can lead the charge toward a more transparent, efficient, and secure global financial system.

At Notabene, we believe that regulation and innovation can go hand in hand, and that compliance tools should make financial services more accessible, not less.

Schedule time for a free consultation with our regulatory experts to learn more about the FATF’s proposed revision to R16, or about Notabene’s TAP solution for counterparty identification.

Notabene, a leading provider of crypto compliance solutions, today announced a new partnership with Mastercard to bring simplicity and enhanced safety to their powerful crypto compliance tools. Through a pilot program with M2, a prominent Abu Dhabi-based virtual assets service provider (VASP) regulated by the Financial Services Regulatory Authority (FSRA) within the Abu Dhabi Global Market (ADGM), Notabene will integrate Mastercard Crypto Credential into its SafeTransact platform, facilitating the secure and privacy-preserving exchange of transaction metadata for M2’s digital asset trading services.

Mastercard Crypto Credential verifies transactions among consumers and businesses using blockchain networks, providing the assurance that a user has met a set of verification standards and confirming that the recipient’s wallet supports the transferred asset. The solution simplifies the consumer experience by allowing crypto exchange users to send and receive digital assets – such as stablecoins being leveraged for remittances, a growing use case – using simple aliases, instead of the typically long and complex blockchain addresses. This empowers people to enjoy peace of mind knowing they are transacting with verified users, while reducing the risk of losing assets due to typos or incompatible assets. It also brings greater trust and certainty to crypto transactions through the exchange of metadata and Travel Rule information.

This integration between Notabene, M2 and Mastercard aims to significantly improve counterparty identification rates, ensuring compliance with the Travel Rule while reducing friction in VASP-to-VASP and cross-border transactions. By employing advanced encryption and data minimization practices, the integration will help ensure that sensitive information is protected while also enabling convenient and compliant transactions. The pilot aims to showcase how VASPs and traditional financial institutions can come together to mitigate risks associated with digital asset transfers while maintaining operational simplicity for institutions and their retail customers.

Pelle Braendgaard, CEO of Notabene, commented on the partnership: "Our collaboration with Mastercard represents a significant leap forward in making crypto transactions as safe and straightforward as traditional financial operations. By combining our expertise in crypto compliance with Mastercard's global reach and digital assets capabilities, we're setting a new standard for consumer trust in crypto payments. This partnership is not just about solving today’s compliance challenges but also lays the groundwork for supporting innovations such as self-hosted wallet integrations, further expanding the scope of secure and trusted crypto transactions."

"As the digital assets ecosystem matures, Mastercard is continuing to innovate to stay ahead while ensuring safe, compliant, and trusted interactions,” said Raj Dhamodharan, executive vice president, Blockchain & Digital Assets at Mastercard. “By integrating Mastercard Crypto Credential with Notabene’s industry-leading compliance solutions, we're enhancing connectivity and trust to foster the adoption and integration of a range of digital assets – from Bitcoin to stablecoins – into the global financial ecosystem. This partnership with Notabene and M2 expands our reach and interoperability across the crypto landscape."

In collaboration with M2, Mastercard and Notabene are demonstrating practical applications of this joint solution. Deepak Garg, Chief Compliance Officer at M2, adds: "As a leading virtual assets service provider, we are committed to staying aligned with global regulatory standards while enhancing the user experience for our customers. By partnering with Notabene and Mastercard, we can bring even more secure and compliant digital asset transactions to a global audience. This approach not only strengthens trust with our customers, but also opens new opportunities for growth by expanding the network of reliable counterparties for safe and secure transactions."

The pilot program is currently limited to select regions, including the United States, Brazil, Mexico, Argentina, and several European countries, with plans for expansion in the near future.

Interested in integrating Mastercard Crypto Credential into your transaction authorization workflow? Visit notabene.id/mastercard to learn more.

Media Contact
Clay Fain, Notabene
[email protected]

About Notabene
Notabene is the crypto industry’s premier platform for pre-transaction authorization and decision-making, empowering customers to detect and prevent high-risk activities before they occur. With SOC-2 and ISO27001 security certification and a strong focus on privacy and user experience, Notabene’s flagship product, SafeTransact, offers a comprehensive suite of features, including real-time authorization, decision-making, counterparty sanctions screening, and self-hosted wallet identification. Headquartered in New York, Notabene operates globally and has a presence in Switzerland, Singapore, Germany, and the United Kingdom.

Trusted by over 200 companies, including Copper, Luno, Crypto.com, and Bitstamp, Notabene offers a full suite of Travel Rule compliance tools to ensure compliance with global and local regulations.
www.notabene.id

About M2
Headquartered in Abu Dhabi, M2 has a mission to drive virtual asset adoption within the UAE by delivering a secure and transparent trading environment for investors. The platform provides investors with a growing suite of virtual asset products while ensuring strict regulatory compliance. Regulated by the Financial Services Regulatory Authority (FSRA) located in the Abu Dhabi Global Market (ADGM), M2 Limited and M2 Custody Limited are committed to ensuring a safe trading experience, upholding the highest standards of regulatory compliance.

www.m2.com

About Mastercard

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re building a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

www.mastercard.com

‍

DORA and the Future of Digital Resilience: What It Means for ICT Providers Like Notabene

As the financial sector becomes increasingly digital, its dependency on resilient infrastructure is under the microscope. Cyber threats are rising, and regulators are responding. The EU’s Digital Operational Resilience Act (DORA), which took effect on January 17, 2025, establishes a new, binding standard for operational security across 20 categories of financial institutions and their third-party ICT (Information and Communications Technology) service providers.

What sets DORA apart is its shift from guidance to obligation. Operational resilience is no longer a best practice—it’s a legal requirement. Systems must be secure, regularly tested, and prepared to withstand real-world attacks and disruptions.

For ICT providers like Notabene, which supports financial institutions and VASPs with compliance infrastructure, the message is clear: trust begins with security, and resilience is now essential.

What DORA Means for ICT Providers

DORA introduces a unified framework that ensures every link in the financial services supply chain is built for resilience. Key requirements include:

• Resilience testing by default: ICT vendors must undergo penetration testing, simulated threat scenarios, and security assessments to demonstrate that they can handle operational disruption.
• Faster, clearer incident reporting: When incidents occur, financial institutions are required to report them promptly. Their ICT partners must support these disclosures with detailed technical input.
• Stricter oversight of third-party vendors: Institutions are expected to evaluate and continuously monitor their ICT providers to ensure alignment with both regulatory and contractual standards.

For companies serving banks, VASPs, and other regulated institutions, meeting these expectations signals more than compliance. It shows preparedness and earns trust.

Notabene’s Security-First Mindset

At Notabene, security isn’t an afterthought or a reactive measure—it has always been foundational. Long before DORA came into effect, we invested in the infrastructure, policies, and safeguards that operational resilience requires.

Here’s how we go beyond the baseline:

Bank-grade due diligence

Our infrastructure undergoes rigorous reviews by global financial institutions. We align with the same standards they apply to their own systems.

Third-party audits and continuous testing

We work with independent security firms to conduct regular penetration tests, vulnerability scans, and compliance checks. These audits help us proactively identify and mitigate risk.

Global compliance alignment

We maintain SOC 2 and ISO 27001 certifications, and follow industry-leading practices in encryption, access controls, and system integrity.

Resilient by design

Our incident response protocols are structured for speed and transparency:

• Real-time threat detection to identify anomalies early
• Streamlined escalation processes to coordinate responses internally and externally
• Client-facing communication tools to share timely updates and mitigation plans

We’ve built these systems not because regulations demanded it, but because our clients do.

Why DORA Compliance Matters for Financial Institutions & VASPs

With DORA now in force, regulated institutions are reevaluating their partnerships. Compliance checklists are no longer enough—they need demonstrable resilience, backed by action and transparency.

This shift will raise expectations across the board. Financial institutions will gravitate toward ICT providers who can prove operational readiness through certifications, audits, and clear governance.

At Notabene, we’re already there. Security and trust are embedded in everything we do. And as compliance becomes a foundational layer of financial infrastructure, we’re proud to support our clients in meeting and exceeding evolving standards.

DORA is reshaping how financial institutions and technology partners think about operational resilience. ICT providers that fail to meet its expectations will be left behind. But for those who embrace it, there’s an opportunity to lead with trust, security, and readiness.

For Notabene, DORA is not a challenge—it’s validation. The systems we’ve built were designed with this level of scrutiny in mind from the very beginning.

Let’s talk about how we can help your institution stay ahead of these expectations and build resilience that lasts.

As crypto compliance reaches its tipping point due to key jurisdictions enforcing Travel Rule regulations such as the European Union, Turkey, Seychelles, South Africa, and others – the Travel Rule has become a critical focus for Virtual Asset Service Providers (VASPs). The requirement to securely share and verify sender and recipient information along with crypto transactions is a foundational step toward fostering trust in the ecosystem. However, the methods employed to meet these requirements vary widely—and not all are sustainable.

One approach, the email-based method for data exchange, has gained traction among some platforms and VASPs. While this method might seem efficient on the surface, it faces significant scalability, security, and operational challenges that limit its effectiveness in the long term. 

Why do email-based solutions fall short? And what critical decisions should VASPs make in order to future-proof their compliance operations? 

Let's explore.

Operational Scalability: The Breaking Point

At the heart of the Travel Rule is the exchange of information between originating and beneficiary VASPs. Email-based systems satisfy this basic minimum requirement and typically follow a process like this:

1. The originator VASP sends a notification email to the beneficiary VASP.
2. The beneficiary receives the email, verifies their identity (often through a code or similar mechanism), and accesses the shared information.
3. The information is presented in a downloadable file, such as a JSON object.

While this process may work for VASPs with low transaction volumes, its scalability crumbles under the real-world demands that come with substantial daily transaction volume:

• Manual Verification: Each transaction requires individual attention, from opening emails to entering verification codes. For VASPs handling hundreds or thousands of transactions daily, this approach is operationally infeasible.
• File Processing Overload: Beneficiaries often receive raw data files, leaving them responsible for integrating the information into their systems. This creates additional friction and inefficiency.
• Lack of Automation: Without robust integration options, email-based solutions force compliance teams into repetitive manual workflows, increasing the risk of human error and missed deadlines.

In today’s fast-paced crypto environment, these limitations make it clear that email-based methods cannot support the industry’s growing needs.

Security and Privacy Risks

Another critical challenge for email-based solutions is ensuring data security and privacy—an area of increasing scrutiny in jurisdictions like the EU, where compliance is non-negotiable. Key concerns include:

• Data Exposure: Email, while widely used, is not inherently secure. Even with encrypted attachments, the transmission of sensitive customer information via email introduces vulnerabilities.
• PII Handling: Downloading and storing Personally Identifiable Information (PII) on local machines can lead to unintended breaches. Once the data leaves the secure confines of a system, it’s much harder to track and control.
• End-to-End Encryption: True end-to-end encryption, where data is encrypted from the point of origin to its final destination, is often missing in email-based systems. This leaves a critical gap in protecting sensitive information.

In fact, email-based systems are particularly vulnerable to cyberattacks, making them a less secure option for handling sensitive information. According to a Forbes article, in 2023, more than 94% of organizations reported email security incidents.

Poor User Experience for Beneficiaries

While many email-based systems focus on the needs of the originating VASP, they often neglect the beneficiary’s experience. This creates friction and decreases the likelihood of successful data exchange:

• Cumbersome Processes: Beneficiaries are required to open emails, verify their identity, and process files manually. For smaller VASPs with limited resources, this process can be overwhelming.
• No Response Mechanism: Many email-based systems lack a way for beneficiaries to confirm or reject transactions, leaving originating VASPs in the dark about the status of their requests.
• No process for handling missing information: These systems often fail to address scenarios where information is incomplete or inaccurate. Beneficiaries have no standardized way to request corrections or additional details, further complicating the process and risking regulatory non-compliance. This lack of flexibility increases frustration for compliance teams and hampers successful collaboration between VASPs.

The Path Forward: Scalable Alternatives

To overcome these challenges, VASPs need to embrace solutions designed for scalability, security, and efficiency. Key features of a robust Travel Rule compliance system include:

• Automation: Eliminating manual processes through API integrations and automated workflows reduces friction and increases scalability.
• Real-Time Verification: Direct communication between VASPs enables faster responses and better alignment with regulatory requirements.
• End-to-End Encryption: Protecting data at every stage of the process ensures compliance with GDPR and other privacy regulations.
• Feedback Mechanisms: Allowing beneficiaries to confirm or reject transactions creates a complete compliance loop, enhancing trust and transparency.

The Bottom Line

The crypto industry is at a crossroads. As compliance requirements become more stringent, the need for scalable, secure, and user-friendly solutions is greater than ever. 

Email-based Travel Rule solutions, while functional in limited scenarios, cannot support the industry’s growth or the regulatory demands of tomorrow. 

VASPs must prioritize modern, scalable platforms that address the full range of operational, security, and compliance needs. Now is not a time to settle for the bare minimum in terms of Travel Rule compliance, because security and scalability are not things you settle on. 

By considering needs beyond the most basic check-the-box requirements, VASPs can not only meet today’s compliance obligations but also build a foundation for a more efficient, secure, and compliant future for their business.

It’s official—Turkey has introduced FATF-aligned Travel Rule regulations to its cryptocurrency framework! These updates mark a major milestone for the crypto industry in the region, strengthening transparency and security for digital asset transactions. As leaders in this space, we're here to help you navigate what this means for your organization.

What You Need to Know

Travel Rule in Turkey will be in effect as of February 25, 2025.

Note: This is a summary of the new guidelines. For a full picture of Travel Rule compliance in Turkey, please visit our comprehensive Turkey jurisdiction page, or schedule time for a free consultation with our regulatory experts.

Regulating Body and Regulated Entities

The Financial Crimes Investigation Board (MASAK), under the Ministry of Treasury and Finance, is the primary regulatory authority overseeing cryptocurrency in Turkey. MASAK is responsible for implementing anti-money laundering (AML) and counter-terrorism financing (CTF) regulations, including the enforcement of the FATF-aligned Travel Rule. As such, Virtual Asset Service Providers (VASPs) in Turkey are required to register with MASAK and comply with its AML and CTF framework. Notably, MASAK has expanded the definition of regulated entities to include certain financial transactions and service providers, including e-commerce platforms and large-scale intermediary service providers.

What is the minimum threshold for the Crypto Travel Rule in Turkey?

While the Crypto Travel Rule in Turkey applies to all transfers, there is a wider scope of information that needs to be transmitted for transfers of 15,000 TL or above. Additionally, no information verification is required for transfers below 15,000 TL.

What personally identifiable information is required to be shared for the Crypto Travel Rule in Turkey?

Transfers ≥15,000 TL must include:

Originator:

• Name or entity name
• Wallet address or transaction reference number
• One of the following identifiers:
  • Address
  • Date and place of birth
  • Customer number
  • National identification number (e.g., citizenship number, passport number, or tax identification number)

Beneficiary:

• Name or entity name
• Wallet address or transaction reference number

Transfers <15,000 TL must include:

Originator and Beneficiary:

• Name or entity name
• Wallet address or a transaction reference number

Handling Missing Information

Crypto service providers must request missing details. Transfers with unresolved deficiencies will be returned or rejected, and persistent non-compliance could result in business restrictions.

Risk-Based Measures

VASPs must perform enhanced due diligence for high-risk transactions, collecting additional information and restricting transfers if necessary.

Unregistered Wallets

Transfers to and from unregistered wallets now require a customer declaration, ensuring all transactions comply with AML measures.

Implications for Compliance Teams

Businesses operating in Turkey must prepare for operational changes, such as:

✅ Updating systems to verify sender details for qualifying transactions.

✅ Implementing enhanced due diligence for high-risk transfers.

✅ Collecting declarations for unregistered wallet transactions.

What about VASPs outside of Turkey?

When dealing with foreign providers not obligated to share sender/recipient details, obtain customer declarations with similar identifiers. This means that non-Turkish VASPs will need to be prepared to respond to Travel Rule requests from any customers of Turkish VASPs, even if they are not operating in a regulated jurisdiction, or else face the potential of returned transfers, the rejection of future transactions or termination of business relationships.

Why It Matters

MASAK’s proactive measures create a more transparent and secure ecosystem for virtual assets, enabling trust between service providers and users. But with stricter requirements comes the need for robust compliance solutions.

💡 That’s where Notabene comes in. Our platform offers seamless compliance management, helping VASPs navigate these changes while reducing operational friction.

How is your team preparing for these changes?

To discuss how Notabene can support your compliance journey, schedule time for a free consultation with our regulatory experts

Notabene’s 2024 in Review: Scaling Trust, Compliance, and Innovation

As 2024 comes to a close, we reflect on a year where compliance, trust, and global connectivity reached new heights. From record-setting growth to major strides in regulatory clarity, Notabene helped pave the way for a more secure and compliant crypto ecosystem. While we celebrate this progress, we’re also looking ahead—toward a future where stablecoins and institutional adoption transform global payments.

2024 in Review

Record Platform Growth

In 2024, Notabene eclipsed $500 billion in total transaction volume, representing a 10x growth from the previous year. This includes over 32 million secure and compliant transfers across 85+ jurisdictions, and over 190 customers across the globe. We’re proud of what these numbers mean for us as a business, but just as importantly, they underscore the rapid acceleration of Travel Rule across the globe.

Of course, growth is not a singular measure of success in our space. Delivering on our core promise of helping our customers transact safely, our platform has now proactively identified and prevented over $1 billion in high-risk transactions!

Leadership in Regulatory Engagement

2024 was a pivotal year for advancing regulatory compliance in the virtual assets industry. Notabene played a critical role in supporting stakeholders worldwide by:

• Guiding 60+ customers in achieving readiness for major Travel Rule deadlines, including the EU’s Transfer of Funds Regulation (TFR)
• Facilitating regulatory sandbox sessions with the European Banking Authority (EBA) to explore solutions for compliance hurdles
• Engaging with regulators across 42 meetings in 2024 to foster industry-friendly solutions
• Responding to 14 regulatory consultations, shaping critical frameworks that impact the virtual asset ecosystem
• Producing 16 webinars, 8 conferences, and welcoming 935 new learners into our Notabene Academy Certification programs, bringing industry insights together with actionable industry activation of Travel Rule compliance and FATF guidance
• Supporting customers in making sense of new Travel Rule implementation plans across the globe including Australia, Isle of Man, Kazakhstan, New Zealand, Qatar, Seychelles, South Africa, Turkey, and beyond

Notabene continues to serve as a trusted partner, helping clients and regulators navigate the evolving landscape of compliance with innovative tools and deep expertise.

Inaugural Notabene Summit

This year, we hosted the Notabene Summit in Barcelona, a landmark event that brought together leaders in crypto, traditional finance, and regulation to collaborate on the future of compliant digital payments. The Summit featured in-depth discussions on regulatory frameworks, interoperability, and institutional trust, with insights from partners including Coinbase, Fireblocks, and Circle.

The event underscored the industry’s collective momentum in scaling global compliance solutions and driving adoption of secure, interoperable systems.

We can’t wait to share the details on our 2025 Summit—more information will be announced soon!

Product Innovation in Travel Rule Compliance

At Notabene, we’re continually raising the bar for what’s possible in compliance technology.

Next-Generation Self-Hosted Wallet Solutions
Our enhanced self-hosted wallet verification solutions deliver an unmatched user experience by providing four robust proof methods of verification for infinite self-hosted wallets, to seamlessly manage counterparty risk while providing a smooth user experience for our customer’s users

Introduced SafeTransact for Networks
We announced SafeTransact for Networks to improve network reachability and accelerate Travel Rule adoption by enabling a seamless VASP-to-VASP compliance layer directly on top of existing networks where trusted transactions are already occurring.

Expanded Open Protocols
We built the open-source Transaction Authorization Protocol (TAP) to further accelerate the industry’s movement towards open protocols and, along with the interoperability of our SafeGateway solution, enable more VASPs to easily connect across various protocols and networks.

Strengthened Network Security
We prioritized robust security measures to safeguard data and ensure trust across our platform. Notabene is SOC 2 compliant and ISO27001 certified, adhering to globally recognized standards for information security. Our platform incorporates advanced safeguards, including encryption, firewalls, and multi-factor authentication (MFA), ensuring the highest levels of data protection for our customers and their users.

Looking Ahead: 2025 and Beyond

With our recent $14.5 million Series B funding, led by DRW VC and supported by funds managed by Apollo, Nextblock, Wintermute, Jump Capital, Illuminate Financial, as well as participants from previous rounds, Notabene is poised to accelerate growth and innovation in 2025 and beyond. With this investment, we aim to accelerate our growth while focusing on what we believe will be a few prevailing industry trends in 2025.

Stablecoins have evolved from a niche use case to a critical component of the global payments ecosystem. Institutions and regulators are taking note, with major players entering the space and governments racing to establish clear guidelines.

For institutions, stablecoins offer a unique opportunity: fast, transparent, and cost-efficient cross-border transactions that integrate seamlessly into existing financial systems. However, they also bring new regulatory requirements that businesses must meet to operate confidently in this growing market.

Notabene is leading the way by providing tools that enable institutions to adopt stablecoins with compliance and trust at the core. With features like enhanced transaction monitoring, counterparty validation, and scalable compliance solutions, we’re helping businesses unlock the true potential of stablecoins in global payments.

With the EU’s Transfer of Funds Regulation (TFR) and MiCA taking center stage, 2024 marked a tipping point for regulatory clarity in the crypto space. As these frameworks set the tone for global compliance, momentum is building for 2025 to be a year of rapid progress.

In Europe, the December 30, 2024 enforcement of the TFR will bring uniformity to crypto asset transfers across the EU’s 27 member states (and 3 EEA members), forcing businesses inside and outside of the EU to adapt to stricter compliance requirements. Meanwhile, the U.S. is preparing to expand the Travel Rule to Registered Investment Advisers (RIAs) on January 1, 2026, signaling growing regulatory focus across major jurisdictions.

Beyond the EU and U.S., we anticipate further progress globally as more countries align their frameworks with FATF standards. The industry is entering what we call the “Dawn of the Travel Rule,” where trust and compliance will drive broader adoption of crypto assets on a global scale.

This trend isn’t just about meeting compliance mandates—it’s about unlocking opportunities for businesses operating in regulated environments. By leveraging Notabene’s solutions, companies can stay ahead of these changes, ensuring both compliance and competitive advantage.

We hear from customers all the time about the frustrating and avoidable challenges that result from closed Travel Rule protocols walled off by gatekeepers in the industry. This is why we have invested in developing decentralized protocols like TAP and solutions like SafeTransact for Networks.

Open protocols will increase the one metric that matters most to crypto businesses: reachability—the ability for VASPs and institutions to not only connect, but actually facilitate the exchange of information across different systems and networks. By removing technical and regulatory barriers, open protocols make it easier to transact securely and at scale.

We believe strongly that only open protocols can eliminate these barriers and enable institutions to transact securely and at scale—helping to realize our shared vision of a future where crypto is a part of the everyday economy. We’re beginning to see others follow our lead here towards a truly open future.

Join Us in Shaping the Future

To our customers, partners, and team: thank you for your trust and collaboration. Together, we are paving the way for a world where secure, seamless, and compliant crypto payments unlock new opportunities across borders and industries.

Ready to shape this future together? 

Book a call to learn more about our industry-leading Travel Rule solution

Contact us to learn more about partnership opportunities

Join our team as we hire across multiple departments in 2025

Here’s a roundup of what you need to know from the last week in global crypto regulatory news.

🌎 Americas

🇺🇸 United States

President-elect Trump appoints AI and crypto czar. President-elect Donald Trump has named David Sacks, a venture capitalist and former PayPal executive, as the White House’s artificial intelligence and cryptocurrency czar. Sacks is expected to lead the administration’s policies on AI and digital assets, signaling a proactive approach to emerging technologies.

President-elect Trump shifts SEC leadership. President-elect Donald Trump has nominated Paul Atkins, a former SEC commissioner and advocate for digital assets, to replace Gary Gensler as SEC chair. Atkins is expected to bring a more crypto-friendly approach to regulation.

🌍 EMEA

🇬🇧 United Kingdom

FCA unveils crypto regulation roadmap. The Financial Conduct Authority (FCA) released a detailed plan for comprehensive crypto regulations by 2026. Findings show over 12% of U.K. adults hold crypto, emphasizing the need for clear regulatory frameworks.

🇪🇺 European Union

EBA publishes explainer on AML/CFT in crypto. The European Banking Authority (EBA) released a comprehensive explainer on preventing money laundering and terrorism financing in the EU’s crypto-assets sector. The document highlights key requirements under MiCA and the latest AMLD amendments, including the implications of the grandfathering clause. This resource offers essential insights into the EBA’s efforts to align crypto compliance with EU standards.

💡Go deeper with our recent article on debunking the myth of the Grandfathering Clause for the European Travel Rule.

🇲🇦 Morocco

Morocco drafts crypto regulations. Bank Al-Maghrib introduced regulations developed with World Bank support, focusing on financial inclusion and long-term CBDC exploration.

🌏 APAC

🇹🇼 Taiwan

Taiwan accelerates AML compliance for VASPs. The Financial Supervisory Commission (FSC) moved the AML registration deadline for Virtual Asset Service Providers (VASPs) to November 30, 2024. Updated guidelines include tracking suspicious activities and unusual transactions.

🌐 Global Highlights

Global Blockchain Business Council (GBBC)

GBBC launches GSMI 5.0, mapping blockchain regulation. The latest edition of GSMI 5.0 features global regulatory developments, taxonomy for 391 key terms, and in-depth reports on sustainability, AI convergence, and decentralized finance.

Questions? Contact [email protected]

Verifying self-hosted wallet ownership is a critical step in ensuring regulatory compliance while maintaining user trust and convenience. 

At Notabene, we offer 4 proof methods, each tailored to different needs and scenarios. 

Read on to learn more about these options, how they work, and why a user might choose each method depending on their circumstances.

1. Digital Signature: The Gold Standard for Blockchain Verification

Digital signatures use cryptographic algorithms to prove ownership of a blockchain address directly from the wallet. This method is highly secure, seamless, and widely supported across blockchains. While the specific signature standards vary by blockchain, the overall logic and flow remain similar, ensuring consistent user experience.

Advantages

• Highly secure and proof
• Fully automated for faster verification

Supported Wallets

• EVM-Compatible: MetaMask, WalletConnect, Ledger, Trezor, etc.
• Bitcoin: Electrum, Ledger, Trezor, BlueWallet, etc.
• Solana: Phantom, Solflare, etc.
• Other Blockchains: TronLink (Tron), Daedalus (Cardano)

Digital signatures are the gold standard for wallet ownership proof when security, versatility, and compliance are critical.

2. Microtransaction: Blockchain-Recorded Proof

Microtransaction (often referred to as the Satoshi Test) involves sending a small transaction from the wallet to confirm ownership. This method relies on blockchain records and is particularly useful for wallets that do not support signing messages.

Advantages

• Transparent proof recorded on the blockchain
• Works for any wallet capable of making transactions
• Ideal for cases where digital signature is unavailable

Supported Wallets

• No restrictions, if wallet cable to send transactions :)

Microtransactions provide a robust alternative when digital signatures are unavailable, offering trustless verification through the blockchain.

3. Screenshot: Quick and Visual Proof

The screenshot method involves capturing the wallet interface to visually prove ownership of the wallet. This method is simple and accessible, especially for non-technical users.

Advantages

• Quick and easy to perform
• Works for any wallet with a graphical user interface
• Accessible for less tech-savvy users

Supported Wallets

• Any wallet with a GUI, including mobile and desktop wallets.

4. Self-Declaration: Simple and Declarative Proof

Self-declaration involves a user’s assertion of wallet ownership through a signed checkbox. While less secure than other methods, it’s useful for jurisdictions or cases with no strict compliance requirements

Today, the European Banking Authority (EBA) released an explainer entitled Preventing Money Laundering and Terrorism Financing in the EU’s Crypto-Assets Sector. As the crypto landscape evolves, the EU is tightening its grip on compliance with the introduction of MiCAR (Markets in Crypto-Assets Regulation) and its accompanying AML/CFT rules, including the Transfer of Funds Regulation (TFR).

One common misconception among crypto-asset service providers (CASPs) is that MiCAR includes a “grandfathering” exemption under the new European Travel Rule. 

Let’s set the record straight: this is definitively not the case.

▶︎ Watch this special video message from Lana Schwartzman, Head of Regulatory & Compliance at Notabene, explaining why compliance with TFR is so important, as what consequences may face CASPs that fail to comply.

What Does Article 143(3) of MiCAR Really Say?

The much-discussed Article 143(3) states:

“Crypto-asset service providers that provided their services in accordance with applicable law before 30 December 2024, may continue to do so until 1 July 2026 or until they are granted or refused an authorization pursuant to Article 63, whichever is sooner.”

At first glance, this might appear to grant a blanket reprieve for CASPs operating before the cut-off date. In reality, the provision is far more limited in scope.

What This Provision Actually Means

While this transitional clause provides a limited window for CASPs to continue operating while applying for MiCAR authorization, it is not a free pass to avoid compliance. CASPs operating under existing frameworks—such as AMLD (Anti-Money Laundering Directive) or domestic AML/CFT regimes—must still adhere to all applicable AML/CFT requirements and that includes the Regulation (EU) 2023/1113, also know as the Transfer of Funds Regulation (TFR).

In simple terms:

• Yes, CASPs can keep operating during the transitional period.
• No, this does not exempt them from complying with the updated AML/CFT framework (including TFR).

The same stringent rules that apply to credit and financial institutions also apply to “grandfathered” CASPs.

The Travel Rule is Here to Stay

A major component of these regulations is the European Travel Rule, requiring CASPs to ensure that crypto transfers include comprehensive information about both originators and beneficiaries with the goal of preventing illicit activities like money laundering and terrorist financing in the crypto ecosystem and reporting it. This rule is non-negotiable and applies equally to CASPs during the transitional period.

Furthermore, CASPs engaging in transactions with self-hosted wallets or operating across borders will need to implement robust measures to trace and verify transfers.

Why Compliance Matters Now

While the transitional period may offer some operational flexibility, CASPs that delay in meeting compliance requirements risk jeopardizing their long-term viability. Here’s why:

• Increased Scrutiny: The EBA and upcoming EU AML Authority are tasked with enforcing strict compliance.
• Reputation at Stake: Operating without adherence to AML/CFT standards could harm trust with customers, partners, and regulators. As a matter of fact, we published earlier this year the results of our State of Crypto Travel Rule Report which showed from the survey that 66% of VASPs restrict withdrawals that do not comply with Travel Rule requirements
• Operational Risks: Failure to comply could lead to service suspension, fines, or denial of authorization.

For more on the risks of not complying with TFR, read our recent article on the Consequences of Non-Compliance with EU's Travel Rule After December 30th.

The Path Forward for CASPs

For CASPs looking to thrive under the new regime:

1. Act Now: Begin implementing Travel Rule solutions and robust AML/CFT measures immediately.
2. Understand the Framework: Familiarize yourself with MiCAR, Regulation (EU) 2023/1113, and the EBA Travel Rule Guidelines.
3. Prepare for Licensing: Gather the necessary documentation and establish a compliance-first culture to streamline your MiCAR authorization process.

Debunking the Myth

The takeaway is clear: there is no blanket “grandfathering clause” exempting CASPs from compliance. The transitional provision simply ensures continuity while maintaining full AML/CFT obligations.

As the compliance deadline of December 30, 2024 approaches, proactive measures will separate the leaders from those left scrambling to catch up. The time to act is now—ensure your operations are Travel Rule-ready and compliant with the evolving regulatory landscape.

Let’s work together to build a safe, compliant, and thriving crypto ecosystem in the EU. 🌍

As the EU’s Travel Rule regulations continue to advance, other global regions are beginning to feel the ripple effects. The Transfer of Funds Regulation (TFR), notably Regulation (EU) 1113/2023, sets stringent requirements on crypto asset service providers (CASPs) within the EU to mitigate risks of money laundering, terrorist financing, and other financial crimes. 

Yet, the effects of these rules extend beyond EU borders, influencing jurisdictions worldwide as they adapt to the standards set forth by these robust regulations.

Let’s have a look at some of the ways the EU’s TFR could impact regions globally.

A Surge in Global Compliance Demand

North America

VASPs in the US and Canada are closely observing the EU’s strict stance, with regulators considering updates or FAQs to enhance their own frameworks. The EU’s Travel Rule has set a benchmark, making it difficult for non-compliant entities to serve EU-based customers without adhering to similar standards.

Asia-Pacific

Countries like Singapore and Japan, which have already implemented Travel Rule provisions, are likely to refine their compliance measures further to align with EU requirements. This is especially important as EU-based financial institutions increasingly demand verification of counterparties in these regions.

Strengthening Due Diligence and AML Practices

The EU’s TFR mandates comprehensive due diligence for CASPs, which has led other jurisdictions to adopt or enhance similar anti-money laundering (AML) practices. For instance, LATAM countries, particularly those with high remittance flows, are tightening scrutiny on VASP activities to align with FATF recommendations and TFR influences.

For example, according to Reuters, Argentina’s cryptocurrency transactions have surged to $85.4 billion in the past year, raising concerns about money laundering. In response, the government is implementing new regulations, including a July 2024 fiscal package offering tax amnesty for individuals declaring up to $100,000 in registered crypto assets. This initiative aims to align with Financial Action Task Force (FATF) standards and prevent Argentina from being placed on the FATF’s grey list, which could deter foreign investment and harm the economy. Additionally, the government is amending laws related to money laundering and reporting entities to strengthen oversight of the crypto market. Regionally, the Financial Action Task Force of Latin America (GAFILAT), comprising 18 countries from South, Central, and North America, is enhancing anti-money laundering frameworks to align with global standards.

These efforts ensure that transactions from different regions meet EU standards, thereby reinforcing global AML practices.

Influencing Emerging Economies and Adoption Challenges

For emerging markets, particularly in Africa, the drive toward compliance is becoming essential as EU-based users and entities prefer to transact only with VASPs in compliance with their own regulatory standards. 

This could either foster rapid compliance adoption or limit market access for non-compliant VASPs in these regions. This was also noted in our State of Crypto Travel Rule Report where survey results showed that VASPs are increasingly intolerant towards transacting with counterparties that do not comply with the Travel Rule. In fact, over 66% of VASPs somehow restrict withdrawals that don't comply with Travel Rule requirements.

In Nigeria, a leading African cryptocurrency market, VASPs face pressure to align with international standards to maintain global market access. In December 2023, the Central Bank of Nigeria (CBN) issued guidelines for VASPs, lifting a two-year restriction on financial institutions operating accounts for cryptocurrency service providers or processing crypto-related transactions. However, smaller VASPs often struggle with the financial and operational burdens of compliance, creating a dichotomy:

• Rapid Compliance Adoption: VASPs that can afford necessary compliance measures may gain a competitive advantage by attracting EU-based clients and partners, thereby expanding their market reach.
• Limited Market Access: Conversely, VASPs unable to meet these standards risk exclusion from transactions with EU entities, limiting their growth potential.

This dynamic underscores the importance for African VASPs to invest in compliance infrastructure. While initial costs may be high, the long-term benefits include maintaining access to international markets, fostering trust with global partners, and enhancing the overall credibility of the African cryptocurrency market, which can attract more investors and users.

Increasing Demand for Compliance Technology

As VASPs worldwide aim to meet EU standards, the demand for compliance technology is surging. Many are adopting regtech solutions to streamline KYC, AML, and data-sharing processes, enabling efficient alignment with international standards, particularly for cross-border transactions. This trend is reshaping how global VASPs approach compliance.

The Road Ahead: Potential Challenges and Opportunities

The EU’s TFR is reshaping the regulatory landscape, creating both challenges and opportunities for global VASPs. Increased regulatory pressure may lead to market consolidation, where larger entities excel while smaller players struggle to adapt. However, harmonized regulations promise more secure, trustworthy global transactions, offering users a safer and more navigable digital asset ecosystem.

This evolving environment demands proactive investment in compliance solutions. For VASPs, adapting to these changes is not just a regulatory necessity—it’s an opportunity to enhance credibility, foster innovation, and help standardize the global digital transaction landscape.

If your business is located outside of the EU and you would like to speak with our team about implementing a TFR-compliant Travel Rule program, you can schedule a free demo of our solution at notabene.id/demo

Lately, we’ve been hearing a recurring question from our customers and prospects: Is the EU Transfer of Funds Regulation (TFR) being postponed by six months? Let’s set the record straight.

The short answer: No, the TFR is not being delayed.

Understanding the Source of the Confusion

This misunderstanding likely stems from recent discussions around MiCA (Markets in Crypto-Assets) regulatory technical standards (RTS). As members of BlockchainForEurope, we’ve joined others in addressing concerns about MiCA’s RTS and its implementation timeline. The letter we co-signed with other industry members highlights several key challenges that MiCA introduces, including:

1. Timing and Legal Uncertainty: With less than two months left before MiCA’s application on December 30, 2024, delays in RTS adoption have left both national competent authorities (NCAs) and CASPs scrambling to prepare.
2. Inconsistent Transitional Periods: Divergent “grandfathering” clauses across Member States create a compliance patchwork—5 months in Lithuania versus 18 months in France—undermining the intended harmonization.
3. Foreseeable Delays and Risks: Without coordinated measures, we risk regulatory uncertainty, market disruptions, and reputational harm, detracting from MiCA’s goals.
4. Operational Challenges: CASPs face impractical requirements, such as applying in all Member States, while some states have ceased accepting pre-MiCA applications.
5. Proposed Mitigations: The letter calls for ESMA to issue a “no action” letter to promote consistency among NCAs and extend transitional arrangements.

How Does This Relate to TFR?

It’s crucial to understand that MiCA and TFR are separate regulations. While MiCA includes transitional or “grandfathering” clauses for existing CASPs, the TFR does not.

For TFR, there is no "traditional" transitional period. Under the EBA Travel Rule Guidelines, until July 31, 2025, CASPs may exceptionally use infrastructures or services with technical limitations, but are required to implement additional technical steps to ensure full compliance with the requirements. This does not exempt them from Travel Rule compliance. CASPs using such infrastructures are required to take additional technical steps to ensure full compliance with the Travel Rule during this period. This means that all existing CASPs, regardless of their new status, must fully comply with the TFR requirements by the official application date. Any delays or mitigations proposed under MiCA will not directly impact TFR timelines.

Failing to comply with the TFR by the December 30, 2024, deadline carries serious consequences, including the potential for service disruptions, reputational damage, and regulatory penalties. We recently explored this topic in detail in our article: The Consequences of Non-Compliance with the EU’s Travel Rule After December 30th. If you’re preparing for compliance, it’s worth a read.

At Notabene, we’re committed to helping businesses navigate these regulatory complexities. If you have questions or concerns about preparing for the TFR, we’re here to help. Feel free to reach out to our Regulatory & Compliance team at [email protected] 

Celebrating 25 Million Transfers and $500B in Transaction Volume Processed on the Notabene Network

We’re so proud to announce that Notabene has reached a significant milestone – processing over 25 million transactions and $500B in transaction volume through our secure Travel Rule compliance solution. This achievement underscores our position as the industry’s largest active Travel Rule network, as well as our commitment to facilitating secure and compliant cryptocurrency transactions on a global scale.

As a leader in Travel Rule compliance since 2020, Notabene has been at the forefront of enabling Virtual Asset Service Providers (VASPs) to meet regulatory requirements while maintaining the efficiency and speed that crypto users expect. Our solution has become an integral part of the crypto ecosystem, bridging the gap between traditional financial regulations and the innovative world of digital assets.

Reaching 25 million transactions is not just a number—it's a testament to the scale and impact of our solution in the crypto compliance industry. This milestone has far-reaching implications for the broader crypto ecosystem. It demonstrates that large-scale compliance is not only possible but can be achieved without sacrificing the speed and efficiency that are hallmarks of cryptocurrency transactions. It also shows that the industry is maturing, with VASPs increasingly prioritizing regulatory compliance as part of their operations.

By facilitating 25 million compliant transactions, Notabene has played a crucial role in driving Travel Rule compliance within the crypto industry. This has contributed to increased trust and legitimacy in the eyes of regulators and traditional financial institutions, while enabling our customers to grow their business in a scaleable way.

Our Journey to 25 Million

The path to 25 million transactions has been marked by continuous innovation, strategic partnerships, and overcoming significant challenges in partnership with our valued customer base. Along the way, we have:

• Launched our first Travel Rule solution in 2020
• Expanded our network to include VASPs from over 50 countries
• Implemented support for multiple blockchain protocols and countless crypto wallets
• Launched first of its kind Phased Implementation Plan to aid VASP roll out of Travel Rule
• Launched the first Travel Rule Certification program in the crypto industry
• Engaged extensively with regulators and industry associations to address some of the most complex challenges in implementing the Travel Rule
• Developed and released the Transaction Authorization Protocol (TAP), a decentralized protocol solution for the entire industry
• Launched our innovative SafeTransact for Networks, bringing a layer of compliance to the robust networks where transactions already occur
• Built a best-in-industry self-hosted wallet solution that provides end-users with an elegant UX with a simple and powerful embeddable component

And we’re just getting started.

We will continue to rapidly grow our network volume by adapting to rapidly evolving regulations, ensuring interoperability with various VASP systems, and maintaining the highest standards of data security and privacy.

As we celebrate this milestone, we want to highlight our commitment to being the leading provider of Travel Rule solutions in the cryptocurrency space. This achievement would not have been possible without the trust and collaboration of our partners, clients, and the dedicated Notabene team.

To VASPs not yet on our network, there’s never been a better time. Join the largest and most far-reaching Travel Rule compliance network in the crypto industry.

Contact our team to learn how Notabene can help your organization meet Travel Rule requirements and be part of the next 25 million transactions.

For compliance professionals across Europe, the Transfer of Funds Regulation (TFR) plays a pivotal role in enhancing transparency and combating money laundering and terrorist financing. While its primary objective is to align with the Financial Action Task Force’s (FATF) “Travel Rule” for European Union (EU) member states, it’s equally important—but sometimes overlooked—that it also applies to the European Economic Area (EEA) member states, namely Norway, Iceland, and Liechtenstein. This blog post delves into how the TFR extends to the EEA, ensuring a homogeneous regulatory framework across the region.

TFR in the EEA: Not Just an EU Regulation

The TFR was first established under Regulation (EU) 2015/847*, mandating that financial service providers share information accompanying transfers of funds. This regulation is designed to combat money laundering and terrorist financing by ensuring transparency in financial transactions. When the regulation was introduced, the EEA Joint Committee, responsible for aligning EEA non-EU members with relevant EU regulations, formally incorporated it into the EEA Agreement.

EEA Joint Committee Decision No. 198/2016*, adopted on 30 September 2016, amended Annex IX (Financial Services) of the EEA Agreement to include the TFR, thereby extending its applicability to Iceland, Liechtenstein, and Norway. This decision ensured that non-EU EEA members implement the TFR within their financial systems, thus aligning their AML measures with EU standards.

The Complete List of EEA Countries Impacted by the TFR

Understanding which countries the TFR applies to is key for compliance. Here’s the full list of EEA member states:

EU Member States (27 countries): 

• 🇦🇹 Austria
• 🇧🇪 Belgium
• 🇧🇬 Bulgaria
• 🇭🇷 Croatia
• 🇨🇾 Cyprus
• 🇨🇿 Czech Republic
• 🇩🇰 Denmark
• 🇪🇪 Estonia
• 🇫🇮 Finland
• 🇫🇷 France
• 🇩🇪 Germany
• 🇬🇷 Greece
• 🇭🇺 Hungary
• 🇮🇪 Ireland
• 🇮🇹 Italy
• 🇱🇻 Latvia
• 🇱🇹 Lithuania
• 🇱🇺 Luxembourg
• 🇲🇹 Malta
• 🇳🇱 Netherlands
• 🇵🇱 Poland
• 🇵🇹 Portugal
• 🇷🇴 Romania
• 🇸🇰 Slovakia
• 🇸🇮 Slovenia
• 🇪🇸 Spain
• 🇸🇪 Sweden

EEA EFTA States (3 countries): 

• 🇮🇸 Iceland
• 🇱🇮 Liechtenstein
• 🇳🇴 Norway
  

It’s worth noting that 🇨🇭 Switzerland, although part of the European Free Trade Association (EFTA), is not a member of the EEA and is therefore not directly subject to the TFR.

How the TFR Enhances AML/CFT Measures Across the EEA

The TFR strengthens AML and Counter Financing of Terrorism (CFT) measures by requiring payment service providers to attach detailed payer and payee information to transfers of funds. For the EEA as a whole, this means consistent AML compliance standards for financial institutions across both EU and non-EU EEA states.

When Regulation (EU) 2023/1113* updated the TFR, it further extended these obligations specifically for virtual asset service providers (VASPs), bringing them under the same AML/CFT standards. This update is part of the EU’s broader Markets in Crypto-Assets (MiCA) framework, which aims to regulate cryptocurrency service providers consistently across the EEA.

This update extended obligations to VASPs across the EEA as part of the region’s coordinated AML/CFT strategy and ensured that virtual asset transfers include necessary information about the originator and beneficiary, aligning with the FATF’s Travel Rule.

Implications of the TFR for Financial Institutions and VASPs in the EEA

The TFR’s incorporation into the EEA Agreement means that financial institutions, including VASPs in Iceland, Liechtenstein, and Norway, must now comply with the same AML requirements as those in the EU. This uniformity is essential for:

1. Legal Alignment: Ensuring a homogenous legal framework across all EEA member states.
2. Compliance Requirements: Enforcing the same level of scrutiny for fund transfers within the EEA, enhancing transparency and reducing regulatory disparities.
3. AML/CFT Strengthening: Bolstering defenses against money laundering and terrorism financing across borders, especially in high-risk sectors like virtual assets.

Why Compliance Professionals Shouldn’t Overlook EEA Obligations

For compliance officers, particularly those dealing with cross-border transactions, it’s essential to remember that the TFR’s obligations span the entire EEA. Ignoring the non-EU EEA countries—Norway, Iceland, and Liechtenstein—can lead to gaps in compliance, risking penalties and reputational damage. Every compliance framework and transaction protocol should therefore account for the TFR’s reach across these territories.

The TFR is not just an EU obligation; it applies to the entire EEA, including Iceland, Liechtenstein, and Norway. Its aim is to create a consistent and robust AML framework across Europe, aligning the EEA non-EU members with the EU’s AML/CFT standards. Compliance professionals and financial institutions should ensure that their policies and procedures reflect this broader scope of the TFR, safeguarding against regulatory and operational risks in today’s complex financial landscape.

Where to Find Further Guidance on EEA Compliance

The EFTA Secretariat offers access to legal texts and guidance on implementing EU regulations within the EEA, including the TFR. Additionally, each EEA EFTA state’s financial supervisory authority provides national guidelines to help institutions comply with the regulation’s requirements.

For more detailed information on the TFR’s integration into the EEA, refer to EEA Joint Committee Decision No 198/2016, published in the EEA Supplement to the Official Journal of the European Union. The official EFTA website also provides a repository of EEA-related legislative documents, ensuring that compliance professionals have the resources they need to meet EEA-wide AML standards.

*Sources

Regulation (EU) 2015/847 - https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32015R0847#ntr2-L_2015141EN.01000101-E0002

EEA Joint Committee Decision No. 198/2016 -  https://www.efta.int/sites/default/files/documents/legal-texts/eea/other-legal-documents/adopted-joint-committee-decisions/2016%20-%20English/198-2016.pdf

Regulation (EU) 2023/1113 - 3 https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32023R1113

NEW YORK, NY – November 12, 2024 – Notabene, a leading provider of cryptocurrency compliance solutions, today announced it has raised $14.5 million in a Series B funding round led by DRW VC, with participation from funds managed by Apollo, Nextblock, and Wintermute, along with existing investors CMT Digital, F-Prime, Green Visor Capital, Illuminate Financial, Jump Capital, ParaFi Capital, Signature Ventures, and Y Combinator. The funding will accelerate Notabene’s mission to make crypto payments a part of the everyday global economy by fostering open, secure, and compliant transactions.

Regulators now require crypto companies such as exchanges, wallet providers, and payment processors to securely exchange information about sender and receiver, just like they already do in traditional payments. This so-called Travel Rule is now a requirement in most global financial centers.

Having already helped process half a trillion dollars worth of transactions, Notabene is the leading global platform and network for compliant crypto payments. By automating the secure transfer of sensitive data between institutions, Notabene simplifies this complex process that is virtually impossible for companies to implement independently.

Kimberly Trautmann, Partner and Head of DRW VC, the round’s lead investor, emphasized the significance of Notabene’s work in this emerging financial ecosystem:

“Notabene offers a comprehensive and efficient way to track and disclose who an asset is being sent to, which is critical for those who facilitate the exchange, transfer, safekeeping, and administration of virtual assets (Virtual Asset Service Partners or VASPs) and need to be compliant with the Travel Rule. We believe Notabene is positioned to be the provider-of-choice, as it allows users to achieve real-time compliance, is protocol agnostic and does not require exposing sensitive information to other market participants.”

Notabene is expanding its focus to support the growing number of traditional financial institutions moving into digital payments. With over $20T in stablecoin transactions processed last year, global adoption is on the rise and poised to be crypto’s long-awaited killer use case. The key to unlocking stablecoins’ potential as fast, low-cost, borderless payments is a secure and transparent system – one that’s open and not controlled by any single entity. Notabene offers the essential infrastructure for compliance, reconciliation, and safety, enabling open, interoperable payment networks that will drive the next wave of adoption.

Notabene’s CEO, Pelle Brændgaard, underscores the company’s vision for the future of payments:

“We’ve already established ourselves as a pioneer in Travel Rule compliance, and now, as regulatory clarity grows and adoption scales, we are positioned to do the same for payments. By enabling secure, compliant, and open digital asset transactions, we’re helping shape the next generation of global financial infrastructure. Our philosophy of building open networks to maximize reachability between transacting counterparties will be a key driver of adoption with both crypto-native organizations, as well as incumbent players in traditional finance that are showing an increased interest in digital assets and blockchain payment solutions.”

Notabene’s platform has seen a rapid 10x increase in transaction volumes over the past year, totaling nearly $500 billion in transaction volume—solidifying the company’s role as a trusted provider in the compliance space. With over 165 companies using the platform, including some of the largest virtual asset service providers (VASPs) globally such as Copper, OKX, and Robinhood, as well as working relationships with regulatory bodies across hundreds of global jurisdictions, Notabene has built the largest network of transacting counterparties in the market today.

Alexander Ross, General Partner, Head of NYC for investor Illuminate Financial, added:

“As the existing market leader for Travel Rule compliance, we believe Notabene has the potential to become the “SWIFT network” for blockchain transactions. There is a desperate need for a secure network to share all transaction metadata. This will enable compliance with global regulations and is a key pillar to unlocking mass adoption of stablecoins for payments. We have been working with the founders since 2021 and believe they are the best positioned to execute this vision.”

With this raise, Notabene is set to continue its mission to bring crypto and stablecoins into everyday global payments. It will help grow the industry's only open compliant payments network to support more use cases and new market entrants.

“With $20 trillion in stablecoin transactions processed last year, stablecoins are emerging as the preferred method for fast, low-cost global payments,” said Pelle Brændgaard, Notabene CEO. “As regulatory clarity expands, traditional financial institutions are beginning to recognize stablecoins’ potential. Notabene’s role as a trusted compliance provider is critical to unlocking this potential and establishing stablecoins as a legitimate payment medium worldwide.”

About Notabene

Notabene is the leading crypto payment authorization network, enabling secure, transparent, and compliant transactions for financial institutions around the world. With a platform that facilitates transactions in over 80 jurisdictions, supports over 165 companies, and has processed half a trillion dollars in transaction volume, Notabene is setting the standard for compliant transactions in the digital asset space.

For more information, please visit notabene.id.

‍

Nearly five years ago when Alice, Ania, Andrés, and I sat down to start our journey to making crypto part of the everyday economy, we realized it was an amazing opportunity for us to really solve some of the foundational issues we saw were inherent in crypto and the crypto industry of 2020.

Trust between the many varied crypto native institutions, traditional finance, and global regulators seemed missing and, frankly, not many people cared back then. As early Bitcoin and Web3 developers, we believe in the importance of decentralization and people managing their own keys. And yet we also realized that institutions are as critical to scaling and making crypto safe for regular people and use-cases as they are in the cash-based economy.

Thus, our simple plan: to help crypto native companies trust each other and allow regulators to feel safe and comfortable for their constituents to entrust their money with this new generation of crypto native fintechs. This is ultimately about adoption of crypto and stablecoins globally with everyone and everywhere. 

Announcing our Series B

Today marks a significant milestone in Notabene's journey, as we announce our $14.5 million Series B funding round led by DRW VC, with participation from funds managed by Apollo, Nextblock, and Wintermute, along with existing investors CMT Digital, F-Prime, Green Visor Capital, Illuminate Financial, Jump Capital, Signature Ventures, and Y Combinator. This investment is a testament to our vision of building a trust infrastructure that enables all financial institutions—from crypto natives to traditional banks—to transact securely and confidently in the digital age.

It's noteworthy that DRW, Wintermute, and Jump (who co-lead our Series A) are all major players in providing the critical underlying liquidity that powers the crypto ecosystem. Their participation underscores their deep understanding of the importance of institutional trust infrastructure in driving the industry forward.

Our Journey So Far

We recognized early that the future of finance would require a new kind of trust infrastructure. Traditional finance relies on centralized gatekeepers, while crypto operates on trustless technology. We saw the need for a middle ground—a way for institutions to build trust through transparency and verifiable credentials while maintaining their autonomy.

What started as helping companies implement the Travel Rule has evolved into something much more fundamental: a decentralized trust network that enables any financial institution to verify, trust, and transact with counterparties globally. Today, having processed nearly $500B in transactions through our Transaction Authorization Network, we've proven that compliance and transaction volume can go hand in hand when built on the right foundation.

Why Institutional Trust Infrastructure Matters More Than Ever

The financial industry stands at a crossroads. Crypto natives have built incredible technology but struggle with trust. Traditional financial institutions have deep trust relationships but are constrained by legacy infrastructure. Fintech companies are bridging the gap but need better tools to build trust with both sides. These dynamics create the perfect conditions for a new kind of financial infrastructure built on verifiable trust rather than centralized gatekeepers.

Nowhere is this more evident than in the evolution of stablecoins. While stablecoins solve the fundamental challenge of instant, 24/7 settlement, they can only replace traditional settlement rails if institutions can trust who they're transacting with before they send funds. This is where our pre-transaction authorization infrastructure becomes crucial—enabling institutions to verify counterparty identity, assess risk, and ensure compliance before a single dollar moves.

What excites me most is seeing how our trust network enables entirely new ways of collaboration between different types of financial institutions. When a crypto exchange can instantly verify the compliance credentials of a traditional bank, when a fintech can prove its trustworthiness to multiple partners simultaneously, when institutions can maintain their high standards while embracing innovation—that's when we know we're building something transformative.

Building the Trust Network

This funding will accelerate our vision in three key areas:

1. Network Expansion: Our network of 165 customers and 1,600 profiles is just the beginning. We're building the world's most comprehensive network of verified institutional identities, enabling any financial institution to find and trust counterparties globally.

2. Trust Infrastructure: We're investing heavily in our pre-transaction authorization platform and decentralized trust infrastructure. This enables institutions to comply with regulations and build verifiably trusted relationships at the scale needed for stablecoins to become the next generation of settlement rails. By solving the "trust gap" that has held back institutional stablecoin adoption, we're helping create a future where instant, global settlement is the norm, not the exception.

3. Global Standards: We're working with regulators and industry leaders, particularly in the EU with MiCA and the US, to establish standards for institutional trust that work for everyone - from the most innovative crypto native to the most conservative bank. These standards will be crucial as stablecoins increasingly become part of the core financial infrastructure.

A Foundation Built on Trust

Our success comes from understanding that trust can't be enforced - it must be earned and verified. We've built a team that deeply understands both traditional finance's trust requirements and decentralized technology's innovative potential. This unique perspective allows us to bridge the gap between stablecoins' instant settlement capabilities and institutional finance's trust requirements.

DRW's Kimberly Trautmann captures this well: "Notabene offers a comprehensive and efficient way to track and disclose who an asset is being sent to, which is critical for Virtual Asset Service Partners. We believe Notabene is positioned to be the provider of choice."

To Our Stakeholders

To our customers: Thank you for your trust. We're committed to being your long-term partner in building compliant digital payment infrastructure. This funding will help us serve you better and support your growth.

To our team: Your dedication to solving hard problems while maintaining the highest compliance and security standards has brought us here. We're just getting started.

To our investors: Thank you for believing in our vision. We're building infrastructure that will reshape how value moves around the world.

The Road Ahead

The next phase of finance will be defined by how successfully different types of institutions can work together. This isn't just about compliance or technology, it's about building an ecosystem where traditional banks, fintechs, and crypto companies can each maintain their identity while building meaningful trust relationships with others.

We see a clear path to stablecoins becoming the backbone of institutional settlement. The technology for instant, 24/7 settlement exists today—what's missing is the trust infrastructure to make it work at scale. By solving the critical challenges of pre-transaction authorization and institutional trust, we're removing the final barriers to widespread stablecoin adoption.

We're creating a world where a bank can instantly verify a crypto exchange's compliance credentials, a fintech can prove its trustworthiness to multiple partners simultaneously, and innovation doesn't come at the cost of trust. A world where institutions don't need centralized gatekeepers to trust each other because they have the tools to verify trust directly. A world where settling a cross-border payment is as instant and simple as sending an email but with all the trust and security that institutions require.

Our journey continues, and we're more excited about what's ahead. If you're interested in being part of building this trust-based future - whether as a customer, partner, or team member - we'd love to hear from you.

The future of finance is being built today, and it's being built on verifiable trust relationships between sovereign institutions. We're proud to be leading the way. Our vision of crypto being a key part of the everyday economy is closer than ever.

‍

‍

Pelle Brændgaard is the CEO and co-founder of Notabene. Follow him on Twitter @pelleb for more insights on the future of compliant digital payments.

When I spoke about the Dawn of Travel Rule at the GBBC Members Forum, I spoke about the importance of not only sending and receiving Travel Rule messages, but responding to them as well.

Why is this so important? Simply put, at this point in our Travel Rule timeline (5 years since first adoption), supervisory authorities are starting to evaluate the effectiveness of Travel Rule. This means taking a closer look at one key requirement, which is responding to Travel Rule messages. Depending on the jurisdiction, it is no longer okay to only send a transfer and state to a regulator that “As a VASP, I am Travel Rule Compliant”. You will have to also demonstrate that you have been responding to incoming messages from counterparties.

Why Responding Matters

As the industry evolves, responding accurately to Travel Rule requests is not just a "nice-to-have" feature; it’s a compliance obligation that can impact a firm’s ability to do business. Let’s take a closer look at some of the key reasons why.

1. Compliance Requirements

Many jurisdictions have regulations explicitly mandating that VASPs engage in a two-way dialogue for Travel Rule compliance. This means that merely sending the required information is not enough—you must also respond to missing or incomplete data, and provide follow-up information when requested by counterparties or authorities. Failure to do so can put your business at risk of non-compliance and possible subject to fines or penalties.

Let’s take a look at just a few jurisdictional regulations (this is not the exhaustive list) that emphasize not only the need to send and receive required information but also the importance of responding to travel rule messages. You might note that these rules are primarily in the context of providing required transfer details back when there is incomplete or missing information.

European Union

The EU’s Transfer of Funds Regulation (TFR) goes beyond requiring accurate originator and beneficiary information. It mandates that CASPs (Crypto Asset Service Providers) request missing details and actively respond to counterparty requests to rectify discrepancies. Specifically, Article 16(1) and Article 17 of the TFR require prompt follow-up and compliance checks. Full details at the bottom of this article.

United States

The FinCEN Travel Rule requires U.S.-based VASPs to provide specified information for transactions over $3,000. This includes responding to any queries or compliance checks from counterparties. Ignoring such requests or failing to engage can be seen as regulatory non-compliance, particularly in the context of suspicious transactions. Full details at the bottom of this article.

United Kingdom

Under the Money Laundering Regulations (MLR), VASPs are required to take proactive steps if information is missing or incomplete. For example, if a discrepancy is detected, the VASP must request the missing information, delay the transaction, or, in some cases, even return the crypto assets. Such procedures necessitate a robust response mechanism. Full details at the bottom of this article.

Singapore

Under the Payment Services Act (PSA), the Monetary Authority of Singapore (MAS) implements FATF’s Travel Rule. VASPs must gather, verify, and transmit required information, and are expected to “provide value transfer information” by a certain time frame which can only be done through a response. For example, the legislation states that “In a value transfer where the amount to be transferred is below or equal to S$1,500…….the ordering institution shall provide the value transfer originator information and value transfer beneficiary information set out in paragraph 13.4(a) to (d) within 3 business days of a request for such information…” Full details at the bottom of this article.

Across these global regulations, the emphasis is clear: while sending and receiving information is essential, responding to travel rule transfers is equally important. This includes engaging with counterparties to verify, request additional information, and ensure compliance with AML/CFT obligations. A lack of response or failure to follow up on incomplete or suspicious transfers can result in non-compliance and regulatory scrutiny.

2. Counterparty Trust and Business Relationships

VASPs are increasingly choosing to limit their transactions to compliant counterparties. This trend is evident in Notabene’s own research, where 66% of surveyed VASPs reported restricting withdrawals with entities that do not comply with the Travel Rule. Failing to respond to a Travel Rule message sends a strong signal to your counterparties that your business may not be fully committed to compliance, leading them to potentially cut off transactions altogether.

3. Operational Efficiency and Risk Management

Failing to respond promptly to Travel Rule messages can create bottlenecks in your transaction workflows, resulting in increased operational costs and slower settlements. Having an automated system like Notabene’s SafeTransact that not only sends and receives messages but also monitors and responds to them can help streamline compliance processes and reduce the risk of human error.

Real-World Implications: What Happens When You Don’t Respond?

If a VASP fails to respond to a Travel Rule message, several scenarios could unfold:

Regulatory Penalties and Fines

Non-compliance can result in significant fines or penalties from regulatory bodies.

Counterparty De-Risking

If a counterparty sees that you are not responding to compliance messages, they may choose to de-risk by ceasing all business activities with your VASP, resulting in lost revenue and a damaged reputation.

Loss of Market Access

As global jurisdictions begin implementing stricter compliance rules, VASPs that are flagged for non-compliance may find themselves unable to operate in key markets.

Notabene’s Approach: Streamlining and Automating Responses

The complexity of responding to Travel Rule messages often stems from inconsistent regulations across jurisdictions. Notabene’s solution simplifies this by offering a unified platform that helps businesses automatically detect missing or incomplete data, sends requests for clarification, and ensures compliance through automated responses.

Notabene’s SafeTransact for Networks automates the end-to-end compliance process, enabling customers to respond to Travel Rule requests in real-time, ensuring compliance without disrupting business operations.

Responding to Travel Rule messages is not just about meeting regulatory expectations; it’s about building trust in the industry. As the market matures, businesses that invest in compliance today will be best positioned to thrive tomorrow.

By actively responding to Travel Rule messages, your business is not only complying with global regulations but also paving the way for more secure and efficient transactions, making you a preferred partner for other VASPs and financial institutions.

Want to learn more about how Notabene’s solution can help streamline your Travel Rule compliance? Book a call with our team today.

‍

‍

Addendum

European Union (EU) - Transfer of Funds Regulation (TFR) (Regulation (EU) 2015/847)

Articles 16(1) and 17 of the Transfer of Funds Regulation outline the responsibilities of Crypto Asset Service Providers (CASPs) to ensure that all transfers include accurate and complete originator and beneficiary information. They also specify that CASPs must request missing information  from the sender's VASP and actively engage when information is incomplete. Responding  to these situations is crucial for compliance.

“crypto-asset service providers should ensure that the information on the ... originator and the beneficiary is not missing or incomplete.” (Par. 28)

“With the aim of assisting payment service providers and crypto-asset service providers to put effective procedures in place to detect cases in which they receive transfers of funds or transfers of crypto-assets with missing or incomplete information on the payer, payee, originator or beneficiary and to take effective follow-up action, “ (Par. 51)

“To enable prompt action to be taken in the fight against money laundering and terrorist financing, payment service providers and crypto-asset service providers should respond promptly to requests for information on the payer and the payee or on the originator and the beneficiary from the authorities responsible for combating money laundering or terrorist financing in the Member State where those payment service providers are established or where those crypto-asset service providers have their registered office” (Par. 53)

Further, according to the final Travel Rule Guidelines¹ by the European Banking Authority that accompany the TFR paragraph 56 states:

“Where the PSP, IPSP, CASP or ICASP requests required information that is missing, it should set a reasonable deadline by which the information should be provided. This deadline should not exceed three working days for transfers taking place within the Union, and five working days for transfers received from outside of the Union, starting from the day the PSP, CASP, IPSP or ICASP identifies the missing information”

¹https://www.eba.europa.eu/sites/default/files/2024-07/6de6e9b9-0ed9-49cd-985d-c0834b5b4356/Travel%20Rule%20Guidelines.pdf

‍

United States - Financial Crimes Enforcement Network (FinCEN) Travel Rule (31 CFR 1010.410)

The FinCEN Travel Rule mandates U.S. based VASPs (CVC’s) and financial institutions to collect, retain, and transmit specified information on fund transfers over $3,000. Responding to requests for additional details or missing information is required, particularly in suspicious cases or incomplete transfers.

“The money transmitter must obtain or provide the required regulatory information either before or at the time of the transmittal of value, regardless of how a money transmitter sets up their system for clearing and settling transactions, including those involving CVC” (Fincen Guidance FIN-2019-G001)

United Kingdom - The Money Laundering and Terrorist Financing (Amendment) (EU Exit) Regulations 2019

The UK’s Money Laundering Regulations (MLR) require VASPs to ensure full compliance with AML/CTF requirements, including receiving and transmitting required travel rule information.  Further, there are requirements around reporting to FCA those that do not provide the required information back. Hence this really underscores the responsibility of VASPs to respond to inquiries from counterparties and authorities when information is missing or insufficient.

“(2) Where the cryptoasset business of the beneficiary becomes aware that any information required by regulation 64C to be provided is missing or does not correspond with information verified by it under Part 3, the cryptoasset business of the beneficiary must— (a) request the cryptoasset business of the originator to provide the missing information; (b) consider whether to make enquiries as to any discrepancy between information received and information verified by it under Part 3; and (c) consider whether— (i) to delay making the cryptoasset available to the beneficiary until the information is received or any discrepancy resolved; and (ii) if the information is not received or discrepancy resolved within a reasonable time, to return the cryptoasset to the cryptoasset business of the originator. (3) In deciding what action to take under paragraph (2)(c) the cryptoasset business must have regard to— (a) the risk assessments carried out by the cryptoasset business under regulations 18(1) (risk assessment by relevant persons) and 18A(1) (risk assessment by relevant persons in relation to proliferation financing); and (b) its assessment of the level of risk of money laundering, terrorist financing and proliferation financing arising from the inter-cryptoasset business transfer……."

(5) The cryptoasset business of a beneficiary must report to the FCA repeated failure by a cryptoasset business to provide any information required by regulation 64C as well as any steps the cryptoasset business of the beneficiary has taken in respect of such failures.  (Par 64D)

Singapore - Payment Services Act (PSA) and FATF Travel Rule Implementation

Under the Payment Services Act (PSA), the Monetary Authority of Singapore (MAS) implements FATF’s Travel Rule. VASPs must gather, verify, and transmit required information, and are expected to “provide value transfer information” by a certain time frame which can only be done through a response. For example,  “In a value transfer where the amount to be transferred is below or equal to S$1,500…….the ordering institution shall provide the value transfer originator information and value transfer beneficiary information set out in paragraph 13.4(a) to (d) within 3 business days of a request for such information…….”

As of 30 December 2024, compliance with the Transfer of Funds Regulation (TFR) and respective EBA Guidelines is mandatory for any CASPs operating in the EU.

▶︎ Watch this special video message from Lana Schwartzman, Head of Regulatory & Compliance at Notabene, explaining why compliance with TFR is so important, as what consequences may face CASPs that fail to comply.

A common misconception that we hear is that there is a “grace period” that delays the need to comply until July of this year. While it is true that the EBA guidelines foresee a transitional period until July 31, 2025, during which CASPs may exceptionally use infrastructures or services with certain technical limitations, this does not exempt them from Travel Rule compliance. CASPs using such infrastructures are required to take additional technical steps to ensure full compliance with the Travel Rule during this period.

This provision from the EBA Guidelines gave rise to misinterpretations that many are now incorrectly viewing as a grace period or exemption. The EBA already clarified that this is not the case. In page 51 of the final Guidelines “the EBA stresses that non-compliance with Regulation (EU) 2023/1113 is not accepted”. In fact, paragraph 24 of the EBA Guidelines clearly states that the technical limitations “need to be compensated by additional technical steps or fixes to fully comply with these Guidelines”.

It is therefore very clear that the TFR obligations must be fully complied with as of December 30, 2024. 

CASPs that repeatedly or systematically fail to accompany crypto-asset transfers with the required information on the originator and beneficiary may face severe penalties and consequences under the Transfer of Funds Regulation and related EU directives. All told, the risks that a company faces by not complying with TFR are substantial. 

Let’s have a look at the potential consequences of non-compliance with the TFR.

1. Financial Penalties

One of the most immediate and tangible consequences of non-compliance is the imposition of financial penalties. These can be substantial and may vary depending on the severity of the breach and the specific regulations in each EU member state. The regulation allows for substantial monetary sanctions:

• Standard Penalty: A maximum administrative fine of at least twice the amount of the benefit derived from the breach (if determinable) or a minimum of €1,000,000.
• Enhanced Penalties for Financial Institutions: For CASPs classified as credit or financial institutions, the penalties can be more severe:
  • Legal Persons: Fines of up to €5,000,000 or 10% of the total annual turnover, whichever is higher.
  • Natural Persons: Fines of up to €5,000,000

Keep in mind that penalties can accumulate, potentially resulting in daily fines. In addition, increased compliance costs and operational burdens may be necessary to resolve deficiencies, resulting in additional financial burden.

*Source: Article (3) of Directive (EU) 2015/849

2. Criminal and Administrative Sanctions

In more severe cases, particularly those involving deliberate non-compliance or gross negligence, entities and individuals may face criminal or administrative sanctions. This can include:

• Criminal liability for Chief Compliance Officers (CCOs) or executives responsible for overseeing AML/CFT protocols
• Administrative sanctions that could significantly impact business operations
  • Public Statement: Authorities may issue a public statement identifying the CASP and detailing the nature of the breach.
  • Cease and Desist Order: The CASP may be ordered to stop the non-compliant behavior and refrain from repeating it.
  • Authorisation Suspension or Revocation: For authorized CASPs, their operating license may be suspended or withdrawn entirely.
  • Managerial Ban: Individuals responsible for the breach, including those in managerial positions, may face a temporary ban from exercising managerial functions in obliged entities.

  *Source: Article 29 of the TFR and Article 59(2) and (3) of Directive (EU) 2015/849)

3. Regulatory Sanctions

While exact details may vary, it's likely that regulatory sanctions for non-compliance could be severe:

• Suspension or revocation of operating licenses within the EU
• Restrictions on certain activities or prohibitions on cross-border crypto-asset transfers

4. Reputational Damage

In the highly regulated EU market, reputation is crucial. Non-compliance can lead to:

• Loss of trust from customers and partners
• Negative publicity that can be challenging to overcome
• Long-term impact on business relationships and growth opportunities

5. Heightened Regulatory Scrutiny

Entities found to be non-compliant will likely face increased attention from regulators:

• More frequent audits and inspections
• Increased reporting obligations, adding administrative burdens and costs
• Requirements to submit additional documentation to demonstrate compliance improvements

6. Counterparty Risks

Non-compliance can also affect business relationships, as partners may be hesitant to work with non-compliant entities, leading to lower transaction volumes and overall business success.

• Counterparties may report non-compliance to regulators. CASPs must report the repeatedly non-compliant counterparties to the competent authority responsible for Anti-Money Laundering/Counter-Terrorist Financing (AML/CTF) supervision within three months of identifying the non-compliance.
• Counterparties of CASPs that repeatedly or systematically fail to accompany crypto-asset transfers with the required information on the originator and beneficiary may be required to reject incoming transfers and terminate the existing business relationship or all reject future transfers from the non-compliant counterparty.

While no one has a crystal ball, the consequences of non-compliance with the EU's TFR after December 30th, 2024, are far-reaching and potentially severe. From financial penalties to reputational damage, the possible risks suggest that CASPs and other obligated entities should take seriously the need to be fully prepared with a TFR-ready Travel Rule solution when the regulation comes into force.

As the Head of Regulatory and Compliance at Notabene, I've been at the forefront of discussions about one of the most pressing issues keeping compliance officers awake at night: How do you handle non-compliant deposits under the Travel Rule in the EU and other jurisdictions?

The implementation of the Travel Rule is an essential step in ensuring compliance with anti-money laundering (AML) and counter-terrorist financing (CTF) regulations. But this regulatory evolution brings a real challenge—how should Crypto Asset Service Providers (CASPs) respond when they receive non-compliant deposits? The issue isn’t only theoretical; it’s something that every CASP will face.

The Challenge of Non-Compliant Deposits

With the implementation of the Travel Rule, non-compliant deposits are an inevitable reality. These can arise from various scenarios(^1) that beneficiary CASPs must be prepared to address such as:

1. Deposits originating outside of approved CASPs
2. Deposits from approved CASPs with insufficient Travel Rule information
3. Deposits from approved CASPs with inconsistent beneficiary information
4. Deposits from approved CASPs where the originator is not an allowed person 

Without a clear policy or well-defined workflow, the risks are high and these issues can disrupt the user experience, complicate operations, and even lead to asset loss. Each scenario requires a well-thought-out policy and workflow to address it effectively while minimizing disruption to user experience.

Non-Compliance Under the EU’s TFR (Regulation 1113/2023)

In the EU, Travel Rule under the TFR (Regulation 1113/2023)(^2) places significant responsibility on beneficiary CASPs. Articles 14, 16, and 17 of the regulation clearly outline the need for accurate originator and beneficiary information to be included with each transaction. The challenge lies in the fact that beneficiary CASPs can't proactively block incoming deposits. They must rely on the originating CASP's compliance to meet their obligations. This creates a complex situation where beneficiary CASPs must navigate between regulatory compliance and customer service. Despite beneficiary CASPs having less control over incoming deposit flows than originating CASPs, they must still enforce compliance, using methods such as post-monitoring or suspending suspicious transactions.

Under Article 17, CASPs must implement risk-based procedures to determine whether to execute, reject, return, or suspend transfers of crypto-assets that lack the required information. Non-compliant transactions must be carefully reviewed, with potential responses ranging from requesting missing data to returning the crypto-assets to the originator.

But the process isn't simple. For instance, a transfer may originate from a wallet that no longer belongs to the sender. Or, the originator may have no account with an approved CASP. How do you return the funds then? The answers are not always straightforward, and the EU’s TFR leaves room for a risk-based approach to address these scenarios.

Developing a Policy for Travel Rule Non-Compliant Deposits

At the heart of handling non-compliant deposits is the necessity of a clear, risk-based policy which is part of every industry best practice. This policy must account for several key steps:

1. Withhold assets until compliance is achieved: If the necessary Travel Rule information is missing, the assets should not be made available to the beneficiary until compliance is ensured. This may require collecting additional information or performing enhanced due diligence.
2. Return non-compliant assets promptly: Where compliance cannot be achieved, CASPs should have clear procedures for returning the assets to the originator. This process should be timely to avoid user frustration while ensuring that the return itself is secure and complies with AML/CTF obligations.
3. Avoiding technical complications in the return process: Blockchain transactions, particularly those involving aggregated wallets, present additional challenges. Simply sending the funds back to the originating address may not always be feasible or safe. Instead, CASPs should establish secure, alternative methods to return funds while protecting against illicit activity.
4. Reassess relationships with non-compliant counterparties: CASPs should monitor their counterparties’ compliance levels. Repeated non-compliance from a particular CASP may necessitate reevaluating the relationship, issuing warnings, applying enhanced due diligence, or even terminating the partnership. And let's not forget that there is a requirement of reporting of non-compliance of CASPs to national authorities. 
   

The Return Dilemma

One of the most challenging aspects of handling non-compliant deposits is the return process. The FATF guidance and local regulations don't prescribe specific requirements for return policies, leading to varied practices among VASPs.
Key considerations for a return policy include:

1. Where to return the assets
2. Who to return the assets to
3. Whether Travel Rule compliance applies to the return transaction

While there’s no universally accepted answer, the principle of reliability and a risk-based approach may guide your actions. For instance, can you confidently rely on a blockchain address used in a Travel Rule message for returning assets? Often, the answer is no. Wallet addresses change, can become dormant, and may result in commingled assets. 

A more cautious approach is to confirm the originator’s identity and account details through both on-chain screening and direct communication with the counterparty. This ensures that the return process doesn’t inadvertently violate AML/CTF rules.

These are the practical steps for compliance that you can take:

1. Develop clear policies for handling non-compliant deposits
2. Implement robust monitoring systems to detect non-compliant transactions
3. Establish a detailed workflow for the return process
4. Communicate policies clearly to users to minimize disruption
5. Regularly reassess relationships with repeatedly non-compliant counterparties

Notabene’s Role: Helping CASPs Navigate Non-Compliance

At Notabene, our platform helps CASPs identify and manage non-compliant CASPs with precision. By offering insights into missing Travel Rule data and alerting users to potential non-compliant transactions, we help CASPs maintain compliance while minimizing disruption. Additionally, our reporting tools allow CASPs to generate comprehensive lists of non-compliant transactions, simplifying their decision-making process and enhancing their regulatory reporting.

The Path Forward: A Risk-Based Approach

Handling non-compliant deposits under the Travel Rule is complex, but not insurmountable. As the regulatory landscape continues to evolve, staying informed and adaptable will be key to success in the world of crypto compliance. The road ahead may be challenging, but with the right policies, workflows, and tools such as Notabene in place, compliance can be achieved without sacrificing user experience. At Notabene, we’re committed to helping CASPs and regulators strike this critical balance.

If you would like to speak with Notabene about  implementing a risk-based compliance solution for your unique needs, book a call with our team today.
‍

References

^1 This is not an inclusive list
^2 https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32023R1113

Differences between national Travel Rule requirements can be challenging for VASPs to navigate. Various regulators have interpreted and applied the Travel Rule differently, leading to various approaches across jurisdictions regarding:

• Timeline for enforcement of Travel Rule requirements

• Required originator and beneficiary information

• Compliance thresholds

• Transactions to/from self-hosted wallets

• Counterparty VASP due diligence obligations

• Transacting during the Sunrise Period

A transaction could be within the scope of Travel Rule requirements for one counterparty and outside the scope for the other. This issue is especially complex during the Sunrise Period. Even after the Travel Rule is fully implemented, national framework differences will likely continue to cause friction for VASPs.

‍

Practical examples to illustrate these challenges

In Estonia, virtual asset service providers (VASPs) are not required to collect or transmit beneficiary names. However, a beneficiary VASP in another jurisdiction may expect to receive beneficiary information and could be obliged to reject transactions where this information is missing.

Canadian originator VASPs must collect and transmit the beneficiary’s physical address. However, originator VASPs in other jurisdictions may not have this requirement. As a result, Canadian VASPs may often receive incomplete information that nonetheless meets the requirements of the originator VASP’s domestic framework.

In the United States, an originator VASP is required to collect and transmit Travel Rule information only when the transaction exceeds $3,000. In contrast, a beneficiary VASP in the European Union requires this information for transactions of any value.

‍

A non-exhaustive list of the differences in required originator and beneficiary information across jurisdictions

Approaches to the Challenges of Cross-Border Transactions

Below we discuss what can be done about the challenges associated with cross-border transactions, initiatives that are already in place, and which stakeholders are best positioned to drive solutions to these challenges:

FATF

Although global harmonization of Travel Rule requirements would certainly solve these challenges for VASPs, this is not a realistic solution and is not something that the Financial Action Task Force (FATF) would or could mandate. National frameworks will also inevitably vary because, as the FATF points out, regulators take into account different risk profiles, contexts, and approaches to risk mitigation. [1] As such, the FATF Standards permit variation from the FATF’s Travel Rule, provided the minimum requirements are met.

REGULATORS

It is essential that regulators implement clear Travel Rule requirements for VASPs and that the frameworks address how VASPs should treat cross-border transactions where the requirements vary.

The U.K.’s Joint Money Laundering Steering Group's (JMLSG) guidance addresses this by ignoring cross-border discrepancies in the Travel Rule’s application. For instance, if a U.K. VASP complies with U.K.-specific requirements, it’s considered compliant even when dealing with jurisdictions that have more stringent rules. ^[2] On the other hand, if a U.K. VASP receives a deposit with incomplete or incorrect information, it must seek the missing details, irrespective of the originating VASP’s local thresholds. ^[3] 

We encourage the adoption of a more flexible deposit policy than the one that theJMLSG has adopted to facilitate smoother cross-border transactions. For example, a more lenient policy could permit VASPs to accept deposits without full Travel Rule information for transactions below the threshold set in the originating VASP’s country based on a risk assessment.

TRAVEL RULE SOLUTIONS

Travel Rule solutions are generally best positioned to ease some of the challenges for VASPs in facilitating cross-border transactions, especially when these transactions are happening at scale.

Notabene embeds jurisdictional requirements from more than 20 jurisdictions. Specifically, the system has encoded the applicable compliance thresholds and required information scope in each supported jurisdiction. This allows VASPs to validate their Travel Rule transfers against the Travel Rule requirements applicable in both their own and their counterparty’s jurisdiction. Using the available settings, VASPs can decide whether a Travel Rule transfer is required for a given transaction. They can make this decision based on their own compliance threshold or by considering the lowest threshold amount of the jurisdictions involved in the transaction.

VASPS

VASPs’ Travel Rule policies and processes should proactively address cross-border transactions. These policies need to take into account the differences across national frameworks and what actions are mandated by applicable domestic regulations. Additionally, partnering with the right Travel Rule solution can remove some of the operational complexity associated with cross-border transactions. When assessing different options, VASPs should closely assess the solution’s jurisdiction coverage and functionality when it comes to cross-border transactions.

‍

Notabene’s 2024 status check

‍

From a technical perspective, the differences in Travel Rule requirements across jurisdictions can be effectively reconciled. Solutions like Notabene’s jurisdictional validation are key in the process. However, from a policy perspective, it is crucial to ensure that VASPs are free to transact with foreign counterparties, despite the differences in requirements.

A risk-based approach that allows decisions on whether to accept transactions with missing information should be adopted. This flexibility is necessary in cases where the originator VASP is not legally obligated or able to provide the required information. Adopting stricter approaches might, in practice, prevent VASPs from accepting a significant number of transactions from their foreign counterparts.

‍

{{report2="/cta-components"}}

‍

Since the Travel Rule was first applied to cryptocurrency by FinCEN in 2019, and with the Financial Action Task Force (FATF) following suit with its own related recommendations, self-hosted wallets (also known as non-custodial wallets) have come under increased scrutiny.

In October 2021, FATF released its Updated Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers (VASPs). This guidance builds upon FATF’s initial 2019 recommendations, including directives on peer-to-peer (P2P) transactions—cryptocurrency exchanges that occur without the involvement of a VASP or other obliged entity. 

While the standards do not apply to transactions solely between self-hosted wallets, FATF highlighted the potential money laundering and terrorist financing (ML/TF) risks they pose. Moreover, FATF clarified that transactions involving self-hosted wallets can fall under the scope of the Travel Rule under certain circumstances.

VASPs: What to Expect When Transacting With Self-Hosted Wallets

VASPs face significant implementation challenges due to varying regulatory requirements across jurisdictions. 

• In regions such as the EU, UK, and Gibraltar, VASPs are required to collect information on their clients' self-hosted wallets. 
• In Singapore and Germany, VASPs must go a step further and verify the identity of the self-hosted wallet owner. 
• Liechtenstein mandates enhanced due diligence.
• Switzerland requires both identity verification and proof of ownership.

Many in the cryptocurrency community have expressed concerns about these measures. Since blockchain is inherently public, sharing personal information associated with a self-hosted wallet could potentially expose the entire transaction history of that client, going beyond what the Travel Rule requires from traditional financial institutions.

Despite these concerns, VASPs must integrate solutions and establish processes to comply with FATF’s recommendations. 

Below is an overview of what FATF expects from VASPs when interacting with self-hosted wallets:

‍

1. Obtain the Originator and Beneficiary Information from the VASP’s Customer (¶ 295)

When sending or receiving a virtual asset transfer to a self-hosted wallet, the originator and beneficiary information must be obtained from the VASP’s customer, as there is no other VASP from which to obtain the information. This requirement generally applies to transactions above USD 1,000/EUR, but this threshold might vary depending on how jurisdictions implement it.

To remain compliant, VASPs must collect all the necessary Travel Rule information, such as names, account numbers or wallet addresses, addresses or IDs, birth dates, and birthplaces, without compromising user experience. 

Blockchain analysis solutions like Chainalysis KYT enable VASPs to identify Travel Rule transactions, ensuring frictionless data collection automatically. In combination with solutions like Notabene, VASPs can gather the necessary data in a user-friendly way and automatically detect the jurisdictional requirements and thresholds applicable to each transaction.

‍

2. Enforce AML/CTF Obligations (¶ 295 & 296)

Travel Rule guidance applies only above certain thresholds, which vary depending on the jurisdiction. However, VASPs are required to perform Know Your Customer (KYC) checks and implement transaction monitoring, regardless of whether their customer’s transactions meet the Travel Rule requirements.

Tools like Notabene can assist compliance teams in efficiently implementing the data collection and verification process for the owner of a self-hosted wallet. Integrating a Travel Rule solution with an automated transaction monitoring tool allows VASPs to identify which transactions meet the Travel Rule threshold immediately. Additionally, these tools help compliance teams automatically detect if transactions are related to potential high-risk activities and take action when historical transactions become risky in light of new regulatory information through continuous monitoring.

Implementing the right solution enables compliance teams to adapt more efficiently to ongoing industry changes. If a solution flags a high number of false positives, analysts may have to allocate significant time to investigating non-critical alerts. Worse still, incorrect data could lead them to draw inaccurate conclusions.

‍

3. Implement Additional Risk Mitigation Measures (¶ 297)

Additional risk mitigation measures may be necessary when interacting with self-hosted wallets. FATF’s guidance considers transactions with self-hosted wallets potentially higher risk, providing VASPs with options to treat them accordingly. These measures can range from imposing additional limitations and controls to avoiding interactions with self-hosted wallets altogether.

FATF advises VASPs to observe patterns of conduct, evaluate local and regional risks, and review information and bulletins issued by regulators and law enforcement to form their own risk assessments. Although this recommendation is optional, it raises concerns about the potential impact on industry adoption, as self-hosted wallets are integral to the cryptocurrency ecosystem. They are commonly used for legitimate purposes, such as securely moving funds and holding long-term investments.

Blockchain analysis tools can equip VASPs with the necessary data regarding self-hosted wallets to conduct comprehensive risk assessments, mitigate risks, and support their decisions in front of regulators.

‍

‍Global Approaches to Self-Hosted Wallet Regulation

VASPs face numerous challenges due to differing requirements across jurisdictions. The FATF’s third targeted update on the global implementation of its standards revealed that around 70% of jurisdictions are still undecided on their approach to transactions between VASPs and self-hosted wallets. Among the jurisdictions that have made decisions, about 40% align with FATF recommendations, requiring VASPs to collect relevant beneficiary or originator information from their customers. Additionally, 25% of these jurisdictions have implemented mitigation measures or transaction limitations, such as identity verification of self-hosted wallet owners or enhanced due diligence procedures.

• In Liechtenstein, VASPs are not required to apply the Travel Rule to transactions with self-hosted wallets. However, they must enforce enhanced risk mitigation measures, such as using blockchain analytics to assess transaction risks, collecting documentation on the purpose of the transaction, and requiring customers to prove ownership of their self-hosted wallets when transacting with them.
• Japan closely aligns with FATF recommendations. VASPs in Japan are required to collect the necessary information from their customers regarding the owner of the self-hosted wallet involved in a transaction. However, there is no obligation to verify this information. This approach, requiring data collection without verification, is widely adopted and can also be seen in jurisdictions like Gibraltar and the European Union for transactions amounting to 1,000 EUR or less.
• The European Union follows a stringent approach when dealing with self-hosted wallets, as outlined in the revised Transfer of Funds Regulation. For transactions exceeding 1,000 EUR, European CASPs (Crypto Asset Service Providers) must verify the ownership of the self-hosted wallet, whether they are sending or receiving funds. This wallet ownership verification requirement aligns with FATF recommendations and is similarly applied in other jurisdictions like Hong Kong and Portugal.
• Switzerland has adopted one of the strictest approaches to self-hosted wallet transactions. Under Article 10 of FINMA’s guidelines, Swiss VASPs are required to identify and verify the identity of the self-hosted wallet owner, regardless of whether the transaction involves another VASP or a self-hosted wallet. This requirement ensures that VASPs can prevent problematic payments by ensuring all transactions meet stringent identity verification standards.

‍

What the data says about self-hosted wallets

In December 2020, when the Treasury’s 72-page NPRM for transactions with self-hosted wallets and certain foreign jurisdictions came out, Chainalysis analyzed the data on cryptocurrency transactions involving self-hosted wallets.

The data shows that the majority of the funds held in self-hosted wallets often come from VASPs, which are related to investing purposes or are used by individuals or organizations to move funds between regulated exchanges. It is important to mention that the 2021 data didn’t vary significantly in comparison to the 2020 analysis. There are still three trends related to the usage of self-hosted wallets.

1. The vast majority of the Bitcoin funds transferred to self-hosted wallets came from VASPs

During Q3 of 2021, almost 83% of the bitcoin sent from one self-hosted wallet to another originated from cryptocurrency exchanges, and only 2% came from illicit services. This means that in the vast majority of cases, law enforcement can investigate illicit activity related to self-hosted wallets by working with cryptocurrency exchanges, which are obligated entities, and obtaining KYC information from them through legal process.

2. The majority of bitcoin sent to non-VASPs are eventually sent to a VASP

Many transfers sent and received by self-hosted wallets have VASPs on the other side of the transaction. If cryptocurrency is being used for illicit purposes, criminals will eventually need to cash out their illicit proceeds. This means going through a cryptocurrency exchange (we can see this behavior reflected in our data). As long as they are in a country that regulates cryptocurrency exchanges – and this list is growing – exchanges will collect KYC information. Access to this information is vital to financial crime investigations.

During Q3 2021, the percentage of funds that were not sent to an exchange service decreased from 29% to 18% in comparison with Q2 2020. Meanwhile, the percentage of funds sent to exchanges increased from 62% to 71%. This means that crypto holders moved the funds they were holding inside self-hosted wallets to an exchange, maybe to take out some profits due to the crypto bull market we experienced this year.

‍

3. The transaction activity levels among self-hosted wallets highly suggest that their primary use is for investment

After funds are deposited to a self-hosted wallet from an exchange, the percentage of bitcoin moved to another self-hosted wallet in a given month is significantly low. The majority of the bitcoin stays in the original wallet for a long period of time. On average, the funds originated from a VASP to self-hosted wallets move only once a month, which likely indicates that the primary use case is investment.

Chainalysis’ robust blockchain dataset provides key insights into the role of self-hosted wallets in the cryptocurrency ecosystem. If the main purpose of these regulatory requirements is to decrease illicit transactions and avoid money laundering, targeting self-hosted wallets may not accomplish the intended objective.

Chainalysis's blockchain analysis data makes it clear that self-hosted wallets are not inherently risky and do not inhibit law enforcement’s ability to investigate the illicit use of cryptocurrency. Blockchain analytics can inform risk analysis and compliance programs so that compliance teams can mitigate risks responsibly and effectively.

What’s next?

Travel Rule guidelines have already been released by the regulators and VASPs have a deadline to build compliance programs to comply with it. We know this process can be overwhelming, but luckily, there are many available solutions to facilitate this process for VASPs, and there will likely be many more as the cryptocurrency industry continues to overlap with the traditional financial system.

Chainalysis and Notabene have created an integrated solution that helps VASPs save time and money while looking to meet the complete Travel Rule requirements and build their own risk assessment on self-hosted wallets.

Our integration covers a variety of compliance needs that can simplify the technical and operation integration process. Notabene’s end-to-end Travel Rule solution provides counterparty wallet identification tools, a VASP due-diligence directory, and a secure dashboard to help financial institutions manage counterparty risks without hindering user experience. In conjunction with Chainalysis, VASPs can immediately identify counterparties’ wallet types, get automatic transaction alerts on risky activity, and perform continuous monitoring, all in one place.

Choosing the right partners can save compliance teams time, resources, and protect the company from additional regulatory scrutiny or even fines.

Contact the Chainalysis and Notabene teams for more information.

The Travel Rule requires Virtual Asset Service Providers (VASPs) to identify and conduct due diligence on their counterparty VASP or financial institution. However, national Travel Rule frameworks tend to be silent or vague on this topic.

Conducting VASP due diligence generally involves obtaining information about the counterparty VASP’s registration/licensing status, its ability to securely hold Travel Rule information, whether it is tied to illicit actors or sanctioned persons, and its level of anti-money-laundering, counter-terrorism financing (AML/CTF) compliance. The aim of performing this due diligence is to ensure that VASPs avoid dealing with illicit or sanctioned actors and to gain assurance that a counterparty VASP can comply with the Travel Rule and protect the confidentiality of shared information.

‍

Counterparty VASP Due Diligence Challenges Faced by VASPs

VASPs face three main challenges in implementing due diligence processes:

1. Difficulty Accessing Information

Beyond identifying counterparties, VASPs struggle to make risk-based decisions due to the scarcity of publicly available information. Verifying whether a counterparty VASP is licensed or registered is particularly hard given the limited number of public registers. Furthermore, assessing a VASP’s adherence to AML/CTF standards is challenging without directly engaging each potential counterparty, which becomes impractical at scale.

2. Lack of Standardization

Currently, there is no uniform standard for conducting VASP due diligence. Additionally, national frameworks for the Travel Rule often lack clear criteria for due diligence.

3. Operational Costs

Conducting VASP due diligence requires resources, which involve either purchasing the relevant compliance tools (to the extent they are available) and/or allocating personnel to perform these due diligence assessments.

‍

The FATF acknowledged these challenges in its June 2023 Targeted Update, reporting that VASPs struggle to effectively conduct due diligence on counterparty VASPs ^[1]. This difficulty is further exacerbated by the existence of unregulated and unlicensed VASPs, making it even more challenging to gather information to assess these entities’ possible connections to illicit activities or sanctioned individuals, as well as their compliance with AML/CTF standards. Notabene’s industry survey supports these observations. Despite the significant drop in prominence since last year, a notable percentage of respondents (29%) continues to send Travel Rule information transfers to all VASPs, regardless of any due diligence assessment. Additionally, counterparty due diligence ranks as the least adopted compliance check among respondents, only ahead of the options “None” and “Other” (see Chapter 3, Section 8 of Notabene’s 2024 State of Crypto Travel Rule Compliance Report).

Approaches to VASP Due Diligence Challenges

FATF

The FATF can do little to solve the operational challenges associated with a VASP’s due diligence process apart from sharing recommendations on how a jurisdiction should implement VASP due diligence requirements. As such, the FATF does the following:

• Makes a clear distinction between the due diligence process required for establishing a correspondent relationship and the process required for Travel Rule purposes ^[2].
• Strongly encourages jurisdictions to maintain and publicize information on VASPs that are registered or licensed in their jurisdiction, to give VASPs access to information needed to perform counterparty due diligence in line with Recommendations 16 and 13 ^[3].
• Clarifies that VASPs need to independently perform due diligence ^[4] — a contentious point that has hindered Travel Rule interoperability efforts. Operators of Travel Rule protocols may resist interoperability to maintain control over the network. However, the FATF emphasizes that VASPs must still independently assess counterparty risk, highlighting that being part of closed Travel Rule networks does not eliminate a VASP’s need to verify information and meet domestic obligations.
• Suggests that the Wolfsberg Correspondent Banking Due Diligence Questionnaire be used as a starting point for the VA industry to develop its own risk-based best practices ^[5].

Regulators

It is not desirable that national regulators specify prescriptive criteria for conducting VASP due diligence, yet it is necessary that regulators understand the current challenges associated with evaluating counterparty VASPs and thus provide VASPs with practical guidance. In 2023, Hong Kong’s SFC offered valuable granularity in their detailed guidance on counterparty due diligence measures ^[6], identifying several criteria that VASPs should consider to determine whether a counterparty is eligible, such as the quality and effectiveness of regulations and supervision, the Travel Rule status in their jurisdiction, and the existent AML/CTF and data protection controls.

‍
National legislators and regulators should also strive to adhere to FATF guidelines on this topic to facilitate the emergence of a global standard for VASP due diligence. However, the European Transfer of Funds Regulation deviates from FATF guidelines by labeling the relationships between domestic CASPs and foreign VASPs as correspondent relationships due to their “ongoing and repetitive” nature. This divergence raises concerns about proportionality and scalability.
‍

Regulators may also consider incorporating exceptions for carrying out due diligence when appropriate, such as in the context of transactions between domestic VASPs that are both supervised by the same authority, or prescribing scenarios where simplified due diligence measures are permissible.

Joint Industry Initiatives

Finding solutions to some of the challenges associated with VASP due diligence can be championed by joint industry initiatives. In fact, there is already work underway to address this.
‍

In 2023, the Global Digital Finance (GDF) members association published the GDF Virtual Asset Due Diligence Questionnaire ^[7]. The questionnaire was designed to provide an overview of a VASP’s AML policies and practices, and it is suggested that VASPs use it to onboard counterparty VASPs or that financial institutions use it to onboard VASPs.

Travel Rule Solutions

Travel Rule solutions and other service providers can offer tools to assist VASPs in operationalizing and scaling due diligence efforts.

‍
Notabene customers can easily access and monitor their counterparties within the Notabene Network. By integrating with VASPNet and Global Legal Entity Identifier Foundation (GLEIF), Notabene provides real-time, verified data about counterparty VASPs’ regulatory statuses and incorporation information. Furthermore, VASPs can also request, review, and share an adapted version of GDF’s questionnaire between selected parties in a secure and encrypted manner.

‍

{{cta-learnmore10="/cta-components"}}

‍

VASPs

VASPs are encouraged to engage in global and local industry initiatives focused on VASP due diligence. Considering the significant impact of VASP due diligence on Travel Rule compliance, it is important that VASPs keep this in mind when selecting a Travel Rule solution to partner with.

Additionally, VASPs should cooperate with their counterparty’s due diligence efforts by providing any requested information. Ideally, VASPs should make their information available to as wide a network of trustworthy counterparties as possible. This would enable other VASPs to conduct due diligence more efficiently.

Notabene’s 2024 Status Check

In 2023, there was significant progress in clarifying and operationalizing counterparty due diligence obligations. The FATF clarified that this due diligence must be carried out independently, which helped the industry to advance with a unified understanding of these obligations. The publication of GDF’s questionnaire was a substantial contribution toward standardizing VASP due diligence. As detailed in Chapter 3, Section 8, our survey results indicate a substantial shift: the proportion of VASPs sending Travel Rule transfers to all counterparts without specific criteria dropped from 52% in 2023 to 29% in 2024. This change highlights a growing commitment to counterparty due diligence obligations.

‍

{{report2="/cta-components"}}

The European Union's Transfer of Funds Regulation (TFR) and the associated Travel Rule Guidelines from the European Banking Authority (EBA) are set to significantly impact how Crypto Asset Service Providers (CASPs) handle crypto-asset transactions. As these regulations come into effect, it is crucial for CASPs to understand the key requirements and prepare for compliance. 

This blog highlights the top 10 things European CASPs need to know about the upcoming Travel Rule compliance enforcement.

1. Comprehensive Data Collection Requirements

Under Article 14, paragraphs 1 and 2 of the TFR, CASPs must ensure that all transfers include specific details about the originator and beneficiary.

This includes:

Natural persons

Legal persons

This comprehensive data collection ensures that all parties in a transaction can be unambiguously identified.

2. Robust Monitoring Systems

Beneficiary CASPs must implement robust monitoring systems to detect and manage non-compliant transactions. These systems should be capable of identifying missing, incomplete, or meaningless information and should align with the risk levels associated with money laundering and terrorist financing. ^[1]

{{european2="/cta-components"}}

3. Handling Non-Compliant Transactions

When a transaction lacks the required information, CASPs have four options: execute, reject, return, or suspend the transfer. The appropriate action depends on the specific circumstances and the risk assessment results. ^[2]

4. Managing Non-Compliant Counterparties

Repeated non-compliance by counterparties requires CASPs to reassess their relationships. This includes applying stricter monitoring and verification measures, potentially terminating business relationships, and reporting non-compliant counterparties to the relevant authorities. ^[3]

5. Verifying Self-Hosted Wallet Transactions

For transactions involving self-hosted wallets, the requirement to use two methods for wallet ownership verification has been removed. CASPs are now required to use only one method by default for verifying wallet ownership/control. ^[4]

6. Understanding Different Self-Hosted Wallet Transaction Scenarios 

The TFR categorizes self-hosted wallet obligations based on the transaction amount and whether the wallet owner is a customer of the CASP. These scenarios include transactions of 1,000 euros or less, transactions over 1,000 euros where the wallet owner is a CASP customer, and transactions over 1,000 euros where the wallet owner is not a CASP customer.

‍

7. Implementing Appropriate Risk Mitigation Measures on Self-Hosted Wallet Transactions

CASPs should adopt a risk-based approach to transactions involving self-hosted wallets and implement any necessary risk mitigation measures proportional to the identified risks. These measures may include verifying the identity of the transfer's originator or beneficiary, requesting additional information, and conducting enhanced ongoing monitoring of transactions. ^[5]

8. Ensuring Compliance with General Obligations

CASPs must ensure compliance with several general obligations, such as:

• Information transmission infrastructure: Must be fully capable of transmitting information without technical limitations. A transitional period until July 31, 2025, allows for exceptions with compensatory policies in place. ^[6]
• Compliance timing: Information must be transmitted immediately and securely, before or at the same time the crypto-asset transfer is completed. ^[7]
• Joint accounts: Transfers from joint accounts, addresses, or wallets must include information about all holders. ^[8]‍
• Information submission changes: Initial information submissions cannot be changed unless requested by the beneficiary CASP or if an error is identified. Subsequent CASPs must be informed and required to detect any missing or incomplete information. ^[9]

9. Evaluating Payment and Messaging Systems (Travel Rule solutions)

Payment and messaging system requirements: CASPs must evaluate selected messaging or payment protocols based on the following aspects:

• Communication with internal core systems and counterparty messaging or payment systems.
• Compatibility with other blockchain networks.
• Reachability, including the ability to reach counterparties and the success rate of transfers.
• Detection of transfers with missing or incomplete information.
• Data integration, security, and reliability. ^[10]

10. Preparing for the Future

By July 1, 2026, the European Commission will assess the necessity for additional measures to mitigate risks associated with self-hosted wallet transactions. This evaluation will encompass examining the efficacy and proportionality of verification mechanisms and considering potential restrictions. ^[11]

‍

{{european1="/cta-components"}}

‍

The upcoming Travel Rule compliance regulation imposes comprehensive requirements on CASPs to ensure the integrity of crypto-asset transactions. By understanding and adhering to these requirements, CASPs can effectively manage transaction information, monitor compliance, handle non-compliant transactions, and manage relationships with non-compliant counterparties. This regulatory framework not only helps in mitigating risks associated with money laundering and terrorist financing but also fosters a more secure and transparent crypto-asset ecosystem in the European Union.

‍

Want to learn more? Read our blogs on beneficiary VASPs' transaction requirements under the TFR and the upcoming self-hosted wallet requirements.

The European Union's Transfer of Funds Regulation (TFR) enforces the Crypto Travel Rule to combat money laundering and terrorist financing. This rule, initially mandated by the U.S. Financial Crimes Enforcement Network (FinCEN), was extended in June 2019 by the Financial Action Task Force (FATF) to include virtual assets (VAs) and Virtual Asset Service Providers (VASPs). The Travel Rule requires VASPs to securely obtain, hold, and transmit originator and beneficiary information during VA transfers.

This article provides an overview of the crypto Travel Rule in the European Union, pulling from the Transfer of Funds Regulation (TFR) and the European Banking Authority (EBA)’s draft Travel Rule Guidelines.
‍

{{cta-learnmore1="/cta-components"}}

‍

Regulatory Milestones in the EU

The EU has been proactive in aligning its regulations with FATF’s recommendations:

• FATF Guidance (2019): The FATF issued its first guidance on a risk-based approach to virtual assets and VASPs, marking a significant expansion of AML/CTF measures.
• EU Regulation (2015/847): This regulation was adopted to apply FATF’s requirements uniformly across member states, ensuring fund transfers include payer and payee information.
• TFR Recast (2023): The TFR was extended to include crypto transfers, setting uniform Travel Rule requirements across all 27 EU member states.
• Travel Rule Comes into Force (2024): The European Banking Authority (EBA) will publish final Travel Rule guidelines in June 2024, and crypto Travel Rule obligations will become enforceable on December 30, 2024.

Information Transmission Requirements

The TFR mandates uniform obligations for crypto transfers, regardless of the transaction amount or whether they are cross-border. CASPs must include specific details about the originator and beneficiary in all transfers.

Required Information for Crypto Transfers

‍

Natural Persons

Legal Persons‍

* Note: Regarding the date and place of birth, the EBA does not clarify what would be required instead if the originator is a legal person. In some jurisdictions, VASPs are required to provide a date and place of incorporation, but the EU requirement is unclear. 

‍

{{cta-learnmore1="/cta-components"}}

‍

General Obligations for Information Transmission

CASPs must ensure their information transmission infrastructure is fully capable of compliance without technical limitations. The information should be transmitted immediately and securely before or at the same time as the crypto-asset transfer is completed. For joint accounts, transfers must include information about all account holders. Selected messaging protocols must enable seamless and interoperable transmission of information.

Travel Rule Obligations in Deposits

Beneficiary CASPs also have responsibilities upon receiving a transaction. They must implement robust policies and procedures to detect incoming transactions lacking necessary information and handle such transactions appropriately. If a transaction lacks the required information, beneficiary CASPs can choose to execute, reject, return, or suspend the transfer based on a risk-based approach.

Managing Non-Compliant Counterparties

When deposits lack Travel Rule data, CASPs must reassess their relationships with non-compliant counterparties. If a counterparty repeatedly fails to meet obligations, CASPs should consider enhanced due diligence measures, potentially terminating the business relationship, and reporting the non-compliance to competent authorities.

‍

Self-Hosted Wallet Transactions

Transactions between CASPs and self-hosted wallets fall within the scope of FATF’s Recommendation 16. The regulatory requirements vary depending on the transaction amount and whether the wallet owner is a CASP customer or a third party.

Transactions of 1,000 Euros or Less 

For transactions involving self-hosted wallets of 1,000 euros or less, CASPs must obtain and hold information about the parties to the transaction. This information should be cross-matched using suitable methods, such as blockchain analytics and third-party data providers, to verify the originator's or beneficiary's identity.

Transactions Over 1,000 Euros Where the Wallet Owner is a CASP Customer 

For transactions exceeding 1,000 Euros, CASPs must verify whether the customer owns or controls the wallet. The EBA’s Travel Rule guidelines specify that CASPs must use at least two methods for this verification. Methods include advanced analytical tools, sending a predefined amount from the wallet to the CASP’s account, and signing a specific message in the account and wallet software.

Transactions Over 1,000 Euros Where the Wallet Owner is Not a CASP Customer 

While the TFR is silent on the obligations for transactions involving third-party wallets, the Travel Rule Guidelines provide a framework. CASPs must verify wallet ownership/control and apply risk mitigation measures proportional to the identified risks, such as verifying the originator's or beneficiary's identity and requesting additional information about the transfer.

‍

{{cta-learnmore1="/cta-components"}}

‍

The EU’s implementation of the Travel Rule through the TFR sets a comprehensive regulatory framework for CASPs, ensuring that crypto asset transfers are transparent and secure. By adhering to these requirements, CASPs can help mitigate the risks of money laundering and terrorist financing, fostering a safer and more trustworthy environment for digital asset transactions. As the regulatory landscape evolves, staying informed and compliant with these obligations will be crucial for CASPs operating within the EU.

The European Union’s Transfer of Funds Regulation (TFR) and the European Banking Authority (EBA)’s Travel Rule Guidelines, updated with the EBA’s final Travel Rule guidelines published on July 4, set out specific requirements for transactions involving self-hosted wallets. These wallets, controlled by individuals rather than VASPs, pose unique challenges to regulatory compliance. This article summarizes the obligations for self-hosted wallet transactions under the TFR, focusing on different transaction scenarios and the required verification measures.

‍

Highlights of What Changed in the EBA’s Final Travel Rule Guidelines

1. More Flexibility in the Scope of Required Originator Information:

The final version of the Travel Rule guidelines clarifies that CASPs have the discretion to determine which “alternative information items” about the originator customer to transmit and demand receiving, as long as they achieve unambiguous identification and support sanction screening. This approach is intended to be better suited for cross-border transfers.

2. Eased Requirements for SHW Transfers Below €1,000:

The final version of the Travel Rule guidelines removes verification requirements. Only information collection obligations apply, eliminating the need for technical means like blockchain analytics to cross-match collected data in order to identify and verify the originator or beneficiary.

3. Simplified Verification for 1st-Party SHW Transfers ≥ €1,000:

The requirement to use two methods for wallet ownership verification has been removed. CASPs are now required to use only one method by default for verifying wallet ownership/control.

4. Clarification for 3rd-Party SHW Transfers Above €1,000:

The Travel Rule Guidelines now clarify the requirements, specifying that if the SHW is owned or controlled by a third party who is not a customer of the CASP, the requirements from Article 19a of Directive (EU) 2015/849 apply. Additionally, the originator/beneficiary identity verification required therein is deemed to be fulfilled by collecting additional information from other sources (e.g., blockchain analytics, third-party data, or recognized authorities’ data) or using other suitable means to ensure the originator/beneficiary’s identity is known.

‍

{{european1="/cta-components"}}

‍

Overview of Applicable Obligations

The TFR categorizes obligations based on the transaction amount and whether the wallet owner is a customer of the Crypto Asset Service Provider (CASP). These scenarios include:

• Transactions of 1,000 euros or less.
• Transactions over 1,000 euros where the wallet owner is a CASP customer.
• Transactions over 1,000 euros where the wallet owner is not a CASP customer.

Understanding these categories is crucial for CASPs to ensure compliance with the TFR and the associated Travel Rule Guidelines.

‍

A. Transactions of 1,000 Euros or Less

For transactions of 1,000 euros or less involving self-hosted wallets, the TFR mandates that CASPs collect and hold specific information about the parties involved. As outlined in Articles 14/5 and 16/2 of the TFR, transactions involving self-hosted wallets of 1,000 euros or less require CASPs to obtain and hold information about the parties to the transaction. The scope of information that CASPs are required to collect mirrors that which is mandated for CASP-to-CASP transactions.

The Travel Rule Guidelines clarify in paragraph 80 that this information must be sourced from the CASP’s customer. This includes:

• Full name of the originator and beneficiary

• Distributed ledger address

• Account number

The final EBA Travel Rule Guidelines removed the requirement for CASPs to cross-match this information using suitable methods such as blockchain analytics and third-party data providers to verify the identity of the originator or beneficiary. Now, CASPs are mandated to collect and retain specific pieces of information from their customers. ^[1]

‍

B. Transactions Exceeding 1,000 Euros Where the Wallet Owner is a Customer of the CASP

For self-hosted wallet transactions exceeding 1,000 euros, the TFR requires CASPs to verify whether their customer owns or controls the self-hosted wallet. ^[2] The originator CASP is tasked with evaluating whether the wallet is owned or controlled by the originator, while the beneficiary CASP must determine whether the wallet is owned or controlled by the beneficiary. ^[3]

The Travel Rule Guidelines set a non-exhaustive list of verification methods available to CASPs and mandate the use of at least one method for wallet ownership/control verification, such as:

• Advanced analytical tools
• Unattended verifications (e.g., displaying the address)
• Attended verifications (e.g., live customer interaction)
• Sending a predefined amount from the wallet to the CASP
• Signing a specific message in the account and wallet software
• Other suitable technical means, as long as they allow for reliable and secure assessment. ^[4]

Where one method on its own is not sufficiently reliable to reasonably ascertain the ownership or control of a self-hosted address, the CASP should use a combination of methods. ^[5]

‍

C. Transactions Exceeding 1,000 Euros Where the Wallet Owner is Not a CASP Customer

The TFR does not explicitly address transactions over 1,000 euros involving third-party wallets. However, the Travel Rule Guidelines include a framework governing these transactions. According to the guidelines, the requirements outlined in Article 19a(1)/(a) of Directive (EU) 2015/849—verification of the originator or beneficiary’s identity—are considered fulfilled if the CASP:

• Collects additional information from other sources to verify the submitted information (e.g., from blockchain analytics, third-party data, or recognized authorities’ data)
• Uses other suitable means as long as it is fully satisfied that it knows the originator’s or beneficiary’s identity. ^[6]

‍

Verification and Risk Assessment

CASPs must adopt a risk-based approach to all transactions involving self-hosted wallets. This includes assessing the risks associated with each transfer and applying enhanced due diligence when high ML/TF risks are detected. The verification process involves collecting additional data from various sources, such as blockchain analytics, third-party data providers, recognized authorities, and publicly available information.

‍

General Obligations for Self-Hosted Wallet Transactions

In addition to specific transaction-based requirements, CASPs must adhere to several general obligations when dealing with self-hosted wallets:

1. Self-Hosted Wallet Identification

Use technical methods to discern whether the transaction involves a VASP or a self-hosted wallet. If technical means are insufficient, acquire the necessary information directly from the customer. ^[7]

2. Threshold Calculation

Compute the transaction amount based on the exchange rate prevailing at the time of the transfer. ^[8]

3. Risk Assessment

Assess the risks associated with self-hosted wallet transactions and apply appropriate risk mitigation measures. ^[9]

‍

Additional Context and Considerations

‍

FATF’s Recommendation 16

Transactions between VASPs and self-hosted wallets fall within the scope of FATF’s Recommendation 16, following its revision in October 2021. Unlike VASP-to-VASP transactions, there is no mandate to transmit originator and beneficiary details to a counterpart. Instead, VASPs must adhere to specific obligations, which can vary significantly across jurisdictions.

Regulatory Expectations and Trends

Although regulatory expectations vary significantly across regions, the requirement for VASPs to verify their customer’s or a third party’s control over the wallet address involved in transactions is gaining traction. The TFR’s requirements reinforce this trend, as further detailed in the sections above.

Future Assessments

By July 1, 2026, the Commission will assess the necessity for additional measures to mitigate risks associated with self-hosted wallet transactions. This evaluation will encompass examining the efficacy and proportionality of verification mechanisms and considering potential restrictions.

The EU TFR sets comprehensive requirements for self-hosted wallet transactions to mitigate the risks associated with money laundering and terrorist financing. CASPs must ensure compliance by verifying wallet ownership, implementing robust monitoring systems, and adopting a risk-based approach to all transactions. By doing so, CASPs can enhance the security and transparency of crypto-asset transfers, contributing to a safer financial ecosystem.

‍

{{european2="/cta-components"}}

‍

The EU TFR sets comprehensive requirements for self-hosted wallet transactions to mitigate the risks associated with money laundering and terrorist financing. CASPs must ensure compliance by verifying wallet ownership, implementing robust monitoring systems, and adopting a risk-based approach to all transactions. 

Interested in learning more? Check out our blog on what the TFR says beneficiary VASPs should do when it comes to incoming transactions and the top 10 insights European CASPs need to know about their upcoming Travel Rule compliance framework.

With the European Union’s Transfer of Funds Regulation (TFR) taking effect on December 30, 2024, virtually all Crypto/Virtual Asset Service Providers (CASPs/VASPs) transacting with European customers must ensure compliance or face operational halts. Reachability and responsiveness are crucial for regulated VASPs, as non-responsiveness will prevent future transactions. We’re now at a critical juncture, as this regulation marks the end of the sunrise period and shifts the focus from protocol interoperability to compliant counterparty responsiveness.

At Notabene, we’re thrilled to announce a major milestone in our mission to integrate crypto transactions into the everyday economy. Our latest innovation, SafeTransact for Networks, aims to enhance counterparty responsiveness and bring Travel Rule compliance to existing ecosystems where transactions are already occurring today.

Notabene is uniquely positioned to deliver on this vision, as our extensive network already spans 27 countries, enabling us to process $71 billion worth of transactions in May 2024 alone. With 143 companies actively transacting daily, our clients have successfully integrated with us, setting up robust compliance processes and collaborating effectively with regulators.

Shifting Focus: From Interoperability to Reachability

It is widely understood that the fragmented nature of Travel Rule protocols has impeded widespread adoption. Initially, the industry thought solving protocol interoperability would boost Travel Rule adoption rates. This hypothesis seemed reasonable enough at the time, but it became evident that building a new network from scratch was very difficult. With many protocols with restricted access, low activity, or too few users, VASPs constantly struggle to reach all of their counterparties and achieve full compliance. We have since learned from experience in real-world applications from customers and regulators that the value of protocol interoperability is only as strong as the user adoption that protocols are able to achieve. 

Despite the impressive logos associated with various initiatives, we recognized that many of the biggest names in Travel Rule protocols had little to no activity occurring. To solve this, we shifted our focus from interoperability to reachability. This meant rethinking our approach entirely and not falling into the same trap of inventing yet another competing protocol, but instead solving our customers' core business needs – reaching and receiving responses from transaction counterparties.

Introducing SafeTransact for Networks

‍

‍

Instead of creating a new Travel Rule messaging network from scratch, SafeTransact for Networks integrates a compliance layer into existing networks, where millions of transactions already occur daily. This allows institutional custodians, settlement networks, multi-party computation (MPC) wallets, service providers, and stablecoin issuer ecosystems to seamlessly offer Travel Rule compliance. Networks can now integrate SafeTransact and offer Travel Compliance on top of their transactions. Members can perform checks and screen transactions to make automated authorization decisions without pure technical integration. SafeTransact for Networks helps businesses become compliant faster and seamlessly transact within the ecosystem.

Addressing Activation with SafeTransact for Networks

SafeTransact for Networks directly tackles the reachability challenge by bringing Travel Rule compliance where crypto businesses already transact with their counterparties today. To make SafeTransact for Networks work and reflect real-world transactions, we expanded the rigid Travel Rule, Alice-to-Bob flow, to transaction intermediaries, like custodians. We introduced flexibility and modularity into SafeTransact's transaction flow, which allows you to add as many transaction participants as real-world use cases require. 

Our solution uniquely operates at scale, managing Personally Identifiable Information (PII) in a compliant, risk-based manner, where only authorized businesses receive PII information. SafeTransact remains the only Travel Rule solution that offers this capability.

How it Works

Here’s a clear example of one multi-party transaction:

1. Initiating the Transaction

• Alice, a customer of BerlinEx, initiates a Bitcoin transfer to Bob.
• BerlinEx initiates the transaction by calling their wallet provider, SIGTrust, registered on the Seychelles.
• SIGTrust, being a network partner at SafeTransact, acts as the initiator for the Transaction authorization flow between the participants.

2. Chain of Intermediaries

• SIGTrust initiates the transfer in SafeTransact for Networks.
• Through our discovery methods, SIGTrust identifies that the recipient’s address belongs to TexEx. A first transfer initiation message is exchanged.
• TexEX responds and adds CryptoTrust, their custodian, to the transaction chain.

Once TexEx responds with adding their Custodian CryptoTrust:

‍

3. Transparency and Policy Implementation

• All parties involved recognize that this is a four-party transfer.
• TexEx establishes policies that require a Travel Rule exchange and flags the Seychelles jurisdiction from SIGTrust.
• The transfer appears in TexEx’s platform, listing all participants and their respective roles.

4. Compliance and Authorization

• The compliance team reviews and authorizes the transfer.
• Responses are sent to all participants to ensure everyone is informed.
• A request for a Travel Rule transfer is sent to the Originators about the Originator.

5. Completion and Notification

• All participants send and receive notifications detailing their roles and authorization policies in the transaction.
• Personally Identifiable Information (PII) is shared only with parties that require it.
• Once policies are fulfilled and the transfer is authorized, the transfer is completed and settled on-chain.

6. Policy Setup and Management

• BerlinEx has the option to apply for a profile with Notabene.
• This profile allows them to set up specific policies, including the ability to authorize or reject future transfers.
• The moment they onboard, they see all the historic transfers that they initiated via SIGTrust.

‍

SafeTransact for Networks ensures that even complex multi-party transactions are handled smoothly and securely, with careful management of PII and compliance with all necessary regulations.

Why Choose SafeTransact for Networks?

• Network Providers (e.g. institutional custodians, settlement networks, MPC wallet providers) deliver incremental value to their customers by offering network members a layer of compliance on top of their existing service. 
• Network members (e.g. exchanges, banks, lending desks) quickly and easily achieve Travel Rule compliance without the need for additional development resources by joining the SafeTransact ecosystem. 
• The Entire Ecosystem benefits from the network effects of expanding compliance reachability from individual networks across all integrated networks. This interconnected approach ensures that businesses can transact safely and compliantly within their existing ecosystems without needing to adjust to new frameworks.
  
  

Bringing the Power of SafeTransact to Established Networks

• Comprehensive Travel Rule Compliance: SafeTransact is designed to meet the stringent requirements of the Travel Rule and other regulatory frameworks. By facilitating the exchange of travel rule information and automating compliance processes, SafeTransact helps businesses stay ahead of regulatory demands. This is particularly important as more jurisdictions globally implement these compliance requirements.
• Pre-Transaction Authorization: SafeTransact enables businesses to make informed authorization decisions before a transaction is completed. This feature allows for instantaneous approvals, flags transactions for review, or rejects them based on predefined criteria. By identifying and screening all counterparties, SafeTransact performs thorough due diligence and risk assessments, ensuring that only legitimate transactions are processed.
• Real-Time Decision Making: One of SafeTransact’s standout features is its ability to make authorization decisions in real-time. This capability is crucial for businesses that need to operate at the speed of digital transactions without compromising security. With SafeTransact, businesses can automate their transaction flows and analyze insights, making the entire process seamless and efficient.

We’re excited to present SafeTransact for Networks as an innovative way of increasing Travel Rule adoption globally by meeting crypto businesses where they transact with their counterparties today. We allow existing networks, like institutional custodians and MPC wallet providers, to offer their customers a layer of compliance on top of their ecosystems. All of this is possible with Notabene’s new transaction flow expanding to intermediary and more complex, real-world use cases.

We believe that reachability, activation, and responsiveness are the most pressing issues facing our industry, which is why we are doubling down on expanding the Notabene Network to give our customers truly global reach. We understand that our industry cannot thrive with a one-size-fits-all approach to regulatory compliance, so we have invested in tools like our new PolicyEngine to enable customers to easily manage their unique workflows.

We are approaching a global tipping point for Travel Rule compliance, driven largely by the December 30 implementation deadline for the EU. We are here to help you prepare for that deadline in any way possible. Whether you are a customer participating in our Travel Rule certification programs or seeking a trusted resource for industry updates and education, please consider us a valuable resource. Our team are experts on these issues and is here to assist you with any questions you might have.

‍

To learn more about how SafeTransact can benefit your business and ensure compliance, contact our team for a custom demo.

The European Union's Transfer of Funds Regulation (TFR) and the European Banking Authority’s final Travel Rule Guidelines impose stringent requirements on Crypto Asset Service Providers (CASPs) to ensure transparency and security in crypto-asset transactions. Beneficiary CASPs, in particular, have critical responsibilities in managing incoming transactions despite their limited control over deposit flows compared to originating CASPs.

Beneficiary CASPs cannot proactively block incoming deposits and rely on the compliance of the originator CASP to meet obligations. Therefore, it is crucial to evaluate strategies for handling non-compliant deposits. This article focuses on the specific requirements for beneficiary CASPs and strategies for managing transactions that fail to meet compliance standards.

Required Information for Transactions

Under Article 16/1 of the TFR, beneficiary CASPs are obligated to receive specific information about both the originator and the beneficiary of each transaction. Articles 14(1) and 16(1) of the TFR specify the required information, including:

• Full name of the originator and beneficiary
• Distributed ledger address and account number
• Address and official personal document number of the originator
• Additional optional information, such as customer identification number or date and place of birth, to ensure unambiguous identification.

Monitoring Systems for Detecting Non-Compliance

The TFR mandates that beneficiary CASPs implement robust monitoring systems to detect non-compliant transactions. According to the Travel Rule Guidelines, these systems should include:

1. Methods for detecting missing, incomplete, or meaningless information.
2. Pre- and post-monitoring practices aligned with money laundering and terrorist financing (ML/TF) risk levels.
3. Criteria for recognizing risk-increasing factors. ^[1]

Managing Non-Compliant Transactions

Beneficiary CASPs must follow specific procedures to detect a transaction lacking the required information. Article 17 of the TFR outlines four possible actions:

1. Execute: The CASP can proceed with the transaction if the risk assessment allows it.
2. Reject: The transaction can be rejected if it does not meet compliance standards.
3. Return: The funds can be returned to the originator if the necessary information is not provided.
4. Suspend: The transaction can be temporarily suspended while additional information is requested.

The Travel Rule Guidelines provide more granularity on how CASPs should define the appropriate follow-up action:

• Beneficiary CASPs can request missing information from the originator CASP rather than immediately rejecting or returning the transfer. ^[2] 
• If the information is not provided within a specified timeframe (three working days for EU transfers and up to seven days for others), the CASP must decide whether to proceed based on a risk assessment. ^[3] 
• If the rejection is technically impossible (e.g., the crypto-assets have already been received), the transfer should be returned to the originator. ^[4]
• If returning the transfer to the original address is not possible, CASPs should hold the returned assets in a secure, segregated account while communicating with the originator CASP to arrange the proper return of the crypto-assets. ^[4]

‍

Managing Non-Compliant Counterparties

When beneficiary CASPs identify deposits missing Travel Rule data, it not only disrupts the transaction but also strains relationships with non-compliant counterparties. Here’s how CASPs should manage these situations according to Article 17/2 of the TFR:

1. Reassess the Relationship: Evaluate if the counterparty repeatedly fails to provide the required information.
2. Report Non-Compliance: Notify competent authorities about the non-compliance.

Assessment Criteria

To determine the appropriate course of action, CASPs must assess whether the counterparty has repeatedly failed to meet their obligations. The assessment involves both quantitative and qualitative criteria:

• Quantitative: Frequency of incomplete transfers and unanswered follow-up requests. ^[5]
• Qualitative: Counterparty cooperation, agreements for extended time, and reasons for missing data. ^[6]

Steps for Repeated Non-Compliance

1. Issue Warnings: Inform the counterparty of potential consequences and set deadlines for compliance.
2. Enhanced Due Diligence: Apply stricter measures to manage risk.
3. Terminate Relationship: If necessary, end the business relationship or reject future transfers.
4. Report Repeatedly Non-compliant CASPs: CASPs must report non-compliant counterparties within three months of identifying non-compliance and include details of the non-compliant counterparty CASP, nature and frequency of breaches, justifications provided, and actions taken. ^[7] 

‍

General Obligations

Finally, the Travel Rule Guidelines offer a concise overview of supplementary requirements that CASPs should consider when dealing with deposits. 

‍

Pre vs. Post Transaction Monitoring

CASPs are responsible for establishing policies and procedures to determine which transfers require monitoring before or during the transfer process. This decision should consider any factors that may increase risk, as specified in the “EBA’s Guidelines on Money Laundering/Terrorist Financing (ML/TF) Risk Factors.” ^[8]

Meaningless and Inconsistent Information

CASPs should treat information as missing if essential fields are left empty or if the provided information is deemed meaningless or inconsistent. For example, random strings of letters should be considered meaningless information. ^[9]

Communication Systems

When contacting the counterparty for clarification, CASPs should use the same messaging system utilized to transmit the initial information. ^[10]

Self-Hosted Wallet Deposits

For deposits from self-hosted wallets, any requests for clarification should be directed straight to the customer. ^[11]

Interested in learning more? Check out our articles on Self-Hosted Wallet Transaction Requirements Under the EU TFR and Top 10 Insights European CASPs Need to Know About the Upcoming Travel Rule Compliance Regulation.

On July 9, 2024, the Financial Action Task Force (FATF) released its fifth targeted review of the implementation of FATF Standards on Virtual Assets (VAs) and Virtual Asset Service Providers (VASPs). This review provides an overview of the progress made by countries and the industry, as well as ongoing implementation gaps and concerns.

While the report covers a range of topics, we will focus here on the implementation of the Travel Rule. As a reminder, the Travel Rule requires VASPs and financial institutions to obtain, hold, and transmit specific originator and beneficiary information immediately and securely when transferring virtual assets. 

Let's dive in to the main takeaways from the report.

‍

More jurisdictions are passing Travel Rule legislation 

85% of jurisdictions have passed or are in the process of passing Travel Rule legislation, compared to 69% last year

‍‍Jurisdictions have made progress on implementing the Travel Rule. In fact, 70% of respondents (65 of 94 jurisdictions, excluding those that prohibit or plan to prohibit VASPs explicitly) have passed legislation implementing the Travel Rule.

The methodology used by FATF and the Global Network consists of 205 jurisdictions in total. However, 147 jurisdictions responded to the 2024 survey (35 FATF members and 112 FSRB members). It is worth noting that 58 jurisdictions did not respond to the survey. The report infers that these 58 have not made progress on R.15, including the Travel Rule implementation. Responses were self-reported and not verified.

‍

FATF is urging jurisdictions to make immediate progress to enact and enforce legislation implementing the Travel Rule

Despite the legislation, enforcement remains weak. Of the 65 jurisdictions that have passed legislation implementing the Travel Rule, only 17 have issued findings, directives, or taken enforcement or other supervisory actions against VASPs focused on Travel Rule compliance. ^[2]

The targeted update clarifies that a lack of interoperability and the Travel Rule tool’s deficiencies in comprehensive coverage are not excuses for not being compliant. FATF urges jurisdictions to make immediate progress in enacting and enforcing legislation implementing the Travel Rule. Specifically, the report shares the example that,‍

One jurisdiction shared that although regulated VASPs suffer from the lack of interoperability among Travel Rule compliance tools, non-compliant VASPs would still be penalised for their compliance shortcomings. [Paragraph 65]

Another jurisdiction reported imposing regulatory orders on a VASP for non-compliance related to Travel Rule tool deficiencies such as incomprehensive coverage of VAs or delayed data submission. [Paragraph 24]

In short, the FATF is urging jurisdictions to make immediate progress to enact and enforce legislation implementing the Travel Rule.

‍

FATF highlights specific public and private sector challenges in Travel Rule implementation

Both jurisdictions and VASPs continue to face a range of challenges in implementing the Travel Rule, as highlighted below:

Inconsistent implementation and lack of enforcement

VASPs use Travel Rule obligations to mitigate illicit finance risks. However, inconsistent implementation and lack of enforcement have not sufficiently motivated the private sector to enhance compliance.

Interoperability Issues

Although progress has been made, challenges persist due to architectural differences and data protection requirements. VASPs integrating multiple compliance tools face technical, operational, and financial burdens.

Discreet, rather than interconnected, Travel Rule tools with closed lists of participants (aka closed networks)  may also complicate the identification of counterparty VASPs and could result in the misidentification of a counterparty VASP as an unhosted wallet simply because the counterparty did not use the same Travel Rule compliance tool as the beneficiary. The FATF urges the private sector to progress towards increasing compatibility amongst Travel Rule compliance tools, whether through technological advancements that allow interoperability between tools, or by developing relationships that permit transactions to be made through a chain of interoperable tools or other methods. [Paragraph41]

Notabene’s SafeGateway facilitates VASP-to-VASP interactions across various protocols. 

Complex transactions

The industry reported widespread use of the interVASP Messaging Standards (IVMS) for Travel Rule information, akin to ISO20022 for the VA sector. They see potential in further developing standards to enhance message transitions, such as handling transaction rejections and follow-up queries. The increasing sophistication of VA transfers involving professional traders and over-the-counter brokers indicates that some Travel Rule compliance tools may not suit broader transaction types.

To address this, Notabene launched SafeTransact for Networks, which ensures the smooth handling of complex multi-party transactions, careful management of PII, and regulatory compliance.

Sunrise Issue

The report highlights ongoing challenges with the Sunrise issue, where jurisdictions implement the Travel Rule at different times.

• Phased Implementation and Grace Periods: Among the 80 jurisdictions implementing or planning to implement the Travel Rule, many are adopting a phased approach or granting grace periods with exemptions or flexible compliance expectations for VASPs.
• Interaction Restrictions: Most jurisdictions restrict domestic VASPs from interacting with foreign counterparts that lack Travel Rule legislation to mitigate associated risks.
• Risk Mitigation Measures: Specifically, of the 65 jurisdictions that have passed legislation enacting the Travel Rule, about half have measures in place to ensure domestic VASPs are only transacting with regulated and/or Travel Rule-complaint counterparts or are otherwise mitigating the risks.

‍

Despite the challenges mentioned above, FATF calls on all jurisdictions to rapidly enact and enforce the Travel Rule.

‍

VASP should perform counterparty due diligence, even when Travel Rule obligations differ

In order to transmit the required Travel Rule information, VASPs identify and conduct due diligence on their counterparty VASP. This remains a challenge due to difficulties in identifying the counterparty VASP based on VA wallet addresses and varying counterparty VASP due diligence requirements across jurisdictions. 

The FATF report suggests that for cases in which only one of the originator and beneficiary VASPs has Travel Rule obligations due to differences in national requirements, VASPs should still take steps to comply with targeted financial sanctions obligations. They further suggest to transact with unlicensed/unregistered foreign counterparts only if the originator VASP takes risk mitigating measures in place.

Counterparty due diligence ensures VASPs avoid dealing with illicit or sanctioned actors and helps ensure that a counterparty can comply with the Travel Rule, including protecting the confidentiality of shared information. Note that counterparty due diligence for the purpose of complying with R.16 is distinct from the obligations applicable to cross-border correspondent relationships (R. 13). [Page 22]

‍

FATF highlights issues with some Travel Rule compliance tools

The 2022 and 2023 Targeted Update reports highlighted that while the industry has developed various Travel Rule compliance tools in response to FATF standards, many tools still do not fully meet these standards and face interoperability challenges. Common shortcomings include a failure to transmit information immediately in information transmission, affecting sanctions screening and due diligence. 

Regulators and supervisors are encouraged to engage with VASPs to ensure compliance tools meet all FATF requirements and take enforcement actions for non-compliance. VASPs should “deliberative and make informed decisions and select a compliance tool(s) that will allow them to meet all FATF Travel Rule requirements”. The lack of interoperability between tools can hinder transaction monitoring and counterparty identification. The FATF urges the private sector to enhance tool compatibility through technological advancements or relationships among tool providers.

An increasing number of jurisdictions report VASPs using in-house developed compliance tools. There is interest in understanding how these tools interact with others and concerns about their effectiveness. Collaborative efforts between supervisory authorities, regulated VASPs, and tool providers are recommended to ensure tools meet regulatory requirements before use.

FATF shares guiding questions and considerations for Travel Rule compliance tool providers

‍

VASPs should take a deliberative and informed decision and select a compliance tool(s) that will allow them to meet all FATF Travel Rule requirements. Box 2.1 below sets out guiding questions that VASPs should ask to determine whether potential Travel Rule solution tools will comply with all FATF requirements. [Paragraph 40]

The following chart compares SafeTransact’s capabilities vs the VAGC’s guiding questions. 

‍

FATF proposes revisions to Recommendation 16 and implications for Travel Rule

In February 2024, the FATF initiated a public consultation on proposed changes to Recommendation 16 (R.16) and its Interpretive Note on payment transparency. The revisions aim to align the Standard with evolving payment systems and messaging standards (ISO 20022) while maintaining technological neutrality and the principle of "same activity, same risk, same rules." These updates could impact the VA sector by specifying the required originator and beneficiary information and defining the roles of VASPs in complex payment chains. The final revisions to R.16 will determine any changes to the Travel Rule requirements for VASPs. Read Notabene’s response to the public consultation here.

Summary of Recommendations from FATF to public sector

• Jurisdictions without Travel Rule legislation/regulation should urgently introduce it.
• Jurisdictions with the Travel Rule should quickly operationalize it through effective supervision and enforcement.
• Jurisdictions should publicize information on registered or licensed VASPs to facilitate counterparty due diligence.
• Jurisdictions should engage with the VASP sector to identify and ensure Travel Rule compliance tools meet FATF requirements.
• VASPs and compliance tool providers should review and improve tools to fully comply with FATF requirements and enhance compatibility for effective implementation.
• FATF will update and publish assessments of R.15 compliance by 2025.

‍

If you have any questions about the FATF report, or the implementation of the Travel Rule for your business or jurisdiction, let us know at [email protected].

And if you are in the process of determining the right Travel Rule solution for your needs, we'd be happy to offer a free consultation with our compliance experts.

The European Banking Authority (EBA) has issued new Travel Rule Guidelines to enhance the traceability of fund and crypto asset transfers, aiming to combat money laundering and terrorist financing. Stemming from Regulation (EU) 2023/1113, which aligns EU regulations with FATF standards, the Guidelines aim for consistent implementation across the EU, taking effect on December 30, 2024. After releasing a consultation paper in November 2023, to which Notabene responded, the EBA released the final Travel Rule Guidelines on July 4, 2024.

Relevance of the Travel Rule Guidelines: Aligning Travel Rule Supervisory Practices across the EU

The Guidelines reflect the EBA’s view on appropriate supervisory practices within the European System of Financial Supervision or how EU law should be applied in this area. Authorities should integrate these Guidelines into their practices, including adjusting their legal frameworks or supervisory processes as needed.

‍

Key Takeaways from the EBA’s Final Travel Rule Guidelines - July 2024

Key Takeaways from the EBA’s Final Travel Rule Guidelines - July 2024

‍

1. Flexibility in Originator Information

The final version of the Travel Rule guidelines clarifies that CASPs have the discretion to determine which “alternative information items” about the originator customer to transmit and demand receiving, as long as they achieve unambiguous identification and support sanction screening. This approach is intended to be better suited for cross-border transfers. ^[1]

‍

2. Eased Requirements for Self-Hosted Wallet Transfers Below €1,000

• ‍Consultation Paper: The EBA’s consultation paper required that CASPs “use suitable technical means to cross-match data, including blockchain analytics and third-party data providers, for the purpose of identifying or verifying the identity of the originator or the beneficiary.” ^[2]‍
• Final Guidelines: Now, only information collection obligations apply for self-hosted wallet transfers below 1,000, eliminating the need for technical means like blockchain analytics to cross-match collected data to identify and verify the originator or beneficiary. ^[3]

In response to the public consultation, Notabene argued that this requirement was disproportionate and technically unfeasible to implement. The framework initially proposed was stricter than the one set out in the Transfer of Funds Regulation (TFR), creating disproportionate obligations on small transactions. Additionally, Notabene argued that verifying identities through blockchain analytics is impractical, as these providers lack the capability to link personal identities with wallet addresses. We are pleased that the EBA adopted our suggestion, and this adjustment will make compliance more feasible for smaller transactions.

3. Simplified Verification for 1st-Party Self-Hosted Wallet Transfers ≥ €1,000

• ‍Consultation Paper: The draft guidelines initially required CASPs to use two methods for wallet ownership verification. ^[4] 
• ‍Final Guidelines: The requirement to use two methods for wallet ownership verification has been removed. CASPs are now required to use only one method by default for verifying wallet ownership/control. ^[5]

In our consultation response, we successfully argued that requiring two methods for verifying wallet ownership/control may not enhance the verification process and could force the adoption of potentially inefficient practices. In the final version of the guidelines, CASPs are required to use only one method by default.

Notabene’s product suite includes a pop-up user interface designed to identify and verify Travel Rule counterparties at the point of transaction without impeding the transaction flow. SafeConnect obtains proof of self-hosted wallet (SHW) ownership through cryptographic signatures, one of the methods explicitly permitted in the guidelines. 

‍

{{european1="/cta-components"}}

‍

4. Clarification for 3rd-Party Self-Hosted Wallet Transfers Above €1,000

While the TFR does not specify the requirements for third-party self-hosted wallet transfers above €1,000, the Travel Rule Guidelines clarify that if the SHW is owned or controlled by a third party who is not a customer of the CASP, the requirements outlined in Article 19a(1)/(a) of Directive (EU) 2015/849 (AMLD) apply. [6] 

According to this provision, CASPs must evaluate the risks associated with transfers to or from self-hosted wallets. Additionally, CASPs are required to implement risk mitigation measures commensurate with the identified risks. These measures may include:

1. Verifying the identity of the transfer's originator or beneficiary;
2. Requesting additional information regarding the origin and destination of the transfer;
3. Implementing enhanced ongoing monitoring of the transactions.

Therefore, CASPs should adopt a risk-based approach to transactions involving self-hosted wallets and implement any necessary risk mitigation measures proportional to the identified risks.

‍

5. Full Compliance from December 30, 2024, is Mandatory

Travel Rule obligations apply to crypto asset service providers (CASPs) starting December 30, 2024. The EBA states: “From December 30 2024, CASPs as defined in MiCAR will be subject to the EU’s AML/CFT regime and, therefore, these Guidelines,” emphasizing that “non-compliance with Regulation (EU) 2023/1113 is not accepted.” ^[7]

CASPs may use infrastructures or services with technical limitations until July 31, 2025, provided they fully compensate with additional technical steps to comply with these Guidelines. Full compliance is still mandatory. ^[8]

6. The EBA Provides Criteria to Evaluate Travel Rule Solutions

‍

When choosing the messaging or payment and settlement system(s), CASPs and ICASPs should

take proportionate, risk-sensitive measures to assess: [9]

• Seamless Integration: The system’s ability to communicate with other internal core systems and with the messaging or payment and settlement systems of the counterparty of a transfer and its compatibility with other blockchain networks

‍Notabene’s open network approach and integrations with top blockchain analytics, custodians, and sanction screening providers guarantee this connectivity. Additionally, Notabene’s SafeGateway builds secure clients for each Travel Rule messaging protocol, significantly expanding our users' connectivity and enabling them to engage with VASPs on previously inaccessible protocols. 

• The reachability of the protocol (i.e., the diversity and accuracy of counterparties that can be reached using the protocol – subject to the CASP's own due diligence assessment – and the rate of transfers that would successfully be sent to the intended beneficiary or received from the originator);

Notabene’s robust network ensures high transaction success rates.

• How the system enable the CASP or ICASP to detect a transfer with missing or incomplete information;

Notabene’s SafeTransact excels here, automatically identifying deposits lacking Travel Rule information and promptly requesting the necessary details from the originator VASP. 

The EBA’s final Travel Rule Guidelines mark a significant step in enhancing the traceability of fund and crypto asset transfers across the EU. With full compliance required by December 30, 2024, CASPs must prepare to meet these new requirements. Notabene’s solutions are designed to help CASPs navigate these changes efficiently, ensuring compliance while maintaining smooth transaction flows.

{{european2="/cta-components"}}

The sixth and final Plenary of the Financial Action Task Force (FATF) under the Presidency of T. Raja Kumar of Singapore marked significant progress and established future priorities. Here are the main takeaways from the plenary.

‍

Virtual Assets: Implementation Update

The FATF will release its fifth annual update on the implementation of FATF Standards for virtual assets (VA) and virtual asset service providers (VASPs) in July 2024. Since June 2023, the number of compliant jurisdictions has risen from 25 to 33. Despite this progress, 75% of jurisdictions (97 out of 130) remain only partially or non-compliant, indicating that VASP implementation still lags behind other financial sectors. The FATF urges jurisdictions to achieve rapid, full compliance and will continue providing support to this end.

Payment Transparency

Following a public consultation that ended in May 2024, to which Notabene publicly responded to here, the FATF is revising its standards to align with evolving cross-border payment systems and industry standards like ISO20022. These revisions aim to enhance the speed, cost-effectiveness, transparency, and inclusivity of cross-border payments while maintaining AML/CFT compliance. Further dialogue with experts is needed before finalizing these amendments.

Jurisdictions Under Increased Monitoring

Monaco and Venezuela have been added to the list of jurisdictions subject to increased monitoring. Congratulations to Jamaica and Türkiye which have been removed from this list, reflecting their improved compliance.

High Risk Jurisdictions - Call for Action

The FATF reiterated its concerns over certain high risk jurisdictions in its Call for Action.  Specifically for Democratic People’s Republic of Korea (DPRK), Iran, and Myanmar. 

‍

‍Democratic People's Republic of Korea (DPRK) 🇰🇵‍

FATF remains deeply concerned about the DPRK's failure to address significant AML/CFT deficiencies and the proliferation financing risks posed by its illicit activities related to WMDs. The FATF urges all jurisdictions to:

• Terminate correspondent relationships with DPRK banks.
• Close any DPRK bank branches or subsidiaries.
• Limit financial transactions with DPRK persons.

Greater vigilance and enforcement are required, especially given DPRK's increased financial connectivity and use of front companies to evade sanctions.

‍

Iran 🇮🇷

Since Iran has not completed its action plan, including enacting key conventions, the FATF calls for:

• Enhanced supervisory examination for Iranian financial institutions.
• Systematic reporting of financial transactions.
• Increased external audit requirements.

Until Iran fully implements the required measures, the FATF maintains concerns over terrorism financing risks from Iran.

‍

Myanmar 🇲🇲

Due to slow progress in addressing AML/CFT deficiencies, the FATF calls for enhanced due diligence measures. Financial institutions should:

• Increase monitoring of business relationships.
• Ensure legitimate financial flows, such as humanitarian aid and remittances, are not disrupted.

If no further progress is made by October 2024, the FATF will consider applying countermeasures.

Mutual Evaluation Reports: India and Kuwait

India has achieved a high level of technical compliance with FATF requirements, particularly in understanding ML and TF risks, international cooperation, and access to beneficial ownership information. However, improvements are needed in supervising non-financial sectors. Kuwait is also nearing compliance but requires further progress.

Review of Gatekeepers

FATF will publish its findings on the regulation of gatekeepers in July 2024. These entities, if unregulated, remain exposed to significant criminal risks and may fail to detect money laundering red flags.

Women in FATF and the Global Network (WFGN) Initiative

Notabene commends Minister Indranee Rajah who launched the e-book “Breaking Barriers: Inspiring the Next Generation of Women Leaders,” showcasing the resilience and expertise of women in combating financial crime. This initiative, part of the Women in FATF and the Global Network (WFGN), aims to inspire and support aspiring women leaders and complements the multicultural mentoring program.

Compliance with FATF Standards

The Plenary approved revised criteria for prioritizing countries for the International Cooperation Review Group (ICRG) review process. This will ensure that the listing process remains risk-based, fair, and transparent. Members also agreed on assessment methods for compliance with the revised FATF Standards on asset recovery and related international cooperation, adopted in October 2023.

Incoming Mexican Presidency’s Priorities (2024-2026)

As many know, Elisa de Anda Madrazo, is the incoming President.  She outlined the Mexican Presidency’s priorities, which include:

• Advancing financial inclusion through risk-based implementation of the Standards.
• Ensuring a successful start to the new round of assessments.
• Strengthening the cohesion of the Global Network by fostering transparency and unity.
• Supporting effective implementation of revised FATF Standards, focusing on asset recovery, beneficial ownership, and virtual assets.‍
• Continuing efforts to combat terrorist and proliferation financing.

The outcomes of this Plenary set a robust agenda for the FATF, emphasizing the need for rapid compliance, enhanced transparency, and international cooperation to combat financial crime effectively.  We at Notabene are excited to support this and eager to see how this will unfold in the coming year.

📥 Interested in more content like this? Sign up to receive regular updates via LinkedIn.

Authored by CryptoUK’s Travel Rule Working Group, the Travel Rule Good Practices Guide is a cornerstone document for virtual asset service providers (VASPs), cryptoasset businesses, and digital asset industry participants navigating the regulatory landscape in the UK.

This comprehensive guide is a culmination of the industry’s collective effort. It provides an in-depth overview of compliance strategies and valuable guidance on addressing associated challenges.

The UK’s Pivotal Role in the Travel Rule Compliance Landscape

According to Chainalysis (2023), the UK ranks third globally in transaction volume, with an estimated $252.1 billion received last year. The 44 VASPs currently registered with the FCA must comply with the Travel Rule, which came into force on September 1, 2023. This situation underscores the UK’s significant role in promoting Travel Rule compliance worldwide.

Insights from the 2024 State of Crypto Travel Rule Compliance Report

The UK, with its robust regulatory framework, leads in compliance rates. Our comprehensive State of Crypto Travel Rule Compliance Report 2024 revealed that the UK boasts a 100% compliance rate among surveyed respondents in the EMEA region, reflecting the country’s stringent standards since the rule’s enforcement.

Notabene’s Proactive Role in UK Travel Rule Compliance

Our team at Notabene is dedicated to assisting UK VASPs in understanding and complying with their Travel Rule obligations. In 2023, we spearheaded several initiatives:

• Regulatory Sandbox Testnets: As part of the Financial Conduct Authority's (FCA) regulatory sandbox, we conducted two testnets with firms such as Ramp, Bitstamp, Wirex, CoinPass, Altalix, Hidden Road, Bitpanda, Custody, Uphold, and Zodia Markets.
• Guidance Publication: We published a concise guide summarizing the Travel Rule obligations outlined in the Money Laundering and Terrorist Financing (Amendment) (No. 2) Regulations 2022 (MLTFR 2022.)

Additionally, Notabene has actively engaged in the JMLSG consultation process, submitting a response to contribute to the development of practical and effective compliance strategies for the industry. Our efforts ensure the guidance remains relevant and supports VASPs’ compliance journey.

Key Insights from the Travel Rule Good Practices Guide

The CryptoUK Travel Rule Good Practices Guide is an invaluable resource for navigating the complexities of regulatory compliance in the crypto industry. With contributions from industry experts, this guide provides a clear path for VASPs to achieve and maintain compliance.

Key areas covered include:

• Counterparty VASP Due Diligence: In the absence of regulatory guidelines in this respect, this chapter outlines key considerations and best practices, featuring key insights shared by Notabene’s Head of Regulatory and Compliance Team, Lana Schwartzman.
• Withdrawal and Deposit Flows: Provides an overview of applicable obligations and approaches for operationalizing Travel Rule compliance within withdrawal and deposit flows.
• Unhosted Wallets: Discusses the regulatory framework, associated risks, and potential mitigations.

About the Working Group

The CryptoUK Travel Rule Working Group was established in 2023 to foster knowledge sharing and best practices. 

The group collaborates with policymakers, regulators, and key stakeholders, including HM Treasury, the FCA, the Electronic Money Association, and the JMLSG. The Working Group significantly contributed to the development of the JMLSG’s Guidance on Cryptoasset Transfers, published in August 2023.

For more insights and to stay informed about regulatory developments, download the guide and join the CryptoUK Travel Rule Working Group today.

This article provides an in-depth look at virtual asset service providers' (VASPs) current transaction restrictions and compliance measures as they navigate Travel Rule compliance.

Based on the results from Notabene's 2024 State of Crypto Travel Rule Compliance survey, we explore how crypto businesses and financial institutions are preparing to meet these regulatory requirements. Download the report here to gain deeper insights.

Key Findings

Global Survey Overview
The survey, conducted between October 2023 and January 2024, included 70 companies from Europe, the Middle East, Africa (45.7%), Asia-Pacific (30%), and the Americas (21.4%).

66% of VASPs Enforce Restrictions on Withdrawals That Do Not Comply With Travel Rule Requirements

66% of VASPs enforce restrictions on withdrawals that do not comply with Travel Rule requirements. Notably, 23% do not allow withdrawals unless a Travel Rule message can be sent to the beneficiary VASP, up from 8% last year. This shift reflects a growing trend towards stricter compliance measures within the industry. The percentage of respondents permitting customers to withdraw funds without being able to send Travel Rule messages to the beneficiary VASP has dropped significantly from 37% in 2023 to 19% in 2024. This decrease of 49% underscores a heightened focus on ensuring compliance with regulatory requirements.

Moreover, 40% of respondents adopt a risk-based approach when determining whether to allow a withdrawal. This method reflects an industry-wide effort to balance business considerations with regulatory compliance. Given the persistent limitations that hinder full compliance, such as the Sunrise Issue, this approach is particularly significant. The increasing adoption of stringent compliance measures marks a notable shift in the industry’s approach to risk management, demonstrating a mature, proactive, and compliant stance in navigating the evolving landscape of crypto regulations.

66% of Companies Impose Restrictions on Transactions With Self-Hosted Wallets

66% of companies impose restrictions on transactions with self-hosted wallets. Approximately one-third of companies (33%) exclusively allow first-party transactions with self-hosted wallets and require customers to demonstrate control over the wallet address before authorizing the transaction. Additionally, 27% of companies allow third-party transactions with self-hosted wallets but collect beneficiary information from their customers, showcasing a commitment to due diligence. A minority of 6% of companies outright prohibit transactions with self-hosted wallets. 

There is still a substantial portion of respondents (29%) that do not impose any restrictions on transactions with self-hosted wallets. The “Other” category, comprising 6% of responses, suggests a unique range of approaches that some companies have adopted to handle transactions with self-hosted wallets. The distribution of survey responses illustrates the diversity of approaches that regulators worldwide take when defining rules for transactions involving VASPs and self-hosted wallets.

Over 20% of VASPs Return Deposits Missing Required Travel Rule Information

Handling Deposits

Over 20% of VASPs return deposits missing required Travel Rule information. Specifically, 21% of companies, upon identifying the originator VASP, promptly send requests for missing Travel Rule information. If the information is not received, companies take the decisive step of returning the funds. This approach often creates additional operational challenges for VASPs, which is further discussed in Chapter 5, Section 7 of the report. Another 10% follow a similar protocol but opt to collect the required information directly from their end-customers in the absence of the necessary data, using this as an alternative means to assess transaction risk when counterparty collaboration is lacking.

Nearly half (49%) of the respondents take more lenient approaches. Notably, 30% adopt a risk-based approach, evaluating the associated risks before deciding whether to make the deposit available to end-customers. Meanwhile, 19% of respondents permit their customers to receive deposits without the mandated Travel Rule information. This variation in approach may stem from the need to balance compliance with business needs. A significant portion of deposits from VASPs still lack Travel Rule information due to hindrances like the Sunrise Issue and interoperability issues. For these firms, strict compliance would entail refusing all deposits except from self-hosted wallets, which would have a significant and potentially disproportionate impact on business.

Diverse Compliance Strategies

VASPs employ a range of strategies to manage non-compliant deposits, from providing grace periods to negotiating compliance practices with counterparties. Some respondents revealed ongoing efforts toward implementation, development, or the intention to implement in the future. Strategies included providing grace periods for clients, negotiating compliance practices with counterparties, and adopting selective compliance measures based on specific circumstances. These diverse responses underscore the complex and evolving nature of the regulatory landscape and the varied approaches taken by entities within the crypto ecosystem. This emphasizes the need for continued collaboration and standardization for comprehensive and effective risk mitigation practices.

As the regulatory landscape continues to evolve, VASPs must stay abreast of changes and adopt robust compliance strategies. The increasing adoption of stringent compliance measures marks a significant shift in the industry's approach to risk management, demonstrating a mature, proactive, and compliant stance in navigating the evolving landscape of crypto regulations. For VASPs, staying ahead of these changes will be crucial in maintaining competitive advantage and fostering trust in the digital asset space.

{{report1="/cta-components"}}

This article provides an in-depth look at virtual asset service providers' (VASPs) current implementation challenges as they navigate the Travel Rule.

Based on the results from Notabene's 2024 State of Crypto Travel Rule Compliance survey, we explore how crypto businesses and financial institutions are preparing to meet these regulatory requirements. Download the report here to gain deeper insights.

Protocol Interoperability Emerges as the Top Hurdle to Travel Rule Adoption

Each year, we explore the evolving challenges of implementing the Travel Rule. This year, the lack of interoperability between different protocols has become the foremost challenge, as 34% of respondents highlighted. This underscores the growing necessity for standardized communication to ensure effective compliance with the Travel Rule across various platforms. 

Interestingly, despite identifying interoperability as a major hurdle, 67% of respondents reported not using more than one Travel Rule protocol. This suggests that the impracticality of integrating multiple protocols outweighs the compliance limitations that arise from the lack of protocol interoperability.

Additionally, respondents were asked about their companies’ responses to Travel Rule transfers from other VASPs. Notably, 37% of respondents indicated that they had not received such requests. The lack of incoming Travel Rule transfers points to a fragmented approach to compliance, where many VASPs continue to operate in isolation due to the lack of interoperability.

The survey results highlight a crucial industry dilemma: counterparties may not be using the same Travel Rule protocol and thus may be unaware of Travel Rule requests from others, contributing to significant compliance challenges in deposit flows. This is why it is imperative to address interoperability—to improve compliance and unlock the full transaction potential by ensuring seamless industry-wide communication. This topic is further explored in Chapter 5, Section 5 of the Report.

The Sunrise Issue’s Negative Impact Jumps 74%

The prominence of the Sunrise Issue as a barrier to adopting the Travel Rule has escalated, moving from the third to the second most significant challenge. This marks a 74% increase from the previous year’s findings. Despite expectations that last year’s surge in Travel Rule adoption would mitigate the Sunrise Issue, the opposite has occurred. The rise in adoption has been offset by increasing regulatory demands, leading to more stringent compliance measures.

Even though more VASPs are adhering to the Travel Rule, theoretically easing the Sunrise Issue, regulatory standards have tightened. Previously, VASPs had more leeway in handling non-compliant counterparties, with only 8% opting not to execute transactions when unable to transmit Travel Rule information. Currently, although more VASPs are compliant and able to exchange information, the flexibility in dealing with non-compliant counterparts has diminished. The number of VASPs halting transactions when unable to send a Travel Rule data transfer has nearly tripled this year.

Overcoming the Sunrise Issue requires a universal agreement on implementing the Travel Rule. Without swift and broad enforcement, the negative impacts of the Sunrise Issue are likely to grow due to increased regulatory scrutiny and enforcement in compliant regions. This issue is further examined in Chapter 5, Section 1. The “Regulatory/legal uncertainty” hurdle has shifted to the third position at 16%, marking a measurable decline from its second-place standing of 22% in 2023.

This shift suggests that increased regulatory clarity has eased some hindrances, as evidenced by developments like the U.K. Travel Rule implementation and the definition of the EU Travel Rule framework with the publication of the TFR. However, though this stride forward signals progress, this hurdle still places in the top three, underscoring the need for continued efforts to comprehensively address the clarity of the regulatory guidelines, with the goal of moving it out of the top three.

In the 2023 survey, VASPs highlighted "Lack of technical resources" as the primary hurdle to Travel Rule adoption (at 27%). However, in 2024, the percentage of those citing it as their top concern decreased dramatically to 3%, a staggering 89% decrease. Such a change in position indicates that the challenges relating to this obstacle have been alleviated, possibly due to the increased business commitment to Travel Rule implementation. It could be argued that the rising regulatory urgency fostered an alignment between compliance needs and business objectives. As reported by nearly half of the respondents (47%), Travel Rule adherence has evolved into a prerequisite for obtaining a license to operate in new markets. This is true in pivotal crypto hubs like Hong Kong and the United Arab Emirates, as explored in Chapter 2, Section 1 of the 2024 State of Crypto Travel Rule Compliance Report.

Moreover, Travel Rule adherence plays an increasingly vital role in the due diligence processes of banks and financial institutions—when assessing VASPs for core financial services, such as bank accounts—and regulators and auditors, as further explored on page 56 of the report.

Nearly Half of All Respondents Face Travel Rule Obligations in Multiple Jurisdictions

Last year’s survey results uncovered the global nature of Travel Rule compliance; this year’s findings further support this. A notable finding is that 47% of respondents are now subject to the Travel Rule in multiple jurisdictions, which represents a substantial increase of approximately 104% compared with last year’s 23%. This surge underscores the growing complexity of complying with the Travel Rule on a global scale, as it requires adherence to different regulatory standards across jurisdictions.

A closer examination of the respondents required to comply across multiple jurisdictions reveals a substantial concentration within specific jurisdictions:

• 33% have a presence in the United Kingdom,
• 27% in the United States, and
• 21% in Singapore.This emphasizes the global significance of these key jurisdictions and underscores the urgency of adopting sensible regulatory policies that facilitate seamless cross-border transactions.

Cross-Border Compliance Emerges As a Key Concern

Additionally, as part of the survey, participants were given the option to rank the importance of factors contributing to the success of their Travel Rule solution. The findings indicate that 65% identified “multi-jurisdictional roll-out” among their top two priorities, with 23% ranking it as their primary concern. This trend underscores the significance of cross-border compliance with the Travel Rule.

{{report1="/cta-components"}}

This data highlights the industry’s potential for improved efficiency through a unified and cohesive strategy to navigate diverse regulatory requirements across regions.

Understanding who controls the recipient wallet is crucial for Virtual Asset Service Providers (VASPs) to comply with the Travel Rule. The first phase of the mandated pre-transaction due diligence process, as set forth by the Financial Action Task Force (FATF) ^[1], involves identifying the counterparty VASP. A comprehensive due diligence process is initiated once another VASP is identified as the counterparty.

Correctly carrying out this procedure enables VASPs to sidestep transactions with suspicious or sanctioned entities. Moreover, it safeguards sensitive customer data by ensuring it only goes to a verified or intended counterparty. ^[2]

‍

‍

{{cta-learnmore10="/cta-components"}}

Counterparty VASP Identification Challenges

Crypto transfers are recorded on public ledgers, leading VASPs to treat their wallet address books as confidential, which complicates identification efforts during Travel Rule-compliant transfers. VASPs face a wide range of counterparties, from other VASPs and financial institutions to self-hosted wallets and entities like e-commerce platforms, gaming sites, and mining pools. This diversity adds another layer of complexity to the already challenging counterparty identification process.

Currently, VASPs rely on (1) blockchain analytics, (2) input from their end customer, and (3) other specific discoverability methods available in their Travel Rule network to identify the counterparty to the transaction. These solutions have limitations: blockchain analytics can cluster wallet addresses with VASP groups but cannot reconcile them with specific legal entities; end customers may know the VASP brand but often do not know the specific legal entity with which they or their transaction counterparty is contracted; Travel Rule networks are limited to the information made available by the network members.

This issue remains critical, as compliance with the Travel Rule hinges on the accurate identification of the counterparty.

Learn more about this topic in Chapter 1, Section 2.2.1 of the 2024 State of Crypto Travel Rule Compliance Report.

FATF's Stance on VASP Identification

In its 2021 update, FATF highlighted the lack of "technically proven means" for accurately identifying the VASP overseeing the beneficiary wallet based solely on the Virtual Asset (VA) address:

To date, the FATF is not aware of any technically proven means of identifying the VASP that manages the beneficiary wallet exhaustively, precisely, and accurately in all circumstances and from the VA address alone. - FATF ^[3]

In the same report, the FATF explicitly urged the industry to accelerate efforts to strengthen global solutions that can accommodate nuances in requirements across jurisdictions in accordance with FATF Standards. ^[4]

‍

{{report2="/cta-components"}}

‍

Approaches to theSunrise Issue Challenges

Below, we discuss what can be done about the VASP identification issue and initiatives that are already in place at the various stakeholder levels, and which stakeholders are best positioned to drive solutions to this issue:

Joint Industry Initiatives

Notabene had the honor of attending the V20 Summit in October 2022. Held alongside the G20, 20 VASPs convened to discuss global financial policies and industry proposals in the wake of the FTX collapse, TerraUSD crash, and other industry events. At the V20 Summit, the stakeholders present set a goal to develop and agree on a common approach to public infrastructure for VASP discovery and the general principles that should be observed, namely:

• The infrastructure should be common, global, decentralized, and open (available to all VASPs and Travel Rule protocols).
• The infrastructure should provide base layers of information (entity name, jurisdiction, regulatory status, contact info, and supported Travel Rule protocols). 

The Joint Working Group under IVMS, in which Notabene is an active participant, is leading the initiative to create this infrastructure.

Travel Rule Solutions

Many Travel Rule solutions are already participating in the Joint Working Group under IVMS mentioned above. Others are encouraged to join to ensure that the chosen industry approach has stakeholders' buy-in at all levels. 

Notabene enables VASPs to autonomously identify the counterparty to transactions through the following discoverability methods: 

1. Integration with blockchain analytics: SafeTransact features integrations with several blockchain analytics service providers that allow VASPs to plug in their blockchain analytics accounts to the Travel Rule flow. The counterparty wallet address is queried against the information available to the blockchain analytics service to determine whether or not that wallet is associated with a known VASP.
   ‍
2. Network Discoverability: In response to these identified challenges, Notabene has rolled out Network Discoverability. This feature offers scalable, secure, and reusable techniques for counterparty VASP identification within open networks. The Notabene Network features an internal, self-managed address book. Participating VASPs can upload their blockchain addresses in hashed format to Notabene and permit them to be safely leveraged across the network to streamline the discoverability process. When other VASPs in the network engage in transactions involving any of the uploaded hashed addresses, the VASP that controls the respective address will be automatically identified.
   
   

{{cta-learnmore7="/cta-components"}}

VASPs

VASPs ultimately own the information that allows the accurate association between their wallet addresses and the legal entities that operate them. The adoption of any standard for VASP discovery necessarily hinges on VASPs’ collaboration. 

2024 Status Check

‍

‍

Partial solutions for VASP identification are available, but their limitations continue to negatively impact Travel Rule compliance. Recognizing how important a common industry approach will be in solving this, the Joint Working Group under IVMS is working toward a standard that it hopes the industry will adopt.

Learn more about Network Discoverability

Learn more about our VASP identification feature, which offers scalable, secure, and reusable techniques for counterparty VASP identification within open networks.

‍

{{cta-learnmore7="/cta-components"}}
‍‍

This article provides an in-depth look at virtual asset service providers' (VASPs) current compliance status and future planning as they navigate the Travel Rule. Based on the results from Notabene's 2024 State of Crypto Travel Rule Compliance survey, we explore how crypto businesses and financial institutions are preparing to meet these regulatory requirements. 

96% of VASPs Are Travel Rule Compliant or Plan To Be in 2024

The Travel Rule has become a fundamental aspect of the crypto compliance landscape. According to the survey, 96% of respondents are either already compliant or plan to be by Q4 2024. This marks a significant milestone, with over half (52%) of respondents already adhering to the Travel Rule in 2023—a substantial increase from 23% the previous year, indicating a 123% growth in compliance.

A mere 4% of respondents indicated a stance of non-compliance until 2025. This highlights that compliance with the Travel Rule is not only an immediate necessity due to increased regulatory urgency but also a strategic imperative for entities aiming to operate and transact globally in a compliant manner. For a comprehensive analysis and detailed statistics, download the full report.

Team Sizes and Automation

A notable 80% of firms have dedicated Travel Rule compliance teams, reflecting the industry's commitment to meeting these stringent requirements and recognizing the importance of working with specialized personnel to successfully navigate the intricacies of Travel Rule compliance and stay abreast of increased scrutiny and regulatory demands.

The survey also investigated team sizes and the automation of pre-transaction checks, which revealed respondents’ efforts to ensure the efficient operation of their compliance teams.

A large portion of respondents (46%) have significantly automated their systems, with less than 25% of transactions flagged for manual review. Another 24% partially automate, flagging over 25% for manual review. However, 17% manually approve every transaction, and 13% automate without pre-transaction checks.

Nearly half of respondents (47%) had to demonstrate Travel Rule compliance during license applications, indicating its importance in gaining market access.

Additionally, more than half of the respondents (53%) have had their AML and sanctions programs evaluated by local regulators, examiners, or independent reviewers, explicitly focusing on Travel Rule compliance. This standardized assessment process highlights Travel Rule adherence's integral role in the AML framework and its strategic importance within the overarching compliance framework.

The industry's commitment to Travel Rule compliance is evident through dedicated teams, integration into licensing processes, and comprehensive AML assessments, making it a strategic imperative for operational excellence and market credibility.

VASPs Ensure Compliance Where the Travel Rule Is a Licensing Deal-Breaker

A commendable 52% of companies, spanning diverse primary jurisdictions are already complying with Travel Rule requirements. However, a closer examination of survey responses on primary jurisdiction and implementation timelines reveals a clear pattern: VASPs prioritize compliance where Travel Rule compliance is a license “deal breaker.”

EMEA

The EMEA region as a whole, in particular, demonstrates a high compliance rate, with 59% of respondents claiming to be already complying in this region.

In the EMEA region, the U.K. stood out as the primary jurisdiction with the highest percentage of compliant respondents, boasting an exceptional 100% compliance rate among those surveyed. Of these, 89% were already compliant, and the remaining 11% planned to be by the end of 2023 when the survey was issued. This remarkable compliance rate can be attributed to the U.K.’s robust standards since the country began enforcing the Travel Rule on September 1, 2023.

UAE

When looking deeper into the UAE respondents, where Travel Rule compliance is a licensing prerequisite, 60% of companies have already achieved compliance, and an additional 20% anticipate reaching compliance by the second quarter of 2024. These statistics demonstrate that having Travel Rule compliance as a license deal-breaker fosters a proactive commitment to adoption from the industry.

The trend of enforcing strict licensing regimes is positive. An analysis conducted by TRM Labs (2024) found that VASPs in countries with full licensing and supervision regimes have lower rates of illicit activity than those in less regulated jurisdictions.

‍

APAC

It’s crucial to highlight that the rest of the world is keeping pace. Among respondents with primary jurisdictions in APAC, an impressive 86% are already in compliance with the Travel Rule. This includes vital APAC jurisdictions such as Singapore, Hong Kong, India, Japan, and Malaysia.

Of the 39% of APAC respondents that listed Singapore as their primary jurisdiction, 63% are already compliant, while an additional 25% aim for compliance by Q1 of 2024.

U.S.

The U.S. is trailing behind compared to other key jurisdictions. Despite the Travel Rule requirements in the U.S. since 2013, only 50% of companies claim compliance, with an additional 30% expecting compliance by Q1 of 2024. These numbers are particularly striking compared to the 100% compliance rate observed in the U.K., where the measures were implemented only recently, just four months before the survey was issued. This trend may be attributed to regulatory ambiguity and limited enforcement action in the U.S., contrasting with the proactive commitment to adoption seen in other jurisdictions.

However, the increasing counterparty urgency is expected to drive global adoption, particularly in the United States. Our survey data indicated that fewer VASPs are willing to send withdrawals or receive deposits without the ability to transmit or receive relevant Travel Rule information, which means a potential increase in business loss. Such pressure to adapt will hopefully drive industry stakeholders and regulators to take action, especially those in the U.S.

The Number of VASPs Not Implementing Counterparty Due Diligence Processes Has Nearly Halved

Trend Shift

The survey indicates a significant decrease in the proportion of companies willing to send Travel Rule transfers to counterparties without specific criteria, dropping from 52% in 2023 to 29% in 2024. This reflects a growing emphasis on rigorous counterparty due diligence. Another notable trend is the growing emphasis on assessing the regulatory status of counterparties, a number that has seen doubled growth, from 4% to 9%.

Due Diligence Practices

Sixty-four percent of companies perform due diligence pre-transaction. The survey question, “What checks do you perform, if any, on your counterparties prior to initiating Travel Rule transactions?” highlights the industry's maturing commitment to Travel Rule compliance. The majority of respondents conduct:

• Wallet sanction screening (87%)
• Counterparty name sanction screening (77%)
• Evaluation of wallet risk scores (74%)
• VASP due diligence (64%)

Only a minority (6%) reported conducting no checks, underscoring a holistic approach to risk management. However, despite the positive trend, VASP due diligence is still the least adopted measure.

The trends indicate a clear shift toward more rigorous counterparty due diligence, a preference for regulated counterparties, and a strategic move away from indiscriminate transfers to all VASPs. Despite this progress, challenges remain. As outlined in Chapter 5, Section 3, issues such as the least performed measure of VASP due diligence continue to hinder the counterparty due diligence process.

‍

The industry’s growing commitment to Travel Rule compliance is evident with the existence of dedicated teams, integration into regulatory licensing processes, and the core fabric of AML compliance assessments. This trend positions Travel Rule compliance not merely as a regulatory necessity but as a strategic imperative that drives operational excellence and market credibility.

‍

{{report1="/cta-components"}}

‍

The Crypto Travel Rule, as mandated by the Financial Action Task Force (FATF), requires Virtual Asset Service Providers (VASPs) to share specific information for transactions over a certain threshold. 

However, the staggered implementation timelines, known as the "Sunrise Period," pose significant compliance challenges across the globe. This blog dives into these challenges and offers strategies for VASPs navigating this difficult time.

Understanding the Sunrise Issue

The Sunrise Period refers to the timeframe during which the Travel Rule is not uniformly implemented across jurisdictions. This period is fraught with challenges as VASPs in different regions are subject to varying compliance timelines. As of the latest FATF updates in June 2023, many jurisdictions have yet to fully implement the Travel Rule, leading to a patchwork of compliance standards worldwide.

Challenges Faced by VASPs During the Sunrise Period

VASPs face significant hurdles during the Sunrise Period due to the practical difficulties encountered in the data transfer process required by the Travel Rule. 

Let's break down these challenges into three main areas:

1. Difficulty Sending a Travel Rule Data Transfer
   Compliance with the Travel Rule necessitates that the originator VASP collects and transmits information about both the originator and the beneficiary to the beneficiary VASP. However, uneven implementation across jurisdictions means that many beneficiary VASPs are not yet equipped to receive and protect this information adequately. 
   
   This gap in compliance capabilities can leave the originating VASP unable to fulfill its core obligations, significantly impacting transaction flows. Recent survey results highlight a shift towards stricter compliance enforcement, with the percentage of VASPs that do not allow withdrawals unless a Travel Rule message can be transmitted to the beneficiary VASP nearly tripling from 8% last year to 23% this year.
   
   
2. Difficulty Receiving a Travel Rule Data Transfer
   The challenges are not only limited to sending information. If the originator VASP has not started transmitting Travel Rule data, the beneficiary VASP faces significant barriers in assessing the information about the originator, which is crucial for completing the transaction in a compliant manner. Depending on the regulatory approach of the country in question, the beneficiary VASP might need to restrict access to these transactions. Such restrictions can have a substantial operational impact on business. 
   
   Furthermore, it's noteworthy that a significant 37% of survey respondents reported that they did not receive any Travel Rule information for a substantial number of transactions, illustrating the scale of this issue.
   
   
3. Difficulty Screening the Transaction’s Counterparty
   The Sunrise Issue also complicates the screening process of the transaction’s counterparty. Typically, an originator VASP would verify the beneficiary's information provided by their customer before attempting to transmit this data. However, without confirmation from the beneficiary VASP that the information is accurate, the originator cannot be sure of its validity. This uncertainty makes the screening results unreliable and the transactions risky. 
   
   Likewise, beneficiary VASPs face challenges when they receive deposits without the required originator information. This scenario makes it easier for illicit actors to exploit the system by using inaccurate counterparty information to bypass VASP screening processes.
   

These challenges underline the intricate difficulties that arise from the staggered implementation of the Travel Rule across different jurisdictions. They not only affect the efficiency of transaction processes but also raise significant compliance and operational risks for VASPs operating internationally.

Regulatory Landscape and Progress

Although the FATF sets the global standards, it does not enforce them directly. Instead, it relies on member countries to implement these standards within their jurisdictions. The FATF continues to issue guidance and monitor progress, but many countries lag behind in their implementation efforts. Specific examples from countries like South Korea, Japan, and the UK illustrate the diverse approaches to implementing the Travel Rule, each with its own set of challenges and solutions.

{{report2="/cta-components"}}

Approaches to Sunrise Issue Challenges 

In this section, we discuss what can be done about the challenges arising from the Sunrise Issue, initiatives that are already in place at various stakeholder levels, and which stakeholders are best positioned to drive solutions to this issue.

The FATF

The FATF’s mandate is to set recommendations that are, themselves, not legally binding. The FATF relies on member jurisdictions to incorporate these recommendations and enforce the Travel Rule for VASPs within the jurisdiction’s regulatory ambit. Thus, the FATF is not in a position to resolve the Sunrise Issue challenges. 

Nonetheless, the FATF uses a number of methods to encourage national regulators and the private sector to action:

1. The FATF has issued a number of guidance documents aimed at helping regulators and VASPs navigate a path toward Travel Rule adoption and tackle some of the more challenging aspects thereof. We’ve highlighted some of these guidance instruments in Chapter 1, which can serve as a very useful tool for stakeholders at all levels. The FATF has also formed the Virtual Assets Contact Group (VACG), which will continue to conduct outreach and provide assistance to low-capacity jurisdictions to encourage their compliance with the Travel Rule.
   
   
2. The FATF has continued to monitor and report progress of Travel Rule adoption. In the FATF’s June 2023 Targeted Update, the FATF reiterated that jurisdictions have made insufficient progress and thus calls on regulators to urgently implement the Travel Rule. [1]
   
   
3. Perhaps the most effective method is the FATF-maintained call-to-action and increased monitoring lists, where it identifies jurisdictions with weak measures to combat AML/CTF. These lists are publicly available and are updated three times a year following the FATF’s review and mutual assessments of jurisdictions. 

   
   For counties on the call-to-action list, the FATF calls on jurisdictions to apply enhanced due diligence (EDD), and in the most serious cases, to apply countermeasures to protect the international financial system from the ongoing money laundering, terrorist financing, and proliferation of financing risks that emanate from the flagged countries. 
   
   The increased monitoring list includes countries that are actively working with the FATF to address money laundering/ terrorist financing deficiencies. Alignment with the FATF’s guidelines on VAs and VASPs, including enforcement of the Travel Rule, is expected to become increasingly relevant for the assessment of a country’s regimes to counter money laundering, terrorist financing, and proliferation of financing risks.

Regulators

The most effective way to resolve the Sunrise Issue challenges is with a swift implementation of the FATF’s requirements.

When implementing the Travel Rule, national regulators are the ones to determine how their Travel Rule framework will address the Sunrise Issue. According to data that the FATF shared in its June 2023 Targeted Update, 11 of 62 jurisdictions that have implemented the Travel Rule or are in the process of doing so have allowed a grace period for Travel Rule compliance, during which there are exemptions or flexibility in how VASPs are expected to comply in order to mitigate the effects of the Sunrise Issue [2]. 

Additionally, some jurisdictions expressly qualify how domestic VASPs can interact with foreign counterparts. 

For example:

• Regulators in South Korea acknowledge that overseas VASPs may not yet be required or prepared to comply with the Travel Rule. To deal with this, the South Korean framework allows Korean VASPs to facilitate transactions with overseas VASPs only when the Korean VASP is able to confirm that the customer is sending funds to an account held in their own name and that the money laundering/terrorism financing risks are low. (Financial Services Commission, 2022).
• In Japan, if the transaction counterparty is located in a region without Travel Rule enforcement, Japanese VASPs have no obligation to share PII. In these cases, Japanese VASPs are still required to collect and retain information about the counterparty and assess money laundering/terrorist financing risks. 
• In the U.K., an FCA statement establishes that when a beneficiary VASP is located in a jurisdiction non-compliant with the Travel Rule, the originator U.K. VASP is still required to collect and retain information about the counterparty and assess money laundering/
  terrorist financing risks but may proceed with the transaction without transmitting the information. Additionally, when a U.K. VASP receives a transaction without the required Travel Rule information, the U.K. framework allows the VASP to make a risk-based determination on whether to make the VA available to the beneficiary, taking into account the status of Travel Rule regulations in the jurisdiction where the originator VASP operates. 
  
  Learn more about the Japanese and British regulatory frameworks in Chapter 2 of the 2024 State of Crypto Travel Rule Compliance Report.

Joint Industry Initiatives

Joint industry initiates also play a role in resolving the Sunrise Issue.
Many industry working groups that operate on a national level, like the CryptoUK Travel Rule Working Group, have successfully engaged with national regulators to encourage the implementation of proportionate measures to mitigate the negative effects of the Sunrise Issue.
Groups like these should continue engaging with VASPs and regulators to encourage rapid implementation. 

Travel Rule Solutions

Similar to joint industry initiatives, Travel Rule solutions like Notabene’s SafeTransact can play a role in resolving the Sunrise Issue by increasing policymakers’ awareness of the problems and proposing creative solutions that facilitate VASPs’ operations during this period.

With these challenges in mind, Notabene launched the SAFE Implementation phases. This step-by-step onboarding program is designed to help our clients navigate the intricacies of Travel Rule compliance efficiently, particularly throughout the Sunrise Period. Throughout their journey using the SAFE Implementation phases, VASPs can gather valuable analytics that they can use to create a clear roadmap toward achieving full compliance. 

Additionally, Notabene offers a free SafeTransact-Rise plan tailored for VASPs that are not yet required to comply with the Travel Rule but wish to avoid being cut off from compliant transaction flows. The SafeTransact-Rise plan allows VASPs to receive and respond to Travel Rule
transfers, with no technical integration effort required.

VASPs

When trying to mitigate the challenges identified above, VASPs tend to take a variety of approaches. These approaches depend largely on what national mandates require or, when these frameworks are silent, what risk-based practices begin to emerge to compensate. 

We uncovered some of these practices in this year’s survey, which are listed below by order of popularity:

In withdrawals:

• 40% of the VASPs surveyed report taking a risk-based approach to determine whether or not to allow a transaction when they are unable to send Travel Rule information to the beneficiary VASP.
• 23% percent of the VASPs surveyed currently do not permit transactions unless they are able to send Travel Rule information.
• 19% of the VASPs surveyed allow their customers to transact, irrespective of whether they are able to send Travel Rule information.
• Only 3% of the surveyed VASPs only proceed with the withdrawal provided that the information can be sent to the beneficiary VASP and a response is received.

In deposits:

• 30% take a risk-based approach to determine whether or not to make a deposit available to the end customer in cases when the required Travel Rule message is not received from the originator VASP.
• Upon detecting a deposit without information/with missing information, some respondents send a request to provide missing information to the originator VASP. In the case the information is not provided, 21% return the funds and 10% opt to collect the information from their end customer.
• Of respondents, 19% allow customers to receive deposits regardless of whether the required Travel Rule information was received.
• 20% of respondents report taking other approaches. By way of example, one respondent reported allowing their customers a grace period before enforcing blockers. Others report only allowing first-party deposits and requiring their customer to demonstrate they control the source wallet.
  

These results indicate that a majority of VASPs currently adopt a risk-based approach to compliance limitations. However, stricter approaches are gaining popularity, possibly because of growing regulatory pressure. Notably, 23% of the surveyed VASPs currently prohibit transactions unless they can send Travel Rule information, and a similar percentage (21%) returns funds unless the required Travel Rule information is received.

2024 Status Check 

At present, some solutions are available to mitigate some of the friction caused by the Sunrise Issue, but its negative impact continues to severely affect VASPs in jurisdictions with Travel Rule obligations. While there is work that can be done by stakeholders at all levels, the power to solve
the Sunrise Issue ultimately lies with national regulators and policymakers in jurisdictions that have not yet introduced Travel Rule legislation/regulation. These regulators need to urgently implement
and operationalize the Travel Rule through effective supervision and enforcement action, using the available FATF resources and in consultation with the industry.

Conclusion

The Sunrise Issue remains a formidable challenge in the path to global Travel Rule compliance. By understanding the complexities involved, staying engaged with regulatory developments, and employing flexible technological solutions, VASPs can navigate this evolving landscape more effectively. As the industry continues to mature, collaborative efforts and adaptive strategies will be key to overcoming these hurdles.

This article explores the intricacies of the crypto Travel Rule, which is not merely an information exchange mechanism but also a powerful tool that companies can use to mitigate pre-transaction risks (including sanctions risks) and unlock new opportunities. We explore the rule’s purpose, objectives, and core components: VASP identification, due diligence, transaction qualification, information collection, and pre-transaction counterparty risk assessment.

‍

‍

The Crypto Travel Rule: A Shield Against Illicit Activities

The Travel Rule presents a robust safeguard against money laundering, fraud, and other illicit activities within the cryptocurrency landscape. Introducing stringent information exchange requirements creates a powerful barrier against criminals seeking to obscure the origin of their funds. However, it is essential to understand that the Travel Rule transcends mere data transmission. When executed effectively, the Travel Rule enables virtual asset service providers (VASPs) to stop potentially illicit transactions before they are created on the blockchain, significantly reducing VASP’s overall risk and exposure to sanctions — a pivotal development for the crypto industry.

‍

Pre-Transaction Travel Rule Implementation: A Defensive Tactic

Crypto transactions are immediate and irrevocable, a sharp contrast to traditional SWIFT payments, where settlements occur at scheduled intervals during the day, allowing beneficiaries time to request fund withholdings in the case of discrepancies, such as a mismatched beneficiary name. In crypto transactions, it’s essential that VASPs exchange information before settling the underlying transaction. Once funds are transferred, remediation becomes operationally burdensome — and in some cases, the risk may already have entered the VASPs’ spheres. 

‍

A pre-transaction implementation of the Travel Rule ensures that VASPs can perform critical risk assessments like beneficiary name matching and sanctions screening before receiving funds and, depending on their systems, before releasing funds to the end customer.

‍

The Travel Rule: Bridging the Gap Between Crypto Transactions and Real-World Entities

In addition to being a powerful counterparty risk mitigation tool, the Travel Rule is an indispensable infrastructure layer for crypto transactions because it establishes a connection between crypto activities and real-life individuals and entities.

Bridging this gap is essential for three reasons:

• Enhancing sanction controls: Before implementing the Travel Rule, VASPs conducted transactions with minimal information about their counterparties, leaving them vulnerable to potential risks. Now, the Travel Rule is a catalyst for reconstructing trust within the crypto space by enhancing sanction controls and counterparty risk management.
  
  
• Enabling new use cases: The Travel Rule opens the door to novel crypto transaction applications previously hindered by the lack of traceability. Traceability is crucial for several use cases (e.g., for accounting purposes) and paves the way for broader adoption of crypto payments and transactions.
  
  
• Preventing fraud: Fraud is a pervasive issue in crypto, and the Travel Rule addresses this problem by fostering collaboration among VASPs. This collaborative effort allows VASPs to verify the parties involved in a transaction collectively. For instance, if Alice initiates a transaction and informs her VASP that the funds are destined for her friend Bob’s account with another VASP, the beneficiary VASP can raise a red flag if the funds are actually being received by Daniel, a fraudster who has deceived Alice. 

‍Ultimately, when strategically implemented as a pre-transaction risk mitigation tool, the Travel Rule boosts the security of crypto transactions and opens up new horizons for the industry that could redefine how we interact with digital assets. 

‍

The Travel Rule is a robust safeguard against money laundering, fraud, and other illicit activities within the cryptocurrency landscape. By fostering a culture of proactive compliance and collaborative risk management, VASPs can unlock new dimensions of trust and operational excellence.

In February 2023, the Financial Action Task Force (FATF) Plenary observed a significant gap in the implementation of its revised Recommendation 15 in what concerns virtual assets (VAs) and virtual asset service providers (VASPs). Despite the October 2018 revision aimed at integrating and extending measures such as the Travel Rule to VAs and VASPs, numerous countries had not yet implemented these updated requirements.

To address this, the Plenary outlined a roadmap aimed at fortifying the implementation of FATF Standards concerning VAs and VASPs. This roadmap included conducting a comprehensive assessment of implementation levels across the global network. Today, the fruition of this commitment comes to light. 

After a 12-month process of collecting and evaluating relevant information, the FATF published a report on the Status of implementation of Recommendation 15 by FATF Members and Jurisdictions with Materially Important VASP Activity. 

This report features a detailed table evaluating various jurisdictions on key components such as:

• Risk assessment pertaining to VAs and VASPs
• Prohibition of VAs and VASPs
• Enacted legislation mandating VASP registration/licensing and application of AML/CTF controls
• Operational registration/licensing of VASPs
• Supervisory inspections on VASPs
• Enforcement/supervisory actions against VASPs
• Implementation of Travel Rule legislation

The jurisdictions under scrutiny include all FATF members and 20 non-FATF member jurisdictions deemed as hosting materially important VASP activities due to meeting the following criteria:

• Trading volume exceeding 0.25% of global trading and/or
• Having over 1 million users of virtual assets.

The evaluation published today is based on the responses provided by jurisdictions to the FATF's 2023 self-reported survey, which have been updated between January and March 2024. The FATF emphasizes that while informative, this data does not substitute a mutual evaluation or follow-up assessment of countries' compliance with Recommendation 15 as it has not been subject to a detailed analysis as per the FATF methodology. 

Three Key Insights from FATF’s Global Evaluation of Virtual Asset Regulation 

The data shared by the FATF provides three significant insights into how jurisdictions with materially important VASP activity are managing the sector:

‍

1. There has been an impressive progress on Travel Rule legislation
‍

Nearly 89% of jurisdictions with materially important VASP activity have either enacted or are in the process of enacting Travel Rule legislation. Only Australia, Iceland, Russia, South Africa, Ukraine, and Vietnam have yet to initiate this process.

‍

2. More than 90% of jurisdiction implement regulatory measures

Over 90% of jurisdictions with materially important VASP activity have implemented crucial measures to regulate and supervise VAs and VASPs. 91.2% conducted a risk assessment covering VAs and VASPs, while 90.7% enacted legislation mandating VASPs' registration or licensing and compliance with AML/CTF requirements. Similarly, 90.7% conducted supervisory inspections on VASPs.

‍

3. Only three jurisdictions prohibit virtual assets

‍
Only three jurisdictions with materially important VASP activity have explicitly prohibited VAs and VASPs: China, Egypt, and Saudi Arabia. 

‍

Goals of FATF’s Global Evaluation

The publication of this report serves three primary objectives:

• Enable the FATF network to assist jurisdictions with materially important VASP activity in regulating and supervising VASP activity;
• Encourage jurisdictions with materially important VASP activity to promptly implement Recommendation 15;
• Aid regulators and the private sector in discerning the status of Recommendation 15 implementation by jurisdictions with materially important VASP activity.

This last objective is particularly pertinent to Travel Rule compliance, especially in cross-border transactions involving VASPs based in jurisdictions not yet enforcing Travel Rule requirements (the Sunrise Issue).

For instance, in the United Kingdom, the Financial Conduct Authority (FCA) issued a communication on August 17, 2023, outlining more flexible obligations for UK VASPs when transacting with counterparts from jurisdictions without enforced Travel Rule requirements. The operationalization of this FCA guidance hinges on understanding the status of Travel Rule implementation in the counterparty's jurisdiction—a task now greatly facilitated by this new resource published by the FATF.

A Roadmap to Move Forward With

In conclusion, the release of FATF's report on the Status of implementation of Recommendation 15 by FATF Members and Jurisdictions with Materially Important VASP Activity marks a significant milestone: insights into the global landscape of crypto regulations shed light on the progress made and areas requiring further attention.

The findings underscore a collective commitment among jurisdictions with materially important VASP activity to enhance regulatory frameworks and compliance measures. Notably, the majority have taken decisive steps towards implementing Travel Rule requirements and strengthening supervision over VAs and VASPs. 

Moving forward, the objectives outlined in the report serve as a roadmap for continued collaboration and improvement towards a more robust and secure ecosystem for virtual assets.

Throughout 2023, the landscape of Travel Rule compliance was marked by a series of developments, from regulatory updates to strategic shifts in countries’ crypto stances. This article provides a comprehensive view of key milestones and strategic changes in various countries, underlining the year's pivotal role in shaping global Travel Rule compliance standards.

‍
An Overview of Key Crypto Travel Rule Milestones and Developments in 2023

NEW YORK, SINGAPORE, LONDON - March 12, 2024

‍‍

- Notabene, the leader in pre-transaction decision-making and Travel Rule compliance solutions, today released its third annual State of Crypto Travel Rule Compliance Report 2024. This year's findings highlight a remarkable compliance milestone: 96% of surveyed financial and crypto institutions are now compliant or on the path to compliance this year, showcasing significant industry-wide progress.

Based on a survey of 70 leading institutions worldwide, the report reveals a substantial increase in regulatory diligence and a commitment to the Travel Rule—an anti-money laundering framework introduced by the Financial Action Task Force (FATF) to virtual asset service providers (VASPs) in 2019. This framework aims to bolster transparency and security in crypto transactions. Notable findings from the report include a 187.5% surge in firms restricting non-compliant transactions and a significant leap in due diligence practices, with 64% of entities now verifying counterparties before transacting.

Pelle Braendgaard, CEO of Notabene, reflects on the progress, stating, "The industry is making great strides towards enhanced security and regulatory compliance. Embracing the insights from the latest State of Crypto Travel Rule Compliance Report will further drive our collective progress towards a unified financial ecosystem."

The report also uncovered that significant challenges, such as protocol interoperability, remain despite these advancements. A significant portion of respondents identified the lack of protocol interoperability as their primary hurdle to full compliance. Additionally, 37% reported never having received a Travel Rule message,  further highlighting interoperability issues. Full compliance for the 37% of VASPs that have not received any Travel Rule messages could bring a significant and potentially disproportionate impact on business, as it would require them not to accept any deposits.

The report offers actionable insights for navigating the complexities of global compliance, advocating for flexible regulatory frameworks and improved technology solution interoperability.

For an in-depth analysis and recommendations, access the complete report on notabene.id.

-ENDS-

For media inquiries or further information about Notabene and Shift Markets, please contact: [email protected]

About Notabene:

Notabene developed the crypto industry's only pre-transaction decision-making platform, enabling customers to identify and stop high-risk activity before it occurs. With a focus on security, privacy, and user experience, Notabene's multi-source data and software enables real-time decision-making, counterparty sanctions screening, self-hosted wallet identification, and more. SOC-2 security certified and trusted by over 100 companies, Notabene operates globally with headquarters in New York, and presence in Switzerland, Singapore, Germany, and the United Kingdom.

Companies like Copper, Luno, Crypto.com and Bitstamp leverage our  SafeTransact platform for Travel Rule compliance, tailored to their needs and aligned with global and local regulations. Our platform builds trust in virtual asset transactions to foster financial growth with minimized risk.

Get started today; sign up for our free SafeTransact Rise plan to respond to regulated transactions for free using the world's largest VASP Network. 

LinkedIn | Twitter

In the past year, the crypto compliance landscape has seen remarkable developments, leading to the widespread adoption of Travel Rule compliance. By the end of 2024, the Travel Rule is expected to see mass adoption, but not without bringing its operational complexities. This article explores critical trends and introduces Notabene's solutions to these evolving regulations.

Global Adoption: Setting the Stage for Universal Compliance

The past year has marked a significant shift towards regulatory alignment on a global scale. The United Kingdom, with the third highest transaction volume worldwide, adopted the Travel Rule, meaning that the regulation will cover a substantial volume of global transactions.

The European Union, through the Transfer of Funds Regulation, has set a new precedent, standardizing crypto Travel Rule requirements across its 27 member states. In the Asia-Pacific region, countries like Hong Kong and the United Aarab Emirates (UAE) have integrated Travel Rule compliance into their crypto business licensing frameworks. Eighty VASPs are currently looking to establish their presence in Hong Kong, and 1000 firms have applied to register under Dubai’s Virtual Asset Regulatory Authority. Given their substantial crypto asset transactions, India and Japan's adoption of the Travel Rule underscores the global momentum towards standardized regulatory practices. Their compliance is particularly noteworthy given the combined $300 billion in crypto assets received. ^[1]

The momentum extends with the Transfer of Funds Regulation coming into effect on December 30, 2024. We expect the Travel Rule to broaden its reach to regions like Latin America, South Africa, Taiwan, Australia, and Qatar. Additionally, Notabene’s “State of Crypto Travel Rule Compliance Report 2024" revealed a strong industry drive towards compliance, with 96% of virtual asset service providers (VASPs) aiming to meet the requirements by year-end, highlighting the critical nature of compliance for business continuity and the potential risks for non-compliant VASPs.

‍

‍

The Multi-Jurisdictional Compliance Challenge

Operating across various regulatory jurisdictions presents unique challenges. Global VASPs must take a nuanced approach to maintain operational fluidity while adhering to diverse regional regulatory implementations. Our yearly report reveals that nearly half of the businesses surveyed navigate Travel Rule obligations in multiple jurisdictions, significantly increasing the complexity of compliance efforts. 

‍

‍

Further, 65% of respondents highlighted a "multi-jurisdictional roll-out" as a critical success factor for their Travel Rule solutions.

‍

‍

‍

Streamlining Compliance with Notabene's Multi-Jurisdictional Tool

Notabene offers tailored solutions to ease the complexities of multi-jurisdictional compliance. Our Multi-Jurisdictional Compliance Tool simplifies the management of compliance obligations across different countries, enabling businesses to integrate new jurisdictions into their operational frameworks with just one click, gain comprehensive insights, and redirect transactions efficiently.

‍

{{cta-learnmore15="/cta-components"}}

‍

Tackling Self-Hosted Wallet Compliance

The Financial Action's Task Force (FATF's) updated guidance now extend the Travel Rule to include self-hosted wallets, requiring businesses to identify and, in some cases, verify the owners. The EU's upcoming Markets in Crypto-Assets Regulation (MiCA) will further enforce this, mandating self-hosted wallet verification for transactions over 1,000 EUR.

‍

Trend Analysis: How VASPs Are Navigating Self-Hosted Wallet Compliance

Our findings indicate a global trend towards mandatory wallet ownership verification, with 66% of companies implementing restrictions on self-hosted wallet transactions. A notable 33% of companies mandate first-party transactions. This means that a third of the businesses surveyed only allow transactions where customers can directly demonstrate control over their wallet addresses.

‍

‍

Enhanced Self-Hosted Wallet Verification: SafeConnect

In response to evolving compliance needs, Notabene has enhanced its SafeConnect tool for self-hosted wallet verification. The latest update introduces Bitcoin Wallet Ownership Proofs and improved capabilities for Ethereum wallets, streamlining the verification process while maintaining transactional ease.

{{cta-learnmore17="/cta-components"}}

‍

Looking Ahead: Ensuring Compliance in the Evolving Regulatory Landscape

As the regulatory landscape continues to evolve, it underscores the need for robust and scalable Travel Rule compliance solutions. Notabene's tailored solutions offer businesses the tools they need to navigate these changes with confidence. Take the first step towards securing your business's future in the evolving crypto landscape. 

As regulations evolve, so do the challenges. Global VASPs increasingly finding themselves at the crossroads of Travel Rule compliance, a task that becomes more daunting as they expand across various jurisdictions. 

The goal of maintaining a global presence while adhering to local regulations is more critical than ever. In response to these evolving demands, Notabene offers a comprehensive Multi-Jurisdictional Compliance tool designed to simplify the management and expansion of VASPs' jurisdictional reach with ease.
‍

Understanding the Multi-Jurisdictional Compliance Landscape

The landscape of Travel Rule compliance is rapidly changing, with a significant uptick in VASPs that are subject to Travel Rule obligations in more than one country. According to our State of Crypto Travel Rule Compliance Report 2024, nearly 50% of VASPs are now navigating the complexities of multi-jurisdictional compliance, marking a 104% increase from the previous year. Further, our survey highlighted that 65% of respondents name ‘multi-jurisdictional rollout’ as their top two factors as they search for Travel Rule compliance solutions, underscoring the growing importance of adaptable and extensive compliance frameworks in today's global market.

Navigating the Challenges of Global Travel Rule Compliance

‍

VASPs operating across multiple jurisdictions encounter a myriad of challenges, including:

• ‍Diverse Compliance Requirements: Each jurisdiction comes with its own set of compliance mandates, from specific Personal Identifiable Information (PII) requirements to varying approaches to self-hosted wallet transactions. This diversity necessitates a bespoke compliance strategy for each jurisdiction, adding layers of complexity to global operations.
  ‍
• Customized Implementation Needs: Expanding into new jurisdictions isn't just about scaling operations; it involves intricate technical implementations, operational adjustments, and comprehensive local staff training to ensure seamless integration into the existing compliance framework.
  ‍
• Complex Organizational Structures: VASPs often operate within complex organizational frameworks, ranging from centralized, nested structures under a single parent entity to independent, un-nested setups that allow for autonomy. Some combine these models to accommodate intricate compliance and operational needs, further complicating the implementation of global compliance strategies.
  ‍
• Accurate Transaction Routing: Ensuring that transactions are correctly associated with the appropriate jurisdiction adds another layer of complexity. This is particularly crucial, as accurately identifying transaction counterparts is the essential first step for Travel Rule compliance. Currently, VASPs utilize a combination of blockchain analytics, customer input, and other discoverability methods to navigate this challenge. However, these methods have limitations, such as the inability of blockchain analytics to pinpoint specific legal entities and the reliance on potentially uninformed end customers for crucial transaction details.

‍

Introducing Notabene's Multi-Entity Support Tool

Notabene introduces the Multi-Jurisdictional Support tool, designed specifically for global VASPs to manage multiple entities and transactions across jurisdictions effortlessly. 


Simplified Jurisdiction Activation and Management

Activating a new jurisdiction is as straightforward as accessing the Notabene dashboard and selecting "activate new jurisdiction." This action seamlessly integrates the specific regulatory requirements of the new jurisdiction into the entity's operations, ensuring compliance with minimal effort.


Deep Regulatory Insight and Automated Compliance

Notabene's platform is enriched with insights from active engagement with regulators and industry experts, ensuring a standardized approach to compliance. With regulatory requirements from over 23 jurisdictions encoded, VASPs can confidently expand their global operations, knowing they are in compliance with local laws.


Flexible Organizational Structuring

The tool accommodates various organizational structures, allowing companies to reflect their real-world setup within the platform:

• Nested Structure: For centralized management, entities can be organized hierarchically within a parent entity.
• Un-nested Structure: Entities can operate independently, providing autonomy and customization.
• Mixed Structure: A combination of nested and un-nested entities supports complex compliance needs.
• Single and Multiple Group Options: Entities can be streamlined under a single group or divided among multiple groups to facilitate the management of diverse business units or subsidiaries.

‍

‍

‍
Streamlined Transaction Routing

Notabene's Multi-Jurisdictional Support tool ensures transactions are automatically allocated to the correct entity, enhancing compliance with local regulatory reporting requirements. Our solution allows the Beneficiary VASP, best positioned to identify the receiving entity, to redirect Travel Rule transfers automatically to the relevant entity. This not only speeds up the pre-authorization of transactions but ensures their accurate delivery, relieving the Originator VASP of the burden of discovery.

Moreover, beneficiary VASPs with multiple entities can allocate deposit transfers automatically with our transaction redirect feature, allowing each entity to manage Travel Rule records tied to their deposits. This facilitates compliance demonstration to auditors and supervisors at the entity level.

Failure to redirect transfers correctly may result in loss of transaction volume for Beneficiary VASPs, as stricter due diligence obligations demand precise identification of transacting parties. Hence, Originator VASPs may hesitate to share Travel Rule information when the specific legal entity is unknown.

‍

‍

Elevate Your Compliance Strategy Today

Prepare your global company for success with Notabene's Multi-Jurisdictional Support tool. For existing customers, please designate a Group Admin to unlock these features. New customers will be guided through this process automatically.

As Travel Rule regulations expand to include more counterparty types, customers engaging in non-custodial need a reliable method to verify self-hosted wallet ownership.

SafeConnect, a flagship offering from Notabene, is stepping up to meet this demand by extending its self-hosted wallet verification capabilities to include Bitcoin wallet verification, aiding virtual asset service providers (VASPs) in compliance with various wallet counterparty types. 

‍

Aligning with Regulatory Developments

In its October 2021 guidance, the Financial Action Task Force (FATF) broadened the Travel Rule's scope to include transactions between VASPs and self-hosted wallets. This extension necessitates collecting and sometimes verifying information about the self-hosted wallet's owner by VASPs. 

Further, the forthcoming Transfer of Funds Regulation in Europe, taking effect this December, stipulates that for transactions exceeding 1,000 EUR, crypto-asset service providers must verify the ownership or control of the self-hosted address by the client conducting the transaction. VASPs facilitating self-hosted wallet transactions in all 27 EU member states must have a solution to verify wallet ownership of the broadest range of self-hosted wallets possible. 

Introducing Bitcoin Wallet Verification Proofs

Our self-hosted wallet verification tool, SafeConnect, enables customers to verify self-hosted wallet ownership on 200+ Ethereum-based wallets. Today, we expand its capabilities to facilitate Bitcoin wallet verification. Previously focused on Ethereum proofs, SafeConnect now transcends this boundary to embrace Bitcoin verification, accommodating a broader spectrum of digital assets. This enhancement is crucial, considering the FATF's emphasis on accommodating all virtual asset types and the TFR's requirement for rigorous verification processes for significant transactions.

‍

How it works

‍

• Customers connect their Ledger or Trezor hardware wallets to SafeConnect.
• SafeConnect automatically searches for the Bitcoin address associated with the transaction.
• Once the address is found, the customer will be are prompted to sign a wallet ownership verification message on their device.
• SafeConnect verifies the signature's authenticity and marks the transaction as ready to send.
  ‍

Improving the Ethereum Proofs

This update also brings enhancements for seamless Ethereum-based wallet proofs. We’re scaling up to support over 300 Web3 wallets and extending our services to more than 10 EVM-based networks. This expansion will significantly broaden our ability to support Ethereum-based wallet ownership proofs.
‍

How to Get Started

Current customers have access to these updates by updating to the latest version of SafeConnect. Other interested parties can book a demo with our team. 

Are you grappling with the complexities of the Travel Rule in your jurisdiction? You may be a consultant aiding financial institutions in achieving compliance with recent AML regulations. Given its significant impact on their operations, the necessity of a deep understanding of Travel Rule compliance cannot be overstated. This understanding is vital for maintaining regulatory compliance and the smooth operation of financial institutions.

The increasing frequency of Travel Rule deadlines has amplified the urgency for this knowledge. Moreover, regulators are mandating that Virtual Asset Service Providers (VASPs) establish robust Travel Rule frameworks as a precondition for obtaining operational licenses. This landscape highlights the critical need for specialized and comprehensive education in Travel Rule compliance.

We proudly present the Notabene Travel Rule Fundamentals Certification (NB-TRFC) program to address this need. Designed to infuse your organization with our deep expertise in the Travel Rule, this program equips you with the necessary knowledge and skills for seamless compliance. Our certification course offers a structured path to mastering Travel Rule compliance, providing a strategic advantage in the rapidly evolving industry.

‍

Introducing the NB-TRFC Program

The NB-TRFC program is a carefully designed educational journey aimed at making you an authority in Travel Rule compliance. You can expect:

• Tailored Content: Our curriculum focuses on the distinct regulatory landscapes of the Americas, Europe, the Middle East, Africa (EMEA), and the Asia-Pacific (APAC) regions.
• Holistic Approach: The program consists of three specialized courses, ensuring you gain a comprehensive understanding of every facet of Travel Rule compliance.

‍

Exploring the NB-TRFC Program

You have two options: enroll in the free Foundation course or the paid full program, which would provide you with a professional certification. Your educational journey is meticulously planned to provide an in-depth understanding of the Travel Rule, tailored to the region of your choice. The program includes:

1. Foundation Course: Start your compliance journey with the "Travel Rule—Foundations Course." This module simplifies the Travel Rule's historical context and current implications, laying the groundwork for more advanced strategies.
2. Advanced Compliance: Take your expertise to the next level with the "Travel Rule—Advanced Course." This part focuses on complex compliance scenarios, from Anti-Money Laundering checks to transaction monitoring.
3. Jurisdictional Focus: Conclude with a "Jurisdictional Deep Dive" course in the Americas, APAC, or EMEA region. This section will give you a playbook for localized compliance, highlighting key regulatory nuances in specific markets.
   ‍

Who Should Enroll?

This program is perfect for compliance officers and professionals, regulators, advisory professionals, legal advisors, and financial professionals in the crypto industry. Whether you're a beginner or an experienced professional, the courses offer both foundational and advanced insights.  It is a great way to certify not only yourself and your team!  

How to Get Started

Ready to become a certified expert in Travel Rule compliance? Visit our academy website for details on enrollment, course schedules, and pricing. Take the first step in your certification journey today!

‍

{{training4="/cta-components"}}

‍

Disclaimer

This certification program is for educational purposes only. It does not constitute legal, financial, investment, or any other advice. The digital asset space is dynamic, and some information may become outdated as the industry progresses.

In November 2023, the European Banking Authority (EBA) unveiled a Consultation Paper on the proposed Travel Rule Guidelines, marking a significant step in the evolution of EU financial regulation. This initiative addresses the growing need for clear regulatory frameworks as digital finance transforms the landscape of global transactions.

The EBA presented its proposed Travel Rule Guidelines as a direct response to the mandate outlined in Article 36 of the Transfer of Funds Regulation, which empowered the authority to issue guidelines to Crypto Asset Service Providers (CASPs), aiming to guide entities on how to comply with some of its requirements. 

This article explores the key takeaways of the EBA’s Travel Rule Guidelines and provides enriching insights from Notabene’s presentation at the EBA’s public hearing. 

‍

Key Takeaways from the EBA’s Consultation on Travel Rule Guidelines

‍

1. CASPs must consider interoperability when selecting a messaging protocol

The EBA emphasizes the need for interoperability among protocols used for transmitting Travel Rule information. The EBA advises CASPs to choose messaging protocols that are robust and interoperable, capable of seamless communication across various systems, and in line with industry standards. This approach aims to mitigate data integration challenges and enhance the efficiency of adhering to regulatory mandates.

“When choosing the messaging protocol, CASPs and ICASPs should ensure that the protocol’s architectures are sufficiently robust to enable the seamless and interoperable transmission of the required information by:
a. evaluating the protocol’s interoperability features to ensure it can seamlessly communicate with other systems, both within and outside CASPs and ICASPs;
b. considering the compatibility with existing industry standards, protocols, and blockchain networks to facilitate integration; and
c. assessing data integration and data reliability.”

‍

Notabene’s commentary:

During the EBA’s public hearing, we praised the EBA for recommending interoperability assessments promoting open and interoperable communication standards. This concept aligns with the FATF calling for more interoperability in tools and with surveyed VASPs calling for a global unified approach in travel rule communication and reachability in response to Notabene’s 2023 State of Travel Rule Survey. 

‍

‍

2. Deposits can only be accepted if the received information allows unambiguous identification of all parties involved in the transaction

The EBA outlined the procedures CASPs should implement to manage transfers lacking the required information.

‍

The EBA’s Guidelines for Addressing Missing Information in a Crypto Transaction

‍

Let’s break this down step by step.

Step 1: First, upon detecting missing information, the beneficiary CASP can either straightaway reject/return the transfer or request missing information from the prior CASP in the chain. 
‍

Where the crypto-asset service provider of the beneficiary becomes aware that the information referred to in Article 14(1) or (2), or in Article 15, is missing or incomplete, that crypto-asset service provider shall, on a risk-sensitive basis and without undue delay:
(a) reject the transfer or return the transferred crypto-assets to the originator’s crypto-asset account; or
(b) request the required information on the originator and the beneficiary before making the crypto-assets available to the beneficiary.

‍

Decision Flowchart for Handling Missing Information in Crypto Transfers per the EBA

‍

‍

Step 2: If the beneficiary CASP decides to ask for missing information, it should set a reasonable deadline by which the information should be provided. Transfers within the Union require the information to be provided within three working days, while transfers outside the Union have a deadline of 5 working days. If more than two parties are involved in the transfer flow or at least one CASP is based outside of the EU, the deadline extends to up to 5 working days. Additionally, if a CASP requests information from a prior CASP in the transfer chain, it must notify the prior CASP of the transfer’s suspension due to missing or incomplete information.

Step 3: If the beneficiary CASP asks for missing information and the previous CASP fails to provide it, the beneficiary CASP:

• may only consider accepting the deposit if both the originator and beneficiary are unambiguously identified and
• must evaluate the future treatment of the previous CASP, ICASP, or self-hosted address in the transfer chain for AML/CFT compliance purposes

Where a CASP becomes aware that required information is missing, incomplete or provided using inadmissible characters during the transfer and executes the transfer, based on all relevant risks, and provided that the condition in paragraph 50 is not met, it should document the reason for executing that transfer and, in line with its risk-based policies and procedures, consider the future treatment of the prior CASP or self-hosted address in the transfer chain for AML/ CFT compliance purposes.
Where the payer, payee, originator, or beneficiary cannot be unambiguously identified due to missing or incomplete information or information provided using inadmissible characters, the CASP should not execute the transfer.

‍

Decision Path for Missing Information Response in Crypto Transfers per the EBA

‍

Step 4: In cases where a CASP consistently fails to provide the required Travel Rule information, specific actions are mandated for the beneficiary CASP. Initially, steps such as issuing warnings and setting deadlines must be taken to address the issue. If the required information is still not provided despite these measures, the provider has the authority to reject, restrict, or terminate the transaction per established procedures. Additionally, it is required that the beneficiary CASP reports such failures and the steps taken to the competent authority responsible for monitoring compliance with AML/CTF regulations. This ensures accountability and regulatory oversight in addressing non-compliance issues within the crypto-asset service industry.

‍

Notabene’s commentary:

During the public hearing, Notabene challenged the strict rejection of deposits when the identity of the parties cannot be unambiguously confirmed, proposing a nuanced approach based on risk assessment, particularly in transactions with jurisdictions not yet enforcing the Travel Rule.

‍

3. The EBA provided guidelines for verifying ownership or control of self-hosted wallets in transactions over 1,000 EUR

As established in the TFR, if a crypto-asset transfer is made to/from a self-hosted address, the originator or beneficiary CASP must gather and retain specific information, ensuring the transfer can be tracked individually. If the transfer exceeds EUR 1,000, additional measures must be taken to verify whether the address belongs to the originator or beneficiary. These measures are further specified in the proposed EBA guidelines, which state that the verification should be conducted using at least two suitable methods:

• Advanced analytical tools
• Unattended verifications 
• Attended verification 
• Sending of a predefined amount set by the CASP from and to the self-hosted address to the CASP’s account
• Signing of a specific message in the account and wallet software, which can be done through the key associated with the transfer
• Requesting the customer to digitally sign a specific message into the account and wallet software with the key corresponding to that address
• Other suitable technical means

‍

The guidelines from the EBA appear to introduce the possibility of accepting transactions from third-party self-hosted wallets, a detail not explicitly outlined in the TFR text, which primarily focuses on verifying whether the CASP’s own customer maintains control over the self-hosted wallet. 

Where the self-hosted address is owned or controlled by a third person instead of the CASP customer, the CASP should, in addition to applying the verification requirement in accordance with Article 14 (5) or Article 16 (2) of Regulation (EU) 2023/1113, apply mitigating measures commensurate with the risks identified as per Article 19a of Directive (EU) 2015/849

‍

Notabene’s commentary:

During the public hearing, Notabene suggested that using more than one method for wallet ownership verification should not be required as a rule but recommended only for cases where it proves necessary. We also sought clarification on the treatment of third-party self-hosted wallet transactions.

‍

4. The status of Travel Rule enforcement in the counterparty jurisdiction is a relevant risk factor

The TFR specifies that the beneficiary CASP must establish procedures to detect whether the required Travel Rule information was provided. In turn, the proposed EBA guidelines elaborate on the monitoring process, highlighting the need for beneficiary CASPs to develop policies and procedures for determining which transfers require pre-transfer or post-transfer monitoring. This involves assessing various risk factors, including the regulatory treatment in the counterparty’s jurisdiction, in particular, the Travel Rule implementation status. 

‍

Notabene’s commentary:

Understanding the global status of Travel Rule requirements is thus crucial for a comprehensive Travel Rule policy. Notabene offers valuable resources in this regard, including information on our website and our annual State of Crypto Travel Rule Compliance Report, which features a detailed chart presenting a comprehensive overview of global Travel Rule adoption, including enforcement status in each jurisdiction, compliance thresholds, and obligations related to self-hosted wallets. These are valuable resources for CASPs in establishing procedures aligned with EBA guidelines.  

‍

What's next?

As the European Union ramps up for its Travel Rule enforcement deadline, the EBA’s proposed Travel Rule Guidelines stand as a pivotal development for CASPs and the broader digital finance ecosystem. These guidelines aim to enhance transparency and security in crypto-asset transactions and reflect a collaborative effort to adapt to the digital age’s complexities.

Notabene’s insightful contributions during the public hearing and the industry’s collective feedback underscore the importance of a unified approach to regulatory compliance. As we approach the public consultation deadline and anticipate the final guidelines, it’s crucial for stakeholders to remain engaged and proactive in shaping a regulatory environment that supports innovation while safeguarding integrity.

The EBA’s guidelines will undoubtedly play a crucial role in harmonizing practices across Europe, setting a precedent for global regulatory coherence in the digital finance realm. As we mark our calendars for the key dates leading up to the TFR enforcement, let’s continue to foster dialogue and collaboration, ensuring that the future of trusted crypto transfers is secure, transparent, and inclusive.

As we kick start the new year, we recognize that 2023 was undeniably a pivotal chapter in the ongoing narrative of crypto compliance. Last year, the space witnessed unprecedented transformations, surmounting challenges, and celebrated key milestones that underscore the industry's commitment to maturity, responsibility, and global cooperation. The challenges faced, lessons learned, and strides made in the pursuit of regulatory clarity have set the stage for a promising future. 

As Notabene's Head of Regulatory and Compliance, and with my background as a Crypto Compliance Officer, my excitement for what lies ahead is palpable. In this piece, I'll revisit some of the standout trends and milestones of 2023 and offer a glimpse into my predictions for the year ahead. 

‍

Global Crypto Regulatory Developments in 2023

‍

Regulatory Maturity and Global Alignment

2023 marked a turning point as regulatory bodies worldwide exhibited a growing understanding of the crypto landscape. Major jurisdictions refined existing frameworks and introduced comprehensive regulations, paving the way for a more mature and structured industry that will continue to support various use cases.

Global regulatory progress in 2023: key regional developments

Commitment in Key Regions: The United Kingdom, Hong Kong, United Arab Emirates, India, Japan, and the EU demonstrated a commitment to fostering a secure and transparent crypto ecosystem.

• Hong Kong: The Securities and Futures Commission (SFC) implemented a regulatory framework for crypto exchanges, where licensed virtual asset portfolio managers are subject to the same regulatory standards as traditional securities firms.
• The UAE: The Dubai Multi Commodities Centre (DMCC) introduced a comprehensive regulatory framework for businesses engaged in crypto-related activities.
• India: Showed an increased interest in blockchain and digital assets; explored the possibilities of a central bank digital currency (CBDC) and developed crypto regulations.
• Japan: Introduced a licensing system for cryptocurrency exchanges overseen by the Financial Services Agency (FSA).

Notabene's Industry Impact: Showcased dedication to building a regulatory framework to address anti-money laundering (AML) concerns and facilitating secure cross-border transactions, with a significant increase in transaction volume in the Notabene system.

‍

Travel Rule Implementation Gained Traction

2023 marked a significant leap forward in Travel Rule implementation. Inspired by FATF guidelines, jurisdictions worldwide have made substantial progress enforcing this essential measure. According to a recent report by Price Waterhouse Cooper, 42 countries have engaged in discussions or enacted cryptocurrency regulations and laws in 2023. These efforts primarily concentrate on four central areas: regulating stablecoins, ensuring compliance with the travel rule, providing clear guidelines for licensing and listings, and developing comprehensive frameworks for cryptocurrency.

Global emphasis on Travel Rule

Across the globe, regulators highlighted the importance of Travel Rule. 

• The UAE: VARA and ADGM emphasize the need for policies and steps related to the Travel Rule for provisional licenses. 
• Hong Kong: the Securities and Futures Commission (SFC) adopted a descriptive approach, outlining specific due diligence requirements for Virtual Asset Service Providers (VASPs). 
• Japan: the amendment to the Act on Prevention of Transfer of Criminal Proceeds (APTCP) amendment established more straightforward Travel Rule obligations for VASPs, contributing to a more defined regulatory landscape.  
• The EU’s revised Travel Rule Framework (TFR) introduced Travel Rule requirements for Crypto Asset Service Providers (CASPs), ensuring harmonization across all 27 member states.

2023 Travel Rule enforcement dates

• February 7, 2023 —  Dubai
• June 1, 2023 — Hong Kong
• June 1, 2023 —  Japan
• September 1, 2023 — United Kingdom

Heightened transparency and cross-border collaboration

These moves have not only heightened transparency but have also laid the groundwork for effective cross-border collaboration. As the latest addition to crypto AML regulations, Travel Rule compliance uniquely offers VASPs transaction-level insights into counterparties, and sanctions. This insight enables VASPs to detect whether clients send transactions to sanctioned entities, wallets, or jurisdictions. Properly implemented, Travel Rule compliance empowers VASPs to halt potential illicit transactions before they are recorded on the blockchain, thereby reducing overall risk exposure and avoiding operational challenges.

‍

Interoperability Challenges Were Addressed

The industry has made significant progress in addressing the interoperability challenges obstructing seamless collaboration between disparate networks and closed systems. Standardization and collaborative initiatives bridged the gaps, fostering a more interconnected and compliant ecosystem.

Key developments in interoperability:

• IVMS102 Updates: The industry's efforts in updating the IVMS102 standard have been noteworthy. IVMS102 is crucial in standardizing messaging formats across different systems, facilitating smoother information exchange, and reducing complexities in multi-system interactions. This standard is critical in ensuring that different platforms can effectively communicate and transact with one another.
• TRP and TRISA Collaboration: The integration of TRP, a decentralized peer-to-peer Travel Rule protocol, with TRISA, is a significant stride forward. VASPs using TRP can effortlessly exchange compliant data with those using TRISA. This marks a monumental step in global compliance and security enhancement.
• Notabene's SafeGateway Solution: Notabene introduced SafeGateway, a noteworthy innovation enhancing Travel Rule compliance. It facilitates seamless interactions between VASPs across various protocols, enabling a unified compliance strategy and efficient access to counterparties, thus simplifying regulatory adherence. This development has been a focal point in Notabene's contributions to the FATF’s Virtual Asset Contact Group discussions.

‍

Technological Advancements in Compliance Tools‍

Did someone say AI?

The rapid evolution of compliance technologies has been a standout feature of the year. Companies have harnessed blockchain analytics, artificial intelligence, and machine learning to develop sophisticated tools. These tools are used for monitoring, reporting, and ensuring adherence to regulatory requirements and transparency for crypto compliance, as demonstrated by the cross-chain investigation tools that blockchain analytics companies can offer.

2024 Projections for Crypto Regulation: Key Trends to Watch

So, what’s on my crystal ball for 2024 projections? Here are a few themes. 

‍

Heightened Scrutiny on Source of Funds Controls

Recent geopolitical events, particularly the Russia-Ukraine conflict, have intensified the focus on sanctions compliance in cryptocurrency transactions. This shift has led to increased regulatory pressure on Virtual Asset Service Providers (VASPs) to monitor the sources of funds more rigorously. Compliance with the Travel Rule plays a pivotal role here, as it empowers Beneficiary VASPs with clear records of fund sources, aiding in mitigating sanctions risks.

• UK Regulations: In the UK, beneficiary VASPs must return funds to the originator if there are discrepancies or missing Travel Rule information, ensuring tighter control and transparency.
• UAE Guidelines: The UAE's Virtual Assets Regulatory Authority requires Beneficiary VASPs to collect and retain detailed information about the originator and beneficiary for transactions exceeding AED 3,500.
• Hong Kong's Approach: A similar emphasis on the verification of fund sources is also observed in Hong Kong.

However, the success of Travel Rule compliance, particularly in deposits, largely hinges on the cooperation of Originator VASPs. Challenges such as the Sunrise Issue and limitations in protocol interoperability present obstacles to effective collaboration and compliance.

Amplified Focus on Custody of Customer Funds

In response to recent fund misappropriation and mismanagement incidents, regulators worldwide are moving towards stricter rules for the custody of customer funds. This shift is particularly evident in the growing requirement for a clear separation between exchange services and the custody of funds, emphasizing the importance of safeguarding investor assets.

Examples of funds segregation regulations:

• Canadian Regulations: The Canadian Securities Administrators have mandated crypto exchanges to segregate user funds and use appropriately qualified custodians to hold them.
• US SEC's Proposal: In the United States, the Securities and Exchange Commission (SEC) has proposed expanding and enhancing the role of qualified custodians to ensure safer custody of investor funds by investment advisors.
• Taiwan's Approach: Taiwan’s financial regulators are considering similar requirements for exchanges to segregate customer funds.
• Japan's Precedent: Japan already has a requirement for the separation of customer funds, a policy that contributed to mitigating the local impact of the FTX collapse.

These examples indicate a global trend towards more robust and transparent practices in the custody of customer funds within the crypto industry, reflecting a move towards increased protection for investors and stakeholders.

‍

Intensified Emphasis on Stablecoin Regulation

Stablecoin regulatory action will continue to increase in 2024. In 2023, various countries and financial bodies were actively working on regulatory frameworks to address stablecoin issuance and usage within their jurisdictions. These regulations may require stablecoin issuers to adhere to specific reserve and reporting requirements. 

In 2023, several countries and organizations advanced their stablecoin regulations:

• Hong Kong Regulators Push for Stablecoin Guidelines - Regulators in Hong Kong began looking to establish guiding principles for stablecoins before the end of 2023.
• The Biden administration in the U.S. proposed stablecoin regulation and the possibility of a digital dollar⁠
• Japan passed regulations allowing investors to trade using certain stablecoins 

• The U.S. House Committee published a draft stablecoin bill⁠ 3
• The Bank of England released stablecoin regulations due to take effect in 2024⁠ 

‍

Widespread Adoption of the Travel Rule

In 2024, we expect a significant surge in the global adoption of the Travel Rule. As more jurisdictions recognize its importance, we anticipate a large comprehensive network of compliant VASPs that will begin seamlessly exchanging information, fostering a safer and more transparent crypto environment. 

Key movements to mobilize compliance in 2024 include the EU's Transfer of Funds regulation, which will unify Travel Rule across EU nations, and LATAM's alignment efforts, highlighted by the Central Bank of Brazil's recent crypto consultations.

‍

Emergence of Unified Global Regulatory Frameworks

The upcoming year is set to witness the evolution of the groundwork laid in 2023 into more extensive, globally aligned regulatory frameworks and the development of more structured and transparent regulatory approaches. This development is expected to streamline cross-border regulatory processes, simplify compliance for crypto businesses, and create a more equitable playing field.

EU's regulatory advances

The EU has made significant strides with the introduction of the Regulation on Markets in Crypto-Assets (MiCA) and the revised Transfer of Funds Regulation (TFR). MiCA establishes a comprehensive framework for diverse crypto assets and service providers, aiming to balance investor protection, financial stability, and innovation. The revised TFR uniformly applies Travel Rule requirements across all EU member states, replacing the previously varied national approaches with a consistent compliance timeline.

UK's holistic approach

In a similar vein, the UK has embraced a comprehensive approach to crypto regulation. In 2023, HM Treasury issued significant updates on several regulatory fronts:

• Future financial service regime for cryptoassets, addressing the early stages of regulating DeFi activities and the regulatory treatment of staking.
• Management strategies for the failure of systemic Digital Settlement Asset firms.
• Plans to regulate fiat-backed stablecoins, with a goal to introduce related legislation by early 2024.

The UK's early and successful implementation of Travel Rule requirements, preceding the EU, highlights a growing trend towards transactional transparency. This development is leading to an increasing market preference for compliant transaction flows in the crypto sector.

These advancements in the EU and UK point to a trend towards more organized and transparent regulatory environments in the crypto industry, with a focus on protecting investors and encouraging innovation.

‍

Blurring Boundaries: Crypto Will Meet Traditional Finance 

The integration between the crypto industry and traditional financial sectors is projected to deepen further. 2024 is poised to be a year where we see heightened collaborative efforts leading to innovative financial products that bridge the gap between conventional and decentralized systems. This will be exciting! 

‍

Enhanced Privacy Measures

As the crypto industry continues to mature, a concerted focus on balancing regulatory compliance with user privacy is expected. We anticipate the  emergence of new privacy-centric technologies and protocols, offering enhanced confidentiality while maintaining adherence to regulatory standards.

‍

Crypto and Compliance Education: A Continuing Focus

Education and awareness programs will remain at the forefront of industry initiatives. As more users join the crypto space, understanding the importance of compliance and responsible practices will become paramount. Expect to see a surge in educational initiatives aimed at users, businesses, and regulators alike. Watch this space.

As we venture into 2024, the industry's commitment to responsible innovation, regulatory adherence, and collaborative growth will shape a future where digital assets seamlessly coexist with traditional finance, offering a dynamic and secure landscape for all stakeholders.

Here's to a year of continued evolution, progress, and positive disruption in the ever-evolving world of crypto compliance.

‍

P.S. When Lambo??

‍

‍

‍

‍

‍

Lana Schwartzman

As 2024 begins, we at Notabene reflect on a year of substantial milestones from the previous year. 2023 was a turning point, with regulatory clarity in financial hubs like the UK and Hong Kong and an industry-wide push toward trust-building key drivers to its recovery and widespread global adoption.

Of the 42 countries advancing crypto-focused regulations this year, the Financial Action Task Force’s (FATF) Travel Rule was the leading focus area, with 40 countries engaged in passing it as a requirement or having already done so. Virtual asset service providers (VASPs) globally welcome regulatory clarity as they expand their geographical operations.

This is a major inflection point for the industry, with those building trustworthy and compliant businesses best situated to succeed in 2024 and beyond. With Travel Rule compliance now a core requirement for VASP-to-VASP interactions, we have seen a substantial uptick in ‘compliant’ volumes, VASPs, asset types, and jurisdictions.

Notabene has risen to the challenge, improving transaction processing for custodial and non-custodial transactions, automating real-time transaction compliance, broadening our network and service offerings, and reinforcing our leadership in crypto pre-transaction decision-making.

Here’s a look back at some of the key highlights that defined Notabene’s 2023.

Processed Over $43 Billion in Transaction Volume Through SafeTransact

Our monthly transaction volume impressively increased by 760% year-over-year, reaching more than $9 billion. In 2023 alone, SafeTransact processed over $43 billion, significantly expanding our operational scale and impact. This remarkable volume underscores the global crypto community's trust and reliance on our platform. These figures mark a major milestone for Notabene, reflecting the growing adoption of compliant crypto transactions. Additionally, this volume originates from 70+ active VASPs, showing a diverse and non-dependent pattern on any single major VASP.

‍

Expanded Reach to 24 Originator Jurisdictions and More Than 63 Beneficiary Jurisdictions

Over the past year, there has been a significant surge in the number of jurisdictions involved in sending and receiving Travel Rule data transfers. The number of originator jurisdictions has soared by 118%, jumping from 11 in 2022 to 24 now. Simultaneously, beneficiary jurisdictions have increased by 16%, rising from 54 to 63. The top 5 originator jurisdictions by volume are the UK, Gibraltar, USA, Singapore, and Switzerland. This expansion signals considerable progress towards extensive global coverage and indicates an escalating urgency among counterparty responses. Importantly, it powerfully underscores the widespread, cross-global impact of cryptocurrency transactions.

‍

Identified Over 880,000 Self-Hosted Wallet Transactions

We've significantly expanded our services by supporting over 200 types of self-hosted wallets. Our user-friendly pop-up interface, SafeConnect, which efficiently identifies, collects, and verifies counterparty information using cryptographically signed messages, has successfully identified transactions involving more than 880,000 non-custodial wallets. This metric reinforces our commitment to managing and mitigating counterparty risk in crypto transactions beyond fulfilling Travel Rule transmission obligations in VASP-to-VASP transactions.

Supported Transactions in 350 Diverse Virtual Assets, a 162% increase

End-users transacted with 350 diverse asset types, up 162% from 2022. This growth demonstrates clients using more of our Notabene Network’s capabilities, which support over 10,000 asset types. It is also a testament to the expansion of secure crypto transactions to a broader range of crypto assets.

‍

Increased Customer Base to Over 120

Our customer community reached an impressive milestone of 120 members, including tier-one banks, custodians, fiat on/off ramps, and global exchanges, demonstrating the increasing trust and reliance on Notabene’s services.

‍

Launched Pivotal Features Like SAFE Implementation, SafeGateway, and Network Discoverability

In 2023, Notabene enhanced SafeTransact’s platform capabilities through significant features: SAFE Implementation, SafeGateway, and Network Discoverability, alongside numerous supporting enhancements. 

• SAFE Implementation streamlines Travel Rule compliance through a four-phase, rapid setup process, facilitating a smooth transition to full compliance.
• SafeGateway tackles the interoperability challenges of the Travel Rule by facilitating VASP-to-VASP interaction across protocols. 
• Network Discoverability addresses the challenge of identifying counterparties in transactions, offering a privacy-focused solution for VASPs to automatically recognize blockchain addresses, thus bolstering transaction security and efficiency.

‍

Achieved a 86% Transfer Match Rate

SafeTransact demonstrated remarkable efficiency, with 86% of transfers successfully reaching counterparties. This achievement highlights the platform’s noteworthy reachability rates despite the persistent fragmentation on the protocol level.

‍

Continued Our Award-Winning streak 

We continued our award-winning streak, receiving multiple accolades, including Regulation Asia’s “Best Travel Rule Compliance Solution” award for the second consecutive year. Further, several of our teammates—Lana Schwarzman, Alice Nawfal, Catarina Veloso, and Abi Bryant Spolar, were longlisted for Wirex’s 2023 Women in Crypto Power List.

‍

Introduced a Fully Integrated Solution to Process Travel Rule-Compliant Transactions with Fireblocks

This year, Notabene and Fireblocks launched a fully integrated solution for Travel Rule compliance in crypto transactions. This collaboration combines Notabene’s pre-transaction decision-making and Fireblocks’ platform for real-time compliance and adherence to global standards. Integrated into Fireblocks’ Compliance Suite, alongside Chainalysis and Elliptic partnerships, our joint offering delivers holistic pre-transaction risk management and close alignment between Travel Rule flows and transaction settlement. Learn more.

Surpassed All Six of FATF’s Travel Rule Solution Guidelines

In June 2023, the Financial Action Task Force (FATF) released an updated framework for Travel Rule compliance. Notabene’s SafeTransact meets these standards, offering advanced pre-transaction information sharing, thorough counterparty identification and due diligence, and handling varying Travel Rule requirements (i.e., compliance thresholds and scope of required information) across multiple jurisdictions. Notabene’s detailed guide highlights its commitment to surpassing regulatory requirements in the crypto sector. Download the guide for more insights. 

‍

Presented at the FATF Virtual Asset Contact Group

In December, Notabene made a third appearance at the FATF Virtual Asset Contact Group. This year, our Regulatory and Compliance team discussed challenges in meeting FATF standards, positive policy changes, and critical focuses for Travel Rule implementation. The team urged swift adoption of Travel Rule requirements, stressed phased implementation for VASPs, and called for private sector collaboration to tackle interoperability challenges.

‍

Completed Two Successful Test Rounds in the UK FCA’s Regulatory Sandbox

Notabene participated in the UK Financial Conduct Authority’s (FCA) Regulatory Sandbox, conducting two testnet rounds with firms like Ramp Network, Bitstamp, Wirex, CoinPass, Altalix, Hidden Road, Bitpanda Custody, Uphold and Zodia Markets. These testnets addressed new Travel Rule regulations effective in the region and offered insights into compliance challenges and solutions.

‍

Successfully Guided 12 UK Clients to Meet the September 1st Travel Rule Compliance Deadline

Notabene assisted 12 UK customers in successfully implementing the Travel Rule. This milestone event acknowledged the considerable efforts in preparing for the UK Travel Rule Go-Live. It was a chance for customers and industry leaders to connect, building a solid community among VASPs in the UK. 

‍

More than 65 Companies Participated in Our Second Annual Analysis of Private Sector Compliance 

Over 65 financial institutions and crypto companies participated in our second State of Crypto Travel Rule Compliance survey. We had the opportunity to share the outcomes with FATF members during the plenary session, providing key insights on Travel Rule compliance and regulatory developments from the industry's only private-sector study on Travel Rule compliance. 

‍

Shipped 4 Consultation Responses; 50+ Educational Pieces

In 2023, Notabene's Regulatory and Compliance team was instrumental in shaping the cryptocurrency regulatory landscape. They actively engaged in four significant public consultations across various regions, focusing on critical aspects of crypto regulation:

• In Hong Kong, they advocated for updates to the SFC Travel Rule Guidelines.
• In the United Kingdom, they collaborated CryptoUK to provide feedback on the JMLSG Guidelines' sunrise issue.
• In Australia, they submitted comprehensive responses to the Attorney General on the national crypto regulatory framework.
• For the European Union, they addressed the Anti-Money Laundering Regulation (AMLR) through INATBA, concentrating on resolving over-compliance in VASP due diligence and the conflict between the Transfer of Funds Regulation (TFR) and AMLR.

Additionally, the team attended 7 webinars and created over 50 informative pieces, including blogs, articles, and web pages. They also developed more than 15 jurisdiction-specific resources, with a keen focus on key areas like the UK and Hong Kong, with relevant changes and updates. Complementing these efforts, the Notabene team participated in over 40 industry events in 2023. 

As we bid farewell to a transformative year, we at Notabene are grateful for the opportunities and challenges that we encountered on our journey. Each milestone and innovation has reinforced our commitment to driving the crypto regulatory landscape forward. We eagerly anticipate what 2024 holds, ready to embrace new possibilities and continue our mission of providing secure, compliant, and innovative crypto transaction solutions. Here’s to a promising future and continued success!

‍

Yours,

The Notabene team. 

Notabene is delighted to announce our new partnership with Tap, a rapidly growing fintech provider, specializes in traditional money account management and cryptocurrency settlement solutions for over 250,000 registered users, This a strategic move aimed at bolstering Tap’s compliance operations through SafeTransact's top-tier solutions for continuous adherence to the crypto Travel Rule. 

This collaboration aligns perfectly with Notabene’s mission to make crypto transactions a part of the everyday economy. Our partnership is a testament to Tap's dedication to consumer trust and proactive stance in consistently meeting pre-transaction regulatory requirements.

Enhancing Compliance in the Crypto Industry

The cryptocurrency market is rapidly evolving, increasing regulatory demands for transparency, security, and compliance with local crypto legislation. Tap's strategic decision to partner with Notabene addresses a critical industry need in this context.

Notabene's powerful SafeTransact platform and SafeGateway solution offer distinct advantages:

• SafeTransact: Strengthens identification and mitigation of high-risk activity, empowers compliance teams with data-driven decision-making tools, and seamlessly integrates the Travel Rule into compliance processes.
• SafeGateway: A standout feature that facilitates effective VASP-to-VASP interactions across protocols, positioning Notabene at the forefront of the cryptocurrency compliance solutions sector.

Tap, known for its regulatory-first approach, emphasizes the importance of consumer trust and operational transparency. This partnership with Notabene will enhance Tap's operational efficiency and maintain its competitive edge in the industry.

Leaders’ Insights on the Collaboration

Kriya Patel, CEO of Tap, expressed enthusiasm about this strategic alliance with Notabene. 

“I am delighted to be able to announce our strategic partnership with Notabene and I look forward to growing the relationship together whilst navigating through to meeting and maintaining our current and future regulatory requirements in our industry. 

The partnership with Notabene was a natural one. They share the same values as Tap by focusing on customer-driven product needs, whilst allowing us to maintain a regulated and security-first approach.” - Kriya Patel, CEO of Tap.

Pelle Braendgaard, CEO of Notabene, echoed these sentiments, noting the alignment of Tap's commitment to compliance and customer trust with Notabene’s mission.

"We are pleased to collaborate with Tap, their commitment to compliance and customer trust aligns seamlessly with our mission. Together, we can advance the industry while ensuring the highest standards of security and transparency." - Pelle Braendgaard, CEO of Notabene.

In conclusion, Tap's partnership with Notabene is a forward-thinking move, aligning with the evolving demands of cryptocurrency regulation and reinforcing its commitment to maintaining the highest standards of compliance and customer trust.

[NEW YORK, LONDON, December 5, 2023]

Notabene, the trusted leader in crypto pre-transaction decision-making, announces SafeGateway, a new solution that facilitates VASP-to-VASP interactions across various protocols. This innovative tool streamlines compliance with the Travel Rule, making it easier for virtual asset service providers (VASPs) and financial institutions to connect and transact across diverse protocols. SafeGateway is a game-changer in crypto compliance, offering unmatched ease in connecting with global counterparts and managing regulatory requirements, all through a single, user-friendly platform.

The need for SafeGateway arises from the lack of interoperability among Travel Rule compliance solutions. According to Notabene's 2023 State of Crypto Travel Rule Compliance report, 24% of surveyed VASPs identified protocol interoperability as a compliance challenge, with 20% concerned about protocol fragmentation.

Additionally, the Financial Action Task Force (FATF), the anti-money laundering watchdog that extended the Travel Rule to crypto transactions, continuously urges the industry towards interoperability. In its 2022 and 2023 Targeted Updates on Implementation of the FATF Standards on Virtual Assets and Virtual Asset Service Providers, FATF consistently urged the development of global, interoperable solutions that align with varying jurisdictional requirements, encouraging the private sector to advance interoperability through technological means or collaborative efforts.

SafeGateway emerges as Notabene’s response to this interoperability puzzle by facilitating interoperability between VASPs instead of between protocols. By offering three gateway configurations to the 5+ protocols on the market, SafeGateway provides customers with maximum reach to counterparty VASPs and institutions globally to transact safely with counterparties across disparate networks while catering to their particular security needs. This development is vital as the alternative is that companies cannot transact with counterparties who are not on their protocol. 

SafeGateway is a timely solution, considering major enforcement deadlines are approaching, such as the European Union's December 30, 2024 deadline. Starting January 1, 2025, all 27 member states will have to comply with the Travel Rule, and so will their major transaction counterparties. SafeGateway allows VASPs to bypass the complexities of integrating several protocols to reach their transaction counterparties on closed networks. 

How it works: Notabene’s in-network VASPs request access for specific protocols and, once approved, integrate the protocol access code into their server. SafeGateway automatically selects the appropriate protocol for Travel Rule data transfers to other network VASPs and manages the data flow. Transactions are completed and returned via SafeGateway. Customers can monitor and manage these data transfers using Notabene's compliance dashboard, allowing compliance officers to enforce consistent jurisdictional standards, apply unified rules, and produce detailed transaction reports. 

“By enabling different, currently isolated protocols through SafeGateway, our customers can reach new counterparties that were not interoperable previously. This innovation aligns with Notabene’s neutral view towards protocols, and we are eager to work with them as long as they meet security and Travel Rule requirements,” said Andres Junge, CTO of Notabene. “SafeGateway is just the beginning of several initiatives we are introducing as a call to action for the industry to collaborate to achieve compliance without hindering transaction flows.” 

SafeGateway represents more than just a compliance solution; it's a step towards a more interconnected and efficient future in digital asset management. By simplifying complex compliance hurdles, it opens up new possibilities for VASPs around the world. As Notabene continues to innovate, SafeGateway sets the stage for what's next in crypto compliance. Notabene continues to lead the way in creating a more seamless, compliant, and connected digital asset world.

Notabene invites the industry to connect with their Travel Rule solution that meets today's regulatory demands and anticipates and adapts to future needs and requirements.

‍

-ENDS-

‍

Media Contacts

Sacha Lowenthal, Head of Marketing

[email protected]

‍

About Notabene

Notabene developed the crypto industry's only pre-transaction decision-making platform, enabling customers to identify and stop high-risk activity before it occurs. With a focus on security, privacy, and user experience, Notabene's multi-source data and software enable real-time decision-making, counterparty sanctions screening, self-hosted wallet identification, and more. SOC-2 security certified and trusted by over 100 companies, Notabene operates globally with headquarters in New York with a presence in Switzerland, Singapore, Germany, and the United Kingdom.

Companies like Copper, Luno, Crypto.com, and Bitstamp leverage our  SafeTransact platform for Travel Rule compliance, tailored to their needs and aligned with global and local regulations. Our platform builds trust in virtual asset transactions to foster financial growth with minimized risk.

Get started today; sign up for our free SafeTransact Riseplan to respond to regulated transactions for free using the world's largest VASP Network of over 1,000 members. 

LinkedIn

Notabene is trusted by over 120 virtual asset service providers (VASPs), encompassing major banks, custodians, and exchanges, for seamless Travel Rule compliance. Our platform, SafeTransact, facilitates millions of regulatory-compliant transactions monthly involving more than 300 assets and has processed transfers originating from over 20 jurisdictions. Additionally, we cover a wide range of 10,000 assets, further demonstrating our comprehensive global approach to Travel Rule compliance — a primary factor in why companies worldwide choose us.

Given the rapidly evolving landscape of crypto technology and its inherently cross-border scope, we recognize the impracticality of a single, unified Travel Rule messaging system today. Insights from traditional payment systems show us that institutions often need to interact with multiple systems, each catering to unique requirements.

In the absence of an industry-wide unified messaging system, Notabene offers SafeGateway. SafeGateway is a solution that facilitates VASP-to-VASP interaction across protocols.  
Learn more below.

‍

The Challenge of Fragmented Messaging Protocols

When the Financial Action Task Force (FATF) extended the Travel Rule to virtual assets in 2019, there was no standard or messaging layer for the secure transfer and receipt of end-user data. Now, in 2023, the situation has evolved. While standards have emerged, the industry confronts a new challenge: an overwhelming assortment of Travel Rule messaging protocols, each useful in its own way but collectively creating a fragmented landscape that complicates compliance and, more generally, transaction flows. It is impractical and resource-intensive for VASPs to connect to multiple protocols independently. However, not connecting limits VASPs' ability to comply and restricts their ability to transact with a wide reach of counterparties.

See our previous article for further information on the Interoperability Challenge of Travel Rule Compliance.

This current state of affairs is akin to the early days of email, with different protocols leading to a lack of smooth communication. Just as the email world moved towards interoperable standards like SMTP and IMAP, the crypto sector now stands at a similar juncture. 

SafeGateway emerges as Notabene’s response to this interoperability puzzle by facilitating interoperability between VASPs instead of between protocols. It is a gateway into multiple protocols empowering VASPs to reach their counterparts across disparate networks.

‍

Introducing SafeGateway: Enhancing Reachability to Enable Travel Rule Compliance Across the Market in a Fragmented Landscape

‍

We're thrilled to launch SafeGateway, a solution that facilitates VASP-to-VASP interaction across protocols. SafeGateway acts as a protocol agent, facilitating seamless connections with any compatible Travel Rule protocol. This development allows our clients to apply a unified compliance approach using Notabene’s platform while easily accessing counterparties across different protocols. 

{{cta-learnmore11="/cta-components"}}

‍

Fast benefits:

• Discoverability: Leverage the discoverability methods of other Travel Rule protocols.
• Connectivity: Engage with VASPs using different Travel Rule protocols.
• Efficiency: Apply jurisdiction requirements, manage uniform rules, and generate reports centrally.
  ‍

SafeGateway enables our customers to link with VASPs through integrations with various existing Travel Rule messaging systems and networks. This approach ensures maximum global reach, allowing secure and efficient transactions with all counterparty institutions, and brings transactions to SafeTransact’s all-in-one Travel Rule compliance dashboard. 

‍

Key Features of an Optimal Travel Rule Messaging Protocol

At Notabene, we believe that a crypto Travel Rule messaging system should ideally meet the following requirements:

• Accessibility: An open network with low or no fees to join and transact
• Business Process Integration: Ties into underlying business processes like trading, settlement, or payments
• Privacy and Security Standards: Best-in-class measures to safeguard sensitive data
• Future-Proof Technology: Simplifies scalability and increases counterparty reachability
• Regulatory Compliant flows: Flows aligned with the latest regulatory requirements

Currently, no messaging systems fully meet all five essential requirements. However, as they evolve, those that adhere to crucial security and regulatory compliance standards will be viewed neutrally and invited to integrate with SafeGateway.

‍

How SafeGateway Works

‍

The setup and operation of each gateway depends on the specific Travel Rule protocol being used. With some protocols, Notabene will build and operate agents independently, while with others, a joint effort with the protocol's developers is required. 

For Notabene clients, SafeGateway is ready for immediate use, enabling connections to supported Travel Rule protocols and for which clients have the necessary access credentials. This convenience allows our clients to seamlessly utilize these connections through the Notabene platform without dedicating their technical resources. However, it's important to note that using SafeGateway does not substitute for the process of joining each protocol's network, especially those that require separate onboarding.

Learn more about SafeGateway for VASPs.

‍

SafeGateway Benefits both VASPs and Protocols

For VASPs, SafeGateway and SafeTransact provide a unified hub for managing transactions and compliance reporting functions, featuring comprehensive risk analysis capabilities that operate seamlessly across protocols. VASPs can apply cohesive compliance controls without sacrificing counterpart reach. For protocols, integrating with Notabene’s SafeGateway means accelerated adoption by VASPs globally as they overcome integration challenges, compliance standardization, and shared technical collaboration.

A Call for Industry Collaboration

The FATF “urges the private sector to progress towards interoperability, whether through technological advancements that allow interoperability between tools or by developing relationships that permit transactions to be made through a chain of interoperable tools.” ^[1]

In our pursuit to make crypto transactions part of the everyday economy, we understand the necessity for transactions to be secure, efficient, and regulatory compliant. SafeGateway is our call to action for industry collaboration, aligning with the FATF's directives and contributing to setting a new standard for secure and compliant transactions.

‍

‍

{{cta-bookademo="/cta-components"}}

Interoperability in crypto Travel Rule compliance is more than a buzzword; it's a critical necessity. This term refers to the ability of various Travel Rule messaging protocols and their networks to exchange personally identifiable information (PII) effectively without compromising safety and security. Despite its importance, interoperability remains a complex, unsolved challenge, often hindering due diligence processes and restricting virtual asset service providers (VASPs) from transacting with counterparties on different networks.
‍

Today’s Travel Rule Compliance Landscape

‍

Today's landscape features two core solution types: messaging protocols for data transfer and end-to-end solutions for comprehensive compliance, such as Notabene's SafeTransact. The current market features 5+ Travel Rule messaging protocols, each bringing unique technological approaches and communication methods to the table. 

Travel Rule compliance solutions can be further broken down into open and closed networks.

‍

Closed vs. Open Networks

Closed networks: VASPs undergo a comprehensive vetting process to join, and often have to pay higher membership and/or transaction fees. In closed networks, VASPs often outsource the counterparty VASP diligence process to the network. VASPs can only send data transfers to other in-network VASPs on both open and closed networks. With the more rigorous enforcement of the Travel Rule happening now across jurisdictions, this often restricts VASPs from transacting with out-of-network counterparts.

Open networks: Any VASP can join, often free of cost. The counterparty due diligence and risk assessment process is carried out between VASPs, which is in accordance with the Financial Action Task Force's (FATF's) standards.

“Compliance tool providers may therefore consider that allowing information sharing only between their users (i.e., no interoperability) will prevent information being shared with unreliable counterparties (e.g., illicit users or those with insufficient data protection controls). 

The challenge with this approach is that, as set out in the FATF’s 2021 Guidance, VASPs are required to independently assess counterparty risk. While this approach may provide potential opportunities to simplify some aspects of counterparty due diligence (e.g., facilitating the identification of a counterparty VASP), it does not remove the need for VASPs to independently verify the information and ensure all relevant domestic obligations are met.” ^[1]

The FATF clarifies that the approach taken primarily by closed Travel Rule networks does not remove the need for VASPs to conduct counterparty VASP due diligence independently.

‍

The Industry’s Take on Protocol Fragmentation

‍

Nearly a quarter of VASPs surveyed identified interoperability issues as a significant hurdle to compliance, and 20% are concerned about market confusion due to the growing number of protocols. ^[2] 

‍

Even the FATF has emphasized the need for protocols to intercommunicate, calling for global solutions that can accommodate jurisdictional nuances. ^[3]

‍

Overview of Travel Rule Messaging Protocols

A Travel Rule messaging protocol allows VASPs to exchange originator and beneficiary customer information securely. However, messaging protocols address only one of the seven FATF-outlined steps that VASPs must take to be fully Travel Rule compliant. 

A comprehensive Travel Rule solution should enable businesses to:

1. Identify the type of transaction counterparty.
2. Apply relevant jurisdictional rules.
3. Screen each counterparty for sanctions.
4. Determine counterparty VASPs and assess risk scores using blockchain analytics.
5. Conduct due diligence on VASPs before transactions.
6. Store customer and beneficiary personal data in a GDPR-compliant manner.
7. Exchange customer data with VASPs via various blockchain protocols.

Businesses must still develop a complete solution to meet the remaining six criteria.

‍

Beyond Data Transfers: The Need for Comprehensive Compliance Solutions

A complete Travel Rule compliance solution goes beyond messaging protocols and provides support for each step of FATF’s Recommendation 16. It should include a full suite of services, from identifying counterparty types to GDPR-compliant data storage.

Notabene's Solution to the Interoperability Challenge

‍

Notabene tackles interoperability head-on with SafeGateway, a solution that facilitates VASP-to-VASP interaction across protocols.

‍

{{cta-learnmore16="/cta-components"}}

NEW YORK, September 21, 2023‍

Notabene, the pre-transaction decision-making platform, is pleased to announce a strategic partnership with Shift Markets, a leading Crypto-as-a-Service (CaaS) solutions provider. This collaboration marks a significant industry milestone as both companies unite their expertise to help businesses navigate the complexities of the crypto market safely and efficiently. 

Founded in 2009, Shift Markets has been at the forefront of the digital asset industry for over a decade, empowering businesses of all sizes to commercialize digital assets effectively. Their comprehensive suite of marketplace, payment, and exchange white-label solutions facilitates the growth of crypto-based businesses by providing them with the tools and solutions needed to succeed in today's rapidly evolving landscape.

Notabene’s SafeTransact platform enables its customers to identify and prevent high-risk activities before they occur, making crypto transactions safer and more reliable. With the SafeTransact platform, Notabene customers can automate real-time decision-making, perform counterparty sanctions screening, identify self-hosted wallets, and complete the smooth rollout of Travel Rule compliance in line with global regulation.

 "By joining forces with Shift Markets, Notabene is taking a crucial step towards enhancing the safety and reliability of crypto transactions. Our SafeTransact platform empowers businesses to make real-time, informed decisions, ensuring compliance with global regulations and mitigating risks. This partnership reaffirms our commitment to making the crypto market a safer place for all participants." - Magdiela Rivas, Partnerships Lead, Notabene

"At Shift Markets, we've always been dedicated to providing comprehensive Crypto-as-a-Service solutions to our clients. This partnership with Notabene allows us to further strengthen our commitment to secure and compliant digital asset solutions. Together, we will streamline the process of establishing and maintaining digital asset businesses, ultimately saving our clients’ time and money while increasing the safety of the broader crypto industry." – Sarina Gowland, Client Success & Partnership Manager, Shift Markets

As the crypto industry continues to evolve and gain mainstream acceptance, businesses need reliable, secure, and compliant solutions more than ever before. By coming together, Notabene and Shift Markets aim to provide increased value to their clients and strengthen their relationships within the crypto industry. Through this partnership, they will connect clients with trusted partners, ensuring that they can offer virtual asset solutions in a secure and compliant manner.

-ENDS-

For media inquiries or further information about Notabene and Shift Markets, please contact:

Notabene

Sacha Lowenthal

Head of Marketing

[email protected]

Shift Markets

Sarah Cullers

Vice President of Marketing

[email protected]

About Notabene:

Notabene developed the crypto industry's only pre-transaction decision-making platform, enabling customers to identify and stop high-risk activity before it occurs. With a focus on security, privacy, and user experience, Notabene's multi-source data and software enables real-time decision-making, counterparty sanctions screening, self-hosted wallet identification, and more. SOC-2 security certified and trusted by over 100 companies, Notabene operates globally with headquarters in New York, and presence in Switzerland, Singapore, Germany, and the United Kingdom.

Companies like Copper, Luno, Crypto.com and Bitstamp leverage our  SafeTransact platform for Travel Rule compliance, tailored to their needs and aligned with global and local regulations. Our platform builds trust in virtual asset transactions to foster financial growth with minimized risk.

Get started today; sign up for our free SafeTransact Rise plan to respond to regulated transactions for free using the world's largest VASP Network. 

LinkedIn | Twitter

About Shift Markets:

Shift Markets is a CaaS (Crypto-as-a-Service) solutions provider Founded in 2009 that enables any sized business to commercialize digital assets to grow their business. 

Shift offers a range of technological and service-based products for businesses operating within the crypto and traditional markets. To date Shift has successfully launched 200+ exchanges across our products. With offices, exchanges, and partners worldwide, Shift is a truly global company. 
As seen previously on Nasdaq, PYMNTS, Sail GP, Algorand, Hedera, & Messari

LinkedIn | Twitter

‍

‍

Travel Rule compliant VASPs face several challenges in identifying their counterparties pre-transaction. The lack of a standardized way for linking blockchain addresses to counterparties and the complexity of dealing with different sorts of counterparties creates uncertainty about who is on the other side of a transaction—critical data for triggering Travel Rule compliance procedures.

Recent insights underscore this issue: a majority of surveyed VASPs have expressed a need for a universal identification method in line with existing Travel Rule protocols, and 52% of respondents reported to send Travel Rule transfers to all VASPs without applying any criteria or counterparty due diligence process. ^[1] This issue could lead to regulators imposing widespread restrictions on transacting unless a counterparty is identified.

To address this gap, Notabene releases Network Discoverability, a privacy-preserving mechanism for identifying VASPs through blockchain addresses.

‍

Introducing Network Discoverability 

We've recently launched the Network Discoverability, a feature that empowers in-network VASPs to securely auto-identify blockchain addresses. This addition to our product suite feature reflects our commitment to equipping Compliance Officers with robust tools, ensuring seamless interactions with counterparties while upholding stringent security and compliance standards.
‍

‍

How does Notabene’s Network Discoverability help you?

With Notabene's Network Discoverability, in-network VASPs can quickly and reliably identify their counterparties in real time. This feature ensures adherence to the Travel Rule’s due diligence mandates and streamlines transactional efficiency by eliminating unnecessary redundancies in verifications.

• Efficient and Accurate Transaction with Trusted Counterparties: The Network Discoverability feature allows VASPs to automatically identify blockchain addresses on both ends, ensuring data is directed to the correct party. This enhances the speed and accuracy of transactions.
• Enhanced Security: VASPs can safely share their encrypted blockchain addresses within Notabene's Network by opting in, ensuring that hashed addresses remain confidential and irreversible.
• Reduces Transaction Friction: Removing the need for end-user input at the transaction level enables VASPs to increase reachability and reduce transaction friction and latency.

‍

{{cta-learnmore8="/cta-components"}}
‍

‍

A comparative overview: before and after Network Discoverability

‍

Without Network Discoverability: When an Originator VASP A sends a Travel Rule transaction, the Beneficiary VASP must repeatedly claim the blockchain address. If Originator VASP B sends a transaction to the same address, it must go through the steps to discover the VASP behind the transaction to the same address. VASPs may need to ask the end customer to identify the counterparty VASP,  and the Beneficiary VASP must claim the address again, which adds to overall transaction latency. 

With Network Discoverability: VASPs share cryptographically hashed versions of their blockchain addresses, which are stored privately in a segregated database. If any VASP sends a transaction to that address in the future, the system quickly provides the hashed address, automatically verifying it for the sender.
‍

‍

Network Discoverability is a testament to Notabene's innovative approach to Travel Rule compliance, enhancing SafeTransact’s existing suite of services. VASP Discoverability accelerates and simplifies verification for all involved parties, by securely storing and disseminating encrypted blockchain addresses across a cooperative network. By opting into this feature VASPs are able to leverage the power of the Notabene Network, reduce friction for their end users, and increase the speed in which Travel Rule messages are created. 

‍

{{cta-notabene-network="/cta-components"}}

Stablecoins have become a critical part of the evolving cryptocurrency landscape. Given their significance, it's crucial to grasp their role concerning the Crypto Travel Rule.This final article in our three-part series compares perspectives from both the Financial Action Task Force (FATF) and the European Union's (EU) positions on decentralized finance (DeFi), Stablecoins, and non-fungible tokens (NFTs).

This article covers Stablecoins, the EU’s and FATF’s general stance on whether they are regulated virtual assets, if stablecoin issuers are regulated as VASPs, and covers noteworthy developments over 2022. 

What are Stablecoins?

Firstly, let's understand what stablecoins are. Stablecoins are a specialized type of cryptocurrency crafted to minimize price volatility. Unlike virtual currencies such as Bitcoin or Ethereum, which are known for their price fluctuations, stablecoins aim to maintain a consistent value. They achieve this stability by tying their value to a reserve asset, often a fiat currency like the US Dollar or the Euro, or other types of assets like gold. In essence, the value of a stablecoin is tied to the value of the underlying asset or group of assets to maintain a 1:1 ratio or another predetermined ratio.

Types of Stablecoins

Stablecoins can be categorized into three main types based on what backs them:

1. Fiat-Collateralized Stablecoins: These stablecoins are backed by a reserve of a specific fiat currency, kept in a bank or another regulated financial institution. In simple terms, for each stablecoin in circulation, an equivalent amount of fiat currency is held as a reserve.

2. Crypto-Collateralized Stablecoins: These are stablecoins that are backed by other cryptocurrencies. Given the volatile nature of cryptocurrencies, these stablecoins are typically over-collateralized to account for price swings.

3. Algorithmic Stablecoins: These stablecoins aren't backed by any collateral. They use smart contracts and other mechanisms to automatically tweak the stablecoin supply in reaction to demand changes, with the end goal of maintaining a stable price.

The primary uses of Stablecoins

Stablecoins serve multiple functions, including facilitating transactions, acting as a stable store of value within the cryptocurrency market, and forming a bridge between traditional fiat currencies and cryptocurrencies. Importantly, they are often used in DeFi applications for various financial activities like lending, borrowing, and earning interest on crypto assets.

The Rise and Scrutiny of Stablecoins in 2022

Stablecoin usage surged in early 2022 but faced scrutiny in the latter half of the year after the collapse of TerraUSD. TerraUSD was a popular algorithmic stablecoin whose dollar peg broke down due to massive concurrent withdrawals from Anchor and Curve crypto exchanges, causing a broader selloff that wiped off $200 billion from the market value of all crypto-assets.

The collapse of TerraUSD generated new concerns over stablecoins' safety, leading policymakers to impose rules on stablecoin issuers. Moreover, regulators and central banks became concerned about the rise of stablecoins eroding their monetary monopoly. Below we highlight relevant stablecoin events in 2022:

Stablecoin Legal & Regulatory Spotlight in 2022

• January 12, 2022 📋- The Hong Kong Monetary Authority (HKMA) released a discussion paper that provided insight into the HKMA’s plans for the future of stablecoin regulation in Hong Kong. 
• May 9, 2022 - UST's peg to USD broke, leading to the price of UST and its sister token LUNA crashing. This wiped $200 billion from the market value of all crypto assets.
• June 3, 2022 - Japan’s parliament passed a bill to ban stablecoin issuance by non-banking institutions.
• July 13, 2022 📋- The Committee on Payments and Market Infrastructures (CPMI) and International Organization of Securities Commission (IOSCO) affirmed that the Principles for Financial Market Infrastructures apply to ‘systemically important’ stablecoin arrangements and transfers. 
• July 19, 2022 - The UK Chancellor announced the planning of a bill that sets out how stablecoins may be used as a payment method.
• September 21, 2022 - Members of the U.S. Congress began working on legislation that would temporarily ban certain types of algorithmic stablecoins.
• October 5, 2022 📋- The EU’s MiCA laid out strict stipulations for stablecoin issuers due to their potential for mass adoption as a means of exchange as well as their associated market integrity risks.

‍

N.B. The dates that are accompanied by a clipboard icon indicate a document that was produced by a regulator.

How Does the Crypto Travel Rule Apply to Stablecoins?

Both the FATF and the EU have established significant stances regarding stablecoins. The FATF views stablecoins with concern due to their potential for anonymity, global reach, and potential misuse for illegal fund transfers. As such, it calls for a risk-based approach for identifying obliged entities. The EU's Markets in Crypto-assets (MiCA) regulation provides a more differentiated treatment, distinguishing stablecoins based on whether they qualify as significant asset-referenced or e-money tokens, each carrying distinct regulatory requirements. Notably, the FATF classifies stablecoins as securities or VAs, whereas the EU determines if a crypto-asset falls within the scope of MiCA depending on the nature of the token, including algorithmic stablecoins.

‍

FATF vs. EU: General Stance on Stablecoins

‍

FATF: Stablecoins rank high on the list of the FATF’s concerns “because of their potential for anonymity, global reach, and use to layer illicit funds.” The FATF also calls out their “greater potential for mass adoption” as stablecoins overcome the volatility issues associated with other crypto-assets and, therefore, constitute a more suitable option for payments. The FATF expects countries to “take a functional approach to identify obliged entities” and “mitigate the relevant risks based on a risk-based approach (RBA) regardless of institutional design and names.” ^[1]

EU: MiCA distinguishes the treatment of stablecoins depending on whether they qualify as significant asset-referenced tokens or significant e-money tokens, as these  “can pose greater risks to financial stability.” ^[2] Issuers of significant asset-referenced tokens or significant e-money tokens are subject to more stringent requirements including “higher capital requirements, to interoperability requirements and they should establish a liquidity management policy.” ^[3]

‍

FATF vs EU: Are Stablecoins considered Virtual Assets?

FATF: FATF classifies stablecoins as securities or VAs.

EU: Where a crypto-asset falls within the definition of an asset-referenced token or e-money token, it falls under MiCA’s scope, irrespective of how the issuer designed the crypto-asset, including the mechanism to maintain a stable value - this includes algorithmic stablecoins. ^[4]

‍

FATF vs. EU: Are Stablecoin issuers regulated as VASPs? 

‍

FATF: Entities involved in the governance of stablecoins, whether centralized or decentralized, could be categorized as VASPs depending on their position and the terms of the stablecoin arrangement. In situations where decentralized entities manage the stablecoin (e.g., MKR token holders who monitor Maker Protocol), it becomes more difficult to identify the entity responsible for AML/CTF. In these cases, entities that could fall within the scope for regulatory or supervisory action are the following: 

1. The initial driver of the development and launch of the arrangement that eventually becomes decentralized.
2. One that facilitates trading with stablecoins.
3. Custodial wallet services that support stablecoins. ^[1]

EU: Algorithmic stablecoins issuers that aim at maintaining a stable value in relation to an official currency of a country or to one or several assets, via protocols, are subject to the rules applicable to asset-referenced tokens or e-money issuers. Offerers or persons seeking admission to trading of algorithmic crypto-assets that do not aim at stabilizing the value of the crypto-assets by referencing one or several assets are, in any event, subject to the requirements applicable to the issuance of other crypto-assets (set in Title II of MiCA). ^[4] 

‍

FATF vs. EU: Noteworthy Stablecoin Developments

‍

FATF: In it’s Targeted Update, the FATF states, “As the liquidity of stablecoins increases in parallel with the growth of DeFi markets, FATF will continue to facilitate discussion between jurisdictions and other standard setting bodies on implementation issues.” ^[5]

EU: Stablecoin issuers should have a custody policy that ensures asset segregations, prevents tokens from being used as collateral, and provides holders with prompt access to their funds. Credit institutions, investment firms, or VASPs should custody the insulated reserves.  The credit institution, an investment firm, or a VASP that custodies the segregated reserve should be responsible for the loss of reserve assets. ^[6]

‍

In summary, the Crypto Travel Rule has far-reaching implications for stablecoins. Both the FATF and EU offer varied approaches in their regulations, primarily distinguishing stablecoins based on their nature, usage, and associated risks. As stablecoins continue to gain prominence in the crypto market, further evolution of regulatory stances is anticipated. Understanding these rules and how they apply to stablecoins will play a significant role in shaping the future trajectory of these digital assets.

Discover the link between the crypto Travel Rule and Stablecoins in Notabene's comprehensive 2023 State of Crypto Travel Rule Compliance Report.

{{cta-learnmore6="/cta-components"}}

‍

This article was initially produced when the "Markets in Crypto-Assets" document was still in draft form. However, the content has been updated to reflect the final regulation as published by the EU Parliament in 2023 [EU Parliament (2023). Markets in Crypto-Assets, various pages and paragraphs].

[Originally posted by FOMO Pay, see here]

‍

SINGAPORE, 29 Aug, 2023 – FOMO Pay, a leading digital payment and digital banking solutions provider headquartered in Singapore, announces its strategic partnership with Notabene. The implementation of Notabene’s end-to-end solution for global Travel Rule compliance enables FOMO Pay to further enhance its know-your-transaction (KYT) capabilities and highlights FOMO Pay’s commitment to compliance and customer security. In addition, through comprehensive licensing and adherence to regulatory requirements, FOMO Pay has obtained “Super VASP” status in Notabene’s Virtual Asset Service Providers (VASP) network. This milestone empowers the public with streamlined access to accurate and verified business information, aligning with FOMO Pay’s consistent efforts to foster trust in the digital payment and digital asset fields.

In 2019, the Financial Action Task Force (FATF) released crucial recommendations aimed at combating money laundering, terrorist and proliferation financing. FATF requires countries to assess and mitigate risks associated with virtual asset financial activities and providers. As part of the requirements, the Travel Rule mandates all VASPs to screen, record and communicate the information of both the sender and recipient of a digital asset transaction. In 2023, the global regulatory landscape has evolved with stricter enforcement of the Travel Rule for digital asset transactions, as governments and financial institutions worldwide take significant steps to enhance transaction integrity and overall financial ecosystem security.

In order to maintain comprehensive digital asset compliance capabilities in the ever-evolving digital asset industry, FOMO Pay adopts a proactive approach in investing in leading compliance solutions to continue to ensure strict adherence to global regulations. Integration with Notabene equips FOMO Pay to automate Travel Rule compliance in line with global regulations, allowing secure and efficient digital asset transactions.

“We are pleased to partner with Notabene and integrate their Travel Rule solution. This collaboration represents FOMO Pay’s commitment to strengthening our compliance capabilities in alignment with global regulations, enabling informed decisions to enhance our AML capabilities,” said Wee Teck Lim, Head of Compliance at FOMO Pay. “We firmly believe that our collaboration with Notabene will further enhance our ability to provide secure and reliable digital payment and digital asset solutions to our valued clients and partners.”

“We are excited to be working with FOMO Pay to enrich their compliance capabilities and ensure safer digital asset transactions for their clients. FOMO Pay’s commitment to bridging the gap between fiat and digital assets for business use cases is very aligned with our mission at Notabene. This collaboration demonstrates the significant impact of Travel Rule implementation in facilitating secure and efficient digital asset transactions to build a safer and more accessible digital asset ecosystem.” – Pelle Braendgaard, CEO of Notabene.

With this partnership, FOMO Pay demonstrates its steadfast commitment to upholding industry standards in compliance by ensuring safer transactions involving digital assets for merchants, corporates and financial institutions. FOMO Pay’s proactive approach to regulatory compliance and strategic investments in robust solutions solidify its position as a leading digital payment solutions provider.

‍

-ENDS

Media Contact

Sacha Lowenthal

Head of Marketing, Notabene

[email protected]

‍

About Notabene

Notabene developed the crypto industry’s only pre-transaction decision-making platform, enabling customers to identify and stop high-risk activity before it occurs. With a focus on security, privacy, and user experience, Notabene’s multi-source data and software enables real-time decision-making, counterparty sanctions screening, self-hosted wallet identification, and more.

SOC-2 security certified and trusted by over 100 companies, Notabene operates globally with headquarters in New York, and presence in Switzerland, Singapore, Germany, and the United Kingdom.

Companies like Copper, Luno, Crypto.com and Bitstamp leverage our SafeTransact platform for Travel Rule compliance, tailored to their needs and aligned with global and local regulations. Our platform builds trust in virtual asset transactions to foster financial growth with minimized risk.

Get started today; sign up for our free SafeTransact Rise Plan to respond to regulated transactions for free using the world’s largest VASP Network.

LinkedIn | Twitter

‍

About FOMO Pay

Founded in 2015, FOMO Pay Pte Ltd is a major payment institution (License No. PS20200145) regulated under the Payment Services Act in Singapore, licensed by the Monetary Authority of Singapore (MAS) to conduct Cross-border Money Transfer Services, Domestic Money Transfer Services, Digital Payment Token Services and Merchant Acquisition Services. The firm has become a leading one-stop digital payment and digital banking solution provider, and is currently building Asia’s first licensed gateway helping institutions and businesses to connect between fiat and digital currency. The company offers its three flagship products:

• FOMO Payment: a one-stop digital payment solution for merchants, corporates and financial institutions.
• FOMO iBank: facilitates businesses’ every-day requirements for transactional banking needs.
• FOMO Crypto: Asia’s first licensed gateway bridging fiat and digital currency.

Visit www.fomopay.com for more information.

‍

The world of crypto compliance has seen rapid changes over the past year. Since the Financial Action Task Force (FATF) extended Travel Rule compliance for crypto custodians, global events and pivotal moments have rapidly propelled Virtual Asset Service Providers (VASPs) from mere contemplation to active implementation of these AML compliance measures.

But what's genuinely fueling this accelerated adoption? Join us as we explore the primary motivations prompting VASPs to invest in Travel Rule solutions.

The Six Reasons Pushing VASPs to Find Crypto Compliance Solutions:

‍

1. Upcoming enforcement deadlines

As deadlines approach, VASPs run out of time to develop a cohesive compliance strategy, test direct integration into various protocols, and evaluate end-to-end solutions. Integrating and testing different protocols slows down the path toward Travel Rule compliance, with Compliance Officers spending upward of 18 months trialing protocols to fit the company’s specific needs.

Additionally, Exchanges registered in a jurisdiction where the Travel Rule is already enforced: US, Singapore, Switzerland, Philippines, South Korea, Germany, Canada, Indonesia, Malaysia, Gibraltar, Estonia, Dubai, Liechtenstein, Malta, Portugal, Japan, Hong Hong, the United Kingdom, as well as exchanges that send a large volume of transactions to VASPs in those jurisdictions, must roll out Travel Rule compliance as soon as possible.

‍

2. Business preservation and transaction assurance

As more and more VASPs become compliant with the Travel Rule, the expectation for their counterparty VASPs to receive travel rule information and respond reciprocally is growing. If the counterparty VASP does not participate in travel rule flows, it's becoming increasingly likely that compliant VASPs will simply stop transacting with them. Proactive compliance is paramount to avoid business and, more specifically, transaction slowdowns. Additionally, per FATF guidance, VASPs can now restrict transactions with non-compliant counterparts. 

‍

Our 2023 State of Crypto Travel Rule Compliance Report highlights that about 61% of respondents enforce transaction restrictions with non-cooperative counterparties: 8% need a Travel Rule message sent to the beneficiary VASP, 41% employ a risk-based approach, and 12% await a response from the Beneficiary VASP. Non-responsive counterparties risk losing transactions from compliant VASPs, making this a critical reason for VASPs to invest in compliance solutions.

‍

3. Stakeholder demand

VASPs are rolling out Travel Rule solutions quickly to meet the demand from their banking partners, auditors, institutional customers, and other business stakeholders.

It is now a standard expectation for VASPs to be travel rule compliant when applying for new banking partners, getting audited, or establishing other business relationships. Demonstrating compliance with the Travel Rule improves a VASP's likelihood of passing the due diligence requirements to establish solid banking relationships. By including the Travel Rule in their compliance stacks, VASPs demonstrate their risk management strategies to auditors, align with industry standards, and meet regulatory expectations, bolstering their reputation as trusted market participants.

‍

4. Increased regulatory scrutiny due to sanctions

The Russia-Ukraine war accelerated crypto Travel Rule compliance.  Financial regulators have implemented fresh sanctions against Russian organizations and persons in response to the crisis between Russia and Ukraine. Although it is unknown to what extent sanctioned parties may turn to crypto, VASPs worldwide have acted upon the increased imperative to comply with sanctions obligations. Without crypto Travel Rule compliance, VASPs can—often unknowingly—facilitate transactions with sanctioned counterparties. Transactions associated with entities like Garantex, Bizlatzo, or any other sanctioned crypto service pose a substantial compliance risk for businesses in the U.S. and other jurisdictions, with potential fines and criminal charges as consequences.

Therefore, it's crucial for VASPs to be able to discern whether their clients are sending transactions to sanctioned entities, wallets, or jurisdictions. This can only be achieved by diligently implementing Travel Rule compliance, which enables transaction-level counterparty and sanction insight.

‍

5. To benefit from an incremental Travel Rule adoption

Forward-thinking VASPs are strategically using a phased rollout to their advantage. Ahead of their regulatory timelines, they are getting started with collecting the necessary counterparty data, putting in place the systems, and easing into the travel rule. This puts them in a great place to be ready without excessive strain on resources and with minimized impact on their customers.

Thanks to industry advocacy, some regulators are warming up to this staged approach to compliance. Recent surveys highlight an increasing preference for this phased approach: 31% in the current year, up from 18% in 2022.

‍

6. To gain a competitive edge

It goes without saying: regulated financial products distinctly outshine their unregulated counterparts by offering numerous advantages. Advantages include crucial investor protection, stringent legal compliance, unwavering financial stability, improved market confidence, effective dispute resolution mechanisms, and indispensable consumer safeguards. Additionally, crypto compliance ensures safer transactions, strengthens trust, and strategically positions VASPs as reputable market players for enhanced growth and reach.

‍

How Notabene Addresses the Six Reasons VASPs Are Considering Travel Rule Solutions

‍

1. Notabene’s multi-jurisdictional approach facilitates seamless onboarding for VASPs across various jurisdictions

With imminent deadlines, globally-operating VASPs confront the challenge of staggered Travel Rule enforcement across their jurisdictions. This leaves them scrambling to craft a unified compliance strategy in each location, integrate protocols for each entity, and assess comprehensive solutions. 

For example, a VASP located across three jurisdictions may need a Money Services Business (MSB) license in the United States in Canada, a Digital Payment Token (DPT) license in Singapore, and a license from the Federal Financial Supervisory Authority (BaFin) in Germany—each with distinct compliance requirements.

‍

‍

‍

Notabene's SafeTransact provides a streamlined solution tailored for global businesses, offering support across 20+ jurisdictions and counting. VASPs choose us to expedite their Travel Rule compliance with multiple regions. Additionally, VASPs can leverage our SAFE Implementation program; VASPs can seamlessly integrate and fast-track their regulatory adherence, ensuring business continuity and regulatory alignment. Learn more below.

2. SafeTransact Rise: Notabene’s answer to business preservation and transaction assurance

Our customers’ success is our primary goal, and we understand that without responses to their Travel Rule transactions, our VASPs may not be able to achieve full compliance. Recognizing that many businesses may not have the tools to handle these responses, we offer SafeTransact Rise - a complimentary Sunrise Plan that provides transaction beneficiaries access to our comprehensive Travel Rule compliance dashboard to respond to unlimited inbound messages, as well as and send up to USD 10k in outgoing transactions. While on our platform, Compliance Officers can test out setting up safe, automated compliance workflows and utilize award-winning partnerships with blockchain analytics and sanctions screening providers.

‍

3. Demonstrating Travel Rule compliance readiness with Notabene's SafeTransact

When implemented correctly—pre-transaction settlement— Travel Rule compliance equips VASPs with detailed insights into transactional counterparties and allows VASPs to ascertain if clients transact with sanctioned entities, wallets, or regions.

As the industry’s only pre-transaction decision-making platform, Notabene's SafeTransact preemptively identifies and halts high-risk activity before reaching the exchange. Our platform offers a comprehensive view of crypto transactions, allowing users to automate real-time decisions, screen counterparties for sanctions, recognize self-hosted wallets, and ensure seamless global Travel Rule compliance following international regulations.

Additionally, VASPs use our reporting tools to demonstrate their Travel Rule compliance programs, including verified data about their transactions, counterparties, and VASPs’ steps to build robust compliance measures.

‍

4. Set rules to automatically stop transactions to sanctioned actors

Our customers can effectively identify sanctioned counterparties and block ensuing transactions by performing the following checks before the transaction occurs: 

1. Identifying counterparty VASP
2. Performing VASP due diligence
3. Identifying and sanction screening counterparty customers 
4. Monitoring wallet risk scores

‍

To automate this process, customers head to the Rules Engine to encode their risk-based rules to restrict incoming or outgoing Travel Rule data transfers with VASPs that do not meet their diligence criteria. This step also allows them to identify and block suspicious transactions at scale. By tying this mechanism into the transaction flow, this functionality boosts transaction efficiency and provides Compliance Officers with robust tools to mitigate AML-related risks effectively.

‍

‍

‍

5. SAFE Implementation phases: benefit from a comfortable Travel Rule adoption

We advocate for a phased, data-driven approach to Travel Rule implementation. Our SAFE Implementation process offers Notabene clients a tailored pathway to compliance based on their business needs. Customers can meet regulatory guidelines and evolve their own risk-based approach and needs over time - with the first phase requiring less than a week with only minimal technical integration. Furthermore, as part of the implementation phases, Notabene's SafeTransact platform provides industry-unique support for multiple legal entities, allowing VASPs to easily expand into multiple jurisdictions without worrying about complex legal and compliance issues. Our goal with SAFE Implementation is to make a comfortable Travel Rule technical rollout so VASPs can focus on other matters, such as incorporating new compliance requirements into their business workflows.

Learn more about SAFE Implementation

6. Notabene: competitive edge through specialized Travel Rule training & solutions

Due to its novelty and operational intricacies, fully harnessing the advantages of Travel Rule compliance requires learning a new set of rules. For the latest training on this regulation, Notabene offers a Travel Rule Compliance Certification, equipping Compliance Officers with the tools they need to succeed in 2023 and beyond.

‍

{{cta-bookademo="/cta-components"}}

As the Travel Rule deadline approaches, UK has made significant strides that directly impact UK VASPs’ compliance programs. In this article will highlight the key milestones and takeaways from recent regulatory publications and how Notabene is responding to these developments. Stay informed and engaged with the most relevant regulatory developments concerning Travel Rule compliance in the UK with Notabene.

‍

Relevant Travel Rule regulatory milestones in the UK 

The timeline below gives a brief overview of the most relevant milestones for Travel Rule compliance in the UK:

Key Travel Rule Takeaways from the JMLSG Guidance

On July 28, 2023, the Joint Money Laundering Steering Group (JMLSG) published a draft Travel Rule guidance that is now up for public consultation. CryptoUK’s Travel Rule Working Group, co-chaired by Notabene’s Senior Regulatory and Compliance Associate Catarina Veloso, shared insights and feedback with regulators and the JMLSG ahead of the publication of this draft. Both Notabene and CryptoUK will submit a response to the public consultation, by August 25, 2023. 

Find the key takeaways below: 

1. ‍Sunrise Issue: The current draft of the JMLSG Guidance acknowledges the Sunrise period as presenting “challenges for CBs dealing with counterparties in jurisdictions where the travel rule has not yet been implemented”. The current draft guidance advises Crypto Businesses (CBs) to take account of any FCA communications on this matter. Learn the FCA’s specific expectations for UK VASPs transacting during the sunrise period below. 
2. Cross-border Transactions: The Guidance clarifies that UK VASPs must follow UK Travel Rule requirements, regardless of whether their counterparty is subject to a different scope of requirements.‍
3. Self-hosted Wallet Transactions: The guidance offers VASPs detailed advice on risk assessment and appropriate actions for self-hosted wallet transactions.‍
4. Counterparty Discoverability: With no global VASP identifiers, the guidance suggests steps VASPs can take to identify counterparties and ascertain wallet hosting status.‍
5. Lightning Network: The draft discusses Travel Rule application within the Lightning Network, stating intermediate parts of a transfer are not subject to the rule, even if nodes are CBs.

Dive deeper into the takeaways on our recent blog post.

‍

FCA Statement: How UK VASPs should proceed with transactions during the sunrise period

On August 17, 2023, the FCA published its expectations for UK cryptoasset businesses complying with the Travel rule. The publication outlined how UK VASPs are required to comply with the Travel Rule when sending or receiving a transaction from a counterparty based in a jurisdiction where Travel Rule does not yet apply.

• ‍When sending a transaction to a jurisdiction without the Travel Rule, if the counterparty VASP cannot receive the necessary information, the Originator UK VASP must still collect and verify the information as required by the Money Laundering Regulations (MLRs) and should store that information before making the cryptoasset transfer.

📌 Notabene clients can monitor the transfers sent to VASPs that are not able to receive Travel Rule information within their compliance dashboard.

• ‍When receiving a transaction without the required Travel Rule information, UK Beneficiary VASPs must make a risk-based assessment of whether to make the cryptoassets available to the beneficiary customer taking into account the status of Travel Rule regulations in the jurisdiction where the counterparty operates.

📌 Notabene clients are able to detect and monitor incoming transactions with missing Travel Rule information via API. These transactions will appear in their compliance dashboard.

‍

{{cta-bookademo="/cta-components"}}

SAFE Implementation: The Importance of a Phased Implementation when Rolling out a Travel Rule Program

‍

As the Global Head of Customer Success at Notabene, I regularly consult with Compliance leaders at the start of their Travel Rule implementation journey. 

While many understand the importance of complying with the Travel Rule, they often feel overwhelmed regarding how to get started, especially during the sunrise period and when dealing with multiple jurisdictions or areas needing more regulatory clarity. The technical work for a successful integration only compounds these concerns.

In this article, I'll explore the top Travel Rule compliance challenges experienced by the Compliance Officers I have worked with, explain why Notabene devised the SAFE Implementation phases, and present the advantages of the adoption program based on commentary directly from VASPs. 

‍

Understanding the Technical Challenges of Travel Rule Implementation

Many VASPs find it challenging to comprehend the extent of technical work required for integration. They also struggle to figure out how they can effectively collaborate with stakeholders from various departments in their business to ensure that the Travel Rule solution is implemented successfully.

As VASPs progress through the implementation, they often find it beneficial to opt for API integration to automate their Travel Rule processes instead of hiring additional teammates to manually carry out Travel Rule compliance checks. However, Without having insight into the specific actions the technical team needs to complete or alignment between how the implementation might look based on a VASPs risk appetite,  Compliance leaders are often at a loss for where to begin to ensure they are meeting regulatory deadlines. 

‍

Notabene's 2023 State of Crypto Travel Rule Compliance Report affirms this, with 27% of VASPs and 45% of Financial institutions citing 'a lack of technical resources’ as their main obstacle to adoption.

SAFE Implementation: A Guided Approach to Travel Rule Compliance

‍

"The secret of getting ahead is getting started. The secret of getting started is breaking your complex overwhelming tasks into small manageable tasks and then starting on the first one." - Mark Twain

‍

With these challenges in mind, we recently launched the SAFE Implementation phases. This step-by-step onboarding program is designed to help our clients navigate the intricacies of Travel Rule compliance efficiently while ensuring seamless collaboration between compliance and technical teams.

SAFE Implementation delivers a well-structured, step-by-step approach to achieving compliance, streamlining operational risk management, and providing valuable analytics to steer our customers through their Travel Rule implementation. By making subtle technical modifications, VASPs can effortlessly link their internal systems to Notabene, enabling the generation of proprietary data.

This rich data resource furnishes invaluable insights into the potential impact of compliance on existing transaction flows, equipping VASPs with the foresight to plan the initiation and response to transactions strategically. Additionally, this information empowers them with a clear roadmap for their journey toward achieving full compliance.

‍

How does SAFE Implementation support VASPs?

1. Step-by-Step Implementation and Testing: SAFE Implementation enables customers to gradually integrate the necessary technical infrastructure, validate data accuracy, and test functionality, all before they impact their end users. By breaking down the implementation process into manageable stages, customers can identify and address issues early, ensuring a smoother transition and reducing non-compliance risk.

2. Navigate Complex Regulatory Requirements: Compliance with the Travel Rule requires significant technical, operational, and procedural adjustments. By adopting a phased implementation approach, we ensure that our customers have adequate time and support to comprehend the requirements and implications of the Travel Rule fully. Notabene’s SafeTransact product manages each Jurisdictional data requirement, supporting VASPs in understanding what data they must provide to comply in their region. It also ensures that VASPs can handle the requirements of their counterparty's jurisdictions. 

3. Tailored Solutions for Diverse Customer Needs: Every business has unique operational models, technical capabilities, and customer bases. By utilizing our SAFE Implementation process, VASPs can design and implement tailored solutions based on their specific requirements. This ensures a more seamless integration of Travel Rule compliance processes into VASPs' existing systems, minimizing disruptions to their day-to-day operations.
   
   
4. Guidance and Training from the Customer Success team:  Successfully implementing the Travel Rule requires technical integration, adequate coaching, and ongoing support. VASPs can also choose to add a Customer Success Package, ensuring that they get custom training and white glove support from our team of subject matter experts. The Notabene Customer Success team is on hand through each milestone to provide comprehensive training sessions, resources, and dedicated customer support throughout the implementation journey. This empowers our customers to develop an in-depth understanding of the Travel Rule requirements and equips them with the necessary knowledge and skills to maintain compliance in the long term.
   
   
5. Compliance Readiness and Regulatory Confidence: By adopting a phased onboarding approach, our customers can demonstrate their commitment to regulatory compliance with relevant authorities. This proactive approach ensures adherence to the Travel Rule, helps build trust with regulators, and enhances the reputation of the crypto business. Furthermore, early compliance readiness positions our customers favorably in the rapidly evolving regulatory landscape, reducing the risk of potential penalties or disruptions to their operations.

‍

Far from being a mere regulatory checklist, achieving Travel Rule compliance involves understanding the regulatory landscape, strategic planning, and data-informed pre-transaction decision-making, all facilitated through our SAFE Implementation approach.

Notabene's SAFE Implementation program is not just a tool—it's a strategic ally that guides VASPs through the intricate terrain of crypto regulation. With the aid of crucial data and a tailored approach, VASPs can execute their compliance plans with heightened precision and assurance. This seamless and effective integration results in regulatory adherence and fosters trust with regulators, strengthening the business's reputation. 

The rest of Notabene’s Customer Success team and I are dedicated to helping our customers turn regulatory compliance from a daunting challenge into a competitive advantage, effectively driving the future of the crypto industry.

This setup provides a systematic, step-by-step roadmap to ensure synchrony between technical and compliance teams, transforming an overwhelming task into achievable milestones. 

‍

{{cta-bookademo="/cta-components"}}

The Rising Trend of a Phased Approach to Crypto Travel Rule Compliance: Insights from Notabene's 2023 Report

Notabene's 2023 State of Crypto Travel Rule Compliance Report revealed a trend: Virtual Asset Service Providers (VASPs) are adopting a phased approach to fulfilling Travel Rule compliance obligations. This means they are gradually transitioning from non-compliance to compliance, taking measured steps toward ‘full compliance.’ [1] This nuanced insight is often missed in industry surveys, yet deserves attention as it reflects VASPs' practical and mindful strategy to adhere to the Travel Rule.

What is a Phased Approach to Travel Rule Compliance?  

A “phased approach” is a strategy that VASPs used to progressively meet their full compliance obligations, taking into account the impact on their users and business. To become regulatory compliant, VASPs must carry out several processes simultaneously. These range from modifying product offerings, implementing new compliance frameworks, updating the user interfaces and APIs their customers interact with, and much more. The situation gets even more complex if the VASP operates in multiple jurisdictions. 

Results from our compliance survey showed that rather than making a sudden leap from non-compliance to full compliance, VASPs are progressively rolling out their compliance initiatives in phases. This year, the adoption of a phased compliance strategy has risen to 31%, up from 18% in 2022 (Figure 2). This indicates an increasing acceptance of the phased compliance methodology among VASPs. Further details can be found in the sections below.

‍

Why are VASPs Embracing a Phased Approach to Travel Rule Compliance?  

Reported reasons VASPs opt for a phased approach to Travel Rule compliance include: 

• The Sunrise period: Fully complying with the Travel Rule during sunrise is particularly difficult for VASPs, as crypto is inherently borderless and international. VASPs based in countries where the Travel Rule is already being enforced will have a hard time being fully compliant; in some instances, they may not be able to send or get a response to a Travel Rule transfer from their counterparty VASP because this counterparty may be based in a jurisdiction where the Travel Rule is not yet enforced.
• Signaling compliance to regulators: Having a clear and well-structured Travel Rule implementation program is appreciated by financial regulators. This approach allows VASPs to refine their processes on their path to full compliance. 
• Meeting local Travel Rule enforcement dates: If a VASP is registered in a jurisdiction with upcoming deadlines, they have to prove compliance whether or not their counterparties are compliant. 

Diving into the staged approach to Travel Rule compliance 

Notabene's yearly State of Crypto Travel Rule report shows a growing intent to adopt the Travel Rule in the cryptocurrency industry, with most VASPs targeting complete compliance by 2023, as evidenced by the data in Figure 1. 

‍

‍

Understanding the meaning of ‘Full Compliance’

The industry's ambition to comply by the end of 2023 underscores its commitment to regulatory alignment and sets 2023 to become the year of Travel Rule adoption. Interestingly, the survey exposes a stark 109% rise in compliance claims, with 20% of respondents now identifying as 'fully compliant,' a significant increase from 13% in 2022. (Figure 1) However, pre-transaction fulfillment has only seen a 50% increase, suggesting some confusion around the interpretation of 'full compliance.' (Figure 1)

‍

The Phased Approach to Compliance Gains Traction

The survey highlights that 19% of VASPs are responding to inbound Travel Rule transfers, even if they aren't initiating their own, and 12% are fulfilling Travel Rule obligations post-settlement. (Figure 2) These actions are viewed as early compliance stages. Moreover, when asked to describe their company's current stance on Travel Rule requirements, only 3% selected "Idle" as their response. This response signifies a substantial 75% decrease from the 2022 survey, pointing to a progressive demystification of Travel Rule compliance within the industry.

‍

‍

Financial Institutions vs. Crypto Businesses Staged Compliance Approach

Survey data reveals a significant contrast between financial institutions (FIs) and crypto businesses in their compliance strategies for the Travel Rule. The approach taken by FIs appears more binary: they are predominantly either fully compliant (36%) or not complying at all (36%). A noteworthy 27% of FIs are at an intermediate stage, only responding to inbound Travel Rule transfers. (Figure 3) This may be attributed to their support for crypto deposits without accommodating crypto withdrawals. 

‍

Crypto businesses, on the other hand, present a more diverse spectrum of compliance stages, with 48% opting for a phased approach. (Figure 3) This could stem from many of these businesses being operational before FATF’s Recommendation 16 extended its reach to their sector.

FI’s, having likely operated under FinCEN’s original Travel Rule, mandated in 1996, may only need to implement the technology to support Travel Rule compliance for their crypto transactions. This stark difference in approach underscores the unique challenges VASPs and FIs face in their compliance journey. Consider reading about the top Travel Rule compliance hindrances in 2023 for more on these challenges.

‍

Notabene's Phased Approach to Travel Rule Compliance: The SAFE Implementation Phases 

To aid VASPs and FIs in their compliance journey, Notabene recently introduced the SAFE Implementation phases. This tiered, customizable approach simplifies compliance, equips customers with valuable analytics, and creates a tailored path based on specific business needs.

The SAFE phases offer the following benefits:

• Minimized Disruption: This phased integration of technical infrastructure mitigates risks and reduces disruption
• Regulatory Navigation: It allows sufficient time to understand the technical, operational, and procedural aspects of the Travel Rule.
• Continuous Improvement: The iterative nature of our method encourages constant learning and adaptation.
• Comprehensive Support: Notabene's Customer Success team provides extensive training and dedicated support.
• Regulatory Confidence: This gradual strategy demonstrates a commitment to regulatory compliance, cultivating trust with regulators.

The SAFE Implementation paves a reliable route toward Travel Rule compliance by emphasizing regulatory deadlines and leveraging data for informed decisions, risk mitigation, and user experience enhancement.

A Breakdown of the SAFE Implementation Phases

Notabene's phased approach for VASPs' Travel Rule compliance comprises four distinct stages, each addressing specific aspects of the adoption process. The phases are:

• Spark: VASPs prepare to send transactions by collecting counterparty VASP data through due diligence, assessing the degree of customer input required for a comprehensive Travel Rule message.
• Amplify: VASPs commence compliance to the greatest extent possible without customer collaboration, sharing originator information with counterparts, and responding to incoming Travel Rule transfers.
• Foundation: VASPs expand compliance by acquiring beneficiary information, conducting sanctions screening, and applying proper AML/CTF controls before transmission to the beneficiary VASP. This stage is standard during the sunrise period.
• Elevate: VASPs utilize verified originator and beneficiary data for informed pre-transaction decisions on both withdrawals and deposits. This phase is fully achievable in a post-sunrise period.

Mapping the 2023 State of Crypto Travel Rule Compliance Survey Data to the Safe Implementation Phases

Data from figure 2 suggests that most VASPs are still in the early stages of compliance, like the Spark and Amplify phases. A considerable number are complying to the best of their ability within the constraints of the sunrise period, aligning with the Foundation stage. Only a minority have achieved full Travel Rule compliance (Elevate.) 

Here's a more detailed breakdown:  

1. VASPs that reported non-compliance with travel rule obligations (34.8%) or post-settlement compliance (11.6%) and those allowing transactions without a Travel Rule message sent to the beneficiary VASP (37.3%) are in compliance stages akin to the Spark or Amplify phases.
2. VASPs fulfilling Travel Rule obligations before blockchain transaction settlement (20.3%) but not awaiting a beneficiary VASP response to process the transaction (22%) or proceeding if no response is received within a specific timeframe (14%) are likely in a compliance stage similar to the Foundation phase.
3. A small portion of VASPs (12% that reported disallowing a transaction unless a beneficiary VASP response is received) would qualify as being in the Elevate stage.
   
   

For a unique look into the Travel Rule compliance journey from the perspective of Notabene’s Customer Success team, head over to our next blog post. In "Overcoming Crypto Compliance Challenges: Notabene's SAFE Implementation Phases in Action," Notabene’s Global Head of Customer Success, Abigail Bryant Spolar, offers valuable insights drawn from her extensive experience guiding VASPs 

{{cta-learnmore2="/cta-components"}}

A Closer Look at CryptoUK’s Travel Rule Working Group and the Upcoming JMLSG Guidance: Insights from the Co-Chair

We are thrilled to announce that Catarina Veloso, Notabene's Senior Associate of Regulatory Affairs, has been appointed as the co-chair of CryptoUK’s Travel Rule Working Group. Catarina shares this esteemed position with Mark Aruliah, Senior Policy Advisor at Elliptic. 

Notabene's Regulatory and Compliance team is taking a proactive role in helping members of the group CryptoUK understand the requirements of the Financial Action Task Force's (FATF) Travel Rule. The Travel Rule has been implemented in the UK through the Money Laundering and Terrorist Financing (Amendment) (No. 2) Regulations 2022 (MLTFR 2022) on July 21st, 2022.

Navigating the FATF's Travel Rule: CryptoUK’s Working Group's Efforts to Educate UK VASPs

The Notabene Regulatory and Compliance team is dedicated to not only educating CryptoUK members about the requirements of this rule but also to engaging with policymakers and regulators to share their insights and perspectives on the topic.

The FATF's Crypto Travel Rule is a regulation that requires certain information to be included with transactions between virtual asset service providers (VASPs). In the case of the UK, the MLTFR 2022 would be the specific set of rules that VASPs, like cryptocurrency exchanges, have to comply with.

Following a 12-month grace period, the Travel Rule will be enforced in the UK from September 1st, 2023. On July 28, 2023, the Joint Money Laundering Steering Group (JMLSG) published a draft Travel Rule guidance that is now up for public consultation. CryptoUK’s Travel Rule Working Group shared insights and feedback with regulators and the JMLSG before publishing this draft. The next order of business for the working group is submitting a response to the public consultation, due on August 25, 2023. 

“Travel Rule compliance entails several new operational challenges for VASPs. And UK VASPs are in a really privileged position to overcome them - the fact that you are able to produce industry-led guidance through the JMLSG is a unique opportunity to have a say on how these challenges should be addressed and to define industry-wide compliance standards” - Catarina Veloso, Senior Associate of Regulatory Affairs - Notabene. 

The JMLSG is a private sector body comprising the leading UK Trade Associations in the financial services industry. They produce Guidance that sets out what is expected of firms and their staff concerning the prevention of money laundering and terrorist financing, which is now being extended to cover the crypto Travel Rule. 

Although the JMLSG Guidance is not legally binding, it is subject to approval by the HM Treasury and is taken into consideration by the FCA when supervising and by courts. Therefore, the JMLSG Guidance will provide a base from which UK VASPs can develop tailored policies and procedures for compliance with the Travel Rule. 

‍

JMLSG’s Draft Guidance on the Travel Rule: What It Means for UK Cryptoasset Businesses

The current draft of the JMLSG Guidance covers essential topics such as: 

📌 Sunrise issue: The Sunrise period is acknowledged as presenting “challenges for CBs dealing with counterparties in jurisdictions where the travel rule has not yet been implemented.” The current draft guidance advises VASPs to take account of any FCA communications on this matter. Just yesterday, the FCA published a statement on precisely this topic. This statement sets expectations for how VASPs in the UK are required to comply with the Travel Rule when sending or receiving a transaction from a counterparty based in a jurisdiction where Travel Rule does not yet apply, as follows:

When sending a cryptoasset transfer to a jurisdiction without the Travel Rule:

• Take all reasonable steps to establish whether the firm can receive the required information. 
• If the firm cannot receive the necessary information, the UK cryptoasset business must still collect and verify the information as required by the Money Laundering Regulations (MLRs) and should store that information before making the cryptoasset transfer.

When receiving a cryptoasset transfer from a jurisdiction without the Travel Rule:

• If the cryptoasset transfer has missing or incomplete information, UK cryptoasset businesses must consider the countries in which the firm operates and the status of the Travel Rule in those countries.
• The UK cryptoasset business should take these factors into account when making a risk-based assessment of whether to make the cryptoassets available to the beneficiary.

 📌 Cross-border transactions: The Guidance clarifies that UK VASPs must follow UK Travel Rule requirements, regardless of whether their counterparty is subject to a different scope of requirements. For withdrawals, the Guidance clarifies that “[w]here the transfer is to a jurisdiction with higher requirements than those required in terms of the travel rule, a CB complies with its travel rule obligations by providing the information as required.”. Similarly, in deposits, “[w]hen there is missing or inaccurate information, the CB of the beneficiary must, when appropriate, request the missing information (regardless of whether the CB of the originator is subject to higher value thresholds in its jurisdiction), and consider making enquiries as to any discrepancies.”. 

 📌 Self-hosted wallet transactions: The Guidance provides more granularity into how VASPs can assess the risk associated with transactions with self-hosted wallets and determine the appropriate follow-up actions.

📌Counterparty discoverability: Acknowledging that it is challenging to discover the counterparty to a crypto transaction (in the absence of global VASP identifiers, equivalent to SWIFT codes in wire transfers), the Guidance suggests reasonable steps that VASPs can take to identify the counterparty and whether a wallet is hosted or unhosted. 

📌Lightning network: JMLSG also covered the specificities of how Travel Rule applies in the context of the Lightning Network, acknowledging that “[t]hose parts of a LN transfer that are intermediate to originator and beneficiary are not in scope of the travel rule even where one or both nodes in the channel are CBs.”

‍

Notabene's Proactive Role in UK Travel Rule Compliance: Regulatory Sandbox Testnets and Guidance for VASPs

Notabene's Regulatory and Compliance team is dedicated to assisting UK VASPs in understanding and complying with their upcoming Travel Rule obligations. 

As part of that effort: 

• We have conducted two testnets as part of the Financial Conduct Authority’s (FCA’s) Regulatory Sandbox with firms such as Ramp, Bitstamp, Wirex, CoinPass, Altalix, Hidden Road, Bitpanda, Custody, Uphold, and Zodia Markets. 
• We published a brief guide that summarizes the Travel Rule obligations set forth in the MLTFR 2022. 

We invite you to join the CryptoUK’s Travel Rule Working Group to be part of the conversation, contribute to the public consultation response, and continue engaging with policymakers and regulators on this topic. 

London, UK - August 17 2023

Over the course of four months, Notabene conducted two tests as part of the Financial Conduct Authority’s (FCA’s) Regulatory Sandbox. Firms that participated in these tests included Compliance Officers from Ramp Network, Bitstamp, Wirex, CoinPass, Altalix, Hidden Road, Bitpanda Custody, Uphold and Zodia Markets in a live testing environment of Notabene’s innovative Travel Rule compliance offering.

As part of the testing sessions, a variety of real-life scenarios were tested on Notabene’s platform. This exercise aimed to allow firms to assess how Notabene’s solution can improve participants’ readiness to comply with Travel Rule requirements, which enter into force on September 1, 2023. Developer teams executed the testnet script via the terminal, enabling virtual asset service providers (VASPs) to test different Travel Rule scenarios on Notabene’s platform against the unique requirements of the UK jurisdiction.

"The opportunity to directly interact with these real-world scenarios is crucial for compliance teams in understanding and responding to the challenges posed by the Travel Rule." - Lana Schwartzman, Head of Regulatory Compliance at Notabene

Through this interactive testing, compliance teams learned how Notabene’s solution helps firms to identify potential workflows, shared testnet learnings, and brainstormed solutions for compliance challenges. Importantly, participants gained first-hand experience with how Notabene’s tool tackles the impact Travel Rule flows will have on blockchain transactions, including how to integrate counterparty sanction screening into Notabene’s platform.

“Participating in Notabene's testing cohort within the FCA's Regulatory Sandbox has been an invaluable experience. The hands-on experience provided us with indispensable insights, allowing our compliance teams to grasp the intricacies of how Notabene will support us in implementing our travel rule obligations and effectively address our compliance needs in advance of the UK's September 1st regulatory deadline.” - Oliver Morgans, Head of Compliance and MLRO at Uphold Europe Uphold Europe Ltd

The testing phase concluded with an in-person roundtable discussion, where VASPs had the opportunity to reflect on Notabene’s test, share their main compliance challenges, network with industry peers, and engage in a dialogue about the cryptocurrency sector.

"We are thrilled to have participated in Notabene's testing cohort as part of the FCA's Regulatory Sandbox. The opportunity to engage with real-world scenarios has been invaluable in helping our compliance team understand and address the challenges posed by the Travel Rule.” - James Dalton, Deputy MLRO, Ramp Network

__

About the FCA’s Regulatory Sandbox

The FCA ’s Regulatory Sandbox allows firms to test innovative offerings in a live and controlled environment. More information on the FCA’s regulatory sandbox can be found here.

The FCA's Regulatory Sandbox helps innovative firms, both incumbents and new players, navigate the regulatory landscape by providing them access to regulatory expertise, enabling product testing, accelerating market entry, and providing guidance, and was established to support the FCA’s objective of promoting effective competition in the interests of consumers. 

For more information about the FCA’s Regulatory Sandbox or other FCA Innovation services, please contact/visit:

[email protected]

fca.org.uk/firms/innovation 

‍

For more information about Notabene, please contact:

[email protected]

‍

About Notabene

Notabene is crypto’s only pre-transaction decision-making platform. Enabling customers to identify and stop high-risk activity before it occurs.

Notabene's SafeTransact platform helps financial institutions and crypto businesses unlock their full potential in the digital economy. With a focus on security, privacy, and end-user experience, Notabene customers can use our multi-source data and software to automate real-time decision-making, perform counterparty sanctions screening, identify self-hosted wallets, and complete the smooth rollout of Travel Rule compliance, all in consideration of global and local regulations.

Notabene is SOC-2 security certified since 2021. Over 90 companies leverage our software to manage real-time regulatory and counterparty risk in virtual asset transactions, including Copper, Luno, Crypto.com, and Bitstamp. Headquartered in New York, Notabene is a global company with presence in Switzerland, Singapore, and the United Kingdom.

Notebene is not regulated or registered with the FCA.

LinkedIn | Twitter

As the decentralized finance (DeFi) sector continues to gain momentum, global regulatory authorities are grappling with effectively overseeing this new frontier in financial services. The Financial Action Task Force (FATF) and the European Union (EU) are formulating their respective approaches to DeFi regulation, focusing on a broad interpretation of the definitions provided in the FATF’s standards and shifting towards an activity-based regulatory approach. The challenge lies in determining which entities within the DeFi ecosystem qualify as Virtual Asset Service Providers (VASPs) and how to apply Anti-Money Laundering (AML) and Counter Financing of Terrorism (CFT) obligations to them.

In a previous post, we covered the FATF’s and the EU’s regulatory stances on NFTs. This article, taken from our 2023 State of Crypto Travel Rule Compliance Report, compares their regulatory stances on DeFi.

What is DeFi

DeFi eliminates intermediaries in financial services by executing transactions via code on blockchains. In 2022, DeFi protocols and applications continued their unprecedented growth, with major asset managers offering DeFi exposure to institutional investors. Retail users continued to flock to DeFi, although there were risks along the way- liquidations surpassed $8.7 million on February 23, and DeFi exploits across blockchains worldwide totaled $3.64 billion in 2022, a rise of 47.4% compared to 2021.

‍

‍

DeFi Legal & Regulatory Spotlight in 2022

Protocol-level sanction action reared its head in 2022. In August 2022, Tornado Cash, an Ethereum-based mixer, was blacklisted by the Office of Foreign Assets Control (OFAC) for its alleged links to the Lazarus hacker group from North Korea. This incident indicates that DeFi protocols will have to comply with sanctions in the future. Additionally, financial regulators released papers highlighting the challenges surrounding DeFi regulation. Below we highlight relevant DeFi events in 2022. N.B. Dates accompanied by a clipboard icon indicate a document that a regulator produced.

• ‍June 8, 2021 📋 - DeFi Policy Maker Toolkit | The World Economic Forum takes the stance that “an effective regulatory response to DeFi is likely to involve a combination of existing regulation, retrofitted regulation, and new, bespoke regulation.” (p.21)‍
• January 5, 2022, Aave Arc, designed to help institutions develop new products and services utilizing digital assets, attracted 30 financial institutions to its whitelist.‍
• April 2, 2022 📋 - European Financial Stability and Integration Review 2022 | The European Commission acknowledged that copying traditional regulatory approaches in a decentralized environment may not be an option. It notes, "Possibly, even more emphasis would need to be put on activity-based regulation as opposed to entity-based one.” 
• ‍April 4, 2022 - Uniswap user forms a class action lawsuit alleging that Uniswap Labs and its investors are culpable for her losses due to a failure to comply with securities laws.‍
• April 13, 2022 📋 - Policy Considerations for Decentralized Finance | Abu Dhabi Global Market expresses the view that “Given that DeFi does not change the underlying nature of financial services, we believe that similar requirements should be placed on DeFi participants as on TradFi participants. (...) However, we recognise that since DeFi changes how financial services are delivered, we may need to impose different obligations on a DeFi activity to achieve the same outcomes as those obligations placed on a TradFi operator.” (p.16-17)
• August 8, 2022 - U.S. Treasury Sanctions Notorious Virtual Currency Mixer Tornado Cash‍
• August 10, 2022 - MakerDAO makes contingency plans to execute an emergency shutdown should core contracts underpinning DAI, its stablecoin, be sanctioned.

‍

Crypto Travel Rule and DeFi

In this section, we will delve into the general stance of the FATF and the EU towards DeFi, examining whether DeFi is currently regulated and the measures being taken to continuously monitor and assess developments in the sector. 

FATF vs. EU: General Stance on DeFi

FATF: The FATF expects countries to determine whether an identifiable person is a VASP within the DeFi arrangement on a case-by-case basis, according to a broad interpretation of the definitions provided in the FATF’s standards.

EU: The European Commission has expressed its view that traditional regulatory approaches may not be a suitable fit for the decentralized environment of DeFi platforms. Instead of relying on entity-based regulation, the Commission is considering a shift toward an activity-based regulatory approach, which may better align with the dynamic and decentralized nature of DeFi.

To implement this approach, the Commission proposes a few access points for DeFi regulation:

• regulating the connections between regulated entities and DeFi platforms
• regulating the features of smart contracts targeting the project team behind the specific DeFi application, and
• utilizing embedded supervision to capitalize on the inherent data transparency offered by public blockchains, making it easier to monitor and oversee DeFi activities.

‍

FATF vs. EU: Is DeFi Regulated?

FATF: According to the FATF, a DeFi software application could not inherently qualify as a VASP. Instead, entities that maintain "control or sufficient influence" over a DeFi protocol should be subject to AML and CFT obligations if they provide or facilitate VASP services. This would apply to entities with an ongoing business relationship with DeFi protocol users, those profiting from the DeFi service, or those with the ability to set or change the parameters of the DeFi protocol.

However, the FATF recognizes that identifying entities with control or substantial influence over a DeFi arrangement can be challenging, and in some cases, a VASP might not even exist. They recommend that countries assess the risks posed by these activities and adopt appropriate risk mitigation measures. ^[1] This could include requiring regulated VASPs to be involved in the activities of the DeFi arrangement if deemed necessary. The FATF also clarifies that holding governance tokens of a DeFi protocol does not automatically qualify someone as a VASP, unless they can control or substantially influence the protocol’s governance. ^[2]

EU: Under MiCA, crypto-asset services that are fully decentralized without any intermediary do not fall within the regulation’s scope. However, if there are natural, legal persons or other undertakings that provide or control, directly or indirectly, a regulated activity or service (i.e., service of exchange of crypto-assets for other crypto-assets or the operation of a trading platform for crypto-assets), even if the service or activity is performed in a decentralized way, it would be subject to the MiCA’s scope. ^[3]

‍

Comparison of FATF and EU Guidelines on When DeFI is Regulated

‍

FATF vs. EU: Continuous DeFi Monitoring and Assessment

FATF: In its Targeted Update, the FATF acknowledges that DeFi markets have grown significantly from 2021 to 2022 and promises to “continue to monitor developments in DeFi, particularly the emergence of truly decentralized DeFi entities, and to facilitate dialogue on common AML/CFT implementation challenges, risk assessment, and good practices.” ^[4]

EU: After consulting with the European Banking Authority (EBA) and the European Securities and Markets Authority (ESMA), the European Commission plans to deliver a series of reports to the European Parliament and Council on the latest crypto-asset developments. These reports, particularly concerning areas not yet covered by existing regulations, may inform potential new legislation.

• Report on the latest developments in crypto-assets, expected by December 30, 2024, is due to include “an assessment of the development of decentralised-finance in markets in crypto-assets and of the appropriate regulatory treatment of decentralised crypto-asset systems without an issuer or crypto-asset service provider, including an assessment of the necessity and feasibility of regulating decentralised finance.” ^[5] 
• Reports on the application of this Regulation, expected by June 30, 2027, shall include “an assessment of the development of decentralised finance in markets in crypto-assets and of the appropriate regulatory treatment of decentralised crypto-asset systems.” ^[6]

As the DeFi sector continues to grow and evolve, regulatory authorities around the world are working to develop effective regulatory frameworks that can address the unique challenges posed by decentralized financial systems. The FATF and EU have proposed different approaches to regulating DeFi, with the FATF focusing on identifying VASPs within the DeFi ecosystem and the EU considering an activity-based regulatory approach. Both organizations will continue to monitor the DeFi sector and assess the risks associated with these activities. The rapid growth of the DeFi sector and the increasing interest from institutional and retail investors make it crucial for regulatory authorities to establish clear and effective regulatory frameworks to ensure the sector's continued growth and stability.

In previous articles in this series, we covered the FATF’s stance on the timing of Travel Rule compliance and shared the critical decision-making points for regulated transactions. We also discussed how the crypto industry struggles with carrying out these steps before the blockchain transaction occurs. SafeTransact, Notabene’s pre-transaction decision-making platform, simplifies this process.

Applying FATF's rules can affect a whole business, as setting up a Travel Rule compliance program will affect many departments and stakeholders. Notabene’s long-standing goal has been to simplify this process, providing a way for VASPs to get started on their Travel Rule compliance journey with minimal effort from their teams. First, let’s revisit the steps that Travel Rule-compliant companies must follow before authorizing compliant crypto transactions on the blockchain:

These pre-transaction steps include:

1. Identifying and sanction screening the transaction counterparty
2. Performing due diligence and assessing risk on the counterparty VASP
3. Exchanging Travel Rule information according to FATF's rules

Despite FATF's recent clarification that these steps must be followed before the transaction, results from our 2023 State of Crypto Travel Rule Compliance revealed that nearly 40% of compliant VASPs do not fulfill their Travel Rule data transmission transmission obligations before the blockchain transaction occurs. With SafeTransact, Notabene is committed to improving this statistic while helping all companies identify illicit transactions before they occur.

‍

SafeTransact: A Suite of Tools for Crypto Pre-Transaction Decision-Making

Notabene’s SafeTransact is the first platform that enables Compliance Officers to identify and stop high-risk activity before it occurs. The Notabene platform offers a secure, holistic view of crypto transactions, enabling our subscribers to:

• automate real-time decision-making
• perform counterparty sanctions screening
• identify self-hosted wallets, and 
• complete the smooth rollout of global Travel Rule compliance in line with international regulations.

‍
Below, we break down SafeTransact's four major components that help VASPs implement pre-transaction decision-making.

‍

1. SafeConnect: Effortlessly Identify, and Screen Counterparties

SafeConnect assists in identifying and screening counterparties in the pre-transaction process, an essential step to safeguard businesses from any potential legal repercussions resulting from transactions with sanctioned entities. Counterparty identification is notoriously challenging, as crypto transactions are usually linked only to a blockchain address.

By incorporating SafeConnect into your system, you can automatically and dynamically gather counterparty identification information from multiple sources; we use a combination of blockchain analytics data, data generated from client activity, and direct inquiries from your customer. This ensures accurate identification and consideration of jurisdictional requirements like thresholds and PII specifications, which can affect compliance workflows.

‍

The Travel Rule compliance solution employs a multi-jurisdictional approach, automatically detecting specific requirements in our client’s jurisdiction, as well as their transaction counterparty’s jurisdiction. The plug-and-play functionality automatically applies relevant regulatory requirements to all transactions. Our product team constantly monitors and updates the criteria in case of any changes so Compliance Officers don't have to.

Further, Notabene aids in counterparty VASP discovery through blockchain analytics and several other methods. VASPs in the Notabene Network can upload their hashed blockchain addresses to expedite mutual discoverability. This allows automatic identification when those addresses are involved in transactions. Additionally, the Notabene Network Discovery features enable VASPs to manage their internal address book.

Lastly, once the transaction counterparty and institution are identified, VASPs can perform risk assessments at the transaction level, which involves sanction screening the beneficiary and originator name, and assessing the blockchain address risk score, by connecting to analytics and screening providers in Notabene's marketplace.

‍

2. Notabene Network: Enhanced VASP Due Diligence and Risk Assessment

Once the transaction counterparty has been checked against sanctions, the due diligence focus turns to the counterparty VASP to assess risk to ensure that the counterparty VASP is a trusted exchange with adequate security standards. In its "Targeted Update on Implementation of the FATF Standards," released in June 2023, the FATF clarified the due diligence responsibilities of VASPs; VASPs must perform due diligence on their counterparties, regardless of their compliance status or the regulatory environment in their jurisdiction.

The Notabene Network hosts the largest selection of VASP profiles equipped with real-time, third-party-verified data. As an added layer of compliance, companies can exchange industry-standard due diligence questionnaires for a more scalable approach to counterparty verification.

‍

3. Notabene Dashboard: Streamlining Travel Rule Information Exchange

Based on the outcome of due diligence checks on transaction counterparty and institution, a Compliance Officer can decide whether to exchange Travel Rule information or block the transaction. The Notabene dashboard, a holistic transaction hub, compiles critical Travel Rule data, enabling easy access and review of all such transactions. Our one-stop-shop dashboard simplifies compliance management by making information more organized and manageable. 

Notabene subscribers can manage incoming and outgoing data transfers, securely store their customer's data for record-keeping, and generate comprehensive reports from the same dashboard. Due to our multi-protocol approach, our clients can send encrypted Travel Rule data transfers to various VASPs, regardless of their compliance status or network protocol. 

Further enhancing the service, the dashboard offers a comprehensive view of all transactions beyond the scope of Travel Rule requirements, providing Compliance Officers with a singular platform to demonstrate pre-transaction decision-making approaches to regulators. It functions as a comprehensive compliance center, allowing approval or rejection of both hosted and self-hosted wallet transfers and connecting those decisions to the blockchain authorization flow.

‍

4. Rules Engine: Automating the entire process

Finally, automating these checks is vital to implementing a complete Travel Rule compliance workflow with minimal impact on transaction latency. Compliance Officers can use our Rules Engine to program and apply compliance controls with various criteria across all transactions.

Thanks to in-app automation, compliance checks, and Travel Rule decisions can be tied with transaction outcomes, allowing Notabene subscribers to control compliance roll-out and workflows from the UI. Our dashboard lets you connect your AML providers, manage your rules quickly, and prevent illicit transactions in real-time.

Conclusion

Notabene's SafeTransact platform is a clear-cut answer to the challenges of meeting the FATF's Travel Rule regulations. SafeTransact tackles the problem of companies not complying with their obligations pre-transaction—an issue for 40% of Travel Rule-compliant businesses. SafeTransact equips VASPs with the tools to assess risk quickly, share information, and perform critical checks, such as identifying and confirming transaction partners while keeping the fast pace of crypto transactions. 

Beyond streamlining crypto regulatory compliances, SafeTransact supports the growth and health of the worldwide digital asset industry by allowing businesses to spot and stop high-risk activities quickly.

Get started today!

‍

‍

{{cta-bookademo="/cta-components"}}

‍

As Travel Rule enforcement deadlines appear left and right, VASPs proactively embed compliance workflows in their day-to-day operations. A wave of Travel Rule compliance consciousness is rippling across the market and within companies, resulting in businesses expanding their operations into multiple jurisdictions. Not only is pre-transaction decision-making now seen as part of the larger compliance and business ecosystem, but the holistic view of the Travel Rule is also gaining ground. To further enable these developments, our product suite and updates focus on enabling much-needed standardization and scalability to the VASP due diligence process and empowering Compliance Officers (COs) with robust data and insights that drive informed decision-making. 

In this post, we share our product roadmap for 2023, highlighting our key achievements thus far and our future plans to further support your compliance efforts. 

Let's dive in!

Product Vision and Strategy

Our mission has always been to enable safe and trusted crypto transactions. To operationalize this, we’ve created the most comprehensive and user-friendly platform for Compliance Officers to gain a holistic view to make the appropriate pre-transaction decisions in regulated crypto transactions. Every feature we designed is grounded in this mission, aiming to simplify the daily tasks related to compliant crypto transactions. 

‍

Let’s take a look back at what we’ve shipped in the first six months of 2023:

‍

- Added five jurisdictions to our platform

Regulatory enforcement is speeding up, and so is our platform. A key trend highlighted in our 2023 State of Travel Rule Compliance Report was that 2023 would be the Year of Travel Rule compliance, an insight proving true.  Regulatory enforcement is accelerating, inspiring proactive compliance efforts among VASPs across multiple jurisdictions such as the United Kingdom, Dubai, Japan, Indonesia, and Hong Kong.

‍

‍

We've added these new jurisdictions to our platform, empowering businesses to adhere to local regulations seamlessly. The plug-and-play functionality automatically applies relevant regulatory requirements to all transactions. Our product team constantly monitors and updates the requirements in case of any changes so Compliance Officers don't have to.

Additionally, we've noticed an uptick in existing customers expanding their Travel Rule capabilities to additional jurisdictions, reflecting their solid commitment to compliance. With multi-entity support, our SafeTransact dashboard facilitates the management of multiple jurisdictions.‍

- Integrated on Fireblocks platform

Travel Rule compliance and pre-transaction decision-making have been recognized as integral parts of a comprehensive crypto compliance stack. Notabene plays a vital role here, providing trust, standardization, and scalability in the VASP due diligence process. Our Fireblocks partnership exemplifies this, as we recently joined forces to offer the industry’s first fully-integrated solution for processing Travel Rule-compliant transactions for institutional customers. Mutual customers can now seamlessly and automatically perform compliance checks on their transactions through their custody providers, with no additional integration needed.

- 117 companies began their Travel Rule compliance journey using SafeTransact

Navigating the global crypto landscape's complexity requires a deep understanding of the ever-evolving regulations in multiple jurisdictions, strategic planning, and meticulous execution.  Each company complies at its own pace—largely dependent upon local regulations or internal risk appetite. Further, implementing a Travel Rule compliance program in a company often involves multiple stakeholders from different departments. Knowing this, we put our heads down to devise a plan to improve our customers' experience along their compliance journey and launched the following features:

• SAFE Implementation phases: This feature provides a guided, phased approach to Travel Rule compliance. Customers securely link their internal systems and practice Travel Rule scenarios before initiating real transactions.

• RoboVASPs: This feature acts as a series of VASPs, automatically responding to send transactions. RoboVASPs provide an automated testing environment for diverse transaction scenarios.
• Enhanced compliance controls: Compliance officers have more control over compliance decisions without tapping into their in-house tech resources. For example, Notabene users can now record reasons for declining crypto transactions based on a comprehensive list of logic defined by compliance experts.

‍

- Added a ‘top 20 counterparties’ view to the dashboard

Notabene customers now have a view of their top 20 counterparties on their dashboard, a feature designed to streamline our customers’ initial due diligence process. After completing the initial integration phase, VASPs can automatically link their blockchain analytics providers to identify and rank top counterparties based on transaction history. 

‍

‍

The feature displays a curated list of these counterparties, complete with essential details like jurisdiction, Travel Rule activity, and reachability. This immediate value-add simplifies the due diligence process, helping customers quickly assess counterparty compliance.

‍

- Enhanced real-time counterparty identification

Network Discoverability is a feature designed to enhance the real-time identification of counterparties for in-network VASPs. By utilizing this tool, VASPs can boost their reachability and reduce end-user friction. 

‍

The system is set up to auto-identify blockchain addresses for both sides of a transaction, ensuring both speed and accuracy. Importantly, all blockchain addresses are securely hashed. Each address is queried individually, ensuring the confidentiality of the entire list. Furthermore, address sharing is reciprocal; they are only exchanged with counterparties who also share theirs. This streamlined approach empowers Compliance Officers to share swiftly, and access VASP blockchain addresses within the Notabene network, significantly optimizing Travel Rule transactions.

‍

- Compliance officers can now set Travel Rule timings without developers

Compliance officers now have the capability to set specific Travel Rule transaction states, such as 'Sent,' 'Confirmed,' or 'Accepted.' When set, a new event is triggered to their webhook, signaling the appropriate time to initiate the actual blockchain transaction. This enhancement addresses feedback from customers who sought guidance on the optimal timing for the corresponding blockchain transactions during the Travel Rule exchange. 

Previously, any change in transaction timing required the involvement of development teams. Now, this feature empowers compliance officers to determine the execution timing of these transactions independently, eliminating the need for developer intervention.

- Self-service API: customers can auto generate their API credentials

Aimed at developers, this tool gives customers the autonomy to auto-generate their API credentials without needing to liaise with Notabene's support team. This accelerates integration processes and facilitates the addition of new jurisdictions. 
‍

‍

Once generated, customers can seamlessly integrate these credentials with our Auth0 endpoint to retrieve tokens for API use. The system provides both the client ID and secret, eliminating any preparatory steps. While the responsibility of managing tokens rests with the users, this feature exclusively pertains to the Notabene API. It empowers users to create transactions from the backend, bypassing our UI directly. API credentials are the gateway to obtaining a token, which authenticates users to access our API.

‍

A look ahead to the updates and features coming in the second half of the year:

‍

{{cta-bookademo1="/cta-components"}}

Each year, as part of our comprehensive State of Crypto Travel Rule Compliance survey, Financial Institutions (FIs) and Virtual Asset Service Providers (VASPs) share their main hurdles in adopting the Travel Rule. This article presents notable shifts in the top challenges, providing valuable insights into the evolving landscape of Travel Rule compliance.

Our 2023 report findings underscore the complexities of Travel Rule compliance; these insights amplify the necessity for a harmonized, global approach to compliance, primarily to address interoperability issues and the identification of counterparty VASPs. Learn more below.

Lack of technical resources becomes the main barrier to compliance

‘Lack of technical resources has emerged as the top hindrance to Travel Rule adoption, overtaking 'legal uncertainty' and 'sunrise period effects', which rank second and third, respectively.

‍

The percentage of VASPs that chose this response as their top roadblock has risen from 23% in 2022 to 27% in 2023. This increase may be due to VASPs having difficulty managing multiple data flows and integrating with various protocols, highlighting the challenge of protocol interoperability for widespread adoption of the Travel Rule. 

Additionally, 72.46% of respondents who identified a lack of technical resources as their primary obstacle to Travel Rule compliance had a personnel headcount below 100, which could also indicate resource allocation challenges. ^[1]

2. Financial Institutions face more technical hurdles in comparison to crypto businesses

When looking deeper into the data, ‘lack of technical resources’ is the top obstacle for Financial Institutions (FIs), with 45% of respondents citing this issue compared to 27% for crypto businesses. ^[2]

‍

The results showcase that FIs tend to take a stricter approach to compliance, with fewer variations in compliance stages. The shortage of resources may not be limited to compliance but may reflect a broader shortage and allocation of resources for launching digital asset products.

3. Legal uncertainty and sunrise period effects remain in the top three hindrances to compliance

'Legal uncertainty,' which the survey defined as ‘being unclear on what is required to comply fully with the Travel Rule,’ was the reported top hindrance to Travel Rule adoption in 2022, but it has fallen to second place in 2023. While it suggests a positive trend, regulators still need to set clear expectations for Travel Rule compliance and make more progress in reducing this hindrance further. ‘Sunrise period effects’ was cited by 19% of respondents as their greatest compliance challenge, highlighting the need for more information and guidance on this issue. [1] You can learn more about the sunrise period and its impact on VASPs and FIs in Chapter 5 of Notabene's 2023 State of Crypto Travel Rule Compliance Report.

4. Rising concern: data privacy

Data privacy has witnessed a noteworthy rise in concern, moving from last place in 2022 to becoming the fourth largest obstacle to Travel Rule adoption (from 4% to 12%) in 2023. (Figure 1) Survey results also revealed that more than half of the respondents do not enforce a counterparty due diligence process before sending a Travel Rule transfer. This is a concerning trend, as a key part of the due diligence process is to assess the data protection capabilities of counterparty VASPs, a process that is critical to mitigating these risks.

The FATF outlines alternative procedures—including the possibility of not sending user information—when there are reasonable doubts about counterparty VASPs' data protection practices. ^[4] Yet, more recent regulatory guidelines, like Hong Kong’s SFC, specifically recommend that Travel Rule solutions “protect the submitted information from unauthorized access using a strong encryption algorithm to encrypt the information during the data submission.” ^[3] 

Notabene uses decentralized identifiers for a privacy-conscious implementation of the Travel Rule. To learn more, dive into our SAFE PII technology that uses encryption, secure escrow methods, and self-managed encryption keys for robust personal data protection. 

5. VASPs call for a global unified approach in Travel Rule communication and reachability

We asked respondents to anonymously share their opinions on the existing Travel Rule protocols in the market and the most relevant criteria for assessing their suitability. We share the common feedback divided by themes below.

6. Lack of Interoperability

One of the most common themes from the responses was the need for a unified global approach to reachability and transmitting Travel Rule messages. Nearly a quarter of the survey respondents (24%) cited interoperability as a current blocker for compliance. In comparison, 20% expressed concern that the availability of “too many” protocols on the market was causing fragmentation and confusion over their needs.*

VASPs and the FATF emphasize how crucial it is for protocols to communicate with one another. The FATF calls on the

‍“...industry to accelerate efforts to strengthen solutions that are global, and can accommodate nuances in requirements across jurisdictions, in line with the expectations of the FATF Standards.” ^[5]

7. Lack of Counterparty VASP Identification

Another common theme was the lack of a universal method for identifying counterparties. Unlike wire transfers, there is no standard method for tying a blockchain address to a specific counterparty. This creates a challenge in assessing transaction obligations and identifying the counterparty that needs to receive the required Travel Rule information. Chapter 5 of our report expands upon this topic.

8. Non-compliance with FATF Standards

Finally, nearly 10% of the respondents expressed concern that protocols are not compliant with the original FATF Travel Rule proposal. This key finding underscores the need for the industry to continue collaborating on common issues and for the private sector to develop global technological tools that can accommodate nuances across jurisdictions.

‍

In June 2023, the Financial Action Task Force (FATF) published a Targeted Update report on the global state of Travel Rule adoption. The report stressed that the Travel Rule must be applied before a crypto transaction occurs. Yet, insights from our study published in April 2023 revealed that nearly 40% of companies reporting compliance are not fulfilling their obligations before the crypto transaction occurs.

In this second installment of a three-part series, we discuss why Travel Rule compliance is a pre-transaction requirement, the current industry compliance gaps. The final article in the series addresses how Notabene's SafeTransact helps VASPs achieve pre-transaction compliance.

‍

FATF’s Pre-Transaction Compliance Requirement

In its June 2023 Targeted Update report on the worldwide Travel Rule adoption, the FATF emphasized the necessity for Travel Rule compliance before the crypto transaction occurs. In the report titled “Virtual Assets: Targeted Update on Implementation of the FATF Standards,” the FATF revealed vital insights on the global enforcement of the Travel Rule, disclosing minimal progress, with three-quarters of surveyed jurisdictions found to be ‘only partially’ or ‘not compliant’ with its requirements for VAs and VASPs.

The report underscored instances of post-transaction compliance as a form of non-compliance. It stressed the urgency of immediately submitting originator and beneficiary information to the Beneficiary VASP or financial institutions before, simultaneously, or concurrently with the transaction. [1] This order of operations facilitates sanctions screening of the counterparty at or before the time of the transaction. It allows VASPs the chance to stop transfers with sanctioned persons or entities.

‍

Key Trends from Notabene’s 2023 State of Crypto Travel Rule Compliance Report

Notabene conducts an annual review to comprehensively assess the virtual asset industry's compliance efforts with FATF’s virtual asset Anti-Money Laundering (AML) guidelines. The 2023 State of Crypto Travel Rule Compliance survey ran from December 2022 to January 2023, covering 69 VASPs and financial institutions globally, and yielded the following results:
‍

‍Increased compliance efforts

^‍

Compared to the 2022 survey, the number of VASPs reporting 'already compliant' doubled, marking a 117% increase (11% in 2023, compared to 23% in 2023).

Limited increase in pre-transaction compliance

Although the number of VASPs reporting 'already compliant' doubled from last year, only 20% of VASPs send Travel Rule information pre-settlement (up by 50% from last year’s 13%).

This data reveals a disparity between assertions and actions, as well as confusion around what‘ fully compliant’ means.

‍

Post-transaction compliance dominates

The study highlights that 37.5% of firms performing Travel Rule meet the requirements only after completing transactions, which goes against the FATF's instructions.

While showing progress, these findings accentuate the need for local regulators to clarify that the Travel Rule is a pre-transaction obligation, a clarification reinforced by the FATF in its June 2023 update.

‍

Balancing Speed and Compliance in Cryptocurrency Transactions: The Challenges of Implementing the Travel Rule

The purpose of the Travel Rule is to ensure that appropriate checks and balances are in place before a transaction is initiated. To fulfill the goals of the Travel Rule effectively, the Beneficiary VASP should have sufficient time to scrutinize the transmitted information. Suppose instantaneous settlements take place without giving the VASP adequate time to react. In that case, it might hinder their ability to conduct essential due diligence tasks, such as matching the beneficiary's name and performing sanctions screening before the funds are received.

In some cases, VASPs might not have enough time to release the funds to the end customer, depending on the systems in place.
‍

Traditional SWIFT payments, characterized by their clearance times that span several days, give banks the luxury of time. They can share data and perform comprehensive checks before the transaction is initiated. This time factor is a significant difference between traditional and crypto transactions. Most cryptocurrency transactions occur instantaneously and are irreversible, leaving little to no room for pre-transaction checks. 

In the context of Travel Rule compliance, this characteristic of crypto transactions poses a unique problem for VASPs. It takes longer for VASPs to develop a compliance strategy that can effectively detect and halt illicit activity without impacting transaction speed or volumes. Therefore, the challenge lies in creating a compliance system that allows for comprehensive pre-transaction checks while still maintaining the speed and efficiency inherent to cryptocurrency transactions.

‍

Notabene’s SafeTransact: Solving Crypto Pre-Transaction Decision-Making

Notabene welcomes the FATF’s clarification that Originator VASPs must submit originator and beneficiary information before or concurrently with the crypto transaction. We’ve designed SafeTransact: The Crypto Pre-Transaction Decision-Making Platform to enable VASPs to Identify and stop high-risk activity before it occurs.

‍

Notabene’s SafeTransact offers a secure, holistic view of crypto transactions, enabling customers to automate real-time decision-making, perform counterparty sanctions screening, identify self-hosted wallets, and complete the smooth rollout of global Travel Rule compliance in line with global regulations.

‍

{{cta-learnmore3="/cta-components"}}

‍

Four years after the Financial Action Task Force (FATF) introduced the Travel Rule for crypto assets,  there has been significant progress in its adoption by virtual asset service providers (VASPs) and jurisdictions. 

However, gaps remain: only dozens of jurisdictions have enforced it, and among those where it is enforced, its adoption by VASPs is often post-transaction and does not meet the full requirements. To address these gaps, FATF launched an action plan with 200+ member states to accelerate the global implementation of the Travel Rule, in February 2023. The G7 also confirmed its commitment to speed up the enforcement of the Travel Rule in May 2023. 

This is the first article in a three part series that discusses the importance of fulfilling Travel Rule obligations before transactions, the pre-transaction decisions a VASP must make to comply, the current industry compliance gaps, and how Notabene's platform can help VASPs achieve pre-transaction compliance.

‍

The Importance of Pre-Transaction Decision-Making in Crypto Transactions

Complying with the FATF's crypto Travel Rule requires that VASPs adopt compliance processes to prevent funds from ending up in the hands of bad actors. That is only possible when the entire process is carried out before the transaction settles on the blockchain, providing a VASP with the ability to take necessary actions if suspicious activity is detected. 

FATF’s Interpretive Note 15-7b explicitly states that Travel Rule compliance solutions must ensure the submission of both originator and beneficiary information immediately or before an on-chain transaction. [1] Furthermore, FATF says why this is critical in Recommendation 16, laying out the different actions that a VASP should consider if suspicious activity is detected with the Travel Rule: 

“Providers in this space must comply with the requirements of Recommendation 16, including the obligation to obtain, hold, and transmit required originator and beneficiary information associated with VA transfers in order to identify and report suspicious transactions, take freezing actions, and prohibit transactions with designated persons and entities.” [2]

Before the Travel Rule was implemented, VASPs had limited means to gauge the ML/FT risk of counterparties. While many VASPs started using blockchain analytics tools to perform pre-transaction checks, it became increasingly evident that suspicious actors could circumvent those checks by creating new wallets. 

‍

‍

The Travel Rule now mandates VASPs to gather, screen, and share originator and beneficiary data before approving transactions above certain thresholds, ensuring transactions only occur with trusted counterparties. VASPs could unwittingly aid transactions to sanctioned individuals or malicious entities without these pre-transaction checks and data exchange.

When the Travel Rule is implemented correctly and carried out pre-settlement, VASPs can use Travel Rule solutions to identify and stop potential illicit transactions before they are settled.

For the first time in crypto history, we can prohibit transactions with unlawful and sanctioned entities and reduce on-chain risk. Compliance with the new anti-money laundering (AML) requirement —the Travel Rule —is the first chance for VASPs to capitalize on pre-transaction counterparty risk management. 

‍

{{cta-learnmore3="/cta-components"}}

‍

What are the Key Pre-Transaction Decisions in a Compliant Crypto Transaction?

Compliant crypto transactions involve several crucial pre-transaction decision-making steps. These steps differ based on whether the transaction is between two VASP-hosted wallets or involves a self-hosted wallet. Below, we dive into both scenarios.

Transactions between two hosted wallets 

For transactions between two hosted wallets, the Originator VASP must perform multiple pre-transaction compliance checks to ensure the transaction details satisfy their compliance process. 

The Originator VASP must tie the results from the Travel Rule decision points to the transaction outcome: to approve or block the transfer or take other actions like filing a suspicious transaction report. In the example above, if all the decision points are in the clear, then VASP 1 would allow the transaction to go through. But if, at any point, there is a cause for concern, the transaction can be blocked from going through or, at the minimum, flagged for further review.

Meanwhile, the Beneficiary VASP must confirm that the Originator VASP and Originator Customer (Alice) are low-risk by carrying out pre-transaction compliance checks before approving or denying the incoming Travel Rule transfer. If anything raises a concern, the Beneficiary VASP must be ready to take action, such as freezing the transaction if the funds were already transferred.

‍

Transactions between a hosted and self-hosted wallet

Contrary to common perceptions, the Travel Rule applies to both VASP-to-VASP and self-hosted transactions. FATF's Updated Guidance [3] brings AML across all transactions, including self-hosted wallets. During transactions with self-hosted wallets, Originator VASPs must collect the beneficiary's name and perform some compliance pre-transaction checks—at minimum. Further de-risking actions such self-hosted wallet ownership proofs are also required in some jurisdictions. 

‍

How Notabene Customers Leverage SafeTransact for Effective Pre-Transaction Decisions

During our yearly study, the 2023 State of Crypto Travel Rule Compliance Report, we found that 37.5% of VASPs reporting to be Travel Rule compliant are fulfilling their compliance obligations post-transaction. Post-transaction compliance does not effectively mitigate risk. 

To address these issues, Notabene has developed SafeTransact, a first-of-its-kind pre-transaction decision-making platform for the cryptocurrency industry that enables VASPs to conduct real-time risk assessments of involved parties before transaction settlement. 

‍

Unlock Effective Pre-Transaction Compliance: Download the Key Takeaways

Ensure your VASP meets the FATF’s Travel Rule requirements with Notabene’s SafeTransact. We've gathered all you need to know about pre-transaction decision making into one document. It covers into the key pre-transaction decisions necessary for compliant crypto transactions and showcases how our SafeTransact platform can help you mitigate risks before they occur.

Download the Guide Now to stay ahead in crypto compliance and secure your transactions against illicit activities.

‍

One of the major challenges in crypto regulation has been to link new categories of assets and services and the legal definitions of what qualifies as regulated assets and services. Non-fungible tokens (NFTs), stablecoins, and decentralized finance (DeFi) remain gray areas subject to evolving regulatory perspectives.

This article, taken from our 2023 State of Crypto Travel Rule Compliance Report, provides a side-by-side comparison of the Financial Action Task Force's (FATF) and the European Union's (EU) regulatory stances on NFTs.

What are NFTs?

NFTs are unique digital assets tokenized on a blockchain and have distinct identification codes, and metadata. Users can trade NFTs for fiat money, cryptocurrencies, or other NFTs based on their value determined by the market and owners. NFTs are challenging to classify and regulate due to their various possible configurations.  The entire crypto market took a hit in 2022, and NFTs were no exception, as noted in the chart below.

NFTs were the subject of several regulatory and legal interventions and initiatives in 2022, ranging from insider trading cases to intellectual property qualifications and advertisement restrictions. By way of example, we provide highlights below. N.B. The dates accompanied by a clipboard icon indicate a document a regulator produced.

NFT Legal & Regulatory Spotlight in 2022

• June 1, 2022 - A former employee of OpenSea (an NFT marketplace) was charged in the first digital asset insider trading scheme with accusations of wire fraud and money laundering.
• June 23, 2022 📋 - The European Union Intellectual Property Office (EQUIPO) clarifies how they classify NFTs, incorporating the term “downloadable digital files” authenticated by non-fungible tokens in Class 9.
• November 29, 2022 - The European Parliament hosted a meeting with NFT and metaverse experts. Industry representatives suggested policymakers regulate use cases rather than technology.
• December 21, 2022 - The UK's Advertising Standards Authority ruled against Crypto.com and Turtle United's NFT advertisements for not disclosing investment risks.

Crypto Travel Rule and NFTs

The FATF and EU have divergent, nuanced perspectives on NFT regulation, including varying. classifications and approaches. The primary distinction revolves around whether an NFT is considered a Virtual Asset (VA), which depends on usage and characteristics. The disparities mainly arise from differences in evaluation criteria and the circumstances determining VA status. The following sections provide an overview of the FATF's and EU's general positions on NFTs as VAs and if they consider NFT-related activities as covered by the regulation. Additionally, we discuss notable developments and essential considerations from the FATF and EU.

FATF vs. EU: General Stance on NFTs

FATF: FATF generally does not consider NFTs as VAs; however, the classification can depend on the nature and purpose of the NFT. It suggests governments evaluate each NFT case-by-case based on its intrinsic characteristics rather than the terminology used in its marketing. 

According to the FATF, an NFT would be classified as a VA if it's used primarily for payment or investment and has features that make it either fungible or not unique, such as the fractional parts of a unique crypto-asset, or if it's issued as part of a large series or collection. [1] 

EU: On the other hand, the EU’s stance, particularly reflected in the MiCA (Markets in Crypto-assets Regulation), maintains that unique crypto-assets like NFTs, digital art, and collectibles are excluded from its scope. [2]

In the EU, the uniqueness of the crypto-asset and the value it brings to the holder, and its non-fungibility determine whether or not it falls within the regulation. Like FATF, the EU encourages authorities to adopt a substance-over-form approach, emphasizing the asset's features over the issuer's designation.

‍

FATF vs EU: Is an NFT a Virtual Asset?

FATF: An NFT is not a VA if used as a collectible rather than for payment or investment. However, it is considered a VA if used for payment or investment or if its unique features become fungible.

EU: In contrast, the EU excludes unique and non-fungible crypto assets, like NFTs, from the VA classification. However, if an NFT's de facto features or uses make it either fungible or not unique, it may be considered a VA.

‍

FATF vs. EU: Are NFT-Related Activities Regulated? 

FATF: In its Money Laundering and Terrorist Financing in the Art and Antiquities Market report, the FATF recognizes that “markets for digital art, non-fungible tokens (NFTs), and art finance service providers all have intrinsic characteristics that expose them to different money laundering and terrorist financing vulnerabilities.” [3] FATF also clarified that NFT platforms that offer NFTs functioning as VAs may be considered VASPs, which the FATF Standards cover.

Factors to consider when assessing the application of AML/ CFT obligations:

1. The nature of the business dealing in NFTs;
2. Their function in practice; and
3. The facts and circumstances of the platform or other person doing business. [4]

EU: Although MiCA generally excludes NFTs, the forthcoming Anti-Money Laundering Directive 6 (AMLD 6) will likely cover companies that provide services related to NFTs.

‍

FATF vs. EU: Noteworthy NFT Developments

FATF: In its Targeted Update 2022, the FATF acknowledges the “rapid development of NFT markets and their functions/forms,” and promises to “continue to monitor this issue and discuss any new implementation issues and country approaches.” [5] 

EU: Similarly, The European Securities and Markets Authority (ESMA) is mandated to publish guidelines on criteria and conditions for the qualification of crypto-assets as financial instruments. The guidelines should also help better understand cases in which crypto-assets that are otherwise considered unique and not fungible with other crypto-assets might be qualified as financial instruments.NFT offerors or persons seeking admission to trading are primarily responsible for the correct classification of the crypto-assets, which the competent authorities might challenge.

‍

Conclusion

As the debate around the regulatory status of NFTs continues, it is clear that the technology is advancing at a pace that challenges existing legal and regulatory frameworks. FATF and the EU have recognized the complex nature of NFTs and their potential risks. Their nuanced approach reflects a careful and ongoing analysis of how these unique digital assets fit within the broader financial system.

While these organizations may differ in their current views on whether NFTs qualify as Virtual Assets, there is an alignment in the principle of evaluating NFTs on a case-by-case basis, considering their intrinsic characteristics and practical uses. This approach signifies a move towards a substance-over-form philosophy in regulatory practices.

‍

{{cta-learnmore6="/cta-components"}}

[Originally posted by Copper.co, see here]

Copper is pleased to announce it has partnered with Notabene to help its institutional clients adhere with the Travel Rule in their local jurisdiction. 

In 2019, the Financial Action Task Force (FATF) released a set of recommendations for combating money laundering. In recommendation 16, it covered digital assets, stating that they now came under the purview of Travel Rule requirements. This means digital assets transfers must be checked and verified to combat money laundering, terrorist financing and other illegal activities. 

Notabene, founded a year later in 2020, has provided a pre-transaction decision-making platform for crypto Travel Rule compliance to address this requirement for digital asset firms involved in trading activities. Headquartered in New York, Notabene is a global company with a presence in Switzerland, Singapore, Germany, and the UK. 

Since being founded in 2018, Copper, a SOC2 Type 2 certified company with a registration in Switzerland, has been setting the standard for institutional digital assets by offering custody and collateral management of digital assets. Underpinned by multi-award-winning technology, Copper has built the comprehensive and secure products and services required to safely custody and trade cryptocurrencies and other digital assets such as tokens and stablecoins. At the core of Copper’s infrastructure is ClearLoop, which enables clients to trade and settle in near real time across multiple exchanges, while mitigating counterparty risk and increasing capital efficiency

Regulatory adherence, although vital for safe and legally compliant financial systems, can be burdensome for digital asset firms especially given the space's relatively nascent regulatory frameworks across the world that can be confusing for those without extensive subject knowledge. 

Notabene works by providing a platform-agnostic data layer that allows transactions to be screened and counterparties to be verified before they are executed. Notabene provides data from multiple sources and uses software to automate decision-making, perform counterparty sanctions screening and VASP due diligence, identify self-hosted wallets, and adhere to Travel Rule compliance in accordance with global and local regulations. 

Integrating Notabene with Copper will be a significant step in enhancing Copper's transactions to bring us in line with the growing importance in Travel Rule compliance. In addition to Clear Loop and its English Law trust structure to back client collateral, Copper has partnered with some of the largest digital asset exchanges and service providers on the market, using its award-winning MPC custody solution and robust account management structures to mitigate counterparty risk. 

Unlike many of its competitors, Copper uses a 2 of 3 signing quorum for transaction verification, as opposed to 3 of 3, adding additional flexibility for client access. This flexibility is also applied to full compatibility to account structures, which can incorporate different wallet temperatures, such as hot, cold and warm to configure to different clients' needs. 

Integrating Notabene's automated Travel Rule compliance solution to Copper's compliance  stack will help to form part of the firm's wider offering and aid Copper in its mission to set the institutional standard for digital assets. 

According to a recent report by Notabene, 83% of its survey participants said they planned to be Travel Rule compliant by the end of 2023. Due to the global nature of digital assets, consistent Travel Rule compliance is vital to ensure there is a standard framework when transferring assets across borders. Although digital assets live on blockchains hosted online, monitoring which jurisdictions they are traveling between is important to bring digital assets into line with other asset classes. 

An increasing number of jurisdictions have brought in Travel Rule regulations for digital assets, including Japan, Singapore, Switzerland, Germany, Dubai, and the US. The UK, Portugal and Hong Kong are also set to enforce the Travel Rule later this year. 

Notabene will operate automatically under the hood, so there will be minimal impact on Copper's clients in their day-to-day activities and transactions. The platform is fast becoming the standard go-to solution for digital asset firms, with Copper joining a growing list of other firms to ensure compliance with Travel Rule requirements. 

Steve Strickland — Chief Compliance Officer, Copper, said:

"In the spirit of cooperation and innovation, we are thrilled to announce an exceptional relationship with Notabene, an industry-leading Travel Rule solution provider. Together, we will look to redefine the parameters of compliance by combining the strength of our technology and regulatory expertise to deliver secure and transparent transactions. As pioneers in the digital asset industry, we aim to forge a lasting bond that gives our clients an efficient means of implementing Travel Rule compliance. With the shared vision of Copper and Notabene, we unlock new possibilities and shape a future where compliance becomes a catalyst for growth and success.”

Pelle Braendgaard — CEO, Notabene, said:

“We are thrilled to announce our collaboration with Copper, as we jointly address the crucial compliance challenge of the Travel Rule within various jurisdictions. This collaboration highlights the significance of conducting thorough VASP due diligence and the importance of transacting with trusted and compliant counterparties. Through the seamless integration of Notabene's automated pre-transaction decision-making compliance solution into Copper's robust technology stack, Copper is reinforcing its comprehensive service portfolio and propelling itself towards setting the gold standard for institutional-grade digital assets”.

‍

– ENDS –

‍

About Copper

Since being founded in 2018, Copper, a SOC2 Type 2 certified company with a registration in Switzerland, has been setting the standard for institutional digital asset by offering custody and collateral management of digital assets. Underpinned by multi-award-winning technology, Copper has built the comprehensive and secure products and services required to safely custody and trade cryptocurrencies and other digital assets such as tokens and stablecoins.

At the core of Copper’s infrastructure is ClearLoop, which enables clients to trade and settle in near real time across multiple exchanges, while mitigating counterparty risk and increasing capital efficiency.

‍LinkedIn | Twitter

‍

About Notabene

Notabene is crypto’s only pre-transaction decision-making platform, enabling customers to identify and stop high-risk activity before it occurs.

Notabene’s SafeTransact platform helps financial institutions and crypto businesses unlock their full potential in the digital economy. With a focus on security, privacy, and end-user experience, Notabene customers can use our multi-source data and software to automate real-time decision-making, perform counterparty sanctions screening, identify self-hosted wallets, and complete the smooth rollout of Travel Rule compliance, all in line with global and local regulations.

Notabene has been SOC-2 security certified since 2021. Over 85 companies leverage our software to manage real-time regulatory and counterparty risk in virtual asset transactions, including Luno, Crypto.com, and Bitstamp. Headquartered in New York, Notabene is a global company with a presence in Switzerland, Singapore, Germany, and the United Kingdom.

‍LinkedIn | Twitter

Today, the Financial Action Task Force (FATF) released its fourth annual report on Virtual Assets and VASPs. The report, “Virtual Assets: Targeted Update on Implementation of the FATF Standards” (“Targeted Update 2023”), is based on a voluntary survey that collected responses from 151 jurisdictions, the FATF’s Virtual Assets Contact Group meetings, private sector consultations, including Notabene's participation, and results from FATF’s mutual evaluation reports. Section 2 of the Targeted Update is dedicated to the Travel Rule, focusing on the progress in its adoption and ongoing implementation challenges, including issues with compliance tools.

This article walks you through the key Travel Rule highlights. 

‍

Key Travel Rule Takeaways

‍

How many jurisdictions have implemented vs. enforced the Travel Rule?

The FATF reports that jurisdictions have made insufficient progress in implementing the Travel Rule and urges countries to urgently introduce the required legislation/regulations and operationalize Travel Rule compliance through supervision and enforcement.

Below we illustrate several key data points shared by the FATF to substantiate their findings.

Figure 1 above contrasts the count of jurisdictions that have enacted the Travel Rule with those still adopting it, compared to the survey results from the Targeted Update (2022).

Figure 2 illustrates the progress of jurisdictions on the Travel Rule. It shows the number of jurisdictions that have passed or are adopting legislation for the Travel Rule (62) versus the number of jurisdictions actively enforcing compliance with the Travel Rule (13). 

Relevantly, more than half (54%) of the survey respondents have not taken any steps towards Travel Rule implementation, and even among the jurisdictions that did pass relevant legislation, only a small minority (21%) has “issued findings or directives or taken enforcement or other supervisory actions against VASPs focused on Travel Rule compliance.” 

The FATF also stresses that the lack of progress is particularly concerning given that Travel Rule compliance requires intra-VASP and cross-border collaboration and, hence, its “effectiveness depends on consistent, global implementation and enforcement.”

‍

The ‘Sunrise Period’ is highlighted as a persistent issue

The Travel Rule, like the sun, rises at different times worldwide. The “sunrise period” refers to when the Travel Rule is not in full effect across jurisdictions. As revealed in Notabene’s 2023 State of Travel Rule Report, ‘Sunrise period effects’ continues to be one of the top 3 hindrances to the implementation of the Travel Rule: 19% of respondents cited it as their greatest compliance challenge. 

The FATF validates these concerns by stating that “Until all VASPs are required to implement the Travel Rule, VASPs operating in or from jurisdictions with Travel Rule obligations will continue to face challenges executing all covered transactions in a compliant manner.” ^[1]

‍

In most countries, domestic VASPs must transact with regulated and/or Travel Rule-compliant counterparties or must otherwise mitigate risks.

The FATF provides interesting insights into how jurisdictions are currently handling the sunrise issue and, more generally, the ability to transact with counterparties. As seen in Figure 5 below, allowing for a grace period for Travel Rule compliance or permitting a phased approach to implementation are still common practices. 

Survey data reveals that while 47% of countries enforce measures to ensure that domestic VASPs transact with regulated or Travel Rule-compliant entities or mitigate risks associated with VASPs that lack AML/CFT obligations (see measures highlighted in blue in the chart below), a substantial 26% of jurisdictions still allow VASPs to transact regardless of licensing status, Travel Rule compliance, or risk mitigation measures.

This aspect is closely connected to VASPs’ counterparty due diligence obligations, which we explore in the following section. 

‍

FATF clarifies that counterparty VASP due diligence must be carried out independently

Performing due diligence on the counterparty is an essential component of Travel Rule compliance. Even in countries where VASPs are allowed to transact with any foreign VASPs, regardless of licensing/registration status, Travel Rule compliance, or risk mitigation measures, the FATF clarifies that the private sector needs to take additional risk mitigation measures “to avoid submitting customer data to inappropriate counterparties.” ^[2] 

As reported by the FATF, counterparty due diligence is one of the reasons cited for resisting Travel Rule interoperability efforts: “the rationale is that compliance tool providers may screen users of their tool to ensure adequate data protection controls or even a level of counterparty due diligence, and therefore consider that allowing information sharing only between tool users (i.e., no interoperability).” ^[3]

However, the FATF clarifies that “VASPs are required to independently assess counterparty risk” and that this approach—taken primarily by closed Travel Rule networks—“does not remove the need for VASPs to independently verify the information and ensure all relevant domestic obligations are met.” ^[3] 

‍

{{cta-learnmore10="/cta-components"}}

‍

Report insights: counterparty due diligence challenges

VASPs still face challenges in performing due diligence on their counterparties. According to the FATF, these challenges are associated with three main reasons:

1. Subsistence of unregistered/unlicensed VASPs
   The FATF reports that only 30% of assessed jurisdictions require VASPs to be licensed or registered) and increased difficulty in obtaining information about these institutions to properly assess whether they are tied to illicit actors or sanctioned persons and the VASP’s AML/CFT compliance level.
2. Lack of public information about licensed/registered VASPs
   E.g., through a database or public register of licensed/registered VASPs.
3. Insufficiency of information available in some Travel Rule compliance tools.
   Some tools are only able to identify counterparties that are subscribers to that particular tool. ^[4] 

To counter the second issue mentioned above, FATF encourages jurisdictions to “maintain and publicise information on VASPs that are registered or licensed in their jurisdiction.” ^[4] The third issue pointed out by the FATF is mainly associated with closed Travel Rule networks. In such systems, VASPs are only able to identify and reach VASPs that are part of the same network, creating a Travel Rule compliance gap. 

The insights shared in Notabene’s 2023 State of Travel Rule Report corroborate the fact that VASPs struggle with counterparty due diligence, as 52% of respondents reported sending Travel Rule transfers to all VASPs without applying any criteria or counterparty due diligence process. 

‍

FATF clarifies that the Travel Rule is a pre-transaction requirement

In its 2023 Targeted Update, FATF dedicates a section to Travel Rule compliance tool shortcomings. The FATF highlights two main issues: the unsuitability of some existent tools to fully comply with FATF standards and the limited interoperability between solutions.

 In this context, the FATF urges:

Jurisdictions to 

1. Engage with VASPs to promote “the adoption of Travel Rule compliance tools that meet all the FATF requirements”; ^[5] 
2. In case shortcomings in Travel Rule compliance tools persist, alert VASPs of non-compliant tools operating within the jurisdiction and remind VASPs only to use compliance tools that meet the FATF requirements and/or take supervisory or enforcement action as appropriate. ^[6] 

VASPs and Travel Rule compliance tool providers to:

1. Review Travel Rule compliance tools to ensure they fully comply with the FATF requirements; ^[7] 
2. Rapidly address any shortcomings; ^[7] 
3. Improve the interoperability of Travel Rule compliance tools globally. ^[7] 

‍

FATF gives examples of shortcomings in available Travel Rule compliance tools

‍

“Many of the compliance tools fall short of the FATF Standards” ^[8] 

Table 2.1 provides “Examples of shortcomings in available Travel Rule compliance tools,” which provides much-needed clarity on what constitutes a compliant Travel Rule implementation.

For FATF's examples of non-compliance, please refer to the table below. 

‍

It is worth highlighting that the FATF clarifies that Travel Rule is a pre-transaction requirement; hence any implementations of post-transaction information transmission fall short of FATF standards.

FATF provides its reasoning below:

“To comply with their freezing obligations in practice, VASPs must submit Travel Rule information in sufficient time for both institutions to conduct sanctions screening, identify any designated persons/entities, and freeze funds before any sanctioned actor can access or dissipate the funds.” ^[8]

‍

This is particularly relevant given the specific characteristics of virtual asset transactions: settlement is immediate and irreversible; hence, only pre-transaction actions can effectively mitigate risk. 

Additionally, the FATF clarifies that the Originator VASP is required to transmit information about the originator and the beneficiary customer. Hence, Travel Rule implementations where the Originator VASP obtains beneficiary customer information from the Beneficiary VASP also fall short of FATF standards. 

‍

FATF calls out the limited interoperability among Travel Rule compliance tools

“There is only very limited interoperability among Travel Rule compliance tools.” ^[9]
- FATF, "Targeted Update 2023,” paragraph 29

The FATF highlights that interoperability between Travel Rule compliance tools limits VASPs’ ability to send Travel Rule information to all counterparties and increases compliance costs for VASPs that have to integrate with multiple tools. 

The report also states that there was limited progress in the past year to improve interoperability while acknowledging that some “industry participants are developing Travel Rule compliance tool aggregators to provide broader coverage amongst VASPs using different tools.” ^[10]

This is the case of Notabene: Notabene's Travel Rule product is the first protocol-agnostic solution and allows VASPs to connect to an open global network of 400+ reachable VASPs to securely exchange data transfers across jurisdictions. To address cases where the counterparty is part of a closed network that the VASP does not participate in, Notabene built a Travel Rule protocol agent that standardizes the connection to different protocols.

Finally, the FATF “urges the private sector to progress towards interoperability, whether through technological advancements that allow interoperability between tools or by developing relationships that permit transactions to be made through a chain of interoperable tools.” ^[11] 

‍

FATF provides guidance on how to assess the suitability of a Travel Rule solution provider

The Targeted Update includes a list of “guiding questions that VASPs should ask to determine whether potential Travel Rule compliance tools will comply with all FATF requirements.” ^[12]

Below, Notabene proactively gives answers to these questions:

‍

‍

Next steps

In addition to the above takeaways, FATF’s Targeted Update 2023 also includes updates regarding the overall adoption of Recommendation 15 and the evolving risks of DeFi and peer-to-peer transactions. FATF will continue outreach, identification, and publication of implementation steps, sharing of findings and experiences, engagement with member countries and the private sector, and conduct a further review by June 2024. The FATF and VACG also monitor developments relating to DeFi and self-hosted wallets, including peer-to-peer transactions. 

Last week, Hong Kong’s Securities and Futures Commission (SFC) concluded its consultation on the regulation of virtual asset trading platforms and has gazetted its’ AML/CTF Guideline for SFC-licensed VASPs, which sets forth Travel Rule obligations in the country. 

In two blog posts, we covered vital Travel Rule compliance takeaways in the update. Part I covered the entry into force, information transmission obligations, pre-transaction requirements, and self-hosted wallet obligations. The final part II will cover obligations for Intermediaries, Travel Rule solution requirements, how to handle deposits, and more.

Key Travel Rule Takeaways

‍

1. The SFC gives clear instructions on how to evaluate a Travel Rule solution provider.

See how Notabene performs:

‍

‍

2. Intermediary institutions must retain and transmit all relevant originator and recipient information and perform due diligence on other VASPs

Travel Rule flows often involve Intermediary VASPs. It is important to understand your obligations if you qualify as an Intermediary or when you interact with one. The definition and requirements for Intermediary VASPs vary from country to country. The SFC’s Guidance laid out clear requirements for Intermediary VASPs:

• Intermediary institutions involved in a virtual asset transfer must hold onto (retain) all the necessary information about the people involved in the transaction (the sender and receiver). 
• The intermediary institution must also verify (undertake due diligence measures) the identity and legitimacy of the ordering institution and any other institutions involved in the transfer.
• Just like the Originator, the intermediary institution must forward the required information to the next Intermediary VASP or the Beneficiary VASP receiving the funds, following the guidelines in specific paragraphs of the regulation. ^[2]
  
  

Watch our on-demand webinar “Everything Intermediary VASPs Need to Know About The Travel Rule” to learn more. 

‍

3. Beneficiary and Intermediary VASPs must have procedures for identifying and managing incoming transfers with missing information.

For transactions involving virtual assets of at least KRW 8,000, the Beneficiary VASP should confirm the recipient's identity if it hasn’t been previously verified as part of its CDD process. They should also confirm whether the recipient’s name and account number obtained from the institution from which it receives the transfer instruction match the recipient information verified by it and take reasonable measures as set out in paragraph 12.11.24 where such information does not match. ^[3]

Beneficiaries and intermediaries must have procedures for identifying and managing incoming transfers that don't provide enough information about the sender or receiver. The procedures include:

• Measures (such as real-time or post-event monitoring) to identify transfers that lack required information.
• Risk-based policies to decide whether to carry out, delay, stop, or return a transfer that lacks required information or, in some instances, return the assets to the sender. They should also determine suitable follow-up actions. ^[4]
  
  

Regarding the suitable follow-up actions mentioned above, if the Originator VASP doesn't provide all the required information about the virtual asset transfer, the Intermediary or Beneficiary VASP should try to get the missing details as quickly as possible. If they can't get this information, the receiving institution should consider limiting or ending their business relationship with the Originator VASP for future transfers or take reasonable steps to reduce the risk of money laundering or terrorist financing. ^[5] 

‍

In conclusion, the Hong Kong Securities and Futures Commission's recently gazetted Guidelines on Anti-Money Laundering and Counter-Financing of Terrorism provide clarity and guidance for the region's Virtual Asset Service Providers (VASPs). This development reemphasizes the importance of adhering to the Travel Rule and underlines specific responsibilities for all entities involved in virtual asset transactions, including intermediary institutions and Beneficiary VASPs. 

Notabene, a key player in the field, showcases how it meets and often exceeds these regulatory requirements with its comprehensive suite of solutions. While navigating the evolving landscape of digital asset regulation remains complex, such guidance offers a roadmap for compliance, promising safer and more secure virtual asset transactions. As the industry matures, the dialogue between regulators and the regulated will continue to foster a robust and compliant virtual asset ecosystem.

Today, Hong Kong’s Securities and Futures Commission (SFC) concluded its consultation on the regulation of virtual asset trading platforms and has gazetted the "Guideline on Anti-Money Laundering and Counter-Financing of Terrorism (For Licensed Corporations and SFC-licensed Virtual Asset Service Providers)" which sets forth Travel Rule obligations. The SFC received 152 written submissions from the industry, including one from the Notabene, submitted by our Regulatory and Compliance team.

In a series of two blog posts, we will cover key Travel Rule compliance takeaways. Part I covers the entry into force, information transmission obligations, pre-transaction requirements, and self-hosted wallet obligations. Part II will cover obligations for Intermediaries, Travel Rule solution requirements, how to handle deposits, and more.

Key Travel Rule Takeaways

‍

1. Hong Kong VASPs are required to comply with Travel Rule obligations from June 1, 2023

On June 1, 2023, significant progress is expected to be achieved in the adoption of the Travel Rule in the APAC region. Both Hong Kong and Japan will require Virtual Asset Service Providers (VASPs) to begin complying with Travel Rule requirements. This milestone holds great importance as more than 80 crypto firms from mainland China and other countries have expressed interest in establishing a presence in Hong Kong, bolstering the city's ambition to become a leading hub for Web3 technologies.

In addition, European VASPs are gearing up for a busy summer, with the implementation of the Travel Rule in Portugal on July 15 and in the United Kingdom on September 1. These developments indicate a growing global trend toward enhancing regulatory oversight and anti-money laundering measures within the cryptocurrency industry. 

Get in touch with Notabene and start a fast and straightforward rollout of the Travel Rule through our SAFE Implementation Phases. 

‍

‍

2. VASPs are required to transmit information for all transactions, with a limited scope of information required for transactions below HKD 8,000

Hong Kong reinforces the APAC trend of requiring Travel Rule information transmission regardless of transaction amount while allowing a more limited scope of information to be transmitted for transactions below HKD 8,000. 

‍

Originator VASPs are required to obtain, record and transmit to the Beneficiary VASP the required originator and beneficiary information, as follows: ^[1]

‍

Travel Rule information transmission obligations in Hong Kong 🇭🇰

Notabene helps VASPs comply with Travel Rule requirements globally by embedding information transmission requirements in our transaction validation system. By integrating with Notabene, Hong Kong VASPs can easily validate transactions against Notabene’s embedded jurisdictional rules and ensure that all the required information - considering the transaction amount - is included in the Travel Rule message.  

‍

3. Travel Rule obligations must be fulfilled pre-transaction

‍

The originator VASP must submit the required Travel Rule information to the Beneficiary VASP before or when the virtual asset transfer is conducted. [2]

‍

According to Notabene’s 2023 State of Travel Rule Report, 37.5% of companies reporting to be Travel Rule-compliant fulfill requirements post-transaction, which does not align with the FATF’s pre-transaction requirements nor with the requirements in Hong Kong. In fact, 11.6% of respondents to our survey fulfill Travel Rule obligations only after the settlement of the corresponding blockchain transactions, up from 7% in the previous report, representing a 51% increase since last year. While this demonstrates progress, it highlights the need for jurisdictions to clarify that the Travel Rule is a pre-transaction obligation. 

Notabene welcomes the clarification by the SFC that Travel Rule compliance needs to be performed pre-transaction. This is particularly important given the specific characteristics of virtual asset transactions: settlement is immediate and irreversible; hence, only pre-transaction actions can effectively mitigate risk.

Through our partnership with Fireblocks, Notabene offers the first fully integrated solution between custody and the Travel Rule, allowing VASPs to smoothly tie Travel Rule compliance and transaction settlement. 

‍

4. Account ownership verification is required when transacting with self-hosted wallets and higher-risk VASPs

Hong Kong joins Singapore 🇸🇬, Switzerland 🇨🇭, Germany 🇩🇪 and the European Transfer of Funds regulation in requiring VASPs to verify the customers’ wallet ownership when transacting with self-hosted wallets. Notabene helps VASPs comply with these requirements by providing a self-hosted wallet identification tool, allowing customers verify the ownership of the self-hosted wallet before transacting.

‍

The novelty of Hong Kong’s approach is requiring that same verification when transacting with VASPs that present higher ML/TF risks. In these cases, the VASP must verify that the customer owns or controls the account maintained with the higher-risk VASPs by obtaining, for instance, a statement of account. ^[3]

‍

The move by Hong Kong’s SFC to tighten regulations on VASPs demonstrates a rising trend toward greater clarity in global Travel Rule guidelines. As part of these regulatory changes, Hong Kong VASPs must comply with Travel Rule requirements from June 1, 2023, affecting VASPs across the region. Given the growing interest from numerous crypto firms to establish their presence in Hong Kong, this has significant implications.

Notabene’s role in this landscape is paramount, offering the industry’s only pre-transaction decision-making solution that ensures seamless compliance with these regulatory measures. Our service, which includes an integrated solution between custody and the Travel Rule and a self-hosted wallet identification tool, has the potential to significantly streamline the process of regulatory compliance for all VASPs, particularly in Hong Kong.

Click here to read part two.

Notabene, the crypto pre-transaction decision-making platform, has announced the launch of SAFE Implementation phases for a fast and straightforward rollout of the Travel Rule. The new launch is the latest addition to Notabene’s comprehensive compliance solution and underscores our continued commitment to enabling secure, trusted crypto transactions.

Crypto businesses or VASPs (Virtual Asset Service Providers) are required to comply with the Financial Action Task Force’s (FATF) Travel Rule, which mandates that certain identifiable information be shared between institutions before crypto transactions over a certain threshold. While compliance with the Travel Rule is crucial to operating in the crypto industry, many companies have faced challenges in implementing it effectively, largely due to the unclear nature of the regulation and the differences in timelines and requirements for jurisdictional rollout.

In Notabene's 2023 State of Crypto Travel Rule Compliance Report, legal uncertainty was cited by nearly a quarter (22%) of respondents as the main hindrance to compliance, which has caused the industry's progress to stall. As the rollout of FATF’s Travel Rule has been inconsistent globally, compliance officers are facing the difficult decision of when and how to implement travel rule requirements with minimal impact on transaction flow. This is why Notabene is offering a phased implementation process that simplifies operational risk and provides analytics to guide you through your Travel Rule rollout.  

‍

What is SAFE implementation?

SAFE Implementation enables customers to meet regulatory guidelines and evolve their own risk-based approach and needs over time - with the first phase requiring less than a week with only minimal technical integration. Furthermore, as part of the implementation phases, Notabene's SafeTransact platform provides industry-unique support for multiple legal entities. This makes it easier for you to expand seamlessly into multiple jurisdictions without worrying about complex legal and compliance issues.

These implementation phases demonstrate how the Travel Rule would affect your transaction flow today and what steps to take toward full compliance. Phasing Travel Rule rollout in this way allows companies to connect their internal systems before sending real transactions, with only minor technical changes needed, and gradually manage when to start sending and responding to transactions based on your own data. Working with the Notabene team, you can take a step-by-step approach to Travel Rule compliance or go straight to full compliance, depending on your jurisdictional requirements.

‍

How to use SAFE Implementation?

Each phase comprises required and optional actions, which compliance and technical teams can prioritize depending on their use case and timeline. Once you have completed the required tasks in each phase, you will progress to the next stage.

Our phased Travel Rule rollout plan has been thoroughly designed and optimized to ensure easy and fast integration. This means your team can be up and running quickly, with minimal effort. You can save additional resources and streamline your operations by leveraging our existing integrations with leading custodians, MPC wallets, and blockchain analytics providers. 

‍

Get started with Travel Rule today

If you're just getting to grips with Travel Rule compliance, our free SafeTransact-Rise plan is the best place to start. You can start using our platform without any integration required and begin enjoying the benefits of our advanced compliance features. With SafeTransact-Rise, you can take the first step towards ensuring that your business fully complies with Travel Rule regulations without any upfront costs or commitments.

The SAFE implementation phases for Travel Rule are just one of many features Notabene offers to help customers comply with regulations. We understand that regulatory compliance is a complex and ever-evolving issue, and we are committed to providing our customers with the tools and expertise they need to stay ahead of the game. Our team of experts is always available to answer any questions about regulatory compliance, and we are constantly updating our solutions to ensure that they meet the latest regulatory requirements.

‍

{{cta-bookademo="/cta-components"}}

NayaOne welcomes Notabene to the NayaOne Marketplace, making Notabene's pre-transaction decision-making platform accessible to NayaOne’s customers. This will benefit financial institutions that are seeking to improve their ability to automate real-time decisions, comply with the Travel Rule, perform sanction-screening of counterparties, and more.

Notabene's solution helps financial institutions and virtual asset service providers (VASPs) comply with regulatory requirements related to cryptocurrency transactions. Banks that offer cryptocurrency-related services, such as buying, selling, or exchanging virtual assets, are considered VASPs and are subject to regulatory guidelines set by the Financial Action Task Force (FATF) and other regulatory bodies. Notabene's platform can help VASPs, including banks, meet these guidelines by providing them with features such as:

1. Compliant transactions: Notabene provides a unified transaction risk management platform for complying in real-time with Travel Rule, self-hosted wallet requirements, and counterparty sanctions Screening.
2. Counterparty due diligence: SafeTransact provides customers with data and tools to perform ongoing due diligence and risk assessment on counterparty financial institutions or VASPs.
3. Intelligent Insights: The Notabene platform brings together transactional-level data on counterparties and transactions to enable fully informed compliance decisions and transactions with only trusted counterparties.

By using Notabene's solutions, banks can ensure compliance with regulatory requirements related to cryptocurrency transactions and mitigate the risk of potential legal and financial fines. Additionally, a compliance platform like Notabene can help banks streamline their compliance efforts, reduce costs, and improve transparency and security in the cryptocurrency industry.

Lauren Nichols, Head of Business Development at Notabene, “We are pleased to announce our partnership with NayaOne. As the go-to partner for Travel Rule compliance, we look forward to working alongside them to help financial institutions understand the complex world of crypto risk, enabling more people to participate safely and confidently. NayaOne's innovative approach is also noteworthy; by introducing the latest tools in an easy and seamless way, they make it easier for institutions to stay on top of regulatory requirements through its Digital Transformation Platform.”

Oli Platt, Product and Marketplace Manager at NayaOne,  “It's great to see Notabene available on the NayaOne Marketplace. Their Travel Rule compliance solution will help financial institutions understand the complex world of crypto risk, enabling more people and businesses to transact safely and confidently with crypto assets. This will support digital assets and RegTech use cases for our clients!”

‍

-ENDS-

About Notabene

Notabene is crypto’s only pre-transaction decision-making platform, enabling customers to identify and stop high-risk activity before it occurs.  

Notabene's SafeTransact platform helps financial institutions and crypto businesses unlock their full potential in the digital economy. With a focus on security, privacy, and end-user experience, Notabene customers can use our multi-source data and software to automate real-time decision-making, perform counterparty sanctions screening, identify self-hosted wallets, and complete the smooth rollout of Travel Rule compliance, all in line with global and local regulations.

About NayaOne 

NayaOne revolutionises innovation in financial services. We provide banks with a single point of access to hundreds of fintechs and datasets, through our Digital Sandbox and Fintech-as-a Service offering. Regulated firms are able to discover, build, evaluate and scale with fintechs in a matter of weeks instead of months.

Fireblocks and Notabene join forces to provide the first fully integrated solution for processing Travel Rule compliant transactions.

‍

‍NEW YORK – May 4, 2023 – Fireblocks, an easy-to-use platform to create innovative products on the blockchain and manage day-to-day crypto operations, announced today that it has partnered with Notabene by integrating its pre-transaction decision-making solution to the Fireblocks platform, creating a seamless experience for its institutional customers looking to comply with their local crypto Travel Rule requirements. 

In 2019, the Financial Action Task Force (FATF) introduced the Travel Rule. This rule requires virtual asset service providers (VASPs) to collaborate in identifying each other's customers in a transaction, to avoid financial crime and implement effective sanctions screening programs. Fireblocks' integration with Notabene seamlessly meets the needs of institutions looking for a solution that allows automated management and compliance of the Travel Rule's assorted requirements, regardless of variations across global jurisdictions. With this partnership, institutions can now perform real-time compliance checks before settlement, marking the first time this has been possible. The fully integrated solution eliminates much of the technical and operational complexity that previously hindered the implementation of the Travel Rule, empowering VASPs to achieve compliance and roll out the Travel Rule in a matter of days.

According to a recent FATF survey, 34 jurisdictions have passed relevant laws introducing the Travel Rule, and 25 are in the process of passing legislation. Examples of jurisdictions where the Travel Rule is currently enforced includes Switzerland, Singapore, Germany, Japan, Dubai, and the United States, with the United Kingdom and Hong Kong set to enforce the rule this year. For an updated list of jurisdictional requirements and insights on the industry's adoption of the Travel Rule, please visit Notabene’s newly released State of Crypto Travel Rule Compliance Report.

“We are excited to partner with Fireblocks to offer the first fully integrated solution  between custody and the Travel Rule,'' said Pelle Braendgaard, CEO, Notabene. “The integration ensures that all transactions going to and from Fireblocks are compliant by tying compliance decisions to settlement. With Notabene, users can identify and stop high-risk activity such as laundering of proceeds from exchange or DeFi hacks before it settles with Fireblocks.”

Following last year’s turbulent events in the crypto industry, there is an urgency between VASPs, their customers, regulators, and banking partners to rebuild trust. As regulations continue to evolve and become more stringent, there is a pressing need for solutions ensuring institutions are compliant. 

Together with partners Chainalysis, Elliptic, and now Notabene, Fireblocks provides the simplest and most streamlined way for institutions to meet these evolving digital asset regulatory requirements and address industry threats through its Compliance Solutions Suite. 

“As the world embraces the rapid advancement of Web3 and digital assets, we need to ensure our solutions strike a balance between regulatory compliance and the inherent agility of this fast-paced technology sector. By partnering with industry-leading digital asset compliance solutions like Notabene, we are empowering our customers to navigate complex compliance requirements across multiple jurisdictions with ease,” said Jason P. Allegrante, Chief Legal & Compliance Officer, Fireblocks. “We are proud to provide our customers with an all-in-one suite for remaining compliant with ease, allowing them to focus on what matters most – innovation and growth.”

Fireblocks’ Compliance Solutions Suite eliminates the complexity for institutions to remain compliant by enabling them with: 

1. Automated Screening – Allows institutions to integrate compliance checks into every transaction, meaning each transaction is automatically screened based on configured compliance rules and provider data which prevents teams from sending and/or receiving risky transactions. 
2. Compliance Policy Rules – Enables institutions to easily configure compliance policy rules based on risk scores generated by compliance providers. 
3. Compliance Dashboard – Provides a single dashboard for all compliance operations, allowing easy management of policy rules for each compliance solution provider. 

To learn more about Fireblocks’ partnership with Notabene and how the integration can help your company meet its FATF Travel Rule standards, click here.

‍

-ENDS-

About Fireblocks

Fireblocks is an enterprise-grade platform delivering a secure infrastructure for moving, storing, and issuing digital assets. Fireblocks enables exchanges, lending desks, custodians, banks, trading desks, and hedge funds to securely scale digital asset operations through the Fireblocks Network and MPC-based Wallet Infrastructure. Fireblocks serves thousands of financial institutions, has secured the transfer of over $4 trillion in digital assets, and has a unique insurance policy that covers assets in storage and transit. Some of the biggest trading desks have switched to Fireblocks because it's the only solution that CISOs and Ops Teams both love. For more information, please visit www.fireblocks.com.

‍

About Notabene

Notabene is crypto’s only pre-transaction decision-making platform, enabling customers to identify and stop high-risk activity before it occurs.  

Notabene's SafeTransact platform helps financial institutions and crypto businesses unlock their full potential in the digital economy. With a focus on security, privacy, and end-user experience, Notabene customers can use our multi-source data and software to automate real-time decision-making, perform counterparty sanctions screening, identify self-hosted wallets, and complete the smooth rollout of Travel Rule compliance, all in line with global and local regulations.

Notabene has been SOC-2 security certified since 2021. Over 85 companies leverage our software to manage real-time regulatory and counterparty risk in virtual asset transactions, including Luno, Crypto.com, and Bitstamp. Headquartered in New York, Notabene is a global company with a presence in Switzerland, Singapore, Germany, and the United Kingdom. 

LinkedIn | Twitter

‍

NEW YORK, SINGAPORE, LONDON - April 25, 2023 -- Notabene has published its second comprehensive State of Crypto Travel Rule Compliance Report, which provides insightful results from their 2023 global Travel Rule compliance survey. This report follows the successful inaugural report, which provided the industry's first-ever comprehensive analysis of Travel Rule compliance.

"This year's report highlights that Travel Rule compliance is becoming increasingly global, with nearly a quarter (23%) of the surveyed companies needing to comply with Travel Rule requirements in more than one jurisdiction. These findings suggest that the Travel Rule is becoming more global in nature, underscoring the need for a solution to the common cross-border challenges posed by the Travel Rule," says CEO Pelle Braendgaard.

The State of Travel Rule report includes survey results from financial institutions and crypto companies worldwide on how prepared they are for upcoming regulatory deadlines. Sixty-nine companies completed the survey, representing broad global coverage.

The report includes real-world feedback on differences in Travel Rule adoption across jurisdictions, approaches to implementation, components of compliance, and summarizes adoption pitfalls. Key findings show that 84% of companies are already complying or plan to by the end of 2023, and 75% of respondents impose some restrictions on transactions with self-hosted wallets. The report also found that of those who comply, 37.5% perform the travel rule post-transaction, not fulfilling today’s FATF requirements.

"Our global and diverse respondents have reinforced the global nature and the various levels of Travel Rule compliance." says Lana Schwartzman, Head of Regulatory and Compliance at Notabene. "VASPs are asking for a unified and interoperable global approach for reaching their counterparties and transmitting Travel Rule messages. As a result, regulators must work together with industry to develop a unified approach to Travel Rule compliance that addresses the needs of the entire industry. We are already seeing this in the EU and UK and hope other regions will follow."

This year's report includes a comprehensive illustration of the current global state of Travel Rule adoption, showcasing key information regarding jurisdictional enforcement, including information on the enforcement status of each jurisdiction, as well as the threshold amount and self-hosted wallet obligations. This information is crucial for businesses seeking to comply with the Travel Rule.

‍

-ENDS-

‍

About Notabene:

Notabene is crypto’s only pre-transaction decision making platform. We enable customers to identify and stop high-risk activity before it occurs.  

Notabene's SafeTransact platform helps financial institutions and crypto businesses unlock their full potential in the digital economy. With a focus on security, privacy, and end-user experience, Notabene customers can  use our multi-source data and software to automate real-time decision-making, perform counterparty sanctions screening, identify self-hosted wallets, and complete the smooth roll out of Travel Rule compliance, all in line with global and local regulations.

Notabene is SOC-2 security certified since 2021. Over 85 companies leverage our software to manage real-time regulatory and counterparty risk in virtual asset transactions, including Copper, Luno, Crypto.com and Bitstamp. Headquartered in New York, Notabene is a global company with presence in Switzerland, Singapore, and the United Kingdom. 

LinkedIn | Twitter

‍

Media contact:

Sacha Lowenthal

Head of Marketing, Notabene

[email protected] 

A Comparative Analysis of the EU's Transfer of Funds regulation with current industry standards on Travel Rule

‍

Today marks the achievement of a major milestone in European crypto regulation: the European Parliament approved the Regulation on Markets in Crypto-Assets (MiCA) and the revision of the Regulation on information accompanying transfers of funds (TFR, or Transfer of Funds Regulation). 

The approval of MiCA is a landmark that has the potential to set standards for crypto regulation globally. One of its main goals is to provide clarity and legal certainty for the crypto industry, which has been operating in a regulatory gray area for many years. MiCA establishes a level playing field for all European crypto-asset service providers (CASPs) and boosts consumers’ protection when using crypto-assets. It does so by introducing new rules for issuers of crypto-assets, CASPs, and trading platforms. It will also establish a new regulatory regime for stablecoins, which have become increasingly popular in recent years due to their stability and ease of use for payments. 

Despite the press attention on MiCA, the TFR is a critical piece of legislation that will harmonize crypto Travel Rule requirements across Europe and fundamentally change how we transact in crypto. In June 2019, the FATF published its Guidance for a Risk-Based Approach to Virtual Assets (VAs) and Virtual Asset Service Providers (VASPs), extending anti-money laundering/countering the financing of terrorism (AML/CFT) obligations to cover VAs and VASPs. This directive included the Travel Rule, which obliges VASPs that exchange, hold, safe keep, convert, and sell virtual assets to obtain, hold, and transmit required originator and beneficiary information immediately and securely during VA transfers. 

Since FATF introduced the crypto Travel Rule, national regulators have been working on transposing these requirements to their local frameworks, and significant progress has been achieved globally. With the introduction of the TFR, the EU follows in these footsteps and introduces Travel Rule obligations for European CASPs. 

Notabene reports on the progress achieved in the implementation of the Travel Rule through an annual global crypto Travel Rule compliance report. The 2023 edition will be available soon, and today we share how the TFR compares with industry benchmarks using fresh findings from our report. 

The revised Transfer of Funds Regulation

The European Commission made a significant move to combat money laundering and terrorism financing with an ambitious package of legislative proposals presented on July 20, 2021. The package aims to strengthen the EU's anti-money laundering and countering terrorism financing (AML/CFT) rules.

The package includes various measures to improve the EU's AML/CTF framework, including the revision of the Transfer of Funds Regulation to make it possible to trace transfers of crypto-assets by imposing Travel Rule requirements on CASPs. 

As mentioned above, the revision of the Transfer of Funds Regulation was finally approved by the European Parliament plenary today (April 20, 2023). However, the EU’s AML/CTF legislative package is not yet finalized. Notably, the legislative process of the new proposed regulation on AML/CTF (AMLR) is still ongoing and is expected to impact the requirements applicable to transactions with self-hosted wallets. 

For now, let’s dive into the TFR and how it compares to global industry standards on the crypto Travel Rule. 

‍

Five key TFR takeaways: EU vs. Global Industry Standards

‍

1. Travel Rule comes into effect for all EU VASPs on December 30, 2024

The Transfer of Funds Regulation will start applying on December 30, 2024, 18 months after the regulation enters into force.

According to Notabene’s 2023 State of Travel Rule Report, the large majority (84%) of respondents are currently complying or intend to comply with the Travel Rule by Q4 2023. In the United Kingdom, Travel Rule will be enforced starting September 2023, and several other crypto hubs are enforcing Travel Rule compliance already. This creates a considerable gap between the EU’s and third-countries timelines for Travel Rule implementation, which may prevent the industry from overcoming the Sunrise Issue. To stay competitive and continue to be able to transact with counterparties outside the EU, CASPs will need to roll out Travel Rule ahead of the TFR deadline. 

‍

Notabene’ study also reveals that Europe's adoption is delayed compared to the rest of the market. In particular, EMEA is the region with the highest percentage of VASPs planning to be compliant after Q4 2023. This may have reflected a lack of regulatory urgency, with many EU VASPs awaiting the implementation of Travel Rule requirements through the revised Transfer of Funds Regulation which had just occurred.

2. Zero Exceptions: Travel Rule obligations apply to all transactions, regardless of amount or location - inside or outside the Union.

EU CASPs will be required to comply with Travel Rule obligations in every transaction, regardless of its amount. No de minimis threshold applies, and there is no simplification of requirements for transactions within the Union. It is also worth noting that the scope of originator and beneficiary information that the originator CASP is required to share also does not vary depending on the transaction amount - the same scope, defined in Article 14 (1) and (2), is required for every transaction.

Recital 27 justifies the policy option by citing the “inherent borderless nature and global reach of transfers of cryptoassets and of the provision of crypto-asset services,” and being “in line with the FATF requirement to treat all transfers of crypto-assets as cross-border,”  which invalidates any distinction on the scope of obligations when transacting within and outside the Union. [1]

As reported in our 2023 global crypto Travel Rule compliance report, the approach taken by the TFR (imposing the same information transmission obligations regardless of the transaction amount) contrasts with the option taken by several other jurisdictions, notably Singapore, Germany, Hong Kong, and the United Kingdom, which allow a more limited scope of information to be shared below a certain threshold. 

3. First-party transactions with self-hosted wallets over 1,000 euros require wallet ownership verification.

In line with FATF recommendations, transactions with self-hosted wallers fall within the scope of the revised Transfer of Funds Regulation [2]. 

When transacting with self-hosted wallets, European CASPs must collect the required originator and beneficiary information and comply with the following additional wallet verification obligations for transactions exceeding 1,000 Euros:

1. When sending a transfer exceeding EUR 1,000 to a self-hosted wallet, the originator VASP is required to verify if that wallet is owned or controlled by the originator customer;
2. When receiving a transfer exceeding EUR 1,000 from a self-hosted wallet, the beneficiary VASP must verify that the beneficiary customer owns or controls the originating wallet. 

​​This means wallet ownership verification requirements apply to first-party transactions to/from self-hosted wallets exceeding EUR 1,000. [3]

Our 2023 State of Travel Rule Compliance Report revealed that the majority of surveyed VASPs already enforce restrictions when transacting with self-hosted wallets. Additionally, just over a third of companies (34.3%) only allow first-party transactions with self-hosted wallets, provided the customer can demonstrate ownership of the wallet address, which aligns with the approach taken by the TFR. 

‍

Going forward, VASPs will require a tool that allows them to determine if the transaction is with a self-hosted wallet and swiftly verify ownership before proceeding.

Notabene’s self-hosted wallet identification tool pinpoints the jurisdictional requirements of each transaction. It collects counterparty customer data from your withdrawal screen, creating an archive for sanctions compliance, record keeping, and Suspicious Activity Reports.

4. Due diligence measures for non-EU entities must adhere to correspondent banking standards.

In its Updated Guidance for VAs and VASPs (October 2021), FATF makes it clear that counterparty due diligence for the purposes of engaging in Travel Rule flows is distinct from the due diligence required to establish correspondent banking relationships [4]:

The nature of CASPs' relationships for transacting and sharing Travel Rule information is distinct from correspondent banking relationships and, hence, could justify a different - and more limited - scope of counterparty due diligence obligations to apply. 

However, the revised Transfer of Funds Regulation goes in a different direction: citing the “ongoing and repetitive” nature of the relationships between domestic CASPs and foreign VASPs for the purpose of transacting, the TFR deems these relationships as a type of correspondent relationship subject to enhanced due diligence measures. 

The measures CASPs are required to apply will be further specified in guidance issued by the European Banking Authority. Clear and adequate regulatory guidance on counterparty due diligence obligations will be key to enabling European CASPs to comply adequately. 

‍

Notabene’s  2023 State of Crypto Travel Rule Compliance Report shows 52% of respondents send Travel Rule transfers to all VASPs without applying any criteria or counterparty due diligence process. This indicates that perhaps counterparty due diligence is a component of Travel Rule compliance that VASPs still struggle to grasp fully. Local laws and regulations are often vague or silent on this topic, although it is covered at length in the FATF Guidance. The upcoming guidance by the European Banking Authority should set expectations as to what counterparty due diligence measures are required for the purposes of transacting and engaging in Travel Rule flows. It will also be relevant to specify cases where VASPs may be exempt from carrying out due diligence (e.g., relying on the uniform requirements and supervision applied in the jurisdiction or region) or where simplified due diligence measures are permissible. [5]

‍

5. CASPs are required to fulfill Travel Rule obligations prior to transacting

Notabene welcomes the clarification provided by the TFR that Travel Rule compliance needs to be performed pre-transaction. This is particularly important given the specific characteristics of virtual asset transactions: settlement is immediate and irreversible; hence, only pre-transaction actions can effectively mitigate risk. 

In line with this, Notabene is a pre-transaction decision-making platform offering a secure, holistic view of crypto transactions that enables CASPs to identify and stop high-risk activity before it occurs on the blockchain. 

According to the revised TFR, originator CASPs are required to transmit information to the beneficiary CASP before sending the corresponding crypto transaction. In turn, Beneficiary CASPs need to ensure that the required information was received before making funds available to the end customer. [6]

‍

According to Notabene’s 2023 State of Crypto Travel Rule Report,  although the industry is making significant progress in Travel Rule adoption, a notable discrepancy exists between VASPs’ claims of compliance and their fulfillment of pre-transaction obligations.

37.5% of companies reporting to be Travel Rule-compliant fulfill requirements post-transaction, which does not align with the TFR’s pre-transaction requirements or the FATF standards. Providing European CASPs with regulatory clarity in that Travel Rule is a pre-transaction requirement is a fundamental step to drive compliance in the right direction. 

‍

Next steps:

The revised Transfer of Funds Regulation will be supplemented by guidelines issued by the European Banking Authority on different aspects, for example:

• The factors to be taken into account by CASPs when entering into business relationships or carrying out transactions in crypto-assets and enhanced due diligence measures that obliged entities shall consider applying to mitigate higher risks when identified, including the adoption of appropriate procedures to detect the origin or destination of crypto assets;
• The criteria and means for identification and verification of the identity of the originator or beneficiary of a transfer made to or from a self-hosted address, in particular through reliance on third parties, taking into account the latest technological developments. 

April 5, NEW YORK, NY AND SINGAPORE - Bake, formally known as Cake DeFi, a leading fintech platform providing easy access to Decentralised Finance (DeFi) services and applications, announced today that it has integrated Notabene’s crypto pre-transaction decision-making platform for crypto regulatory compliance. By integrating Notabene's compliance platform, Bake will ensure a seamless rollout of Travel Rule compliance in line with global regulations, starting in Singapore. 

The Crypto Travel Rule mandates exchanges, digital wallet providers, and financial institutions that deal with virtual assets to disclose, collect, screen, and transmit customer data beyond a certain threshold. One of the reasons Bake has selected Notabene's holistic solution is to overcome key challenges posed by the Travel Rule for large companies in the cryptocurrency industry. This includes the need for a solution that can handle the varying jurisdictional implementations of the Travel Rule and connect to VASPs globally.

For instance, in Singapore, the Travel Rule applies to all holders of a payment service license under the Payment Services Act 2019. It requires Originator VASPs to transmit value originator and beneficiary customer information to the Beneficiary VASP, regardless of the value transfer amount. Further information is required if the SGD 1,500 threshold is exceeded. The United States Financial Crimes Enforcement Network has set the threshold at USD 3,000, while the European Banking Authority has a threshold at EUR 1,000. 

Notabene's platform helps customers navigate the complexities of transacting across borders with counterparties subject to different travel rule obligations, both in terms of thresholds and scope of required information. This is achieved by embedding jurisdictional rules in the platform. By using Notabene, Bake can manage all transactions in one dashboard with a unified set of rules that automate decision making prior to transactions being irrevocably processed by the blockchain. The platform also provides multi-entity support, allowing Bake to manage transaction flow to the correct entity based on the appropriate jurisdictional requirements.

“This partnership with Notabene will ensure that effective travel rule compliance measures are put in place, preparing us for the enhanced regulations that will soon come into force.” said Dr Julian Hosp, CEO and Co-Founder of Bake. “Security, transparency, and compliance, are core values that guide everything that we do at Bake. The successful integration of the Notabene platform underscores our commitment to deliver secure and practical solutions to our customers, while keeping up with worldwide regulations.”

“We are proud to partner with Bake in the effort to create a safer blockchain economy,” said Pelle Brændgaard, Co-Founder and CEO of Notabene. “Bake was looking for a trustworthy partner that facilitates due diligence, wallet identification, and automates transactions and we look forward to working with them in the shared mission of enabling safe and trusted crypto transactions.” 

Notabene provides tools, software, and comprehensive data to help crypto exchanges comply with the new requirements of FATF guidelines, including the Travel Rule, while simultaneously unlocking the flow of trillions of institutional dollars into the space. After successfully integrating Notabene's Travel Rule solution, Bake aims to provide the highest levels of data privacy while enabling participants to send the required Travel Rule data to the correct counterparty in a protected manner.

‍

 - END -

‍

About Bake

Bake is a fully transparent, highly innovative fintech platform dedicated to providing easy access to decentralized financial services and applications by enabling users to generate returns from their crypto and digital assets. Founded in 2019, Bake is headquartered in Singapore and subject to applicable local laws and regulations.

By enabling and empowering retail and institutional investors to harness the potential of DeFi, Bake aims to educate and inform people around the world on crypto and DeFi in a simple, easy-to-understand, and seamless manner.

For more information, please visit https://bake.io/.

‍

About Notabene

Notabene's platform helps financial institutions and crypto businesses unlock their full potential in the digital economy. With a focus on security, simplicity, and end-user experience, Notabene customers can automate real-time decision-making, perform counterparty sanctions screening, identify self-hosted wallets, and complete the smooth roll out of Travel Rule compliance, all in line with global regulations.

Notabene is fully SOC-2 security certified. Over 70 companies leverage our software to manage real-time regulatory and counterparty risk in virtual asset transactions, including Luno, Crypto.com and Bitstamp. Headquartered in New York, Notabene is a global company with presence in Switzerland, Singapore, and the United Kingdom. 

Get started today for free with SafeTransact-Rise and respond to regulated transactions for free using the world's largest VASP Network. ‍

LinkedIn | Twitter

For media queries, please contact:

Bake

Elissa Young

Senior Public Relations Manager

(e) [email protected]

‍

Notabene

Sacha Lowenthal

Head of Marketing

(e) [email protected] 

‍

The Financial Action Task Force (FATF)'s decision-making body, the FATF Plenary, meets thrice annually in October, February, and June. During these sessions, the Plenary considers mutual evaluation reports, policy and governance matters and produces Plenary updates to close loopholes, set forth strategic initiatives, and finalize work in several crucial areas. On February 24, 2023, FATF concluded a second plenary, comprising delegates from over 200 jurisdictions of the Global Network at the FATF headquarters in Paris. 

Notabene welcomes the output from FATF's Plenary in Paris last week, where 206 jurisdictions agreed on an action plan to drive timely implementation of global crypto rules, with a particular focus on the Travel Rule:

• FATF notes that "many countries have failed to implement these revised requirements, including the travel rule which requires obtaining, holding and transmitting originator and beneficiary information relating to virtual assets transactions."
• FATF members agreed on a roadmap to strengthen the implementation of FATF standards on virtual assets and virtual asset service providers.
• Strong crypto regulation can drive down ransomware revenue and criminal activity using virtual assets.

At Notabene, we are thrilled to see regulators taking action to level the playing field, and tackle challenges VASPs encounter with the roll-out. With this action plan, we hope that FATF members will enforce a similar implementation timeline and attempt to unify the travel rule requirements across jurisdictions. In our State of Crypto Travel Rule Compliance Report (published Jan 2022), 52% of companies cited sunrise issues and regulatory clarity as their primary obstacles to compliance.

We applaud the many VASPs who have already taken action to start complying. In 2022 alone, we have onboarded 200+ VASPs to our Sunrise Plan and helped 50+ VASPs go live with the Travel Rule. 

But challenges remain. And we, as an industry, cannot afford to sit on the sidelines. If we want to make new regulatory requirements like the travel rule work for us while preserving privacy of end users, it is imperative that we collaborate on open standards and scalable data transmitting. We need to collaborate ASAP on a unified approach around privacy and security standards and VASP identification. These efforts must be future-proof to create a welcoming and safe environment for the current and next generation of crypto users.

Reducing illicit transactions and improving end-user safety are the driving forces behind this global regulatory shift. Making safe, compliant crypto transactions a part of the everyday economy is Notabene's fundamental purpose. By making Travel Rule compliance more manageable and scalable for companies worldwide, we're taking a significant stride towards achieving this future.

Below, we dive into the key Travel Rule-related takeaways from the FATF Plenary conclusion.

‍

5 key Travel Rule takeaways from the FATF Plenary

‍

1. The FATF Plenary suspended the membership of the Russian Federation

The Russian invasion of Ukraine prompted the FATF to suspend the Russian Federation's FATF membership and advises all jurisdictions to be vigilant to current and emerging risks from the circumvention of measures taken against the Russian Federation to protect the international financial system.

2. FATF agreed on revisions to Recommendation 25 on transparency and beneficial ownership of legal arrangements.

Delegates also agreed on new guidance, which will be published on March 23, 2023, which will help countries and the private sector implement FATF's strengthened requirements on Recommendation 24 on transparency and beneficial ownership of legal persons.

‍

3. Delegates agreed on an action plan to drive timely global implementation of FATF standards relating to VAs, including the transmission of originator and beneficiary information. 

Plenary attendees agreed upon a roadmap to strengthening the implementation of FATF Standards on virtual assets and virtual asset service providers (VASPs) during the Plenary. This will involve assessing the current level of implementation across the global network. By the first half of 2024, the FATF will report on the actions taken by its members and FSRB countries with significant virtual asset activity to regulate and supervise VASPs.

4. The FATF will publish a series of reports that explores risk indicators for ransomware in 2023

• ‍Disrupting Ransomware Financial Flows

To effectively combat the laundering of ransomware payments, authorities in each country must enhance and utilize existing international cooperation mechanisms. FATF's upcoming report in March 2023 will feature a list of risk indicators that can aid public and private entities in detecting suspicious ransomware-related activities.

• ‍Money Laundering and Terrorist Financing in the Art and Antiquities Market 

This report provides risk indicators for identifying suspicious activities and good practices countries have implemented, such as specialized units and cooperation with experts to identify and repatriate cultural objects involved in money laundering or terrorist financing.

• ‍Mutual evaluations of Indonesia and Qatar

‍The FATF praised Indonesia's robust legal framework and technical compliance but advised improving risk-based supervision of non-financial businesses and using effective sanctions for non-compliance. Qatar has improved its AML/CFT regime but needs to enhance beneficial ownership information access and targeted financial sanctions. FATF will release its reports on Indonesia and Qatar in May 2023.

Additionally, the Plenary agreed to undertake new projects on money laundering and terrorist financing related to cyber-enabled fraud and on the use of crowdfunding for terrorist funding.

‍

5. The FATF has updated the countries on their monitoring lists 

During the Plenary, the FATF added South Africa and Nigeria to the increased monitoring, or grey list, and removed Morocco and Cambodia.

 The following jurisdictions are subject to increased monitoring as of February 2023:

• Albania
• Barbados
• Burkina Faso
• The Cayman Islands
• The Democratic Republic of the Congo
• Gibraltar
• Haiti
• Jamaica
• Jordan
• Mali
• Mozambique
• Nigeria
• Panama  
• The Philippines
• Senegal
• South Africa
• South Sudan
• Syria
• Tanzania
• Turkey
• Uganda
• The United Arab Emirates
• Yemen

FATF's blacklist:

• Iran
• Myanmar
• North Korea

Liminal will be integrating Notabene’s Travel Rule technology into its custody solution to provide a complete solution to the market

Digital Wallet Infrastructure platform ‘Liminal’ announces a partnership with ‘Notabene’, the leading end-to-end solution for crypto Travel Rule compliance, enabling safe and compliant crypto transactions. As a part of this partnership, both companies will work together to create a safe and compliant crypto ecosystem.

The collaboration allows Liminal and Notabene to provide an integrated solution for compliant crypto transactions. While Liminal's blockchain platform enables secure digital asset management, Notabene's compliance technology ensures that all transactions comply with Travel Rule requirements. Together, the two companies are offering a comprehensive suite of compliance solutions that will help users efficiently execute and track their digital asset transactions in a compliant manner.

As a part of this partnership, Liminal will integrate Notabene’s Travel Rule solution with a set of standard rules to provide a plug-and-play Travel Rule solution within its platform for its clients. Under this, Liminal’s clients would create profiles in Notabene’s VASP network, where they can also join online product training sessions.

Commenting on the collaboration, Manan Vora, SVP of Strategy & Operations at Liminal, said, “Liminal and Notabene are committed to making digital asset transactions more secure and compliant. With this partnership, we are taking a significant step towards achieving this goal. The integrated solution will help to ensure that the cryptocurrency market remains compliant and secure for all users.”

"Through Travel Rule compliance, we're not just raising the bar for the industry - we're building a foundation of trust that will help bring cryptocurrency into the mainstream economy. We're thrilled to be teaming up with Liminal to make the crypto world a safer and more compliant place for everyone."

The partnership is expected to benefit both companies as well as the cryptocurrency market as a whole. It will help to reduce the risk of non-compliance while providing users with a secure and reliable way to manage their digital assets. Additionally, the partnership will provide industry-leading compliance technology and expertise, as well as a seamless user experience.

- End -

‍

About Liminal

Liminal is an automated wallet infrastructure platform that offers robust security to digital assets. An ISO 27001 and 27701 certified organization, Liminal, is based in Singapore. Liminal enables crypto-native companies to securely scale their digital asset operations through automated, plug-and-play wallet architecture. They provide a combination of multi-signature and multi-party computation (MPC) to provide secure, efficient, and compliant access to digital assets. Its operational excellence framework provides efficient fee management, transaction confirmation guarantees, seamless onboarding, and other wallet operations hence, saving businesses significant development costs. Liminal’s unified interface ensures the same wallet management experience across multiple blockchains. Its proprietary regulatory readiness program, which includes AML checks, travel rules and CCSS-compliant platforms, helps projects fast-track their compliance journey.

About Notabene 

Notabene is a reg-tech SaaS solution that turns regulatory compliance into a competitive advantage. Notabene is working to make crypto transactions a part of the everyday economy by providing software, tools, and comprehensive data to manage regulatory and counterparty risks in crypto transactions. Companies leverage our end-to-end FATF Travel Rule solution to identify virtual asset accounts, perform mandated VASP due diligence, and manage global transactions from one dashboard. Trusted by leading exchanges, Luno, Bitso, Crypto.com, and more. Notabene is headquartered in New York with offices in Zug and Santiago de Chile. To learn more, visit www.notabene.id. Follow us on LinkedIn and Twitter. 

‍