US banking regulators have sent their clearest signal yet: the Travel Rule now applies to all banks offering crypto custody services.

In a July 2025 joint statement on crypto-asset safekeeping, the OCC, Federal Reserve, and FDIC outlined expectations for cybersecurity, operational resilience, and risk management. But one line in particular caught the attention of compliance teams: for the first time, US regulators explicitly named the Travel Rule as a compliance requirement for banks providing crypto custody.

Shifting US Regulatory Expectations for Crypto Custody and Travel Rule Compliance

The Travel Rule, first implemented under the Bank Secrecy Act (BSA) in 1996, requires financial institutions to transmit verified originator and beneficiary information with qualifying transfers. In traditional finance, it’s a cornerstone of AML compliance.

In the digital asset space, however, its application has long been debated. In the US, crypto (as “convertible virtual currency”) became explicitly subject to the Travel Rule when FinCEN issued guidance in 2013 and again in 2019, but the rule itself dates back to 1996. Many in the crypto industry have treated it as a requirement specific to crypto companies—something that only virtual asset service providers (VASPs) need to worry about, not banks.  

The July 14 statement changes that. For the first time, US regulators have written the Travel Rule directly into formal interagency guidance for banks engaged in crypto custody:

“Crypto-asset safekeeping relationships are subject to applicable Bank Secrecy Act/anti-money laundering (BSA/AML), countering the financing of terrorism (CFT), and Office of Foreign Assets Control (OFAC) requirements … and follow the Travel Rule.”

— OCC, Federal Reserve, and FDIC, Interagency Statement on Crypto-Asset Safekeeping, July 14, 2025

This explicit mention transforms what was once implicit under broader BSA and AML obligations into a direct supervisory expectation.

How This Fits Into the Broader Regulatory Progression

This joint statement builds on a broader sequence of federal actions that have opened the door for national banks to offer digital-asset custody services. Find the complete timeline in our article on US banking regulators formally clearing national banks to engage in crypto custody.

What matters for this update is the regulatory trajectory: for the first time, the Travel Rule is explicitly written into interagency guidance for crypto-asset safekeeping, marking a shift from implied obligations to clear supervisory expectations.

Implications of Travel Rule Guidance for Banks

For banks entering or expanding crypto custody services, the joint statement removes longstanding ambiguity about compliance expectations. It makes clear that digital asset safekeeping is subject to the same regulatory rigor as traditional banking activities.

Key takeaways for compliance teams and leadership include:

• Compliance is explicit. The Travel Rule is now a named regulatory obligation, not an interpretive assumption.
• Identity-linked data sharing is required. Banks must be able to transmit verified originator and beneficiary information between counterparties.
• Architecture matters. Custody and ledger systems must support Travel Rule compliance, enabling secure data exchange and counterparty verification.
• Governance is essential. Boards, BSA officers, and compliance teams must integrate these requirements into their crypto risk management frameworks.

In short, Travel Rule compliance has evolved from a crypto industry best practice into a baseline expectation for banking supervision.

A Broader Signal for the Industry

The interagency statement doesn’t introduce new supervisory powers. It does, however, codify regulators’ view that Travel Rule compliance is integral to “safe and sound” digital-asset operations.

By positioning the Travel Rule alongside AML, CFT, and OFAC controls, regulators are signaling a convergence: the path forward for crypto custody depends on interoperable compliance infrastructure. Financial institutions will need solutions that make identity sharing seamless across ledgers, institutions, and jurisdictions.

Travel Rule Compliance as a Banking Baseline

The Travel Rule is moving from a crypto-industry guideline to a core requirement in US banking compliance. Firms entering or expanding crypto custody services must treat it not as an optional standard, but as a baseline obligation.

Compliance with the Travel Rule and transaction authorization need to be embedded from day one to operate safely, securely, and in line with regulatory expectations. Meeting these standards will be critical for both operational integrity and regulatory readiness.

Notabene Transact: The Trusted Approach to Travel Rule Compliance

Regulatory clarity is only half the challenge. Banks also need infrastructure that makes compliance operational. Notabene Transact provides that foundation.

Purpose-built for regulated financial institutions, Transact embeds pre-transaction authorization, counterparty verification, and Travel Rule compliance directly into the transaction flow. It automates decisioning before funds move, ensuring every crypto custody transaction is compliant, authorized, and secure.

With the world’s largest active network of Travel Rule–compliant entities, Notabene enables institutions to scale confidently as digital asset regulations mature. Notabene Transact turns Travel Rule compliance into a competitive advantage and a driver of trust. As regulators align expectations across traditional finance and digital assets, embedding trust and transparency into transaction infrastructure will determine which institutions lead the next phase of crypto adoption.

When the Financial Action Task Force (FATF) released revisions to Recommendation 16 (R.16) earlier this year, the headlines focused on “modernizing cross-border payment rules” and “championing transparency.” These goals sound good on paper, but the reality for financial institutions and virtual asset service providers (VASPs) is more complicated.

Compliance with R.16 is no longer just about transmitting fields like originator and beneficiary names. It’s about ensuring that every participant in a transaction is known, verified, and accountable. This requires standardized, high-quality information to flow seamlessly through complex global payment chains, while also embedding fraud prevention in every transaction.

The new standards demand greater coordination across financial intermediaries and technological innovation to handle evolving payment methods, including virtual assets, in a way that maintains both security and user privacy. This raises operational challenges but also opens the door for new solutions designed for the realities of crypto compliance.

Rules without real-world tools

The latest R.16 revisions aim to close gaps in payment transparency, requiring financial institutions to collect and transmit originator and beneficiary information throughout the payment chain. In practice, crypto payments and transfers are much harder than traditional currency to track.

Virtual IBANs and distributed wallets don’t map neatly to legal entities. Beneficiary verification, which is now a R.16 requirement, can be delayed or incomplete in instant-settlement crypto networks. Rigid data mandates, such as requiring geographic addresses, often do little to improve identification, and can even harm privacy or financial inclusion.

Without practical infrastructure, compliance becomes a checkbox exercise rather than a safeguard against fraud, money laundering, or sanctions violations. And without the right controls, real-world financial transactions can get messy, slow, or risky. That’s where the Transaction Authorization Protocol (TAP) comes in.

How TAP address real-world R.16 security challenges

TAP is an open-source, decentralized messaging protocol designed to securely and privately authorize and authenticate complex, multi-party digital asset transactions in real time. This enables compliant, scalable, and transparent global transaction flows across regulated entities, VASPs, DeFi, and self-hosted wallets.

TAP separates authorization from settlement, and gives institutions and VASPs the tools to build flexible, auditable workflows that meet their business needs while staying fully compliant with FATF regulations. It’s a protocol designed to address the practical challenges that FATF R.16 aims to solve, specifically with cross-border payments and virtual assets.

Here’s how TAP addresses the requirements established by R.16:

Separation of authorization and settlement. 

R.16 emphasizes full transmission of originator and beneficiary information throughout the payment chain. TAP allows each transaction to be authorized before settlement, ensuring that all parties have verified the required information (names, IDs, compliance data) before funds move. This is especially important for crypto transactions, which settle instantly and irreversibly.

Built-in security and trust.

TAP creates a robust security layer that operates before any blockchain transaction is executed. By enabling the exchange of necessary information and requiring mutual agreement before settlement, TAP effectively mitigates the risks associated with unilateral and irreversible blockchain transactions. This pre-settlement framework allows for the detection and rejection of fraudulent or high-risk transactions, providing a crucial safety net that is often absent in standard cryptocurrency transfers.

Composable transaction workflows. 

TAP supports flexible, threaded workflows (Transfers, Payments, Escrow, Swaps, Connect) that allow multiple participants to interact in a structured way. Each step references the previous one, creating an auditable chain of transactions that aligns with R.16’s goal of transparency in the payment chain.

Enhanced verification and compliance. 

TAP enables pre-settlement verification: beneficiary institutions can confirm the accuracy of payment details and reject or authorize transactions as needed. Supports FATF-required data fields natively, making compliance built-in rather than an afterthought.

Dynamic participant discovery. 

TAP allows for real-time discovery of all participants, including intermediaries and service providers. This ensures that the entire payment chain is known and auditable, solving the R.16 challenge of hidden participants and incomplete information flow.

Privacy and selective disclosure. 

Sensitive data is shared only with authorized parties, allowing R.16 compliance without exposing unnecessary personal information.

Adaptable to virtual assets. 

TAP solves key VA-specific R.16 challenges like virtual IBANs and blockchain addresses by using transfer requests instead of relying solely on account identifiers. Ensures accurate identification of counterparties and supports Travel Rule implementation for VASPs.

Making crypto payment transparency operational

TAP provides the infrastructure that makes full R.16 compliance feasible, especially for fast, complex, crypto transactions. It operationalizes transparency, verification, and compliance without slowing down transactions or compromising privacy. TAP also ensures pre-settlement verification and regulatory transparency without locking users into one system or region.

Open, permissionless, and auditable—TAP empowers financial institutions, VASPs, and regulators to move money with trust. 

Download the whitepaper to learn more about the protocol.

When the Financial Action Task Force (FATF) extended the Travel Rule to crypto in 2019, most of the industry saw it primarily as a new compliance burden. At Notabene, we saw something bigger: a catalyst for building the transaction authorization layer crypto has been missing since day one.

Travel Rule: A Stepping Stone to Fix a Structural Gap in Crypto

Traditional finance has a fundamental separation between authorization and settlement. Settlement occurs only after a chain of processes (clearing, authorization, risk management) have been completed. This sequencing creates space to prevent fraud, block illicit activity, and reverse transactions when necessary.

Blockchains invert this logic. Once a user signs and submits a transaction, and it is confirmed by the network, it becomes irrevocable regardless of whether proper checks were conducted beforehand.

This inversion leaves crypto exposed to preventable risks like fraud, financial crime, sanctions breaches, and operational bottlenecks.

This same structural gap also explains much of the friction VASPs face when implementing the Travel Rule. But the Travel Rule itself isn’t the problem. In fact, it’s the perfect opportunity to solve it. By requiring VASPs to exchange compliance data before settlement, the FATF created a catalyst to build crypto’s missing authorization layer.

TAP: The Transaction Authorization Protocol

We founded Notabene in 2020 with a clear mission: to build crypto's transaction authorization layer that enables its integration into the everyday economy.

The Transaction Authorization Protocol (TAP) is a fundamental piece of that mission. TAP is an open messaging protocol that provides the missing authorization layer, enabling pre-settlement coordination between multiple parties while preserving blockchain networks' open and permissionless nature.

How?

• Transaction Context: Every transaction carries structured metadata that ensures business meaning, compliance, and reconciliation travel seamlessly with the payment.
• Authorization Flow: TAP enables flexible, policy-driven authorization where each party enforces its own requirements through signed message exchanges.
• Agent Architecture: Specialized agents transparently enforce regulations, business rules, value-added services, and legacy connectivity within TAP flows.
• Payment Transparency: TAP guarantees full visibility and authenticated traceability of all participants, preserving auditable transaction chains for compliance and risk management.

Laying the Foundation for Mainstream Stablecoin Payments

TAP transforms the Travel Rule from a compliance burden into competitive payment infrastructure. By embedding regulatory checks directly into the transaction flow, stablecoin payments become not only faster and cheaper than traditional rails, but also inherently safer.

Its open nature also creates powerful network effects: the more institutions that adopt TAP, the more seamlessly their customers can transact across the entire ecosystem. This is where the strength of our active and open network of more than 2,000 institutions really comes into focus. Unlike proprietary solutions that create walled gardens, TAP's open protocol design enables global adoption and true interoperability.

A standardized, interoperable authorization layer enables blockchain’s transparency, automation, and programmability to be harnessed in service of safer, lower-cost financial infrastructure.

TAP makes possible what the industry has been working toward: regulatory-compliant stablecoin payments that are faster, cheaper, and safer than existing alternatives. This transforms regulatory requirements from market barriers into competitive advantages for blockchain-based payments.

By solving the authorization gap, TAP doesn't just enable Travel Rule compliance, it is much more than that - it creates a new kind of open infrastructure for mainstream stablecoin adoption and the next generation of compliant global payments.

Want to see TAP in action? Contact us to learn more about how Notabene is helping VASPs and institutions future-proof crypto compliance and transform payment infrastructure for good.

The Financial Action Task Force (FATF)’s recent revision of Recommendation 16 (R.16) highlights a fundamental weakness in the global fight against illicit finance: the lack of transparency across today’s payment systems.

Today, as a single payment might travel through a maze of facilitators, processors, and service providers, each additional layer increases complexity and cost. More critically, each step in the payment chain increases opacity and makes illicit activity harder to detect. Bad actors thrive in these gaps.

This structural opacity is the real barrier to effective oversight. And it’s a barrier that crypto, if used intentionally, has the unique potential to solve.

The Promise and Risk of TradFi-Crypto Bridges

We’re seeing exciting progress in how crypto plugs into everyday life. Crypto cards are already handling millions in transactions, making it possible to buy a coffee with stablecoins.

But there’s a catch: behind every tap or swipe of a crypto card, there can be more than a dozen entities involved. 

While accessible solutions like crypto cards accelerate adoption, they also risk rebuilding the very patchwork of intermediation that makes illicit activity detection so difficult in the first place.

The alternative? True open-loop payments.

Imagine scanning a QR code to send USDC directly to a merchant's provider. Settlement happens in seconds, with only 3–4 parties involved instead of a dozen. Costs fall, risks fall, and transparency increases.

To avoid rebuilding the same opaque payment structures, we must lean into what makes blockchain unique: openness and transparency by design.

Making Open Payment Systems Work

Openness should not mean chaos. It still requires compliance, controls, and oversight. The challenge is enforcing these standards without closing the system back down.

That’s where the Transaction Authorization Protocol (TAP) comes in.

TAP is designed as a neutral, open protocol: no single company, consortium, or jurisdiction controls it. Regulators can engage without sovereignty concerns, and industries can apply regional requirements without fragmenting the ecosystem.

By aligning authorization and settlement in a single transparent flow, TAP ensures that controls and accountability coexist with speed and openness.

Building the Right Future for Payments

The fight against illicit finance requires us to rethink how payments are built, and to prioritize:

• Open, transparent systems by default;
• Fewer intermediaries who add value rather than opacity;
• Embedded compliance that preserves trust without undermining openness.

Blockchains gives us the tools to get there if we choose to lean into openness rather than falling back into consolidation, control and opacity.

Today, Hong Kong just raised the bar for stablecoin regulation worldwide. The Hong Kong Monetary Authority's (HKMA) new AML/CFT guidelines for licensed stablecoin issuers established a comprehensive Travel Rule framework, which will come into effect on 1 August 2025, and it has significant implications for the global stablecoin ecosystem.

Compliance with the Guidelines is enforced through the Stablecoins Ordinance and the AMLO. A licensee who fails to comply with this Guideline may be subject to disciplinary or other actions under the Stablecoins Ordinance and/or the AMLO.

Zero Tolerance for Compliance Gaps

Unlike jurisdictions that set minimum thresholds for Travel Rule compliance, Hong Kong takes a zero-threshold approach. Travel Rule compliance is required for every stablecoin transfer, no matter the value. 

Ordering Institutions

Ordering institutions, meaning those initiating the stablecoin transfer, bear the most extensive obligations. They must “obtain and record” detailed originator and recipient information for all transactions. 

For transfers above $8,000:

• Issuers must obtain and record the originator's name, account number (or unique reference number), address (geographical, registered office, or principal place of business), customer identification number or ID document number (or date/place of birth for individuals), the recipient's name, and the recipient's account number (or unique reference number).  
• The submitted originator information must be accurate, meaning it has been verified as part of the customer due diligence (CDD) process. 
• Additionally, for occasional transfers ≥ $8,000, the originator's identity must be verified. 

Before executing a transfer, the ordering institution must securely and immediately transmit this data to the beneficiary institution. 

• "Securely" means protecting the integrity, availability, and confidentiality of the information from unauthorized access or disclosure. This involves counterparty due diligence, potential bilateral data sharing agreements, encryption, and adequate information security controls. 
• “Immediately” means the information must be sent before or simultaneously with the transfer.

For transfers below $8,000: 

• Issuers must must obtain and record the originator's name, account number (or unique reference number), the recipient's name, and the recipient's account number (or unique reference number).  
• Occasional transfers under the threshold don’t require identity verification unless linked transactions collectively exceed the threshold or if suspicious activity is suspected.

Execution cannot proceed unless all these requirements are met. Ordering institutions must also keep detailed records to demonstrate how they fulfilled the transmission, security, and timing obligations.

Intermediary Institutions

Intermediary institutions, those participating in the transfer chain the transaction, must retain all originator and recipient information they receive and transmit it unchanged to the next party in the chain, whether another intermediary or the final beneficiary institution. This information must be submitted securely and immediately, mirroring the expectations placed on ordering institutions. They cannot modify or delay this transmission.

Beneficiary Institutions

Beneficiary institutions, those receiving the stablecoin transfer on behalf of the recipient, must obtain and record the information transmitted to them. If the transfer equals or exceeds HKD 8,000 and the recipient has not been previously verified under customer due diligence, they must complete that verification. They must also confirm that the recipient’s name and account number match the data received, and follow up with appropriate measures if any discrepancies arise.

This eliminates the compliance fragmentation we see in other markets where different thresholds and enforcement timelines create operational complexity. When dealing with Hong Kong-licensed stablecoin issuers, there's no guessing about when Travel Rule applies—it always does (see Notabene’s 2025 State of Crypto Travel Rule Report for a global comparison of thresholds and regulatory approaches).

Handling Incoming Transfers Lacking Required Information

Instructed institutions, meaning intermediary or beneficiary institutions, must implement robust procedures for handling incoming stablecoin transfers that lack the required originator or recipient information. They are expected to proactively identify such transfers through reasonable measures, which may include real-time or post-event transaction monitoring. Once identified, the institution must apply a risk-based approach to determine whether to proceed with the transfer, temporarily suspend the funds, or return the stablecoins to the sender. These policies should also guide what follow-up actions are appropriate based on the severity and context of the deficiency. Institutions must attempt to obtain the missing information from the instructing institution as soon as reasonably practicable. If the information cannot be retrieved, they should evaluate whether to restrict or terminate the relationship or apply other risk mitigation steps to address potential money laundering or terrorist financing risks. Additionally, if any submitted data is found to be incomplete or nonsensical, the institution must take prompt and reasonable actions to address the resulting ML/TF exposure.

Technology Providers: No Safe Harbor

Here's where things get particularly interesting for our industry. The guidelines make crystal clear that stablecoin issuers remain fully liable for Travel Rule compliance even when using third-party technology solutions. There's no safe harbor for outsourcing compliance.

The HKMA requires issuers to conduct thorough due diligence on any Travel Rule technology provider, evaluating:

• Identify a transfer: Can the solution accurately identify stablecoin transfer counterparties and securely submit and retrieve required originator and recipient information in real time—including in cross-jurisdictional scenarios where data may be incomplete or missing. 
• Interoperability: Can the solution communicate with other systems?
• Scalability: Will it handle high transaction volumes reliably?
• Security: Does it adequately protect transmitted information?
• Compliance integration: Can it support ongoing monitoring and sanctions screening?

Additionally, the solution should support counterparty due diligence workflows, facilitate information requests between institutions, and maintain robust record-keeping capabilities. 

Counterparty Due Diligence Gets Serious

Perhaps the most operationally challenging aspect is the comprehensive counterparty due diligence requirements. The HKMA makes it clear: the risk doesn’t end at the licensee’s perimeter. It extends to any other financial institution or VASP involved in a stablecoin transfer. The objective is twofold: prevent transfers to or from illicit actors or sanctioned entities, and ensure Travel Rule compliance throughout the transaction chain.

Before a licensee conducts a transfer or makes stablecoins available to a recipient, it must assess the ML/TF risk posed by the stablecoin transfer counterparty. This involves determining whether the transfer involves another regulated entity or an unhosted wallet, and if it’s the former, identifying the counterparty using public registries of licensed or registered institutions. A risk-based approach (RBA) must be used to evaluate several factors: the nature of the counterparty’s business, customer base, geographic footprint, and most importantly, the strength of its AML/CFT controls and the regulatory oversight in its jurisdiction.

The due diligence doesn’t stop at identification. Licensees must verify that the counterparty can meet its obligations under the Travel Rule, especially in cross-border scenarios. This includes confirming whether the counterparty is subject to equivalent regulatory requirements, has implemented robust controls to protect personal data, and can reliably exchange originator and beneficiary information. Institutions deemed higher-risk such as those operating in weak regulatory jurisdictions, lacking licensing or registration, or connected to suspicious activities—must be monitored more closely.

Importantly, this due diligence process isn’t required for every single transaction. If a counterparty has already been vetted and no new risks have emerged, the licensee can rely on existing due diligence. But ongoing monitoring is mandatory. That means watching for red flags, such as unexpected behavior, transaction anomalies, or adverse media, and regularly updating the risk profile. If new risks emerge, the licensee must reassess whether it can continue to transact with the counterparty and, if necessary, impose stricter controls or terminate the relationship entirely. The bottom line is clear: if a counterparty cannot be trusted to meet baseline compliance obligations, the licensee is expected to walk away.

Unhosted Wallets Get Enhanced Scrutiny

The regulatory framework treats unhosted wallets with particular scrutiny. These wallets allow users to hold their own private keys and transact peer-to-peer without an AML/CFT-regulated intermediary, making them an attractive tool for illicit actors seeking to exploit gaps in oversight. The HKMA takes a cautious but risk-based approach: if licensees want to interact with unhosted wallets, they must prove that their controls work.

For stablecoin transfers involving unhosted wallets held by customer stablecoin holders, licensees must collect detailed information. If a customer initiates a transfer to an unhosted wallet, the licensee must capture the customer’s name, account number, and identifying information, along with the recipient’s name and wallet address. If the transfer is from an unhosted wallet into the licensee’s ecosystem, similar information must be recorded, but now it’s the originator’s wallet address and the recipient’s account with the licensee that come into focus. For transfers under HKD 8,000, certain identity elements can be omitted—unless the transactions appear linked or suspicious.

But collecting data is only one part of the equation. Licensees must actively manage the risks posed by customer wallets used for issuance or redemption. This includes verifying that the customer owns or controls the wallet through mechanisms like cryptographic signature proofs, micropayment tests or message signing. They must also screen wallet addresses for connections to sanctioned entities or suspicious activity. If a wallet is flagged as high risk, enhanced controls are required. These aren’t theoretical expectations. The HKMA encourages firms to maintain internal lists of wallet addresses that have triggered scrutiny to enable swift action when risk surfaces again.

The takeaway is clear: in Hong Kong, interacting with unhosted wallets doesn’t exempt firms from AML/CFT standards. It raises the bar. Controls must be evidence-based, continuously monitored, and capable of scaling with the evolving threat landscape.

Real-Time Compliance Required

The guidelines mandate "immediate" transmission of Travel Rule information—meaning before or simultaneously with the transfer, not after blockchain settlement. This aligns with global regulatory trends toward pre-transaction risk assessment, but it's technically challenging for many existing systems.

Traditional post-transaction Travel Rule implementations won't cut it in Hong Kong. Systems need to support real-time authorization flows where compliance checks happen before funds move.

Global Implications

Hong Kong's approach signals where global stablecoin regulation may be heading. The jurisdiction is positioning itself as a compliant stablecoin hub, but only for issuers willing to meet the highest standards.

The zero-threshold approach also has practical implications for global stablecoin operations. As more jurisdictions adopt comprehensive frameworks, we're moving toward a world where Travel Rule compliance becomes universal rather than threshold-based.

The Cautious Regulator's Dilemma

The HKMA's "risk-based but cautious approach" reflects a broader regulatory reality: authorities want to enable innovation while preventing regulatory arbitrage. 

The guidelines repeatedly emphasize that issuers must prove their systems work. This evidence-based approach to compliance represents a significant shift from checkbox exercises toward measurable risk mitigation.

What This Means for the Industry

For stablecoin issuers eyeing Hong Kong licenses, compliance-by-design isn't optional—it's the entry requirement. The days of bolting on Travel Rule capabilities as an afterthought are over.

 Generic Travel Rule solutions won't suffice; systems need to handle the specific requirements of the Hong Kong framework, including zero thresholds and enhanced unhosted wallet controls.

Most importantly, this framework shows that comprehensive stablecoin regulation is not only possible but practical. Hong Kong is proving that you can maintain the speed and efficiency of blockchain-based payments while meeting the highest AML/CFT standards.

The question now is which other jurisdictions will follow Hong Kong's lead—and whether the global stablecoin ecosystem will converge around similarly comprehensive standards.

US banks have long faced uncertainty over whether they could legally and safely hold and manage crypto assets for clients. Until 2025, national banks navigating crypto custody risked operating in a regulatory gray area with no clear guidance on authority or compliance expectations, leaving many institutions hesitant to offer digital asset safekeeping services.

That uncertainty is now resolved. In a July 2025 joint statement, the OCC, Federal Reserve, and FDIC issued a coordinated set of guidance and clarifications that make it clear: national banks can provide crypto custody services, as long as they implement robust risk management and compliance frameworks.

This alignment of US banking regulators is a clear turning point. Banks now have confirmed authority, defined operational and compliance expectations, and a path to compete with crypto-native custodians in a trust-sensitive, highly regulated market.

Timeline of Regulatory Clarifications for Crypto Custody

A series of regulatory milestones between March and July 2025 transformed the landscape for banks considering crypto custody:

• March 7, 2025 – OCC Interpretive Letter 1183: Rescinded the requirement for pre-approval before engaging in crypto-asset custody activities, confirming banks can operate within their existing charter authority. Specific statement: “crypto-asset custody, distributed ledger, and stablecoin activities are permissible” 
• May 7, 2025 – OCC Interpretive Letter 1184: Explicitly confirmed that OCC-regulated banks have full authority to provide crypto custody services. Specific statement: "confirm that banks may buy and sell assets held in custody at the custody customer’s direction and are permitted to outsource bank-permissible crypto-asset activities, including custody and execution services to third parties, subject to appropriate thirdparty risk management practices."
• July 14, 2025 – OCC, Federal Reserve, and FDIC Joint Interagency Statement: Issued detailed guidance on crypto-asset safekeeping, emphasizing enterprise-grade risk management, governance and board oversight, cybersecurity, operational resilience, and compliance with BSA, AML, OFAC, CFT, and Travel Rule obligations. Specific statement: "These laws and regulations require banking organizations to verify customer identity, perform due diligence to understand the nature and purpose of the customer relationship, perform ongoing monitoring to identify and report suspicious activity, block transactions in accordance with OFAC sanctions, and follow the “Travel Rule.”
  

Together, these milestones establish both the authority to offer crypto custody and the supervisory expectations banks must meet to operate safely and securely.

Operational and Compliance Priorities for Banks Offering Crypto Custody

Regulatory clarity now enables banks to offer crypto custody, but success depends on translating guidance into concrete operational practices. Key areas for banking professionals to focus on include:

• Enterprise-grade risk management: Implement continuous risk assessment frameworks that cover market volatility, operational errors, and cyber threats specific to digital assets.
• Travel Rule Compliance & Identity verification: Ensure robust processes for capturing and transmitting verified originator and beneficiary information in compliance with the Travel Rule and AML/CFT obligations.
• Policy-based transaction controls: Embed automated approval workflows and transaction limits that enforce compliance policies consistently across all custody operations.
• Board oversight and governance: Establish clear accountability structures, reporting lines, and periodic reviews to align management, compliance, and operational teams on risk and regulatory obligations.
• Operational resilience and cybersecurity: Design custody infrastructure to withstand operational disruptions and cyberattacks while maintaining secure access and transaction integrity.

Notabene Approach to Scalable Compliance and Trust Infrastructure

Banks entering crypto custody need regulatory guidance, but they also need infrastructure that translates compliance into everyday operations. 

As banks enter the crypto custody space, regulatory clarity is only part of the challenge. Institutions also need infrastructure that operationalizes compliance—embedding it directly into how digital asset transactions are authorized, monitored, and secured.

Notabene Transact provides exactly that. It’s a transaction authorization platform purpose-built for regulated financial institutions managing digital asset flows. Through automated pre-transaction decisioning and robust data security, Transact helps banks meet evolving Travel Rule requirements while turning compliance into a strategic advantage—improving efficiency, strengthening data integrity, and unlocking new revenue opportunities.

With the largest active network of Travel Rule–compliant entities worldwide, Notabene offers the industry’s only solution that combines compliance-grade assurance with the scalability and adaptability needed for the high-growth, high-trust demands of digital asset markets. As regulations mature globally, Notabene Transact enables institutions to build trust infrastructure that grows with their business — ensuring every transaction is compliant, authorized, and secure by design.

Building Operational Readiness and Trust in Digital-Asset Custody

The 2025 regulatory clarifications from the OCC, Federal Reserve, and FDIC establish clear authority and supervisory expectations for banks offering crypto custody. Enterprise-grade risk management, governance, cybersecurity, and compliance are now baseline requirements, not optional best practices

These clarifications set a clear standard for securely managing digital assets with operational resilience and regulatory compliance. Banks that embed risk management and compliance at the core of their operations today are positioned to compete confidently and sustainably in the crypto market.

Introducing Notabene Transact: The Next Generation of Transaction Authorization for Complex Crypto Transactions

New York, London, Singapore - July 1, 2025 – Notabene, the trust layer for global money movement, today announced the launch of Notabene Transact, the next evolution in secure, real-time transaction authorization, purpose-built for regulated entities navigating complex digital asset flows. Built on an open network powered by the innovative new Transaction Authorization Protocol (TAP), Notabene Transact transforms transaction authorization from a reactive Travel Rule obligation into a trusted, strategic engine for growth. Designed for how crypto actually moves today, Notabene Transact effortlessly manages the reality of complex multi-party transactions, giving institutions the confidence to scale securely, compliantly, and faster than ever before.

Built for the new rules of crypto

2025 marks a turning point. Regulatory clarity in key markets is accelerating institutional adoption, but with growth comes greater complexity—and compliance is now a baseline expectation. To enable compliant, real-time transaction flows with minimal friction, institutions need powerful authorization infrastructure running in the background, making decisions at the speed of business.

Most transaction authorization tools were built for simple peer-to-peer transfers, not the complexity of today’s digital asset flows. Notabene Transact is purpose-built for the real world, supporting multi-party transactions across intermediaries, custodians, and self-hosted wallets. It automates compliance across jurisdictions and delivers real-time, policy-based decisions—enabling compliant, scalable transactions by design.

A powerful element of Notabene Transact is the combination of two key capabilities: an innovative discovery and verification system that identifies all counterparties in a transaction flow, and a customizable policy engine that automates decisions based on an institution’s risk appetite, regulatory obligations, and trusted business relationships. This system of trust enables faster approvals, lower friction, and increased transaction throughput, unlocking growth across global borders.

“As the leader in Travel Rule compliance, we’ve had a front-row seat to the challenges institutions face as the crypto industry matures,” said Pelle Brændgaard, CEO of Notabene. “We didn’t just build Notabene Transact as a product, we took on the responsibility of building the open infrastructure this industry needs. By working hand-in-hand with customers, regulators, and the wider market, we created a solution that accelerates adoption, lowers risk, and sets the foundation for global growth on an innovative new open messaging protocol. With the Transaction Authorization Protocol (TAP) at its core, Notabene Transact moves the industry into a future defined by trust, openness, speed, and scalability.”

Built on TAP: Open, secure, ready to scale

The Transaction Authorization Protocol (TAP) is the open source, decentralized messaging protocol powering Notabene Transact. Unlike SWIFT and other closed-loop or outdated messaging systems, TAP is purpose-built for today’s multi-party, real-time digital asset economy. It enables secure, policy-based data exchange across any blockchain, asset, or protocol—without locking institutions into closed infrastructure.

TAP’s architecture includes a fully segregated, end-to-end encrypted data model, no central points of control, and seamless interoperability across evolving regulatory and operational environments. Combined with the Notabene Network, the largest ecosystem of regulated crypto institutions, Notabene Transact gives businesses the confidence, visibility, and flexibility to authorize transactions globally, scale across jurisdictions, and future-proof their operations.

Leading with uncompromising security

Notabene Transact delivers industry-leading security by design. Built on TAP’s decentralized, end-to-end encrypted architecture, it ensures that every data exchange is auditable, every authorization decision is traceable, and every workflow is optimized for straight-through processing. This dramatically reduces manual effort and operational risk for high-volume institutions operating at global scale.

“Security and speed aren't trade-offs in our architecture, they're both intrinsic,” Pelle Brændgaard added. “When institutions trust their infrastructure and their counterparties, they can move faster. And when they can move faster with full compliance, they can scale volumes globally without friction.”

With Notabene Transact, institutions now have the infrastructure to move faster, authorize with confidence, and scale across jurisdictions, without compromise. Powered by TAP, Notabene Transact sets the standard for secure, trusted, real-time transaction flows in the global digital asset economy.

Notabene Transact is available now. Learn more here: https://notabene.id/transact

About Notabene

Notabene is the trust layer for global crypto money movement, powering the largest Travel Rule-compliant transaction authorization network for regulated institutions globally. Our platform enables regulated entities across 100+ global jurisdictions to securely and seamlessly verify counterparties, authorize transactions, and comply with regulations—ensuring trust in every transaction.

With SOC-2 certification, ISO27001 compliance, and a strong focus on privacy and user experience, Notabene provides industry-leading tools for real-time transaction authorization, decision-making, counterparty sanctions screening, and self-hosted wallet identification.

Headquartered in New York, Notabene operates globally with a presence in Switzerland, Singapore, Germany, and the United Kingdom. Trusted by over 240 companies, including Copper, Luno, Crypto.com, and Bitstamp, Notabene helps institutions build trust into every transaction while ensuring compliance with evolving regulatory frameworks.

Start for free with the world’s largest VASP Network at Notabene.id.

Connect with us on LinkedIn | Twitter

Media Inquiries

Sacha Lowenthal
[email protected]

Today marks the half-year anniversary of the European Union’s Transfer of Funds Regulation (TFR). As we reach the mid of 2025, it’s worth looking back at the path that shaped today's regulatory reality. The year 2023 was defined by the entry into force of the Travel Rule in the UK. In 2024, the EU followed suit. Now, six months into this new phase, the time is ripe to assess the progress of the TFR, draw comparisons with the UK’s experience, and uncover the lessons that can guide the effective implementation of Travel Rule regimes.

What the Data Tells Us

In 2023, our team at Notabene was fully mobilized to prepare the UK crypto industry for the arrival of the Travel Rule compliance, set to take effect on September 1, 2023. We engaged across multiple fronts: running testnets with cohorts of VASPs under the FCA's regulatory sandbox, co-chairing the Travel Rule working group within CryptoUK, and participating in numerous industry events, both as hosts and speakers.

By year’s end, true to our usual practice, we started examining the results of our annual State of Crypto Travel Rule Survey. It was one of those gratifying moments when the effort feels justified: the data showed that 100% of UK respondents reported being compliant with the Travel Rule, a clear signal that industry readiness had been achieved.

In 2024, with equal dedication, we turned our focus to supporting the rollout of the Travel Rule across the European Union. Our approach was similarly comprehensive: we published detailed guides, launched an in-depth certification course dedicated to EU Travel Rule requirements, delivered a three-part webinar series covering the regulations, hosted an EU-wide testnet for CASPs and regulators, and ran a series of targeted workshops for our customers.

Yet, when we reviewed the latest survey data, the results were surprising. Despite the significant groundwork, 71.2% of EU respondents indicated they were not yet compliant with the Travel Rule, with 40.4% identifying the first quarter of 2025 as their intended compliance timeline.

These figures stood in contrast to the momentum we observed within our own Network. In the months leading up to the TFR’s enforcement date of December 30th, 2024, we witnessed a marked increase in Travel Rule activation among EU CASPs. Between January 2024 and January 2025, transaction volumes originating from EU entities on the Notabene network surged by 200x, compared to the 8x growth seen in non-EU originated volumes over the same period. This contrast reflects the significant role the EU Transfer of Funds Regulation in catalyzing Travel Rule adoption within our network.

However, looking beyond our immediate ecosystem, it is clear that the UK rollout achieved a higher degree of readiness at an earlier stage. With children, we often say that each develops at their own pace and should not be compared. But with regulatory frameworks, understanding why one implementation advanced more rapidly than another can offer valuable insights.

With that in mind, the following sections explore how the UK and EU approaches diverge. We’ll examine their defining features, points of friction, and attempt to trace the root causes behind the differences in industry readiness.

The Road to Travel Rule Implementation: Centralised in the EU and Industry-led in the UK

🇬🇧 UK

When the UK implemented the Travel Rule on September 1, 2023, it followed a legislative and regulatory process that deliberately placed industry expertise at the centre.

The Money Laundering and Terrorist Financing (Amendment) (No. 2) Regulations 2022 (MLRs) introduced Travel Rule obligations for crypto firms registered with the FCA, covering both inter-cryptoasset transfers and unhosted wallet transactions.

What set the UK approach apart was the collaborative model that followed. The Joint Money Laundering Steering Group (JMLSG), a private sector body made up of UK financial trade associations, led the drafting of practical guidance for firms. To support the efforts by JMLSG, CryptoUK established a dedicated Travel Rule working group, co-chaired by Notabene, bringing together compliance officers, legal experts, and operational teams to directly work with JMLSG to shape the guidance based on day-to-day implementation realities.

This industry-developed guidance was reviewed and validated by the FCA and HM Treasury, ensuring alignment with regulatory expectations while keeping operational challenges front and centre.

Furthermore, in August 2023, just before the rule took effect, the FCA published targeted guidance to clarify issues raised during the grace period, most notably the “sunrise issue” involving transactions with jurisdictions that had not yet adopted the Travel Rule.

The result was a regulatory framework supported by practical, actionable guidance. 

This collaborative process - combining early regulatory engagement and industry ownership - played a decisive role in the UK achieving high levels of readiness by the time the Travel Rule came into force.

🇪🇺 EU

The EU set out to tackle a far more ambitious task than the UK: introducing uniform Travel Rule obligations across all 27 Member States through a single, binding regulation. This was achieved via the recast of Regulation (EU) 2015/847, better known as the Transfer of Funds Regulation (TFR), which was formally adopted on May 31, 2023 to extend the Travel Rule to crypto transfers.

The creation of detailed implementation guidelines was primarily led by the European Banking Authority (EBA). 

The EBA made several efforts to incorporate industry perspectives. A public consultation on the Travel Rule Guidelines launched on November 24, 2023, alongside public hearings and the formation of Technical Expert Groups (TEGs)—which included industry representatives like Notabene.

However, unlike the UK’s process, where industry actors drafted the practical guidance with regulatory validation, in the EU it was the reverse: regulators drafted the guidelines, and the industry was invited to provide feedback along the way. While this structure provided transparency and some opportunity for dialogue, it inevitably limited the extent to which day-to-day operational challenges of CASPs could shape the final rules.

Takeaway

Guidance developed by industry practitioners and backed by regulatory oversight delivers the hands‑on, pragmatic advice firms need for readiness. In contrast, a top‑down model can miss key nuances encountered in day‑to‑day operations.

Using Grace Periods Strategically

EU CASPs were granted nearly six additional months to prepare compared to their UK counterparts. A long grace period in the EU was the right approach given the complexity of implementing uniform requirements across 27 Member States.

However, based on our experience, the length of a grace period is far less important than how that time is used. A grace period should serve as structured preparation time for both regulators and industry, particularly with the Travel Rule, which directly affects transaction flows, operational processes, and customer experience.

🇬🇧 UK

The UK offers a textbook example of this. Throughout the 13-month grace period, the FCA worked closely with the industry. This started with the acceptance of Notabene's Travel Rule testnets into the FCA regulatory sandbox. This hands-on engagement allowed the FCA to better understand the technical and operational nuances of implementing Travel Rule programs. The FCA also conducted targeted outreach to VASPs, requesting detailed implementation plans and offering feedback based on insights gained from the testnets. As a result, potential gaps were identified early and firms had time to adjust, which led to the high compliance rates we saw post-deadline.

🇪🇺 EU

It would be unrealistic to expect the same degree of coordinated engagement across the EU, where the regulation had to be rolled out simultaneously across 27 jurisdictions and regulatory bodies. However, the grace period fell short even in resolving fundamental questions - for example, when exactly do Travel Rule obligations start to apply?

Even after the Travel Rule formally entered into force on December 30, 2024, confusion persisted among industry participants:

• Some CASPs misinterpreted the transitional period outlined in the EBA Guidelines, assuming it postponed Travel Rule obligations entirely until 31 July 2025. In reality, this period only allows temporary technical limitations in solutions, but full compliance with the TFR is expected regardless of technical limitations.
• Others argued that the TFR only applies once a CASP obtains full authorisation under MiCA, meaning firms operating under transitional arrangements were exempt. The EBA explicitly rejected this interpretation in its July 2024 response to public comments, stating:

  "The EBA stresses that non-compliance with Regulation (EU) 2023/1113 is not accepted."

Takeaway

The UK experience offers a clear takeaway: the success of a regulatory rollout is not defined by how long the grace period is, but by how strategically that time is used. The UK's collaborative, proactive use of its grace period - bringing together regulators and industry to stress-test real-world implementation - was instrumental in achieving early, widespread readiness.

Managing Self‑Hosted Wallets: Risk‑Based Principles or Prescriptive Rules?

🇬🇧 UK

The UK has adopted a non-prescriptive, principles-based approach to regulating interactions with self-hosted wallets, built around risk assessments and operational discretion. Under Regulation 64G(2) of the MLRs, crypto-asset businesses (CBs) are required to assess the risks associated with unhosted wallet transactions and determine whether collecting additional customer information is appropriate.

The JMLSG provides further operational guidance, encouraging CBs to seek additional information when dealing with self-hosted wallets in higher-risk situations. Factors such as transaction size, frequency, and the overall customer relationship inform these assessments. Where higher risks are identified, CBs are expected to apply enhanced due diligence, which may include verifying control over the self-hosted wallet using mechanisms such as micro-deposits or cryptographic signatures.

Crucially, the UK’s framework avoids imposing rigid or overly prescriptive requirements. This allows CBs to adjust their controls based on risk assessments. As a result, UK market participants have largely maintained the ability to support these types of transactions while remaining compliant and adopting robust risk-mitigation policies.

🇪🇺 EU

The EU has taken a more prescriptive stance toward regulating self-hosted wallets, with obligations set out in the TFR and further operational detail provided by the EBA Travel Rule Guidelines.

Under the TFR, crypto-asset transfers involving self-hosted wallets are subject to escalating requirements based on transaction size. For transactions exceeding €1,000, CASPs must verify that their customer owns or controls the receiving self-hosted wallet. The EBA Guidelines elaborate on this obligation by providing a non-exhaustive list of acceptable verification methods, while also making clear that at least one method must be applied in all applicable cases.

A key source of market friction stems from the disconnect between the TFR’s legislative text and the EBA guidelines in what concerns third-party self-hosted wallet transfers. While the TFR does not explicitly impose verification requirements for transactions involving third-party self-hosted wallets, the EBA Guidelines extend obligations to these transactions, creating expectations for due diligence that many CASPs find impractical or disproportionate to implement. 

The result has been a marked trend toward de-risking within the EU. According to Notabene's 2025 State of Crypto Travel Rule Report, VASPs in the EU are 55% more likely to prohibit transactions with self-hosted wallets compared to the global average, reflecting a significant de-risking trend driven by regulatory uncertainty. Faced with operational uncertainty and the high cost of compliance, 15.4% of EU-based VASPs have implemented complete prohibitions on such transactions, compared to a global average of 9.9%.

Takeaway

In this rapidly evolving industry, prescriptive rules often struggle to keep pace with technological change, leading to unintended consequences such as market exclusion and de-risking. The UK's principles-based, risk-driven approach to regulating self-hosted wallets demonstrates how flexible frameworks can promote compliance without stifling innovation or market participation. By contrast, the EU's more prescriptive model has amplified operational uncertainty, prompting many VASPs to restrict legitimate transactions to avoid having to navigate complex, often impractical requirements. Striking the right balance between risk mitigation and operational feasibility requires regulation that empowers firms to apply proportionate and evolving controls.

Counterparty Due Diligence Obligations: All or Nothing?

🇬🇧 UK

In the UK, Counterparty VASP Due Diligence (CVDD) is not explicitly required under the Travel Rule, nor is it addressed in the JMLSG or FCA guidance. This was a conscious decision by UK regulators, who determined that existing frameworks such as data privacy laws and sanctions compliance already provide sufficient oversight. The UK’s approach aims to avoid introducing additional, potentially duplicative obligations that could complicate compliance without clear added benefit.

While this streamlined framework reduces regulatory burden, the lack of specific CVDD guidance may create operational uncertainty for VASPs.

🇪🇺 EU

In contrast, Article 38 of the EU’s TFR amends the 4th Anti-Money Laundering Directive (AMLD4) to expand the definition of correspondent relationships and explicitly include those established for transactions or transfers in crypto-assets. Recital 60 further clarifies that relationships between CASPs and third-country entities executing crypto-asset transfers share similarities with correspondent banking relationships and should be subject to enhanced due diligence measures similar in principle to those applied in traditional banking.

The EBA further issued the EBA/GL/2024/01 Guidelines to specify firms’ obligations where the respondent or its customers are providers of services in crypto-assets, other than CASPs authorised under MiCA, or where they are deemed to present an increased ML/TF risk.

Takeaway

The UK's decision to avoid prescriptive Counterparty VASP Due Diligence (CVDD) requirements reflects a desire to avoid duplicating existing oversight mechanisms. However, the absence of explicit CVDD expectations in the Travel Rule context can create operational uncertainty for VASPs navigating cross-border interactions.

Conversely, the EU’s approach imposes comprehensive CVDD obligations rooted in correspondent banking standards. As the FATF itself acknowledges, Travel Rule compliance requires a more proportionate approach. Unlike in the banking sector, many cross-border VASP-to-VASP transfers happen without an established, ongoing relationship, making traditional correspondent banking due diligence ill-suited in this context.

Neither extreme - a complete absence of guidance nor rigid, banking-style obligations - proves effective. Instead, CVDD requirements should be proportionate and aligned with the realities of the crypto-asset sector.

Reporting Non-compliant Counterparties

🇬🇧 UK

Beneficiary and intermediary CBs are required to report repeated failures by counterparties to provide required Travel Rule information to the FCA. Reporting must include details of both the non-compliance and the remedial steps taken. The UK applies a risk-based approach, allowing firms to determine what constitutes “repeated failure” based on transaction volumes, size, or frequency.

By the time the Travel Rule regulations came into force, formal processes for reporting non-compliant counterparties had not yet been established by the FCA. These procedures are currently being rolled out in the UK.

🇪🇺 EU

In the EU, Article 17(2) of the TFR mandates that CASPs assess whether non-compliance is repeated, using both quantitative criteria (e.g., percentage of missing data transfers, unanswered follow-ups) and qualitative criteria (e.g., cooperation level, reasons for non-provision).

If repeated non-compliance is identified, CASPs must report repeatedly non-compliant counterparties to the relevant AML/CTF authority within three months. Reports should include details on the VASP’s identity, the nature and frequency of breaches, explanations given, and actions taken.

Similarly to the UK, EU CASPs faced uncertainty as the Travel Rule entered into force without clear reporting processes fully established by regulators. The operationalization of these requirements is now underway in key markets like Germany.

Takeaway

Both the UK and EU frameworks mandate reporting non-compliant counterparties as a key enforcement mechanism. However, the absence of established reporting processes at the regulation’s start created uncertainty for VASPs in both regions. While the UK is now actively rolling out clearer reporting protocols, EU jurisdictions still face fragmented implementation.

According to the Notabene State of Travel Rule Report, only 32.7% of EU respondents are prepared to report non-compliant counterparties, including 26.9% who have set up reporting processes but have yet to use them. Actual reporting is low, at just 5.8%, likely reflecting regulatory ambiguity and operational challenges. Additionally, 15.4% of respondents indicate a lack of clear guidance in their jurisdiction.

This highlights the need for streamlined procedures to enable VASPs to fulfil reporting obligations effectively.

Lessons Learned

As we mark six months since the Travel Rule came into force in the EU and reflect on the UK’s earlier experience, several clear lessons emerge from the comparative rollout of these pivotal regulations:

1. Industry‑Led Operational Guidance Drives Readiness

   Regulatory frameworks grounded in operational realities succeed. Industry practitioners are well positioned to lead the drafting of practical implementation guidelines, with regulators providing validation and oversight. This collaborative model yields actionable, context-sensitive rules that help firms achieve compliance more effectively.

2. Grace Periods Work Only When Used Strategically

   The duration of a grace period is far less important than how the time is utilised. Structured, ongoing engagement between regulators and industry is critical to turning a grace period into a true window of preparation rather than merely a delay.

3. Principles-Based, Risk-Driven Approaches Outperform Rigid Prescription

   In fast-evolving sectors like crypto-assets, flexible, risk-based frameworks outperform one-size-fits-all mandates. Such principles-led approaches enable firms to calibrate controls proportionate to risks, fostering compliance without stifling innovation or excluding legitimate market participants.

4. Feasibility of Implementation Is Key to Compliance

   Regulatory mandates that are operationally impractical - such as the overly stringent obligations for third-party self-hosted wallets or unclear procedures for reporting non-compliant counterparties - drive firms toward non-compliance or excessive de-risking. Clear, feasible requirements and well-established processes are essential to avoid unintended consequences that undermine regulatory goals.

A combination of principle-based legislative mandates, industry-crafted operational playbooks, and purposeful, collaborative transition periods is key to building effective frameworks that serve both regulatory goals and industry realities, turning compliance from a challenge into a foundation for sustainable innovation and trust.

The Financial Action Task Force (FATF) has finalized revisions to Recommendation 16 (R16), delivering the a substantial overhaul of international payment transparency standards. These changes address two urgent imperatives: modernizing cross-border payment infrastructure to meet G20 objectives of faster, cheaper, and more inclusive transactions, while simultaneously combating an explosive surge in fraud that now represents the dominant proceeds-generating crime worldwide.

The regulatory shift is immediately apparent in the standards' evolution from "wire transfers" to "payment transparency"—a deliberate expansion signaling FATF's intent to capture all payment methods and value transfer mechanisms in our increasingly digital financial ecosystem.

The fraud crisis driving these changes cannot be understated. FATF's own research, including the 2023 report "Illicit Financial Flows from Cyber-Enabled Fraud," reveals staggering growth in both the frequency and monetary impact of fraudulent schemes. This threat has fundamentally rewritten the financial crime playbook, elevating fraud prevention and detection to primary regulatory objective, now standing alongside traditional anti-money laundering efforts as a core pillar of the revised standards.

What Changes? Key Requirements That Will Transform Payment Flows

The revised Recommendation 16 represents a fundamental shift in cross-border payment compliance. This section outlines the key changes introduced by the revision, evaluates how current industry capabilities measure up to the new standards, and demonstrates how the Transaction Authorization Protocol (TAP) is purpose-built to meet the policy objectives behind the update.

Standardized Information Requirements for Cross-Border Transfers and Mandatory Beneficiary Geographic Information

The revised R16 introduces standardized information requirements for cross-border transfers above specified thresholds:

For Originators:

• Name
• Account number (fallback: unique transaction reference)
• Address (fallback: country and town name or nearest option)
• Date of birth (fallback: year of birth)

For Beneficiaries:

• Name
• Account number or unique transaction reference
• Country and town name (or nearest option)

A significant expansion from current requirements, beneficiary geographic information is now mandatory. Previously, there was no obligation to transmit beneficiary geographic information under R16. With the revisions, country and town name are required minimum fields.

FATF's original proposals would have mandated full geographic addresses for both originators and beneficiaries, but extensive industry feedback, including from Notabene, successfully argued that such requirements would create financial exclusion and unnecessary friction, raise data protection concerns, and provide limited anti-money laundering benefit. The final standards reflect significant wins: For originators the year of birth can be provided as a fallback to full date of birth and country and town serve as acceptable alternatives when full addresses aren't available.  For beneficiaries, only country and town are required.

Mandatory Beneficiary Information Verification

One of the most significant changes is the explicit requirement for beneficiary financial institutions to verify information alignment to mitigate the risk of misdirected payments. Combating fraud is now an explicit objective of R16, acknowledged as a key target predicate offense. Institutions must now implement at least one of these approaches:

1. Post-validation checks - Verify name and account number alignment for each transaction
2. Holistic ongoing monitoring - Conduct risk-based monitoring to identify anomalous accounts and misaligned information
3. Pre-validation mechanisms - Use systems like Confirmation of Payee to verify beneficiary information aligment

🔖 Industry benchmark

VASPs in the Notabene network blocked over $696 million in transactions due to incorrect beneficiary information, demonstrating that the industry is leading the way in implementing pre-transaction beneficiary matching procedures that effectively leverage Travel Rule compliance to prevent fraud.

Positive Requirement for Payment Messages to Enable FI Identification

Information in payment messages must now make it possible for all institutions and authorities to identify which financial institution is servicing originator and beneficiary accounts and in which countries these institutions are located. 

🔖 Industry benchmark

Current implementations of R16 by VASPs rely on wallet addresses that provide no institutional identification as account identifiers, forcing VASPs to use imperfect methods like blockchain analytics and customer input to identify counterparties. 

💡 TAP Solution

TAP solves this by replacing address-based transactions with transfer requests that include complete beneficiary institution identification upfront.
Instead of sharing a blockchain address, recipients create secure transfer requests containing full institutional details—eliminating the guesswork and ensuring R16 compliance from the start.

Cross-Border Cash Withdrawal Requirements

R16 extends beyond wire transfers to include requirements for cross-border cash withdrawals. A targeted framework now requires issuing financial institutions to provide cardholder names  within three business days upon request when suspicious transactions are detected through monitoring systems.

This change addresses a significant transparency gap exploited by money launderers who open accounts in foreign countries, obtain payment cards, then return to their home country to make frequent ATM withdrawals—fragmenting their activity across jurisdictions to avoid detection. The new requirements enable acquiring institutions to request cardholder information when suspicious activity is detected, closing this critical intelligence gap.

Upgrades to Purchase of Goods and Services Exemption

The exemption scope has been clarified: when cards are used to fund other types of payment or value transfer (such as person-to-person transfers), the relevant R16 information requirements will apply. Additionally, card networks must now give financial institutions access to directories containing information on card issuing and merchant acquiring financial institutions.

Enhanced Payment Chain Definition

The revised standards clarify that payment chains begin with the financial institution that receives instructions from the customer and end with the institution that services the beneficiary's account or provides cash to the beneficiary. This definition aims to ensure complete information flows throughout complex cross-border payment chains, preventing the fragmentation that has historically hindered effective monitoring.

💡 TAP Solution

TAP's non-deterministic multi-party authorization flow provides full visibility into complex transaction flows, including all intermediaries. The protocol's non-deterministic approach allows any participant to add or replace agents during the discovery process, ensuring complete transparency before authorization.

This non-deterministic multi-party authorization structure enables the inclusion of all agents in the payment chain.

1. Additionally, the local subsidiary (VASP B UK) uses the services of an Institutional Custody provider to secure its customer funds. Therefore, it add the Institutional Custody provider as an agent (Intermediary VASP).
2. The beneficiary customer has an account with a local subsidiary (VASP B UK) and, hence, the parent entity replaces itself with that local subsidiary (the correct beneficiary agent).

   However, in reality:

For example, in the transaction illustrated below, the parent entity of an exchange (VASP B Global) is identified as the beneficiary VASP.

Revised Net Settlement Conditions

New clarification states that where net settlement results from customer transactions, information about underlying transactions is not required to accompany the net settlement. However, R16 requirements still apply to the underlying individual transactions themselves.

Implementation Timeline and Industry Impact

• Late 2026: Publication of comprehensive guidance paper on payment transparency
• Late 2030: Final deadline for R16 implementation across all jurisdictions
• Application to VASPs: Requirements will apply indirectly through R15, with potential updates to maintain alignment. 

The Broader Context: A Platform Shift in Financial Services

The revised FATF R16 signals a recognition that payment transparency must adapt to the realities of modern financial infrastructure. These regulatory changes occur against the backdrop of a fundamental platform shift in financial services - from legacy rails to programmable, real-time, blockchain-enabled networks.

TAP positions itself at the forefront of this transformation, serving as the critical authorization layer that bridges the robust controls of traditional finance with blockchain efficiency.

As the industry progresses toward the 2030 R.16 implementation deadline, TAP is uniquely positioned to help VASPs lead - not lag - in meeting the new standards. Unlike legacy institutions constrained by decades-old systems, TAP is building from a greenfield. This allows us to innovate without compromise, designing solutions purpose-built for today’s regulatory and technological realities. 

The platform shift is underway. The regulatory framework is evolving. TAP bridges both: meeting compliance demands while unlocking the full potential of blockchains as payment rails.

AOPP: Constraints, Limitations, and Adoption Challenges

The Address Ownership Proof Protocol (AOPP) emerged as a technical solution for cryptocurrency users to demonstrate wallet address ownership, primarily in response to regulatory requirements. Despite its promising premise, AOPP has struggled to gain widespread adoption across the cryptocurrency wallet ecosystem. This analysis examines why AOPP remains a niche protocol, which wallets have implemented it, and the fundamental limitations that have prevented it from becoming an industry standard.

A Compliance Solution for Self-Hosted Wallets

AOPP emerged as a technical solution designed to automate the process of proving ownership of self-hosted cryptocurrency wallets. By generating cryptographically signed messages without manual intervention, the protocol aimed to streamline compliance with regulations like the Financial Action Task Force's (FATF) Travel Rule. Swiss financial authorities, particularly FINMA, served as the catalyst for AOPP's development, creating a protocol that would theoretically bridge the gap between regulatory demands and cryptocurrency's decentralized nature.

Selective Adoption in a Growing Market

Years after its introduction, AOPP remains implemented in only a small segment of cryptocurrency wallets. Its current footprint in the ecosystem reveals both its niche utility and broader market hesitation:

BitBox02 is one of the protocol’s consistent supporters. This Swiss-developed hardware wallet integrated AOPP early, reflecting geographical alignment with the protocol's origins and the company's compliance-oriented approach.

Specter Wallet, with its focus on privacy and multi-signature implementations, has maintained AOPP support, positioning it as an option for users navigating both security and regulatory requirements.

What's particularly noteworthy is the pattern of reconsideration among several wallet providers. Trezor, a significant player in hardware wallets, initially implemented the protocol but subsequently removed it after user feedback. Blue Wallet and Sparrow Wallet similarly stepped back from AOPP support after community response. These adjustments highlight the complex balance wallet providers must strike between regulatory compliance tools and user preferences.

Self-Hosted Wallet Market Context

Self-hosted (non-custodial) wallets continue to gain popularity as cryptocurrency users prioritize direct control over their assets. The market for these wallets reached approximately $2.5 billion in 2024 and is projected to grow to $15 billion by 2033. Major players in this space include:

• MetaMask: Over 30 million users
• Trust Wallet: More than 60 million downloads
• Ledger: Approximately 6 million devices sold
• Trezor: A significant player in the hardware wallet segment

Notably, none of the market leaders currently support AOPP, significantly limiting its practical utility in the broader ecosystem.

A Solution Without an Audience

AOPP's limited adoption appears to stem from several structural factors that collectively explain its position in the wallet ecosystem.

Regional Orientation in a Global Market

Developed primarily for Switzerland's regulatory environment, AOPP addresses compliance frameworks that aren't universally applicable. For wallet developers serving diverse international jurisdictions, implementing a protocol designed specifically for Swiss compliance presents a challenging value proposition. This regional specificity naturally constrains AOPP's relevance for wallet providers with global user bases operating under different regulatory structures.

Development Resource Considerations

For wallet development teams, AOPP implementation requires specialized message signing and verification processes that introduce additional complexity. This technical requirement creates resource allocation questions, particularly for smaller teams and open-source projects. With limited development bandwidth, many providers have prioritized features with broader user demand over specialized compliance protocols.

User Experience Tradeoffs

Most cryptocurrency wallets already support standard message signing for Web3 interactions, a flexible approach serving multiple purposes beyond compliance. AOPP, while streamlining compliance-related verification, introduces a more structured but less common process. Wallets may prioritize flexibility and user familiarity over integrating a niche compliance-focused protocol.

The Inherent Limitations of AOPP

AOPP's trajectory reveals structural challenges that extend beyond simple market preferences to more fundamental design considerations.

The Adoption Challenge

AOPP faces a circular implementation challenge: its utility as a standard depends significantly on widespread adoption, yet achieving that adoption requires demonstrating consistent utility across use cases. With major wallet providers like MetaMask, Trust Wallet, and Ledger not implementing the protocol, AOPP lacks the critical mass necessary to function as a universal verification standard. This creates practical limitations for users, regulators, and exchanges seeking standardized verification methods.

Technical Scope Considerations

Even where AOPP is implemented, questions remain about its comprehensive effectiveness. The protocol cannot prevent all potential verification workarounds, which leads to questions about its practicality as a compliance tool. These limitations have factored into wallet providers' implementation decisions, particularly when weighing development resources against potential benefits.

Alternative Approaches in the Ecosystem

While AOPP has found limited implementation, the cryptocurrency ecosystem has naturally evolved toward verification approaches that align with both compliance needs and user expectations:

Standard Cryptographic Signatures have emerged as a widely implemented solution. Protocols like EIP-191, BIP-137, and Ed25519 provide similar proof-of-ownership capabilities with broader compatibility across wallet types. Their flexibility allows them to serve multiple purposes beyond regulatory compliance, creating natural incentives for both developers and users.

Extended Public Key Verification offers another approach that addresses regulatory goals through different technical means. By verifying xPubs, platforms can confirm wallet control while maintaining a seamless user experience—a balance that has gained traction across the ecosystem.

Micro-Transaction Verification, also known as the Satoshi Test, has emerged as another alternative that confirms wallet control by having users send specific amounts within designated time windows. This method works with virtually any wallet that can send transactions, providing broader coverage than protocol-specific approaches like AOPP.

Multi-Method Verification Systems have also gained traction, with companies like Notabene offering comprehensive solutions that combine several verification methods. These systems typically include cryptographic signature proofs similar to AOPP's approach, but complement them with alternative verification methods such as micro-transactions, visual verification through screenshots, and self-declaration options. This layered approach provides flexibility for users across different wallet types and technical expertise levels.

The Path Forward: Beyond AOPP

AOPP represents a thoughtful attempt to address the regulatory challenges facing cryptocurrency users and exchanges. However, its limited adoption reflects not just technical considerations but deeper questions about how compliance mechanisms integrate with cryptocurrency's core principles and user expectations.

As the cryptocurrency industry continues to mature, verification solutions will likely evolve along paths that balance regulatory requirements with user experience priorities. While AOPP may maintain relevance in specific regulatory contexts, particularly in Switzerland, the industry appears to be moving swiftly toward more flexible, multi-method approaches to wallet verification.

Companies like Notabene have recognized this need for flexibility by developing verification systems that work across virtually any wallet type, including popular hardware wallets like Ledger and Trezor that don't support AOPP. Their approach demonstrates that compliance and security don't necessarily come at the expense of user experience, particularly when various verification methods are available depending on the specific wallet technology.

The experience with AOPP provides valuable lessons for future protocol development. It demonstrates that successful compliance tools must consider not only regulatory requirements but also technical implementation costs, user experience impacts, and alignment with the diverse expectations of the cryptocurrency community. Looking ahead, the most successful verification approaches will likely be those that provide multiple options rather than requiring wallets to implement specific protocols, ensuring that Travel Rule compliance remains accessible regardless of which wallet technology users prefer.

US lawmakers have introduced long-awaited market structure legislation in the form of the “Digital Asset Market Clarity Act of 2025” or “CLARITY Act of 2025”, for short. US Representative French Hill announced the bi-partisan market structure bill for digital assets on May 29, 2025.

The bill was drafted by the House Committee on Financial Services, who previously penned the FIT21 Act, which passed in the House of Representatives but ultimately failed to clear the Senate. The CLARITY Act follows months of hearings on the matter within the Subcommittee on Digital Assets, Financial Technology, and Artificial Intelligence.

The bill aims to remove longstanding ambiguity related to digital assets oversight by clarifying the roles of both the United States Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC). While much can change from the point of introduction to the ultimate passage of legislation, a comprehensive framework like the CLARITY Act has the potential to reshape crypto regulation entirely by enabling clear pathways for institutional and retail adoption to scale in a legal and compliant way across the entire US market.

The bill gained momentum following a June 4th House Committee hearing titled "American Innovation and the Future of Digital Assets: From Blueprint to a Functional Framework," where industry experts and former regulators debated the legislation's merits and challenges.

“How decentralized is it?” is the new “Is it a security?”

One of the principal innovations of the proposed legislation is that instead of asking "Is crypto a security?" the CLARITY Act asks “How decentralized is this system?”. This is key because the level of decentralization would ultimately determine jurisdiction underneath either the SEC (for early-stage tokens with centralized control designated as "Investment Contract Assets."), or the CFTC (for more mature and fully decentralized blockchain network tokens designated as "Digital Commodities.")

In other words: As assets become more decentralized, they transition from SEC to CFTC jurisdiction. 

Stablecoins are singled out

The emergence of stablecoins as crypto’s killer use case warrants special consideration, as we can see recognized by the creation of a third tier of assets called Permitted Payment Stablecoins. This class of digital asset is subject to light regulation due to the asset being adopted widely by consumers warranting some level of protection.

This creates a three-tier framework for digital asset regulation:

TradFi players can get in the game

One of the biggest unlocks of such a comprehensive market structure bill is a regulatory framework for traditional finance players to get into the crypto game without exposing themselves to unnecessary regulatory and compliance risk.

Under the proposed CLARITY Act, banks would be able to custody crypto without balance sheet liability, as well as trade more complex crypto financial instruments.

Clear pathway for crypto-native companies

The bill provides concrete guidance for crypto companies that have been operating in regulatory limbo. Key provisions include:

• $75 million fundraising exemption with a 4-year maturity timeline
• Founder trading restrictions until networks reach maturity
• Provisional registration pathways allowing companies to operate while agencies develop detailed regulations

For VASPs already operating in our compliance network, these provisions validate the approach we've been advocating for: building robust compliance frameworks from day one, even when regulations are still evolving.

DeFi is clearly addressed

Decentralized finance protocols receive explicit recognition and protection under the CLARITY Act. The bill includes self-custody rights and anti-fraud enforcement while acknowledging that truly decentralized protocols operate differently from traditional financial entities. This recognition is crucial for the DeFi ecosystem's maturation and integration with traditional finance systems.

Hearing insights

Support and skepticism

During the June 4th hearing, we saw both strong support and pointed criticism:

Former SEC Commissioner Elad Roisman called the bill a "significant step forward to providing the needed clarity" to digital markets.

Former CFTC Chairman Rostin Behnam agreed that current federal law has left regulatory gaps, urging Congress to address this void with "targeted legislation."

However, former CFTC Chairman Timothy Massad raised significant concerns, particularly around anti-money laundering provisions. When directly asked if the bill addresses AML adequately, Massad responded "not sufficiently," pointing to critical gaps:

• The bill only applies Bank Secrecy Act requirements to centralized intermediaries
• Crypto assets can be transferred without going through intermediaries, creating enforcement gaps
• Treasury needs more authority over decentralized protocols and foreign platforms
• Stablecoin issuers should be required to monitor suspicious wallet activity

"We've got to give the Treasury Department and other regulators adequate tools to deal with those risks. And I don't think we've done that yet," Massad emphasized, citing examples of Russian smugglers using Tether and Hamas using crypto funding.

The AML challenge: Where traditional frameworks meet DeFi

One of the most contentious aspects of the June 4th hearing centered on anti-money laundering provisions. Democratic members pressed witnesses on whether the CLARITY Act provides adequate safeguards against illicit finance, particularly in decentralized systems.

The Core Challenge: Traditional AML frameworks rely on intermediaries like banks to monitor and report suspicious activity. DeFi protocols, by design, operate without centralized intermediaries, creating what critics see as regulatory blind spots.

Representative Lynch directly asked: "Does this bill address anti-money laundering adequately?" The responses revealed a fundamental split in thinking about crypto compliance.

Industry Perspective: UniSwap's Katherine Minarik argued that blockchain analytics provide superior tools for tracking illicit activity in real-time, claiming traditional BSA requirements are "broken and in many ways dying." She emphasized that sanctions screening requirements still apply to all US companies, and blockchain's transparency offers better visibility than traditional finance.

Regulatory Skepticism: Former regulators expressed doubt that existing frameworks adequately address decentralized systems. The concern isn't just about tracking funds after the fact, it's about preventing illicit activity before it happens.

For institutions operating in our compliance network, this debate highlights why robust Travel Rule implementation is crucial. While regulatory frameworks evolve, institutions with comprehensive compliance programs, including pre-transaction screening and counterparty verification, position themselves ahead of whatever requirements emerge.

Balanced priorities: Innovation, consumer protection, and law enforcement

The CLARITY Act aims to achieve a critical balance of three important priorities:

• Market Innovation: Providing clear pathways for crypto-native businesses to grow and thrive
• Consumer Protection: Establishing safeguards without stifling legitimate innovation
• Law Enforcement Authority: Ensuring regulators have tools to combat illicit activity

However, the hearing revealed this balance remains contentious. Critics argue the bill creates enforcement gaps in DeFi, while supporters contend it improves on the status quo by bringing centralized crypto activities under Bank Secrecy Act coverage.

A critical week ahead: June 10 committee markups

The CLARITY Act faces a pivotal moment on June 10, when both the House Financial Services Committee and House Agriculture Committee are scheduled to hold markups of the legislation. This dual committee approach reflects the bill's comprehensive scope where the Financial Services handling securities and market structure issues, while Agriculture addresses commodity futures aspects.

These markups represent the first major procedural hurdle for the legislation. Success in both committees would provide significant momentum for floor votes and eventual Senate consideration.

What to expect next

While the June 10 markups represent crucial first steps, this is only the beginning of the CLARITY Act's legislative journey. With many procedural hurdles ahead, expect the bill's contents to evolve as it moves through Congress. The June 4th hearing revealed both strong bipartisan support and areas where compromise will be necessary. Expect to see the contents of the bill change shape as it makes its way through Congress, as the finer details and subsequent implementation of the bill will be critical for its long-term potential to reshape the industry in a positive way. 

For years, the US crypto industry has bemoaned the lack of clarity from regulators and displayed an appetite for following the rules if only they existed. This is our collective chance to put those rules in place for an important market in the global crypto economy, and provide the long-awaited opportunity for American crypto companies to remain competitive while ensuring that the regulatory clarity also allows international crypto firms to tap into the growing US market.

The bill's success could provide the long awaited opportunity for American crypto companies to remain competitive while ensuring regulatory clarity allows international firms to tap into the growing US market with confidence.

For institutions already building compliant crypto operations, the CLARITY Act validates the approach of implementing robust compliance frameworks before they're required. Those who've invested in comprehensive Travel Rule compliance, counterparty due diligence, and risk management systems will find themselves ahead of the curve as these requirements become standardized.

At Notabene, we've been building the infrastructure that will support this regulatory future. Our open-loop Transaction Authorization Protocol (TAP) and comprehensive compliance platform are designed for exactly the kind of regulated, interoperable crypto ecosystem that the CLARITY Act envisions.

The CLARITY Act isn't just about providing regulatory certainty, it's about building the foundation for crypto's integration into the broader financial system. For institutions ready to operate in this environment, the opportunity is enormous.

Read the full bill here

New York, London, April 23, 2025 — Notabene, a leading provider of Travel Rule compliance infrastructure, today released its annual State of Crypto Travel Rule: 2025 Report, revealing a decisive industry shift: compliance is no longer optional, it is the cost of doing business.

Based on survey data from 91 Virtual Asset Service Providers (VASPs) and 10 regulatory bodies, the report shows that 100% of firms plan to be Travel Rule compliant by the end of 2025. Nearly 9 in 10 expect to meet requirements in the first half of the year, reflecting a broad and urgent move toward regulatory alignment.

Compliance is now directly tied to reaching your counterparties. In the past year, VASPs have become significantly more assertive in their counterparty requirements. The report found a 431% year-over-year increase in VASPs blocking withdrawals until beneficiary information is confirmed, jumping from 2.9% in 2024 to 15.4% today. Additionally, 19.8% of VASPs now return deposits if the originator fails to provide the required Travel Rule data.

In the lead-up to the EU Transfer of Funds Regulation (TFR) enforcement date of December 30, 2024, the Notabene network saw a dramatic surge in activity from EU-based firms. Transaction volumes originating from EU Crypto Asset Service Providers increased by 200x, compared to an 8x increase in non-EU-originated volume during the same period. While 71% of EU Crypto Asset Service Providers missed this deadline, many are catching up fast. One third have implemented processes to identify and report repeat non-compliant counterparties to regulators, creating spillover pressure on global peers.

“This isn’t about checking a regulatory box. It’s about securing your place in the future of crypto finance,” said Pelle Brændgaard, CEO of Notabene. “The network of compliant institutions is growing, and those who aren’t part of it are already being left behind.”

The message from this year’s report is clear: Compliance is no longer a future requirement or a regulatory checkbox. It is now a gatekeeper for business. Firms that fail to meet expectations are being excluded from transactions, losing counterparties, and watching volumes slip away. 

Download the full report here.

ENDS

Media Contact: [email protected]

About Notabene:

Notabene is the trust layer for global money movement, powering the largest Travel Rule-compliant network of regulated crypto institutions. Our mission is to make crypto transactions a part of the everyday economy. We provide a nuanced view of the regulatory landscape by leveraging industry expertise, insights from our annual survey, and extensive research on public sector data. We aim to equip businesses and other industry stakeholders with the knowledge and tools necessary for success in a dynamic environment.

Our platform enables businesses to securely and seamlessly verify counterparties, authorize transactions, identify self-hosted wallets, and comply with global regulations. With SOC-2 certification, ISO27001 compliance, and a strong focus on privacy and user experience, Notabene ensures trust in every transaction.

Headquartered in New York, Notabene operates globally, with a presence in Switzerland, Singapore, Germany, and the United Kingdom. Trusted by over 200 companies, including Copper, Luno, Crypto.com, and Bitstamp, Notabene helps institutions build trust into every transaction while ensuring compliance with evolving regulatory frameworks.

Start for free with the world’s largest transaction authorization network at Notabene.id.

Connect with us: LinkedIn | Twitter