Understanding who controls the recipient wallet is crucial for Virtual Asset Service Providers (VASPs) to comply with the Travel Rule. The first phase of the mandated pre-transaction due diligence process, as set forth by the Financial Action Task Force (FATF) ^[1], involves identifying the counterparty VASP. A comprehensive due diligence process is initiated once another VASP is identified as the counterparty.

Correctly carrying out this procedure enables VASPs to sidestep transactions with suspicious or sanctioned entities. Moreover, it safeguards sensitive customer data by ensuring it only goes to a verified or intended counterparty. ^[2]

‍

‍

{{cta-learnmore10="/cta-components"}}

Counterparty VASP Identification Challenges

Crypto transfers are recorded on public ledgers, leading VASPs to treat their wallet address books as confidential, which complicates identification efforts during Travel Rule-compliant transfers. VASPs face a wide range of counterparties, from other VASPs and financial institutions to self-hosted wallets and entities like e-commerce platforms, gaming sites, and mining pools. This diversity adds another layer of complexity to the already challenging counterparty identification process.

Currently, VASPs rely on (1) blockchain analytics, (2) input from their end customer, and (3) other specific discoverability methods available in their Travel Rule network to identify the counterparty to the transaction. These solutions have limitations: blockchain analytics can cluster wallet addresses with VASP groups but cannot reconcile them with specific legal entities; end customers may know the VASP brand but often do not know the specific legal entity with which they or their transaction counterparty is contracted; Travel Rule networks are limited to the information made available by the network members.

This issue remains critical, as compliance with the Travel Rule hinges on the accurate identification of the counterparty.

Learn more about this topic in Chapter 1, Section 2.2.1 of the 2024 State of Crypto Travel Rule Compliance Report.

FATF's Stance on VASP Identification

In its 2021 update, FATF highlighted the lack of "technically proven means" for accurately identifying the VASP overseeing the beneficiary wallet based solely on the Virtual Asset (VA) address:

To date, the FATF is not aware of any technically proven means of identifying the VASP that manages the beneficiary wallet exhaustively, precisely, and accurately in all circumstances and from the VA address alone. - FATF ^[3]

In the same report, the FATF explicitly urged the industry to accelerate efforts to strengthen global solutions that can accommodate nuances in requirements across jurisdictions in accordance with FATF Standards. ^[4]

‍

{{report2="/cta-components"}}

‍

Approaches to theSunrise Issue Challenges

Below, we discuss what can be done about the VASP identification issue and initiatives that are already in place at the various stakeholder levels, and which stakeholders are best positioned to drive solutions to this issue:

Joint Industry Initiatives

Notabene had the honor of attending the V20 Summit in October 2022. Held alongside the G20, 20 VASPs convened to discuss global financial policies and industry proposals in the wake of the FTX collapse, TerraUSD crash, and other industry events. At the V20 Summit, the stakeholders present set a goal to develop and agree on a common approach to public infrastructure for VASP discovery and the general principles that should be observed, namely:

• The infrastructure should be common, global, decentralized, and open (available to all VASPs and Travel Rule protocols).
• The infrastructure should provide base layers of information (entity name, jurisdiction, regulatory status, contact info, and supported Travel Rule protocols). 

The Joint Working Group under IVMS, in which Notabene is an active participant, is leading the initiative to create this infrastructure.

Travel Rule Solutions

Many Travel Rule solutions are already participating in the Joint Working Group under IVMS mentioned above. Others are encouraged to join to ensure that the chosen industry approach has stakeholders' buy-in at all levels. 

Notabene enables VASPs to autonomously identify the counterparty to transactions through the following discoverability methods: 

1. Integration with blockchain analytics: SafeTransact features integrations with several blockchain analytics service providers that allow VASPs to plug in their blockchain analytics accounts to the Travel Rule flow. The counterparty wallet address is queried against the information available to the blockchain analytics service to determine whether or not that wallet is associated with a known VASP.
   ‍
2. Network Discoverability: In response to these identified challenges, Notabene has rolled out Network Discoverability. This feature offers scalable, secure, and reusable techniques for counterparty VASP identification within open networks. The Notabene Network features an internal, self-managed address book. Participating VASPs can upload their blockchain addresses in hashed format to Notabene and permit them to be safely leveraged across the network to streamline the discoverability process. When other VASPs in the network engage in transactions involving any of the uploaded hashed addresses, the VASP that controls the respective address will be automatically identified.
   
   

{{cta-learnmore7="/cta-components"}}

VASPs

VASPs ultimately own the information that allows the accurate association between their wallet addresses and the legal entities that operate them. The adoption of any standard for VASP discovery necessarily hinges on VASPs’ collaboration. 

2024 Status Check

‍

‍

Partial solutions for VASP identification are available, but their limitations continue to negatively impact Travel Rule compliance. Recognizing how important a common industry approach will be in solving this, the Joint Working Group under IVMS is working toward a standard that it hopes the industry will adopt.

Learn more about Network Discoverability

Learn more about our VASP identification feature, which offers scalable, secure, and reusable techniques for counterparty VASP identification within open networks.

‍

{{cta-learnmore7="/cta-components"}}
‍‍

This article provides an in-depth look at virtual asset service providers' (VASPs) current compliance status and future planning as they navigate the Travel Rule. Based on the results from Notabene's 2024 State of Crypto Travel Rule Compliance survey, we explore how crypto businesses and financial institutions are preparing to meet these regulatory requirements. 

96% of VASPs Are Travel Rule Compliant or Plan To Be in 2024

The Travel Rule has become a fundamental aspect of the crypto compliance landscape. According to the survey, 96% of respondents are either already compliant or plan to be by Q4 2024. This marks a significant milestone, with over half (52%) of respondents already adhering to the Travel Rule in 2023—a substantial increase from 23% the previous year, indicating a 123% growth in compliance.

A mere 4% of respondents indicated a stance of non-compliance until 2025. This highlights that compliance with the Travel Rule is not only an immediate necessity due to increased regulatory urgency but also a strategic imperative for entities aiming to operate and transact globally in a compliant manner. For a comprehensive analysis and detailed statistics, download the full report.

Team Sizes and Automation

A notable 80% of firms have dedicated Travel Rule compliance teams, reflecting the industry's commitment to meeting these stringent requirements and recognizing the importance of working with specialized personnel to successfully navigate the intricacies of Travel Rule compliance and stay abreast of increased scrutiny and regulatory demands.

The survey also investigated team sizes and the automation of pre-transaction checks, which revealed respondents’ efforts to ensure the efficient operation of their compliance teams.

A large portion of respondents (46%) have significantly automated their systems, with less than 25% of transactions flagged for manual review. Another 24% partially automate, flagging over 25% for manual review. However, 17% manually approve every transaction, and 13% automate without pre-transaction checks.

Nearly half of respondents (47%) had to demonstrate Travel Rule compliance during license applications, indicating its importance in gaining market access.

Additionally, more than half of the respondents (53%) have had their AML and sanctions programs evaluated by local regulators, examiners, or independent reviewers, explicitly focusing on Travel Rule compliance. This standardized assessment process highlights Travel Rule adherence's integral role in the AML framework and its strategic importance within the overarching compliance framework.

The industry's commitment to Travel Rule compliance is evident through dedicated teams, integration into licensing processes, and comprehensive AML assessments, making it a strategic imperative for operational excellence and market credibility.

VASPs Ensure Compliance Where the Travel Rule Is a Licensing Deal-Breaker

A commendable 52% of companies, spanning diverse primary jurisdictions are already complying with Travel Rule requirements. However, a closer examination of survey responses on primary jurisdiction and implementation timelines reveals a clear pattern: VASPs prioritize compliance where Travel Rule compliance is a license “deal breaker.”

EMEA

The EMEA region as a whole, in particular, demonstrates a high compliance rate, with 59% of respondents claiming to be already complying in this region.

In the EMEA region, the U.K. stood out as the primary jurisdiction with the highest percentage of compliant respondents, boasting an exceptional 100% compliance rate among those surveyed. Of these, 89% were already compliant, and the remaining 11% planned to be by the end of 2023 when the survey was issued. This remarkable compliance rate can be attributed to the U.K.’s robust standards since the country began enforcing the Travel Rule on September 1, 2023.

UAE

When looking deeper into the UAE respondents, where Travel Rule compliance is a licensing prerequisite, 60% of companies have already achieved compliance, and an additional 20% anticipate reaching compliance by the second quarter of 2024. These statistics demonstrate that having Travel Rule compliance as a license deal-breaker fosters a proactive commitment to adoption from the industry.

The trend of enforcing strict licensing regimes is positive. An analysis conducted by TRM Labs (2024) found that VASPs in countries with full licensing and supervision regimes have lower rates of illicit activity than those in less regulated jurisdictions.

‍

APAC

It’s crucial to highlight that the rest of the world is keeping pace. Among respondents with primary jurisdictions in APAC, an impressive 86% are already in compliance with the Travel Rule. This includes vital APAC jurisdictions such as Singapore, Hong Kong, India, Japan, and Malaysia.

Of the 39% of APAC respondents that listed Singapore as their primary jurisdiction, 63% are already compliant, while an additional 25% aim for compliance by Q1 of 2024.

U.S.

The U.S. is trailing behind compared to other key jurisdictions. Despite the Travel Rule requirements in the U.S. since 2013, only 50% of companies claim compliance, with an additional 30% expecting compliance by Q1 of 2024. These numbers are particularly striking compared to the 100% compliance rate observed in the U.K., where the measures were implemented only recently, just four months before the survey was issued. This trend may be attributed to regulatory ambiguity and limited enforcement action in the U.S., contrasting with the proactive commitment to adoption seen in other jurisdictions.

However, the increasing counterparty urgency is expected to drive global adoption, particularly in the United States. Our survey data indicated that fewer VASPs are willing to send withdrawals or receive deposits without the ability to transmit or receive relevant Travel Rule information, which means a potential increase in business loss. Such pressure to adapt will hopefully drive industry stakeholders and regulators to take action, especially those in the U.S.

The Number of VASPs Not Implementing Counterparty Due Diligence Processes Has Nearly Halved

Trend Shift

The survey indicates a significant decrease in the proportion of companies willing to send Travel Rule transfers to counterparties without specific criteria, dropping from 52% in 2023 to 29% in 2024. This reflects a growing emphasis on rigorous counterparty due diligence. Another notable trend is the growing emphasis on assessing the regulatory status of counterparties, a number that has seen doubled growth, from 4% to 9%.

Due Diligence Practices

Sixty-four percent of companies perform due diligence pre-transaction. The survey question, “What checks do you perform, if any, on your counterparties prior to initiating Travel Rule transactions?” highlights the industry's maturing commitment to Travel Rule compliance. The majority of respondents conduct:

• Wallet sanction screening (87%)
• Counterparty name sanction screening (77%)
• Evaluation of wallet risk scores (74%)
• VASP due diligence (64%)

Only a minority (6%) reported conducting no checks, underscoring a holistic approach to risk management. However, despite the positive trend, VASP due diligence is still the least adopted measure.

The trends indicate a clear shift toward more rigorous counterparty due diligence, a preference for regulated counterparties, and a strategic move away from indiscriminate transfers to all VASPs. Despite this progress, challenges remain. As outlined in Chapter 5, Section 3, issues such as the least performed measure of VASP due diligence continue to hinder the counterparty due diligence process.

‍

The industry’s growing commitment to Travel Rule compliance is evident with the existence of dedicated teams, integration into regulatory licensing processes, and the core fabric of AML compliance assessments. This trend positions Travel Rule compliance not merely as a regulatory necessity but as a strategic imperative that drives operational excellence and market credibility.

‍

{{report1="/cta-components"}}

‍

The Crypto Travel Rule, as mandated by the Financial Action Task Force (FATF), requires Virtual Asset Service Providers (VASPs) to share specific information for transactions over a certain threshold. 

However, the staggered implementation timelines, known as the "Sunrise Period," pose significant compliance challenges across the globe. This blog dives into these challenges and offers strategies for VASPs navigating this difficult time.

Understanding the Sunrise Issue

The Sunrise Period refers to the timeframe during which the Travel Rule is not uniformly implemented across jurisdictions. This period is fraught with challenges as VASPs in different regions are subject to varying compliance timelines. As of the latest FATF updates in June 2023, many jurisdictions have yet to fully implement the Travel Rule, leading to a patchwork of compliance standards worldwide.

Challenges Faced by VASPs During the Sunrise Period

VASPs face significant hurdles during the Sunrise Period due to the practical difficulties encountered in the data transfer process required by the Travel Rule. 

Let's break down these challenges into three main areas:

1. Difficulty Sending a Travel Rule Data Transfer
   Compliance with the Travel Rule necessitates that the originator VASP collects and transmits information about both the originator and the beneficiary to the beneficiary VASP. However, uneven implementation across jurisdictions means that many beneficiary VASPs are not yet equipped to receive and protect this information adequately. 
   
   This gap in compliance capabilities can leave the originating VASP unable to fulfill its core obligations, significantly impacting transaction flows. Recent survey results highlight a shift towards stricter compliance enforcement, with the percentage of VASPs that do not allow withdrawals unless a Travel Rule message can be transmitted to the beneficiary VASP nearly tripling from 8% last year to 23% this year.
   
   
2. Difficulty Receiving a Travel Rule Data Transfer
   The challenges are not only limited to sending information. If the originator VASP has not started transmitting Travel Rule data, the beneficiary VASP faces significant barriers in assessing the information about the originator, which is crucial for completing the transaction in a compliant manner. Depending on the regulatory approach of the country in question, the beneficiary VASP might need to restrict access to these transactions. Such restrictions can have a substantial operational impact on business. 
   
   Furthermore, it's noteworthy that a significant 37% of survey respondents reported that they did not receive any Travel Rule information for a substantial number of transactions, illustrating the scale of this issue.
   
   
3. Difficulty Screening the Transaction’s Counterparty
   The Sunrise Issue also complicates the screening process of the transaction’s counterparty. Typically, an originator VASP would verify the beneficiary's information provided by their customer before attempting to transmit this data. However, without confirmation from the beneficiary VASP that the information is accurate, the originator cannot be sure of its validity. This uncertainty makes the screening results unreliable and the transactions risky. 
   
   Likewise, beneficiary VASPs face challenges when they receive deposits without the required originator information. This scenario makes it easier for illicit actors to exploit the system by using inaccurate counterparty information to bypass VASP screening processes.
   

These challenges underline the intricate difficulties that arise from the staggered implementation of the Travel Rule across different jurisdictions. They not only affect the efficiency of transaction processes but also raise significant compliance and operational risks for VASPs operating internationally.

Regulatory Landscape and Progress

Although the FATF sets the global standards, it does not enforce them directly. Instead, it relies on member countries to implement these standards within their jurisdictions. The FATF continues to issue guidance and monitor progress, but many countries lag behind in their implementation efforts. Specific examples from countries like South Korea, Japan, and the UK illustrate the diverse approaches to implementing the Travel Rule, each with its own set of challenges and solutions.

{{report2="/cta-components"}}

Approaches to Sunrise Issue Challenges 

In this section, we discuss what can be done about the challenges arising from the Sunrise Issue, initiatives that are already in place at various stakeholder levels, and which stakeholders are best positioned to drive solutions to this issue.

The FATF

The FATF’s mandate is to set recommendations that are, themselves, not legally binding. The FATF relies on member jurisdictions to incorporate these recommendations and enforce the Travel Rule for VASPs within the jurisdiction’s regulatory ambit. Thus, the FATF is not in a position to resolve the Sunrise Issue challenges. 

Nonetheless, the FATF uses a number of methods to encourage national regulators and the private sector to action:

1. The FATF has issued a number of guidance documents aimed at helping regulators and VASPs navigate a path toward Travel Rule adoption and tackle some of the more challenging aspects thereof. We’ve highlighted some of these guidance instruments in Chapter 1, which can serve as a very useful tool for stakeholders at all levels. The FATF has also formed the Virtual Assets Contact Group (VACG), which will continue to conduct outreach and provide assistance to low-capacity jurisdictions to encourage their compliance with the Travel Rule.
   
   
2. The FATF has continued to monitor and report progress of Travel Rule adoption. In the FATF’s June 2023 Targeted Update, the FATF reiterated that jurisdictions have made insufficient progress and thus calls on regulators to urgently implement the Travel Rule. [1]
   
   
3. Perhaps the most effective method is the FATF-maintained call-to-action and increased monitoring lists, where it identifies jurisdictions with weak measures to combat AML/CTF. These lists are publicly available and are updated three times a year following the FATF’s review and mutual assessments of jurisdictions. 

   
   For counties on the call-to-action list, the FATF calls on jurisdictions to apply enhanced due diligence (EDD), and in the most serious cases, to apply countermeasures to protect the international financial system from the ongoing money laundering, terrorist financing, and proliferation of financing risks that emanate from the flagged countries. 
   
   The increased monitoring list includes countries that are actively working with the FATF to address money laundering/ terrorist financing deficiencies. Alignment with the FATF’s guidelines on VAs and VASPs, including enforcement of the Travel Rule, is expected to become increasingly relevant for the assessment of a country’s regimes to counter money laundering, terrorist financing, and proliferation of financing risks.

Regulators

The most effective way to resolve the Sunrise Issue challenges is with a swift implementation of the FATF’s requirements.

When implementing the Travel Rule, national regulators are the ones to determine how their Travel Rule framework will address the Sunrise Issue. According to data that the FATF shared in its June 2023 Targeted Update, 11 of 62 jurisdictions that have implemented the Travel Rule or are in the process of doing so have allowed a grace period for Travel Rule compliance, during which there are exemptions or flexibility in how VASPs are expected to comply in order to mitigate the effects of the Sunrise Issue [2]. 

Additionally, some jurisdictions expressly qualify how domestic VASPs can interact with foreign counterparts. 

For example:

• Regulators in South Korea acknowledge that overseas VASPs may not yet be required or prepared to comply with the Travel Rule. To deal with this, the South Korean framework allows Korean VASPs to facilitate transactions with overseas VASPs only when the Korean VASP is able to confirm that the customer is sending funds to an account held in their own name and that the money laundering/terrorism financing risks are low. (Financial Services Commission, 2022).
• In Japan, if the transaction counterparty is located in a region without Travel Rule enforcement, Japanese VASPs have no obligation to share PII. In these cases, Japanese VASPs are still required to collect and retain information about the counterparty and assess money laundering/terrorist financing risks. 
• In the U.K., an FCA statement establishes that when a beneficiary VASP is located in a jurisdiction non-compliant with the Travel Rule, the originator U.K. VASP is still required to collect and retain information about the counterparty and assess money laundering/
  terrorist financing risks but may proceed with the transaction without transmitting the information. Additionally, when a U.K. VASP receives a transaction without the required Travel Rule information, the U.K. framework allows the VASP to make a risk-based determination on whether to make the VA available to the beneficiary, taking into account the status of Travel Rule regulations in the jurisdiction where the originator VASP operates. 
  
  Learn more about the Japanese and British regulatory frameworks in Chapter 2 of the 2024 State of Crypto Travel Rule Compliance Report.

Joint Industry Initiatives

Joint industry initiates also play a role in resolving the Sunrise Issue.
Many industry working groups that operate on a national level, like the CryptoUK Travel Rule Working Group, have successfully engaged with national regulators to encourage the implementation of proportionate measures to mitigate the negative effects of the Sunrise Issue.
Groups like these should continue engaging with VASPs and regulators to encourage rapid implementation. 

Travel Rule Solutions

Similar to joint industry initiatives, Travel Rule solutions like Notabene’s SafeTransact can play a role in resolving the Sunrise Issue by increasing policymakers’ awareness of the problems and proposing creative solutions that facilitate VASPs’ operations during this period.

With these challenges in mind, Notabene launched the SAFE Implementation phases. This step-by-step onboarding program is designed to help our clients navigate the intricacies of Travel Rule compliance efficiently, particularly throughout the Sunrise Period. Throughout their journey using the SAFE Implementation phases, VASPs can gather valuable analytics that they can use to create a clear roadmap toward achieving full compliance. 

Additionally, Notabene offers a free SafeTransact-Rise plan tailored for VASPs that are not yet required to comply with the Travel Rule but wish to avoid being cut off from compliant transaction flows. The SafeTransact-Rise plan allows VASPs to receive and respond to Travel Rule
transfers, with no technical integration effort required.

VASPs

When trying to mitigate the challenges identified above, VASPs tend to take a variety of approaches. These approaches depend largely on what national mandates require or, when these frameworks are silent, what risk-based practices begin to emerge to compensate. 

We uncovered some of these practices in this year’s survey, which are listed below by order of popularity:

In withdrawals:

• 40% of the VASPs surveyed report taking a risk-based approach to determine whether or not to allow a transaction when they are unable to send Travel Rule information to the beneficiary VASP.
• 23% percent of the VASPs surveyed currently do not permit transactions unless they are able to send Travel Rule information.
• 19% of the VASPs surveyed allow their customers to transact, irrespective of whether they are able to send Travel Rule information.
• Only 3% of the surveyed VASPs only proceed with the withdrawal provided that the information can be sent to the beneficiary VASP and a response is received.

In deposits:

• 30% take a risk-based approach to determine whether or not to make a deposit available to the end customer in cases when the required Travel Rule message is not received from the originator VASP.
• Upon detecting a deposit without information/with missing information, some respondents send a request to provide missing information to the originator VASP. In the case the information is not provided, 21% return the funds and 10% opt to collect the information from their end customer.
• Of respondents, 19% allow customers to receive deposits regardless of whether the required Travel Rule information was received.
• 20% of respondents report taking other approaches. By way of example, one respondent reported allowing their customers a grace period before enforcing blockers. Others report only allowing first-party deposits and requiring their customer to demonstrate they control the source wallet.
  

These results indicate that a majority of VASPs currently adopt a risk-based approach to compliance limitations. However, stricter approaches are gaining popularity, possibly because of growing regulatory pressure. Notably, 23% of the surveyed VASPs currently prohibit transactions unless they can send Travel Rule information, and a similar percentage (21%) returns funds unless the required Travel Rule information is received.

2024 Status Check 

At present, some solutions are available to mitigate some of the friction caused by the Sunrise Issue, but its negative impact continues to severely affect VASPs in jurisdictions with Travel Rule obligations. While there is work that can be done by stakeholders at all levels, the power to solve
the Sunrise Issue ultimately lies with national regulators and policymakers in jurisdictions that have not yet introduced Travel Rule legislation/regulation. These regulators need to urgently implement
and operationalize the Travel Rule through effective supervision and enforcement action, using the available FATF resources and in consultation with the industry.

Conclusion

The Sunrise Issue remains a formidable challenge in the path to global Travel Rule compliance. By understanding the complexities involved, staying engaged with regulatory developments, and employing flexible technological solutions, VASPs can navigate this evolving landscape more effectively. As the industry continues to mature, collaborative efforts and adaptive strategies will be key to overcoming these hurdles.

This article explores the intricacies of the crypto Travel Rule, which is not merely an information exchange mechanism but also a powerful tool that companies can use to mitigate pre-transaction risks (including sanctions risks) and unlock new opportunities. We explore the rule’s purpose, objectives, and core components: VASP identification, due diligence, transaction qualification, information collection, and pre-transaction counterparty risk assessment.

‍

‍

The Crypto Travel Rule: A Shield Against Illicit Activities

The Travel Rule presents a robust safeguard against money laundering, fraud, and other illicit activities within the cryptocurrency landscape. Introducing stringent information exchange requirements creates a powerful barrier against criminals seeking to obscure the origin of their funds. However, it is essential to understand that the Travel Rule transcends mere data transmission. When executed effectively, the Travel Rule enables virtual asset service providers (VASPs) to stop potentially illicit transactions before they are created on the blockchain, significantly reducing VASP’s overall risk and exposure to sanctions — a pivotal development for the crypto industry.

‍

Pre-Transaction Travel Rule Implementation: A Defensive Tactic

Crypto transactions are immediate and irrevocable, a sharp contrast to traditional SWIFT payments, where settlements occur at scheduled intervals during the day, allowing beneficiaries time to request fund withholdings in the case of discrepancies, such as a mismatched beneficiary name. In crypto transactions, it’s essential that VASPs exchange information before settling the underlying transaction. Once funds are transferred, remediation becomes operationally burdensome — and in some cases, the risk may already have entered the VASPs’ spheres. 

‍

A pre-transaction implementation of the Travel Rule ensures that VASPs can perform critical risk assessments like beneficiary name matching and sanctions screening before receiving funds and, depending on their systems, before releasing funds to the end customer.

‍

The Travel Rule: Bridging the Gap Between Crypto Transactions and Real-World Entities

In addition to being a powerful counterparty risk mitigation tool, the Travel Rule is an indispensable infrastructure layer for crypto transactions because it establishes a connection between crypto activities and real-life individuals and entities.

Bridging this gap is essential for three reasons:

• Enhancing sanction controls: Before implementing the Travel Rule, VASPs conducted transactions with minimal information about their counterparties, leaving them vulnerable to potential risks. Now, the Travel Rule is a catalyst for reconstructing trust within the crypto space by enhancing sanction controls and counterparty risk management.
  
  
• Enabling new use cases: The Travel Rule opens the door to novel crypto transaction applications previously hindered by the lack of traceability. Traceability is crucial for several use cases (e.g., for accounting purposes) and paves the way for broader adoption of crypto payments and transactions.
  
  
• Preventing fraud: Fraud is a pervasive issue in crypto, and the Travel Rule addresses this problem by fostering collaboration among VASPs. This collaborative effort allows VASPs to verify the parties involved in a transaction collectively. For instance, if Alice initiates a transaction and informs her VASP that the funds are destined for her friend Bob’s account with another VASP, the beneficiary VASP can raise a red flag if the funds are actually being received by Daniel, a fraudster who has deceived Alice. 

‍Ultimately, when strategically implemented as a pre-transaction risk mitigation tool, the Travel Rule boosts the security of crypto transactions and opens up new horizons for the industry that could redefine how we interact with digital assets. 

‍

The Travel Rule is a robust safeguard against money laundering, fraud, and other illicit activities within the cryptocurrency landscape. By fostering a culture of proactive compliance and collaborative risk management, VASPs can unlock new dimensions of trust and operational excellence.

In February 2023, the Financial Action Task Force (FATF) Plenary observed a significant gap in the implementation of its revised Recommendation 15 in what concerns virtual assets (VAs) and virtual asset service providers (VASPs). Despite the October 2018 revision aimed at integrating and extending measures such as the Travel Rule to VAs and VASPs, numerous countries had not yet implemented these updated requirements.

To address this, the Plenary outlined a roadmap aimed at fortifying the implementation of FATF Standards concerning VAs and VASPs. This roadmap included conducting a comprehensive assessment of implementation levels across the global network. Today, the fruition of this commitment comes to light. 

After a 12-month process of collecting and evaluating relevant information, the FATF published a report on the Status of implementation of Recommendation 15 by FATF Members and Jurisdictions with Materially Important VASP Activity. 

This report features a detailed table evaluating various jurisdictions on key components such as:

• Risk assessment pertaining to VAs and VASPs
• Prohibition of VAs and VASPs
• Enacted legislation mandating VASP registration/licensing and application of AML/CTF controls
• Operational registration/licensing of VASPs
• Supervisory inspections on VASPs
• Enforcement/supervisory actions against VASPs
• Implementation of Travel Rule legislation

The jurisdictions under scrutiny include all FATF members and 20 non-FATF member jurisdictions deemed as hosting materially important VASP activities due to meeting the following criteria:

• Trading volume exceeding 0.25% of global trading and/or
• Having over 1 million users of virtual assets.

The evaluation published today is based on the responses provided by jurisdictions to the FATF's 2023 self-reported survey, which have been updated between January and March 2024. The FATF emphasizes that while informative, this data does not substitute a mutual evaluation or follow-up assessment of countries' compliance with Recommendation 15 as it has not been subject to a detailed analysis as per the FATF methodology. 

Three Key Insights from FATF’s Global Evaluation of Virtual Asset Regulation 

The data shared by the FATF provides three significant insights into how jurisdictions with materially important VASP activity are managing the sector:

‍

1. There has been an impressive progress on Travel Rule legislation
‍

Nearly 89% of jurisdictions with materially important VASP activity have either enacted or are in the process of enacting Travel Rule legislation. Only Australia, Iceland, Russia, South Africa, Ukraine, and Vietnam have yet to initiate this process.

‍

2. More than 90% of jurisdiction implement regulatory measures

Over 90% of jurisdictions with materially important VASP activity have implemented crucial measures to regulate and supervise VAs and VASPs. 91.2% conducted a risk assessment covering VAs and VASPs, while 90.7% enacted legislation mandating VASPs' registration or licensing and compliance with AML/CTF requirements. Similarly, 90.7% conducted supervisory inspections on VASPs.

‍

3. Only three jurisdictions prohibit virtual assets

‍
Only three jurisdictions with materially important VASP activity have explicitly prohibited VAs and VASPs: China, Egypt, and Saudi Arabia. 

‍

Goals of FATF’s Global Evaluation

The publication of this report serves three primary objectives:

• Enable the FATF network to assist jurisdictions with materially important VASP activity in regulating and supervising VASP activity;
• Encourage jurisdictions with materially important VASP activity to promptly implement Recommendation 15;
• Aid regulators and the private sector in discerning the status of Recommendation 15 implementation by jurisdictions with materially important VASP activity.

This last objective is particularly pertinent to Travel Rule compliance, especially in cross-border transactions involving VASPs based in jurisdictions not yet enforcing Travel Rule requirements (the Sunrise Issue).

For instance, in the United Kingdom, the Financial Conduct Authority (FCA) issued a communication on August 17, 2023, outlining more flexible obligations for UK VASPs when transacting with counterparts from jurisdictions without enforced Travel Rule requirements. The operationalization of this FCA guidance hinges on understanding the status of Travel Rule implementation in the counterparty's jurisdiction—a task now greatly facilitated by this new resource published by the FATF.

A Roadmap to Move Forward With

In conclusion, the release of FATF's report on the Status of implementation of Recommendation 15 by FATF Members and Jurisdictions with Materially Important VASP Activity marks a significant milestone: insights into the global landscape of crypto regulations shed light on the progress made and areas requiring further attention.

The findings underscore a collective commitment among jurisdictions with materially important VASP activity to enhance regulatory frameworks and compliance measures. Notably, the majority have taken decisive steps towards implementing Travel Rule requirements and strengthening supervision over VAs and VASPs. 

Moving forward, the objectives outlined in the report serve as a roadmap for continued collaboration and improvement towards a more robust and secure ecosystem for virtual assets.

Throughout 2023, the landscape of Travel Rule compliance was marked by a series of developments, from regulatory updates to strategic shifts in countries’ crypto stances. This article provides a comprehensive view of key milestones and strategic changes in various countries, underlining the year's pivotal role in shaping global Travel Rule compliance standards.

‍
An Overview of Key Crypto Travel Rule Milestones and Developments in 2023

NEW YORK, SINGAPORE, LONDON - March 12, 2024

‍‍

- Notabene, the leader in pre-transaction decision-making and Travel Rule compliance solutions, today released its third annual State of Crypto Travel Rule Compliance Report 2024. This year's findings highlight a remarkable compliance milestone: 96% of surveyed financial and crypto institutions are now compliant or on the path to compliance this year, showcasing significant industry-wide progress.

Based on a survey of 70 leading institutions worldwide, the report reveals a substantial increase in regulatory diligence and a commitment to the Travel Rule—an anti-money laundering framework introduced by the Financial Action Task Force (FATF) to virtual asset service providers (VASPs) in 2019. This framework aims to bolster transparency and security in crypto transactions. Notable findings from the report include a 187.5% surge in firms restricting non-compliant transactions and a significant leap in due diligence practices, with 64% of entities now verifying counterparties before transacting.

Pelle Braendgaard, CEO of Notabene, reflects on the progress, stating, "The industry is making great strides towards enhanced security and regulatory compliance. Embracing the insights from the latest State of Crypto Travel Rule Compliance Report will further drive our collective progress towards a unified financial ecosystem."

The report also uncovered that significant challenges, such as protocol interoperability, remain despite these advancements. A significant portion of respondents identified the lack of protocol interoperability as their primary hurdle to full compliance. Additionally, 37% reported never having received a Travel Rule message,  further highlighting interoperability issues. Full compliance for the 37% of VASPs that have not received any Travel Rule messages could bring a significant and potentially disproportionate impact on business, as it would require them not to accept any deposits.

The report offers actionable insights for navigating the complexities of global compliance, advocating for flexible regulatory frameworks and improved technology solution interoperability.

For an in-depth analysis and recommendations, access the complete report on notabene.id.

-ENDS-

For media inquiries or further information about Notabene and Shift Markets, please contact: [email protected]

About Notabene:

Notabene developed the crypto industry's only pre-transaction decision-making platform, enabling customers to identify and stop high-risk activity before it occurs. With a focus on security, privacy, and user experience, Notabene's multi-source data and software enables real-time decision-making, counterparty sanctions screening, self-hosted wallet identification, and more. SOC-2 security certified and trusted by over 100 companies, Notabene operates globally with headquarters in New York, and presence in Switzerland, Singapore, Germany, and the United Kingdom.

Companies like Copper, Luno, Crypto.com and Bitstamp leverage our  SafeTransact platform for Travel Rule compliance, tailored to their needs and aligned with global and local regulations. Our platform builds trust in virtual asset transactions to foster financial growth with minimized risk.

Get started today; sign up for our free SafeTransact Rise plan to respond to regulated transactions for free using the world's largest VASP Network. 

LinkedIn | Twitter

In the past year, the crypto compliance landscape has seen remarkable developments, leading to the widespread adoption of Travel Rule compliance. By the end of 2024, the Travel Rule is expected to see mass adoption, but not without bringing its operational complexities. This article explores critical trends and introduces Notabene's solutions to these evolving regulations.

Global Adoption: Setting the Stage for Universal Compliance

The past year has marked a significant shift towards regulatory alignment on a global scale. The United Kingdom, with the third highest transaction volume worldwide, adopted the Travel Rule, meaning that the regulation will cover a substantial volume of global transactions.

The European Union, through the Transfer of Funds Regulation, has set a new precedent, standardizing crypto Travel Rule requirements across its 27 member states. In the Asia-Pacific region, countries like Hong Kong and the United Aarab Emirates (UAE) have integrated Travel Rule compliance into their crypto business licensing frameworks. Eighty VASPs are currently looking to establish their presence in Hong Kong, and 1000 firms have applied to register under Dubai’s Virtual Asset Regulatory Authority. Given their substantial crypto asset transactions, India and Japan's adoption of the Travel Rule underscores the global momentum towards standardized regulatory practices. Their compliance is particularly noteworthy given the combined $300 billion in crypto assets received. ^[1]

The momentum extends with the Transfer of Funds Regulation coming into effect on December 30, 2024. We expect the Travel Rule to broaden its reach to regions like Latin America, South Africa, Taiwan, Australia, and Qatar. Additionally, Notabene’s “State of Crypto Travel Rule Compliance Report 2024" revealed a strong industry drive towards compliance, with 96% of virtual asset service providers (VASPs) aiming to meet the requirements by year-end, highlighting the critical nature of compliance for business continuity and the potential risks for non-compliant VASPs.

‍

‍

The Multi-Jurisdictional Compliance Challenge

Operating across various regulatory jurisdictions presents unique challenges. Global VASPs must take a nuanced approach to maintain operational fluidity while adhering to diverse regional regulatory implementations. Our yearly report reveals that nearly half of the businesses surveyed navigate Travel Rule obligations in multiple jurisdictions, significantly increasing the complexity of compliance efforts. 

‍

‍

Further, 65% of respondents highlighted a "multi-jurisdictional roll-out" as a critical success factor for their Travel Rule solutions.

‍

‍

‍

Streamlining Compliance with Notabene's Multi-Jurisdictional Tool

Notabene offers tailored solutions to ease the complexities of multi-jurisdictional compliance. Our Multi-Jurisdictional Compliance Tool simplifies the management of compliance obligations across different countries, enabling businesses to integrate new jurisdictions into their operational frameworks with just one click, gain comprehensive insights, and redirect transactions efficiently.

‍

{{cta-learnmore15="/cta-components"}}

‍

Tackling Self-Hosted Wallet Compliance

The Financial Action's Task Force (FATF's) updated guidance now extend the Travel Rule to include self-hosted wallets, requiring businesses to identify and, in some cases, verify the owners. The EU's upcoming Markets in Crypto-Assets Regulation (MiCA) will further enforce this, mandating self-hosted wallet verification for transactions over 1,000 EUR.

‍

Trend Analysis: How VASPs Are Navigating Self-Hosted Wallet Compliance

Our findings indicate a global trend towards mandatory wallet ownership verification, with 66% of companies implementing restrictions on self-hosted wallet transactions. A notable 33% of companies mandate first-party transactions. This means that a third of the businesses surveyed only allow transactions where customers can directly demonstrate control over their wallet addresses.

‍

‍

Enhanced Self-Hosted Wallet Verification: SafeConnect

In response to evolving compliance needs, Notabene has enhanced its SafeConnect tool for self-hosted wallet verification. The latest update introduces Bitcoin Wallet Ownership Proofs and improved capabilities for Ethereum wallets, streamlining the verification process while maintaining transactional ease.

{{cta-learnmore17="/cta-components"}}

‍

Looking Ahead: Ensuring Compliance in the Evolving Regulatory Landscape

As the regulatory landscape continues to evolve, it underscores the need for robust and scalable Travel Rule compliance solutions. Notabene's tailored solutions offer businesses the tools they need to navigate these changes with confidence. Take the first step towards securing your business's future in the evolving crypto landscape. 

As regulations evolve, so do the challenges. Global VASPs increasingly finding themselves at the crossroads of Travel Rule compliance, a task that becomes more daunting as they expand across various jurisdictions. 

The goal of maintaining a global presence while adhering to local regulations is more critical than ever. In response to these evolving demands, Notabene offers a comprehensive Multi-Jurisdictional Compliance tool designed to simplify the management and expansion of VASPs' jurisdictional reach with ease.
‍

Understanding the Multi-Jurisdictional Compliance Landscape

The landscape of Travel Rule compliance is rapidly changing, with a significant uptick in VASPs that are subject to Travel Rule obligations in more than one country. According to our State of Crypto Travel Rule Compliance Report 2024, nearly 50% of VASPs are now navigating the complexities of multi-jurisdictional compliance, marking a 104% increase from the previous year. Further, our survey highlighted that 65% of respondents name ‘multi-jurisdictional rollout’ as their top two factors as they search for Travel Rule compliance solutions, underscoring the growing importance of adaptable and extensive compliance frameworks in today's global market.

Navigating the Challenges of Global Travel Rule Compliance

‍

VASPs operating across multiple jurisdictions encounter a myriad of challenges, including:

• ‍Diverse Compliance Requirements: Each jurisdiction comes with its own set of compliance mandates, from specific Personal Identifiable Information (PII) requirements to varying approaches to self-hosted wallet transactions. This diversity necessitates a bespoke compliance strategy for each jurisdiction, adding layers of complexity to global operations.
  ‍
• Customized Implementation Needs: Expanding into new jurisdictions isn't just about scaling operations; it involves intricate technical implementations, operational adjustments, and comprehensive local staff training to ensure seamless integration into the existing compliance framework.
  ‍
• Complex Organizational Structures: VASPs often operate within complex organizational frameworks, ranging from centralized, nested structures under a single parent entity to independent, un-nested setups that allow for autonomy. Some combine these models to accommodate intricate compliance and operational needs, further complicating the implementation of global compliance strategies.
  ‍
• Accurate Transaction Routing: Ensuring that transactions are correctly associated with the appropriate jurisdiction adds another layer of complexity. This is particularly crucial, as accurately identifying transaction counterparts is the essential first step for Travel Rule compliance. Currently, VASPs utilize a combination of blockchain analytics, customer input, and other discoverability methods to navigate this challenge. However, these methods have limitations, such as the inability of blockchain analytics to pinpoint specific legal entities and the reliance on potentially uninformed end customers for crucial transaction details.

‍

Introducing Notabene's Multi-Entity Support Tool

Notabene introduces the Multi-Jurisdictional Support tool, designed specifically for global VASPs to manage multiple entities and transactions across jurisdictions effortlessly. 


Simplified Jurisdiction Activation and Management

Activating a new jurisdiction is as straightforward as accessing the Notabene dashboard and selecting "activate new jurisdiction." This action seamlessly integrates the specific regulatory requirements of the new jurisdiction into the entity's operations, ensuring compliance with minimal effort.


Deep Regulatory Insight and Automated Compliance

Notabene's platform is enriched with insights from active engagement with regulators and industry experts, ensuring a standardized approach to compliance. With regulatory requirements from over 23 jurisdictions encoded, VASPs can confidently expand their global operations, knowing they are in compliance with local laws.


Flexible Organizational Structuring

The tool accommodates various organizational structures, allowing companies to reflect their real-world setup within the platform:

• Nested Structure: For centralized management, entities can be organized hierarchically within a parent entity.
• Un-nested Structure: Entities can operate independently, providing autonomy and customization.
• Mixed Structure: A combination of nested and un-nested entities supports complex compliance needs.
• Single and Multiple Group Options: Entities can be streamlined under a single group or divided among multiple groups to facilitate the management of diverse business units or subsidiaries.

‍

‍

‍
Streamlined Transaction Routing

Notabene's Multi-Jurisdictional Support tool ensures transactions are automatically allocated to the correct entity, enhancing compliance with local regulatory reporting requirements. Our solution allows the Beneficiary VASP, best positioned to identify the receiving entity, to redirect Travel Rule transfers automatically to the relevant entity. This not only speeds up the pre-authorization of transactions but ensures their accurate delivery, relieving the Originator VASP of the burden of discovery.

Moreover, beneficiary VASPs with multiple entities can allocate deposit transfers automatically with our transaction redirect feature, allowing each entity to manage Travel Rule records tied to their deposits. This facilitates compliance demonstration to auditors and supervisors at the entity level.

Failure to redirect transfers correctly may result in loss of transaction volume for Beneficiary VASPs, as stricter due diligence obligations demand precise identification of transacting parties. Hence, Originator VASPs may hesitate to share Travel Rule information when the specific legal entity is unknown.

‍

‍

Elevate Your Compliance Strategy Today

Prepare your global company for success with Notabene's Multi-Jurisdictional Support tool. For existing customers, please designate a Group Admin to unlock these features. New customers will be guided through this process automatically.

As Travel Rule regulations expand to include more counterparty types, customers engaging in non-custodial need a reliable method to verify self-hosted wallet ownership.

SafeConnect, a flagship offering from Notabene, is stepping up to meet this demand by extending its self-hosted wallet verification capabilities to include Bitcoin wallet verification, aiding virtual asset service providers (VASPs) in compliance with various wallet counterparty types. 

‍

Aligning with Regulatory Developments

In its October 2021 guidance, the Financial Action Task Force (FATF) broadened the Travel Rule's scope to include transactions between VASPs and self-hosted wallets. This extension necessitates collecting and sometimes verifying information about the self-hosted wallet's owner by VASPs. 

Further, the forthcoming Transfer of Funds Regulation in Europe, taking effect this December, stipulates that for transactions exceeding 1,000 EUR, crypto-asset service providers must verify the ownership or control of the self-hosted address by the client conducting the transaction. VASPs facilitating self-hosted wallet transactions in all 27 EU member states must have a solution to verify wallet ownership of the broadest range of self-hosted wallets possible. 

Introducing Bitcoin Wallet Verification Proofs

Our self-hosted wallet verification tool, SafeConnect, enables customers to verify self-hosted wallet ownership on 200+ Ethereum-based wallets. Today, we expand its capabilities to facilitate Bitcoin wallet verification. Previously focused on Ethereum proofs, SafeConnect now transcends this boundary to embrace Bitcoin verification, accommodating a broader spectrum of digital assets. This enhancement is crucial, considering the FATF's emphasis on accommodating all virtual asset types and the TFR's requirement for rigorous verification processes for significant transactions.

‍

How it works

‍

• Customers connect their Ledger or Trezor hardware wallets to SafeConnect.
• SafeConnect automatically searches for the Bitcoin address associated with the transaction.
• Once the address is found, the customer will be are prompted to sign a wallet ownership verification message on their device.
• SafeConnect verifies the signature's authenticity and marks the transaction as ready to send.
  ‍

Improving the Ethereum Proofs

This update also brings enhancements for seamless Ethereum-based wallet proofs. We’re scaling up to support over 300 Web3 wallets and extending our services to more than 10 EVM-based networks. This expansion will significantly broaden our ability to support Ethereum-based wallet ownership proofs.
‍

How to Get Started

Current customers have access to these updates by updating to the latest version of SafeConnect. Other interested parties can book a demo with our team. 

Are you grappling with the complexities of the Travel Rule in your jurisdiction? You may be a consultant aiding financial institutions in achieving compliance with recent AML regulations. Given its significant impact on their operations, the necessity of a deep understanding of Travel Rule compliance cannot be overstated. This understanding is vital for maintaining regulatory compliance and the smooth operation of financial institutions.

The increasing frequency of Travel Rule deadlines has amplified the urgency for this knowledge. Moreover, regulators are mandating that Virtual Asset Service Providers (VASPs) establish robust Travel Rule frameworks as a precondition for obtaining operational licenses. This landscape highlights the critical need for specialized and comprehensive education in Travel Rule compliance.

We proudly present the Notabene Travel Rule Fundamentals Certification (NB-TRFC) program to address this need. Designed to infuse your organization with our deep expertise in the Travel Rule, this program equips you with the necessary knowledge and skills for seamless compliance. Our certification course offers a structured path to mastering Travel Rule compliance, providing a strategic advantage in the rapidly evolving industry.

‍

Introducing the NB-TRFC Program

The NB-TRFC program is a carefully designed educational journey aimed at making you an authority in Travel Rule compliance. You can expect:

• Tailored Content: Our curriculum focuses on the distinct regulatory landscapes of the Americas, Europe, the Middle East, Africa (EMEA), and the Asia-Pacific (APAC) regions.
• Holistic Approach: The program consists of three specialized courses, ensuring you gain a comprehensive understanding of every facet of Travel Rule compliance.

‍

Exploring the NB-TRFC Program

You have two options: enroll in the free Foundation course or the paid full program, which would provide you with a professional certification. Your educational journey is meticulously planned to provide an in-depth understanding of the Travel Rule, tailored to the region of your choice. The program includes:

1. Foundation Course: Start your compliance journey with the "Travel Rule—Foundations Course." This module simplifies the Travel Rule's historical context and current implications, laying the groundwork for more advanced strategies.
2. Advanced Compliance: Take your expertise to the next level with the "Travel Rule—Advanced Course." This part focuses on complex compliance scenarios, from Anti-Money Laundering checks to transaction monitoring.
3. Jurisdictional Focus: Conclude with a "Jurisdictional Deep Dive" course in the Americas, APAC, or EMEA region. This section will give you a playbook for localized compliance, highlighting key regulatory nuances in specific markets.
   ‍

Who Should Enroll?

This program is perfect for compliance officers and professionals, regulators, advisory professionals, legal advisors, and financial professionals in the crypto industry. Whether you're a beginner or an experienced professional, the courses offer both foundational and advanced insights.  It is a great way to certify not only yourself and your team!  

How to Get Started

Ready to become a certified expert in Travel Rule compliance? Visit our academy website for details on enrollment, course schedules, and pricing. Take the first step in your certification journey today!

‍

{{training4="/cta-components"}}

‍

Disclaimer

This certification program is for educational purposes only. It does not constitute legal, financial, investment, or any other advice. The digital asset space is dynamic, and some information may become outdated as the industry progresses.

In November 2023, the European Banking Authority (EBA) unveiled a Consultation Paper on the proposed Travel Rule Guidelines, marking a significant step in the evolution of EU financial regulation. This initiative addresses the growing need for clear regulatory frameworks as digital finance transforms the landscape of global transactions.

The EBA presented its proposed Travel Rule Guidelines as a direct response to the mandate outlined in Article 36 of the Transfer of Funds Regulation, which empowered the authority to issue guidelines to Crypto Asset Service Providers (CASPs), aiming to guide entities on how to comply with some of its requirements. 

This article explores the key takeaways of the EBA’s Travel Rule Guidelines and provides enriching insights from Notabene’s presentation at the EBA’s public hearing. 

‍

Key Takeaways from the EBA’s Consultation on Travel Rule Guidelines

‍

1. CASPs must consider interoperability when selecting a messaging protocol

The EBA emphasizes the need for interoperability among protocols used for transmitting Travel Rule information. The EBA advises CASPs to choose messaging protocols that are robust and interoperable, capable of seamless communication across various systems, and in line with industry standards. This approach aims to mitigate data integration challenges and enhance the efficiency of adhering to regulatory mandates.

“When choosing the messaging protocol, CASPs and ICASPs should ensure that the protocol’s architectures are sufficiently robust to enable the seamless and interoperable transmission of the required information by:
a. evaluating the protocol’s interoperability features to ensure it can seamlessly communicate with other systems, both within and outside CASPs and ICASPs;
b. considering the compatibility with existing industry standards, protocols, and blockchain networks to facilitate integration; and
c. assessing data integration and data reliability.”

‍

Notabene’s commentary:

During the EBA’s public hearing, we praised the EBA for recommending interoperability assessments promoting open and interoperable communication standards. This concept aligns with the FATF calling for more interoperability in tools and with surveyed VASPs calling for a global unified approach in travel rule communication and reachability in response to Notabene’s 2023 State of Travel Rule Survey. 

‍

‍

2. Deposits can only be accepted if the received information allows unambiguous identification of all parties involved in the transaction

The EBA outlined the procedures CASPs should implement to manage transfers lacking the required information.

‍

The EBA’s Guidelines for Addressing Missing Information in a Crypto Transaction

‍

Let’s break this down step by step.

Step 1: First, upon detecting missing information, the beneficiary CASP can either straightaway reject/return the transfer or request missing information from the prior CASP in the chain. 
‍

Where the crypto-asset service provider of the beneficiary becomes aware that the information referred to in Article 14(1) or (2), or in Article 15, is missing or incomplete, that crypto-asset service provider shall, on a risk-sensitive basis and without undue delay:
(a) reject the transfer or return the transferred crypto-assets to the originator’s crypto-asset account; or
(b) request the required information on the originator and the beneficiary before making the crypto-assets available to the beneficiary.

‍

Decision Flowchart for Handling Missing Information in Crypto Transfers per the EBA

‍

‍

Step 2: If the beneficiary CASP decides to ask for missing information, it should set a reasonable deadline by which the information should be provided. Transfers within the Union require the information to be provided within three working days, while transfers outside the Union have a deadline of 5 working days. If more than two parties are involved in the transfer flow or at least one CASP is based outside of the EU, the deadline extends to up to 5 working days. Additionally, if a CASP requests information from a prior CASP in the transfer chain, it must notify the prior CASP of the transfer’s suspension due to missing or incomplete information.

Step 3: If the beneficiary CASP asks for missing information and the previous CASP fails to provide it, the beneficiary CASP:

• may only consider accepting the deposit if both the originator and beneficiary are unambiguously identified and
• must evaluate the future treatment of the previous CASP, ICASP, or self-hosted address in the transfer chain for AML/CFT compliance purposes

Where a CASP becomes aware that required information is missing, incomplete or provided using inadmissible characters during the transfer and executes the transfer, based on all relevant risks, and provided that the condition in paragraph 50 is not met, it should document the reason for executing that transfer and, in line with its risk-based policies and procedures, consider the future treatment of the prior CASP or self-hosted address in the transfer chain for AML/ CFT compliance purposes.
Where the payer, payee, originator, or beneficiary cannot be unambiguously identified due to missing or incomplete information or information provided using inadmissible characters, the CASP should not execute the transfer.

‍

Decision Path for Missing Information Response in Crypto Transfers per the EBA

‍

Step 4: In cases where a CASP consistently fails to provide the required Travel Rule information, specific actions are mandated for the beneficiary CASP. Initially, steps such as issuing warnings and setting deadlines must be taken to address the issue. If the required information is still not provided despite these measures, the provider has the authority to reject, restrict, or terminate the transaction per established procedures. Additionally, it is required that the beneficiary CASP reports such failures and the steps taken to the competent authority responsible for monitoring compliance with AML/CTF regulations. This ensures accountability and regulatory oversight in addressing non-compliance issues within the crypto-asset service industry.

‍

Notabene’s commentary:

During the public hearing, Notabene challenged the strict rejection of deposits when the identity of the parties cannot be unambiguously confirmed, proposing a nuanced approach based on risk assessment, particularly in transactions with jurisdictions not yet enforcing the Travel Rule.

‍

3. The EBA provided guidelines for verifying ownership or control of self-hosted wallets in transactions over 1,000 EUR

As established in the TFR, if a crypto-asset transfer is made to/from a self-hosted address, the originator or beneficiary CASP must gather and retain specific information, ensuring the transfer can be tracked individually. If the transfer exceeds EUR 1,000, additional measures must be taken to verify whether the address belongs to the originator or beneficiary. These measures are further specified in the proposed EBA guidelines, which state that the verification should be conducted using at least two suitable methods:

• Advanced analytical tools
• Unattended verifications 
• Attended verification 
• Sending of a predefined amount set by the CASP from and to the self-hosted address to the CASP’s account
• Signing of a specific message in the account and wallet software, which can be done through the key associated with the transfer
• Requesting the customer to digitally sign a specific message into the account and wallet software with the key corresponding to that address
• Other suitable technical means

‍

The guidelines from the EBA appear to introduce the possibility of accepting transactions from third-party self-hosted wallets, a detail not explicitly outlined in the TFR text, which primarily focuses on verifying whether the CASP’s own customer maintains control over the self-hosted wallet. 

Where the self-hosted address is owned or controlled by a third person instead of the CASP customer, the CASP should, in addition to applying the verification requirement in accordance with Article 14 (5) or Article 16 (2) of Regulation (EU) 2023/1113, apply mitigating measures commensurate with the risks identified as per Article 19a of Directive (EU) 2015/849

‍

Notabene’s commentary:

During the public hearing, Notabene suggested that using more than one method for wallet ownership verification should not be required as a rule but recommended only for cases where it proves necessary. We also sought clarification on the treatment of third-party self-hosted wallet transactions.

‍

4. The status of Travel Rule enforcement in the counterparty jurisdiction is a relevant risk factor

The TFR specifies that the beneficiary CASP must establish procedures to detect whether the required Travel Rule information was provided. In turn, the proposed EBA guidelines elaborate on the monitoring process, highlighting the need for beneficiary CASPs to develop policies and procedures for determining which transfers require pre-transfer or post-transfer monitoring. This involves assessing various risk factors, including the regulatory treatment in the counterparty’s jurisdiction, in particular, the Travel Rule implementation status. 

‍

Notabene’s commentary:

Understanding the global status of Travel Rule requirements is thus crucial for a comprehensive Travel Rule policy. Notabene offers valuable resources in this regard, including information on our website and our annual State of Crypto Travel Rule Compliance Report, which features a detailed chart presenting a comprehensive overview of global Travel Rule adoption, including enforcement status in each jurisdiction, compliance thresholds, and obligations related to self-hosted wallets. These are valuable resources for CASPs in establishing procedures aligned with EBA guidelines.  

‍

What's next?

As the European Union ramps up for its Travel Rule enforcement deadline, the EBA’s proposed Travel Rule Guidelines stand as a pivotal development for CASPs and the broader digital finance ecosystem. These guidelines aim to enhance transparency and security in crypto-asset transactions and reflect a collaborative effort to adapt to the digital age’s complexities.

Notabene’s insightful contributions during the public hearing and the industry’s collective feedback underscore the importance of a unified approach to regulatory compliance. As we approach the public consultation deadline and anticipate the final guidelines, it’s crucial for stakeholders to remain engaged and proactive in shaping a regulatory environment that supports innovation while safeguarding integrity.

The EBA’s guidelines will undoubtedly play a crucial role in harmonizing practices across Europe, setting a precedent for global regulatory coherence in the digital finance realm. As we mark our calendars for the key dates leading up to the TFR enforcement, let’s continue to foster dialogue and collaboration, ensuring that the future of trusted crypto transfers is secure, transparent, and inclusive.