On July 22, 2021, HM Treasury released Amendments to the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 Statutory Instrument 2022, a consultation that included an entire chapter on the transfers of crypto assets. Chapter 6 laid forth provisions poised to implement the FATF’s Crypto Travel Rule into UK law.
Below are our important takeaways:
1. HM Treasury proposes to update the Money Laundering Regulations (MLRs) rather than pass primary legislation needed to amend the Funds Transfers Regulations (FTRs)
6.7: The use of the Money Laundering Regulations
As it is retained EU law, the government does not have the ability to easily amend the FTR, except to remove deficiencies caused by EU exit. More substantial amendments of the kind necessary to apply R.16 to cryptoassets would require primary legislation. The government therefore proposes to use its powers to amend the MLRs, which will also ensure that AML legislation for the cryptoasset sector is consolidated in one place, and is therefore easier to navigate.
Notabene Takeaway: Acknowledging the urgency with which HM Treasury wants to roll out the Travel Rule, they propose to update existing MLRs rather than attempt to amend the EU FTR laws. This will make it easier and faster to implement, and also has the benefit of ensuring all AML regulation for cryptoassets is kept within the MLRs.
2. HM Treasury offers an unspecified grace period for compliance solution integration
6.8: Timing
The government acknowledges that the process of integrating these requirements into a firm’s business practices may take time. It is important that new regulations are introduced in a proportionate way, striking the right balance between reducing the harms of illicit finance and supporting innovation that benefits consumers and the economy. It is therefore proposed that firms will be allowed a grace period after the amendments to the MLRs are made, to allow the integration of compliance solutions.
Notabene Takeaway: The HM Treasury acknowledges that introducing new compliance measures is a cost and needs to be balanced with their support for innovation. It will offer a grace period and calls on critical industry players’ responses to create evidence-based policy decisions. You can submit your feedback to this email Anti-MoneyLaunderingBranch@hmtreasury.gov.uk by October 14, 2021. Notabene will also provide a response.
3. Full Travel Rule data transfer requirements will apply to all VASP-to-VASP transfers over £1,000
Meanwhile, transfers below £1,000 will still require the collection of less PII.
6.12:
In line with INR.16 and the approach taken in the FTR, the government proposes that the following information should be required to be sent with a transfer of cryptoassets.
These requirements are the minimum information which should accompany a transfer of cryptoassets; there is nothing to prevent a cryptoasset service provider providing additional information with the transfer (such as, for example, providing full beneficiary and originator information, if the sending cryptoasset sevice provider does not know the jurisdiction in which the receiving cryptoasset service provider is based).
Notabene Takeaway: Notably, HM Treasury will require travel rule transfers below the threshold, similar to the EU requirements. Also, it is worth noting that while some jurisdictions have deemed all crypto transfers to be treated as ‘cross-border transfers, the UK makes an exception here by allowing transfers between UK-based VASPs not to include PII.
4. PII received, transmitted, or retained is within the scope of the UK GDPR
6.22:
Personal data received, transmitted or retained pursuant to these provisions is within scope of the UK General Data Protection Regulation (GDPR), and crypto asset service providers will therefore need to process it in line with the requirements in that legislation.
Notabene Takeaway: UK VASPs must uphold GDPR when performing Travel Rule transfers. This is not unexpected, but some questions arise on whether they will oblige their counterparties who are not in the EU or UK to also abide by GDPR.
5. HM Treasury invites comments/feedback on unhosted wallet transfers
6.27: Treatment of unhosted wallets
Obligations under R.16 only fall on cryptoasset service providers, not on private individuals using unhosted wallets. Although FATF are reviewing the treatment of unhosted wallets within scope of the recommendations, current FATF Guidance states that, where a beneficiary’s cryptoassets service provider receives a transfer from an unhosted wallet, it should obtain the required originator information from its own customer that receives the cryptoassets transfer. This requirement does not extend to the verification of said originator information. Where a transfer is being made from a cryptoassets service provider to an unhosted wallet, the originating provider is not expected to send information to an unhosted wallet, though it should still collect information on the intended beneficiary.
Notabene Takeaway: HM Treasury is hinting that it would only require obtaining the counterparty information and not its verification if it were to roll out requirements around unhosted wallets. This is in line with what FATF recommends now, but it is encouraging that they invite commentary from the industry. Regardless, companies must be prepared to implement a risk-based approach concerning unhosted wallets.
On June 20, 2021, the European Commission published a proposal for regulating the transfers of funds and certain crypto-assets. This current proposal recasts Regulation EU 2015/847 as part of an AML/CFT package of four legislative proposals that are considered one coherent whole in implementing the Commission Action Plan of May 7, 2020. This proposal creates a new and more coherent AML/CFT regulatory and institutional framework within the EU. The package encompasses:
- a proposal for a regulation on the prevention of the use of the financial system for the purposes of money laundering (ML) and terrorist financing (TF)
- a proposal for a Directive establishing the mechanisms that Member States should put in place to prevent the use of the financial system for ML/TF purposes, and repealing Directive (EU) 2015/849;
- a proposal for a Regulation creating an EU Anti-Money Laundering Authority (AMLA)8, and
- This proposal for the recast of Regulation EU 2015/847 expanding traceability requirements to crypto-assets.
In essence, this regulation takes May 2015’s Directive (EU) 2015/847 on ‘the information accompanying transfers of funds and updates it to adequately cover virtual assets while repealing the over-reaching requirements of Directive (EU) 2015/849.
This regulation will enter into force on the 20th day after publication in the official journal.
Read Notabene's key takeaways:
1. The EU sees the need for harmonized international rules
This proposal package addressed the need for harmonized rules across the internal market.
On May 7, 2020, the Commission presented an Action Plan for a comprehensive Union policy on preventing money laundering and terrorism financing. In that Action Plan, the Commission committed to taking measures to strengthen the EU’s rules on combating money laundering and terrorism financing and their implementation, with six priorities or pillars:
1. Ensuring effective implementation of the existing EU AML/CFT framework,
2. Establishing an EU single rulebook on AML/CFT,
3. Bringing about EU-level AML/CFT supervision,
4. Establishing a support and cooperation mechanism for FIUs,
5. Enforcing EU-level criminal law provisions and information exchange,
6. Strengthening the international dimension of the EU AML/CFT framework.
Pillars 1, 5, and 6 of the Action Plan are currently being implemented partly due to the support of both The European Parliament and the Council. The other pillars demand legislative action. Yet, evidence provided by reports and internal assessments identified that. In contrast, the requirements of Directive (EU) 2015/84912 were far-reaching; their lack of direct applicability and granularity led to a fragmentation in their application along national lines and divergent interpretations.
In response, this proposal updates Regulation EU 2015/847 while repealing Directive (EU) 2015/849.
Notabene’s assessment: The EU believes a more harmonized front to combat money-laundering and terrorism financing is required. A country-by-country implementation has not proven very effective. They hope this would alleviate jurisdictional arbitrage or the milder term they call “jurisdictional shopping.”
2. GDPR applies to CASPs
The EU clarifies that GDPR applies to CASPs (crypto asset service providers - the EU’s terminology equivalent to FATF’s virtual asset service providers.)
Article 15:
The EU is committed to ensuring high standards of protection of fundamental rights. Under article 15 of the current regulation, the processing of personal data under this Regulation is subject to Regulation (EU) 2016/679 of the European Parliament and of the Council31.Personal data that is processed pursuant to this Regulation by the Commission or EBA is subject to Regulation (EU) 2018/1725 of the European Parliament and of the Council32. The General Data Protection Regulation33 will apply to CASPs as regards the personal data handled and attached to cross-border transfers of value using virtual assets.
Article 20:
Payment and crypto-asset service providers shall ensure that the confidentiality of the data processed is respected.
Additionally, CASPs must keep records of information on the originator and the beneficiary for five years; they must delete them.
2015/847 recital 29:
As it may not be possible in criminal investigations to identify the data required or the individuals involved in a transaction until many months, or even years, after the original transfer of funds or transfer of crypto-assets , and in order to be able to have access to essential evidence in the context of investigations, it is appropriate to require payment service providers or crypto-asset service providers to keep records of information on the payer and the payee or the originator and the beneficiary for a period of time for the purposes of preventing, detecting and investigating money laundering and terrorist financing. That period should be limited to five years, after which all personal data should be deleted unless national law provides otherwise.
Notabene’s assessment: Many in the crypto industry have been long awaiting what the verdict on GDPR would be regarding the Travel Rule in the EU. The EU states that going forward, CASPs will need to implement a GDPR-compliant secure data storage solution, making it clear that AML/CFT measures supersede this.
3. Personally Identifiable Information obligations accompanying transfers of crypto-assets are in line with FATF
Article 14:
OBLIGATIONS ON THE CRYPTO-ASSET SERVICE PROVIDER OF THE ORIGINATOR
Information accompanying transfers of crypto-assets
1. The crypto-asset service provider of the originator shall ensure that transfers of cryptoassets are accompanied by the following information on the originator:
(a) the name of the originator;
(b) the account number of the originator, where an account is used to process the transaction;
(c) the originator’s address, official personal document number, customer identification
number or date and place of birth.
2. The crypto-asset service provider of the originator shall ensure that transfers of cryptoassets are accompanied by the following information on the beneficiary:
(a) the name of the beneficiary;
(b) the beneficiary’s account number, where such an account exists and is used to process the transaction.
Notabene’s assessment: By adhering to FATF suggested guidelines, it is easier for CASPs (or VASPs) to have unified rules as they comply cross-jurisdictionally.
4. Stakeholders consulted by the EU express concern about the walled garden of compliance.
pg 7:
Stakeholder input on the Action Plan was broadly positive. However, some European UnionVASP representatives claimed that the absence of a standardised global, open source and free, technical solution for the travel rule could lead to the exclusion of small actors from the crypto-assets market, with only important players being able to afford compliance with the rules.
Notabene’s assessment: Several working groups noted the possible exclusion of small players in the crypto-assets market if compliance is too complex and too expensive to roll out. If only a few exchanges can afford compliance or if messaging protocols are not free and open, a walled-garden scenario would cause a few “important” players to operate. At the same time, the rest may be hit with fines and must close.
5. The threshold is set at EUR 1000, but Travel Rule requirements still apply for lower thresholds (albeit with less PII shared)
The EU has set a threshold of EUR 1000, in line with FATF recommended guidelines. Above that, originator CASPs need to share originator identifying information beyond just name (i.e., physical address, official personal document number, customer identification number, or date and place of birth). The EU does call out transactions that may be part of structuring - whereby the asset appears to be linked to other transfers that amount to EUR 1000. The travel rule also applies to them.
2015/847 recital 16:
In order not to impair the efficiency of payment systems and crypto-asset transfer services, and in order to balance the risk of driving transactions underground as a result of overly strict identification requirements against the potential terrorist threat posed by small transfers of funds or crypto-assets, the obligation to check whether information on the payer or the payee, or, for transfers of crypto-assets, the originator and the beneficiary, is accurate should, in the case of transfers of funds where verification has not yet taken place, be imposed only in respect of individual transfers of funds or crypto-assets that exceed EUR 1000, unless the transfer appears to be linked to other transfers of funds or transfers of cryptoassets which together would exceed EUR 1000, the funds or crypto-assets have been received or paid out in cash or in anonymous electronic money, or where there are reasonable grounds for suspecting money laundering or terrorist financing.
The EU also calls out in Article 15 that the travel rule applies below the EUR 1000, but with only originator and beneficiary names shared.
Article 15:
By way of derogation from Article 14(1), transfers of crypto-assets not exceeding EUR1 000 that do not appear to be linked to other transfers of crypto-assets which, together with the transfer in question, exceed EUR 1 000, shall be accompanied by at least the following information:(a) the names of the originator and of the beneficiary;(b) the account number of the originator and of the beneficiary or, where Article 14(3)applies, the insurance that the crypto-asset transaction can be individually identified;
Notabene’s assessment: The European Commission has no desire to create overly strict requirements that impede the flow of transactions. But by requiring Travel Rule below the threshold, they are boldly signaling the importance of the Travel Rule to CASPs and asking them to take a more comprehensive or holistic approach to travel rule implementation.
6. Transfers of crypto assets from the EU to outside the EU should include a Legal Entity Identifier (LEI)
2015/847 recital 19 (adapted):
In order to allow the authorities responsible for combating money laundering or terrorist financing in third countries to trace the source of funds or crypto-assets used for those purposes, transfers of funds or transfer of crypto-assets from theUnion to outside the Union should carry complete information on the payer and the payee. Complete information on the payer and the payee should include the LegalEntity Identifier (LEI) when this information is provided by the payer to the payer’s service provider, since that would allow for better identification of the parties involved in a transfer of funds and could easily be included in existing payment message formats such as the one developed by the International Organisation for Standardisation for electronic data interchange between financial institutions.
Notabene’s assessment: Many in the crypto industry had pushed for the adoption of LEIs in the FATF guidance. While suggested as an identifier, the FATF did not introduce them as a requirement. We see the EU requirement as an excellent first step in accepting a more unified, global identification system for legal entities that will reduce diligence costs for CASPs for cross-border transfers.
7. Beneficiary CASPs should have effective risk-based procedures that apply where a transfer lacks the required information
2015/847 recital 22 (adapted):
As regards transfers of crypto-assets, the crypto-asset service provider of the beneficiary should implement effective procedures to detect whether the information on the originator is missing or incomplete. These procedures should include, where appropriate, monitoring after or during the transfers, in order to detect whether the required information on the originator or the beneficiary is missing. It should not be required that the information is attached directly to the transfer of crypto-assets itself, as long as it is submitted immediately and securely, and available upon request to appropriate authorities.
Article 12 calls for the beneficiary CASP to reject a transfer if it is missing data.
Article 12:
Transfers of funds with missing information on the payer or the payee
1. The intermediary payment service provider shall establish effective risk-based procedures for determining whether to execute, reject or suspend a transfer of funds lacking the required payer and payee information and for taking the appropriate follow up action.
Additionally, the proposal goes on to say, “If a CASP continues to submit transfers with incomplete data, the counterparty CASP could take steps to reject any future transfers of funds or terminate the business relationship.” Beneficiary CASPs must implement adequate procedures to detect whether the originator information is missing or complete.
2015/847 recital 23 (new):
Given the potential threat of money laundering and terrorist financing presented by anonymous transfers, it is appropriate to require payment service providers to request information on the payer and the payee. In line with the risk-based approach developed by FATF, it is appropriate to identify areas of higher and lower risk, with a view to better targeting the risk of money laundering and terrorist financing. Accordingly, the crypto-asset service provider of the beneficiary, the payment service provider of the payee and the intermediary payment service provider should have effective risk-based procedures that apply where a transfer of funds lacks the required information on the payer or the payee, or where a transfer of crypto-assets lacks the required information on the originator or the beneficiary, in order to allow them to decide whether to execute, reject or suspend that transfer and to determine the appropriate follow-up action to take.
Notabene’s assessment: A risk-based approach to compliance is urged and recommended for CASPs. This is good news for companies who can take a more nuanced approach to travel rule, especially during the sunrise period when many counterparty institutions may not respond quickly.
8. Member states should lay down sanctions to encourage compliance
2015/847 recital 30:
In order to improve compliance with this Regulation, and in accordance with theCommission Communication of 9 December 2010 entitled ‘Reinforcing sanctioning regimes in the financial services sector’, the power to adopt supervisory measures and the sanctioning powers of competent authorities should be enhanced. Administrative sanctions and measures should be provided for and, given the importance of the fight against money laundering and terrorist financing, Member States should lay down sanctions and measures that are effective, proportionate and dissuasive. Member States should notify the Commission and the Joint Committee of EBA, EIOPA and ESMA(the ‘ESAs’) thereof.
The proposal goes on to state that legal persons can be held liable for breaches:
Chapter 5: Sanctions and monitoring:
5. Member States shall ensure that legal persons can be held liable for the breaches referred to in Article 2318 committed for their benefit by any person acting individually or aspart of an organ of that legal person, and having a leading position within the legal person based on any of the following:(a) power to represent the legal person;(b) authority to take decisions on behalf of the legal person; or(c) authority to exercise control within the legal person.
Competent authorities may impose administrative sanctions and measures in collaboration with other authorities.
Chapter 5: Sanctions and monitoring:
7. Competent authorities shall exercise their powers to impose administrative sanctions and measures in accordance with this Regulation in any of the following ways:EN 41 EN(a) directly;(b) in collaboration with other authorities;(c) under their responsibility by delegation to such other authorities;(d) by application to the competent judicial authorities.In the exercise of their powers to impose administrative sanctions and measures, competent authorities shall cooperate closely in order to ensure that those administrative sanctions or measures produce the desired results and coordinate their action when dealing with cross-border cases
Article 23:
Member States shall ensure that their administrative sanctions and measures include at least those laid down by Articles 40(2), 40(3) and 41(1)59(2) and (3) [...] in the event of the following breaches of this Regulation:
(a) repeated or systematic failure by a payment service provider to include the required information on the payer or the payee, in breach of Article 4, 5 or 6 or by a crypto-asset service provider to include the required information on the originator and beneficiary, in breach of Articles 14 and 15;
(b) repeated, systematic or serious failure by a payment service provider or crypto-asset service provider to retain records, in breach of Article 2116;
(c) failure by a payment service provider to implement effective risk-based procedures, in breach of Articles 8 or 12 or by a crypto-asset service provider to implement effective risk-based procedures, in breach of Article 17;
(d) serious failure by an intermediary payment service provider to comply with Article 11 or 12.
Notabene’s assessment: While there will be a centralized body for AML/CFT revision at the EU level, enforcement (e.g., sanctions) still gets performed at the member state level. We’re interested to see how effective this approach will be for EU member states.
9. This regulation does not apply to p2p transfers
Article 2:
Electronic money tokens, as defined in Article 3(1), point 4 of Regulation shall be treated as crypto-assets under this Regulation. This Regulation shall not apply to person-to-person transfer of crypto-assets.
Notabene’s assessment: While P2P is not affected, the EU does not comment on transactions between CASPs and noncustodial or unhosted wallets. This is good news for now, though certain member states have rolled out their own requirements (e.g., Netherlands).
10. The originator CASP should provide appropriate customer PII within three working days of receiving a request from the beneficiary CASP
Article 5: Transfers within the European Union:
2. Notwithstanding paragraph 1, the payment service provider of the payer shall, within three working days of receiving a request for information from the payment service provider of the payee or from the intermediary payment service provider, make available the
following:
(a) for transfers of funds exceeding EUR 1000, whether those transfers are carried
out in a single transaction or in several transactions which appear to be linked, the
information on the payer or the payee in accordance with Article 4;
(b) for transfers of funds not exceeding EUR 1000 that do not appear to be linked
to other transfers of funds which, together with the transfer in question, exceed EUR
1000, at least:
(i) the names of the payer and of the payee; and
(ii) the payment account numbers of the payer and of the payee or, where Article 4(3) applies, the unique transaction identifier
On May 11th, 2021, The German Federal Ministry of Finance published a working ordinance draft bill, the Crypto Securities Transfer Regulation, Krypto Wertetransfer Verordnung (KryptoTransferV), which included increased “duties of care” in the transfer of virtual assets.
Later, on June 14th, the German Federal Ministry of Finance released the updated hearing on the draft bill that requires crypto asset companies to enforce the Travel Rule. The regulation prohibits the transmission of information about clients and recipients arranged for transferring crypto values, as is the case with money transfers. This regulation is based on Regulation (EU) 2015/847 of the European Parliament and of the Council. The German Federal Ministry of Finance will approve the ordinance by the end of 2023.
Read our key takeaways:
1. Germany required the Travel Rule before the European Commission
Crypto Securities Transfer Regulation (KryptoTransferV) § 3:
“Possible alternatives do not represent justifiable alternatives to the proposed regulation with regard to proportionality on the one hand and the limitation of the threat posed by anonymous transactions on the other. A prohibition of transactions on electronic wallets that are not administered by a crypto custodian has only a very limited effect due to the mostly cross-border nature of crypto transfer business and presents itself as a less proportionate alternative compared to the proposed transmission of information. Due to the high risks posed by anonymous crypto power transfers, the adaptation of European regulation cannot be waited for.”
Notabene takeaway: This is a strong example of a national regulator taking things into their own hands and moving forward with crypto rules before being enforced on a European Union level. In this case, the German regulator implies that imposing Travel Rule is a more effective alternative to banning non-custodial wallets due to their cross-border nature.
2. Germany views transfers to self-managed electronic wallets as the starting point of a suspicious transaction.
Crypto Securities Transfer Regulation (KryptoTransferV) § A:
In addition, the transfer of cryptovalues to an electronic wallet that is not managed by a crypto custodian (self-managed electronic money exchange), or vice versa, is viewed as a case constellation with increased risk. So can the Forwarding of crypto values to a self-managed electronic wallet represent a starting point for a suspicious transaction.
Notabene takeaway: While many regulators have signaled that they view transactions to non-custodial wallets as higher risk, it is surprising to see that the German regulator deems them as a starting point for suspicious transactions. This is a stricter stance than what FATF details in their latest guide. We expect that this will impact whether German VASPs will continue to allow transactions to non-custodial wallets, especially ones to third parties.
3. The German proposal includes estimations of compliance costs
Crypto Securities Transfer Regulation (KryptoTransferV) § V:
"This ordinance does not impose any costs on citizens.
The estimate of the compliance burden is subject to considerable uncertainty. If the requirements of the Ordinance are largely met, the compliance burden on business will be higher. If greater use is made of the notification requirement under Section 4 of the Ordinance, the costs for the economy will be lower.
For the business community, there will be recurring compliance costs of approximately €420,800. In the event of an increase in the number of cases, no further costs for the implementation of Section 3 of the Ordinance can be assumed due to the expected automation of data transmission and the associated synergy effects, especially since it is expected that providers will offer flat rates for the implementation of data transmission for crypto value transfers.
The administration will incur recurring compliance costs of approximately €157,000.”
Notabene takeaway: It is a reasonable effort for the regulator to quantify potential compliance costs for regulated institutions that must comply quickly. However, it is unclear how these estimates were reached without a more detailed breakdown of the charges, the large upfront investments companies need to make, and the daily maintenance costs to ensure proper detection of suspicious activity (e.g., additional compliance and technical team resources, software costs.) It would also help if the regulator can clarify the sources of the estimates involved or perform further consultations with the private sector and technology vendors like Notabene to arrive at more precise estimates.
4. German PII requirements are in line with the FATF Recommendations.
Crypto Securities Transfer Regulation (KryptoTransferV) § 3 paragraph 1:
“The obligor performing the transfer on behalf of the principal shall ensure that the following information is determined and stored: Name of the client
address of the client or the number of an official personal document of the client or the client number or the date and place of birth of the client
Number of the originator’s account (for example, the public key)
Name of the beneficiary and number of the beneficiary’s account (for example, the public key.)”
Notabene’s takeaway: This is in line with FATF and the most recent EU regulations. For VASPs, more streamlined Travel Rule requirements make it easier to roll out Travel Rule effectively.
5. This draft accounts for a possible lack of technical capability.
Crypto Securities Transfer Regulation (KryptoTransferV) § 4:
“Section 4 (1) opens up the possibility of notifying the competent supervisory authority pursuant to Section 50 no. 1 AMLA that the transmission of information cannot yet be implemented or cannot be implemented in full due to a lack of technical capability for standardized transmission. The notification shall result in a suspension of the obligations under Section 3, provided that the competent supervisory authority under Section 50 no. 1 AMLA does not raise any objections under paragraph 2. Insofar as the technical implementation of the data transmission has already been taken into account in the structuring and issuance of crypto securities, a suspension of the obligations pursuant to Section 3 (2) shall not be considered.
Notabene takeaway: In the absence of viable and standardized technical messaging protocols, the German regulator can grant VASPs grace periods of up to one year. VASPs need to take steps for risk mitigation during this period, such as restricting certain types of transfers.
*Please note that we used DeepL to translate the original draft regulation from German to English.
The FATF recently released their second 12-month review of the implementation of its virtual asset and VASP guidelines. The goal of the 12-month review is for the FATF to identify gaps in implementation and denote subsequent actions to be taken and plan forward. Below are Notabene’s key takeaways that we believe cryptoasset businesses and compliance teams should keep at the top of mind.
1. Less than half of surveyed jurisdictions have introduced the necessary legislation
While the FATF recognizes the ‘significant progress’ by jurisdictions in implementing a licensing or registration regime for virtual asset service providers, less than half of jurisdictions surveyed (58 of 128) have introduced the necessary legislation. Even fewer have enforced the regulations or introduced the Travel Rule.
Notabene Takeaway: The low number of reported compliance leads the FATF to believe that we are still far from a global AML/CFT regime for virtual assets, which, in turn, encourages jurisdictional arbitrage. Also, with national jurisdictions behind on implementing the Travel Rule, this disincentivizes the private sector to invest in technological solutions and build compliance infrastructure.
Below are two charts; the first compares FATF and the FSRB (FATF-Style Regional Bodies, which are autonomous regional organizations that help FATF implement its global AML/CFT policy) and their approach and readiness to crypto regulation. The second chart details which activities jurisdictions allow after passing crypto regulation.
2. Most jurisdictions are not Travel Rule compliant, leading to a significant obstacle to effective global AML/CFT mitigation
Two years after the FATF revised its Standards, most jurisdictions and VASPs are not currently Travel Rule compliant. The FATF sees this as a significant obstacle to effective global AML/CFT mitigation and undermines the effectiveness and impact of the revised FATF Standards.
Ten jurisdictions reported that they had implemented Travel Rule requirements for VASPs and that these requirements were being enforced. In comparison, a further 14 jurisdictions said they had introduced Travel Rule requirements, but they were not yet enforced.
Notabene Takeaway: There is a vicious circle happening; the lack of national implementation reduces the incentive for technical progress. The lack of technological progress is used to justify the lack of national implementation. In the near future, greater jurisdictional implementation will be a necessary prerequisite to kick off technical progress.
“Rapid implementation by all jurisdictions will act as the catalyst to promote the development of technical solutions and compliance by VASPs.” - FATF Second 12-month review of the Revised FATF standards on VAs and VASPs (July 2021)
3. Jurisdictional arbitrage is a growing problem
There has been a significant increase in the value of virtual assets collected as ransomware payments and in the use of virtual assets to commit and launder the proceeds of fraud in the last year. The proceeds of such ransomware attacks are often moved via unhosted or privacy wallets and/or other anonymity-enhancing tools and methods to VASPs. Most identified ML/TF activity relates to activity that is native to virtual assets. It is much less clear the extent to which virtual assets are being used to launder proceeds of crime that originate in fiat currency.
Notabene Takeaway: Non-compliant VASPs and privacy-enhancing tools facilitate an atmosphere of jurisdictional arbitrage. This creates a great environment for ransomware transacted through virtual assets. VAs are increasingly used for collecting ransomware - uneven implementation of regulatory regimes leading to jurisdictional arbitrage, non-compliant VASPs, and privacy-enhancing tools facilitate it.
4. FATF found no need to amend standards to include P2P transactions
FATF noted:
"If P2P transactions were to increase to the point that were to occur almost entirely on a P2P basis and criminals were able to exist entirely in the virtual asset ecosystem, without ever interacting with VASPs and on- and off-ramps to the traditional fiat economy, the current FATF Standards might need revision to sufficiently mitigate the ML/TF risks."
FATF continues with:
"VASPs currently play an important role in the virtual asset ecosystem. While P2P transfers occur in the ecosystem, VASPs are needed for the exchange or withdrawal of virtual assets for fiat currency. In addition, investigators, blockchain analytic companies, and other parties can generally capture information on P2P transactions generated on public blockchains, which can be transparent and traceable. This information can provide greater visibility of virtual asset transfers than off-chain transfers or transfers on private blockchains, including those carried out by VASPs, and assist in AML/CFT risk mitigation."
Notabene Takeaway: Suppose P2P transactions were to increase to the point that criminals could exist entirely in the virtual asset ecosystem without ever interacting with VASPs and on-and-off-ramps to the traditional fiat economy. In that case, the current FATF Standards might need revision to mitigate the ML/TF risks sufficiently. Currently, the FAFT found no need to amend the revised FATF standards, due in part to reliance on other players such as blockchain analytic companies, investigators, and the inherent traceable nature of public blockchains.
For example, if the addresses that are used for P2P and peer-VASP transactions could be correctly linked, it will inform the development of risk profiles and identity attribution for unhosted wallets. This may grow over time as more transfers are recorded on public blockchains.
%20and%20FATF%20Style%20Regional%20Bodies%20(FSRB)%20members%20%7C%20Notabene.jpg)
5. All jurisdictions need to implement the revised FATF Standards, including Travel Rule requirements, as quickly as possible.
The report states:
"The FATF should focus on the effective implementation of the currentFATF Standards on virtual assets and VASPs across the GlobalNetwork. Members of the FATF and its broader Global Network should implement the revised FATF Standards (R.15/INR.15) as a matter of priority."
Notabene Takeaway: To accelerate the implementation of the Travel Rule by the private sector, FATF members, particularly those who are leaders in AML/CFT regulation of VASPs, are advised to work collaboratively with each other and the private sector to facilitate the implementation of the Travel Rule.
With over 36 years of experience, spanning from heading global compliance teams at Fidelity to Director of the Southeast Region of the SEC, Advisor to Notabene, Charles V. Senatore has amassed diverse insight for compliance officers operating in the crypto industry.
During this fireside chat with Co-founder and CEO of Notabene Pelle Brændgaard, Chuck covers:
- A promise he committed to a higher-up that earned him a seat at the business partner table.
- Steps compliance officers can take to move from being perceived as the “anti-business” department to becoming an integral part of product teams by contributing early to product development.
- Three tips that crypto firms can do to encourage regulatory regimes to take a risk-based approach to achieving desired regulatory outcomes instead of mandating the entire technology.
----
Pelle Brændgaard (PB): Thank you for joining me. Please tell us about your path into compliance.
Charles V. Senatore (CS): It was an unlikely route. But, looking in retrospect, I had a collection of experiences that ended up uniquely suiting me to becoming a compliance officer without ever having planned to become one. I am a lawyer with a multifaceted background.
First, I was a trial lawyer, so I understand dealing with issues like dispute resolution. Next, I became a federal prosecutor and became familiar with criminal laws, how they affect defendants, and how they are enforced. I then became a law firm partner, where I gained an understanding of the client’s perspective. Later, I became a senior regulator at the SEC, where, with a slightly different lens, I got deeper into public policy and understanding the drivers behind financial regulation.
Then I unexpectedly became a compliance officer after experiencing what I would call a “bear hug.” For those of you that are unfamiliar with mergers and acquisitions, a bear hug is a takeover offer that a target must respond to, with enormous pressure to say “yes.” In my case, I received a request from the general counsel for whom I was working, who asked me if I would consider taking on the compliance director role for a significant business unit. I was quite happy with my current role as an in-house lawyer at that time, so I gently pushed back. But it soon became apparent that this was less of a request and more of a demand. So, I began my unplanned compliance journey, which led to me leading global compliance functions, first at Merrill Lynch and later at Fidelity.
Grabbing a seat at the leadership table as a compliance officer
PB: I know that you’re passionate about the value that compliance brings to a business. But, unfortunately, we sometimes hear from compliance teams that they are often not seen as a strategic function but as a necessary evil or a checkbox you just have to deal with. Have you experienced something like this in your career, and what did you do to change this perception?
CS: Great question. Compliance Officers are often in danger of being perceived as “the anti-business department.” If compliance officers behave in a way where they’re perceived as always saying “No,” it’s understandable why business partners may see them as an obstacle versus being part of the solution to help the business grow.
I’ll share a quick story. When I first assumed my compliance role, I was surprised to learn that the business heads never dealt with the compliance leader directly, instead of communicating indirectly and only on an as-needed basis through staff. I thought this was a little odd. So I initiated a direct connection with one of the business heads. In that first meeting, he asked me why we were meeting. I sensed that he questioned the value of him meeting with me when their practice had been simply to deal with compliance issues through staff when they arose.
I explained that I thought it would make sense for both of us to be better connected and working together. I also wanted a better one-on-one connection with other business leaders. I offered him a promise: whenever an issue arose, I would do whatever I could to find a way to realize the business vision and get to a “yes.” We would think as creatively and responsibly as possible and consider every alternative to reach a “yes,” unless it became abundantly clear that, after all that thought and effort, the answer had to be “no.” In exchange, I requested that he introduce me to the management ranks and invite me to their business meetings.
The change in how the compliance department was perceived didn’t happen overnight. When I first attended a national sales managers meeting and introduced myself as the compliance officer, the people I met were polite but uneasy. But over time, the strategy worked. Within a few years, I was invited to join the business unit’s operating committee.
The message here is understanding that reflexively saying “no” really isn’t a great option. Instead, a real value-add is helping the business get to a “yes” responsibly and consistently, not just with regulation but also with what’s suitable for the company and customers. And that ends up introducing the opportunity for compliance officers to be at the table and be a respected part of leadership.
Crypto compliance is based on classical banking principles
PB: Coming from the banking world, what do you see as some of the biggest challenges from a compliance perspective regarding supporting new crypto-based products?
CS: Today, we rely on principles based on classical banking and payment transactions and apply them to various new constructs. The big challenge is having those same principles work in a new setting.
The industry is experiencing what I would call a square peg in a round hole regulatory phenomenon. Currently, the challenge is to figure out how to take those timeless principles, those underlying the foundations of, for example, the Bank Secrecy Act/Anti-Money Laundering (BSA/AML) customer identification and reporting, and translate them into a new and different world.
We’re facing a rapidly maturing market with lots of new products. Even digital fiat is being discussed in countries where it could become a legal tender. But regulators need to assess what kind of issues they may produce and what bad things could happen as a result. The crypto industry is like a gangly teenager with growing pains, finding their way as they grow. Right now, we’re trying to help the industry mature and grow in a way that doesn’t create counterproductive issues.
PB: It’s a challenge we’re seeing our customers grapple with all the time. And that leads me to the next question. US regulators have a history of a technology-agnostic view on managing ML/TF risks, which has been a boon to the US crypto industry in the past because they essentially let the industry figure out how to solve compliance.
But the recent notice of proposed rule-making (NPRM) from the Department of Treasury seems to be setting a new precedent of more specific technical guidance instead of a more technology-agnostic approach. Do you see this as a general trend that’s coming, or is this something we can take on as an industry to encourage FinCEN to continue with a technology-agnostic approach?
Mandating a technology doesn’t end well
CS: Unfortunately, there is a history where regulators have dictated a particular technology. And frankly, it often doesn’t end well in the long run.
Here’s a well-known example in the securities space. “Write Once, Read Many” (WORM) is a mandated requirement by a books and records retention regulation created over 20 years ago. WORM required records to be kept on optical disks to ensure that records could not be altered. Today, this standard still exists, despite technological innovations that could enable less costly ways to ensure records can’t be changed. To comply, some firms have to duplicate their records by copying them onto those disks. You end up with these two redundant systems. It’s incredibly inefficient, and regulators have been, unfortunately, slow.
The WORM example demonstrates why I believe mandating a technology doesn’t end well. The danger of mandating a technology is that the technology changes, yet the regulation stays set to a specific point in time. It’s hard to unwind it, and it creates all sorts of inefficiencies.
Regarding the recent NPRM, I believe there might be hope that regulators will not mandate a specific technology. Many regulatory regimes, FinCEN included, contemplate a risk-based approach when it comes to regulatory compliance. A risk-based approach allows you to deal with different cases and situations based on specific conditions in a firm, while a mandated or recommended approach may not fit and does not lead to good outcomes. In crafting the NPRM as it applies to unhosted wallets, FINCEN was essentially borrowing from existing BSA principles.
PB: Is there anything you think the crypto industry should do to encourage regulators to take this approach?
CS: There are three things the industry can do.
- Firms should remember that at the end of the day, the onus is on them to create the proper internal controls and be accountable for outcomes.
- The industry must gather as a community. I understand that, in general, individual businesses compete with each other. But when it comes to regulatory compliance issues, in my experience, collaboration and sharing ideas happen more freely. There appears to be an appreciation that “a rising tide lifts all boats.” In my experience, the firms I worked for certainly had competitors. But when it came to compliance, people from different firms were willing to share best practices.
- Engage with regulators responsibly. Having a healthy relationship with the regulators enables all parties to understand the challenges facing an industry while fostering awareness regarding emerging technologies, improving controls, and mitigating risks.
There is certainly a potential for adverse interactions with regulators, particularly when problems arise at our firms. And it’s understandable why some in the industry would want to avoid contact with them unless absolutely necessary. However, even in those circumstances, having a constructive relationship of trust with regulators often goes a long way towards a thoughtful and fair resolution.
Additionally, there are other scenarios in which regulator interest can actually be positive. Often, regulators value their relationship with responsible industry participants because they want to understand where the markets are going and better understand the technology. Regulators, as public servants, have a laudable interest in the integrity of our markets, and keeping up to speed is crucial for executing their mission. Because if they don’t, regulations begin to become out of date and less effective. And if there are new and emerging technologies that regulators don’t understand, they risk finding themselves behind the curve. As such, many regulators are eager to engage and to learn.
Ultimately, our ideal scenario here in the United States, which I assume is also the case elsewhere, is to develop a paradigm where regulators and industry promote responsible innovation by learning together. Some jurisdictions, for example, in the UK’s FCA, appear to be further along, with their embracing of sandboxes and proactive collaboration with industry. These are examples of how a healthy regulatory relationship can benefit an industry.
Viewing compliance as a business strategy
PB: When FinCEN started instituting rules for applying the BSA to crypto companies, they tended to react in a few different ways. Some saw it as an opportunity to get regulatory compliance, while others moved offshore. Now, many are starting to see that compliance could be a competitive advantage, particularly in this crowded market that we see today in the crypto space. Do you think compliance can be an opportunity for differentiation?
CS: No question about that. Compliance offers an opportunity for differentiation whether regarding crypto, a banking transaction, or an investment transaction. Whenever anybody handles other people’s money, they really need to care that there are first-class controls and first-class attention to the welfare of clients.
I’ll give you an example from the history of mutual funds. Many years ago, in the early 2000s, there was a scandal where certain mutual fund firms allowed special privileges to a particular client. Basically, the client said, “Look, I will give you lots of money as assets, from which you can earn hefty management fees. In exchange, I want you to allow me to trade more frequently than you allow other shareholders, to enable me to arbitrage various markets, and allow me special privileges to place mutual fund orders after the close of the markets–so I can get the previous day’s price.” This client essentially asked for a unique advantage, as one regulator said, to bet on yesterday’s horse race.
Over 20 mutual fund firms agreed to give the client that unfair advantage. But, once the scandal broke, the fallout for these firms was dramatic. For example, one firm, pre-scandal, had assets under management in the range of $360B. But, clients pulled significant assets out post-scandal, resulting in a dramatic loss of assets under management (AUM) down to approximately $60B. Considering that a mutual fund firm’s revenue is based on a percentage of AUM, I think you can imagine the magnitude of investment management fees lost. And it’s still as yet to fully come back to its former glory.
My point here is that clients and investors care about these issues, so having great compliance is a competitive advantage. When you’re in a position of trust, whether it’s doing a transaction, whether it’s providing custody, whether it’s managing investments, or otherwise, people are trusting you with their money. So if you don’t do that well, if you don’t have the commitment and controls, you’re going to lose ground to firms with strong and effective compliance programs.
A great compliance program can bring a large competitive advantage. Going back to the earlier question, when compliance officers work shoulder to shoulder alongside the firm’s leadership and jointly think about these things, this leads to extraordinary outcomes.
PB: We’re seeing more and more institutional players enter the space. For companies that want to service that market, will regulatory compliance become even more important than when servicing the average retail investor?
CS: In terms of the amount of money at stake, yes. However, we should remember that retail investors hold a special place in the hearts of regulators and in the regulatory scheme generally across the board.
For example, when it comes to securities laws, there are stringent disclosure requirements and registration requirements that apply to the offering of securities meant to ensure that investors understand all the details and risks of an investment. This is intended to protect the “mom and pop” investor. However, the securities laws implicitly recognize that institutional investors, or those that are accredited, are in a better position to fend for themselves, resulting in more relaxed disclosure requirements. So institutional investors are presumed to need less protection.
With respect to cryptocurrencies, the risks and opportunities for bad outcomes for investors are actually higher at the retail level. When one considers the plenary risks of loss of assets and volatility versus other investments, mom and pop investors choosing to engage in the crypto markets could lose a larger percentage of their nest egg than an institutional investor.
This goes back to the earlier point of the importance of best practices and controls. Even though institutional investors may have more risk tolerance, they still don’t want to risk the loss of potentially large sums. So, institutional clients want institutional level comfort. You’ll see custodians that hold crypto looking to compete on enhanced security with respect to key management, anti-hacking protocols, and critical ceremonies. Firms will demand best practices. Over time, reviews by independent parties such as SOC reviews and similar risk assessments will become very important. Because crypto presents a new set of challenges, people will really care that there are robust controls before entrusting their assets to crypto companies.
Involving the compliance team early in the ideation process
PB: If you’re a compliance officer working at a crypto business, what can you do to help the business see potential new growth areas through regulatory compliance, like expanding into new markets or creating new products?
CS: New product ideas will have better outcomes if compliance officers successfully integrate themselves from the start. Nothing frustrates a business more than having a great idea for a use case if they bring in a compliance officer who says it’s not going to work down the road. It creates a lot of frustration and gives rise to the risk of being perceived as the “anti-business” department.
Going back to our earlier conversation, we talked about how compliance officers might tend to be conservative and gravitate to saying “no” in terms of dealing with the business. So the onus is also on them to behave in a way that makes them a business partner.
If the business is thinking about new products, everyone needs to be aligned right from the start and think about it in real-time. I think of this as analogous to an agile program where real-time creation is happening and where product requirements are curated and tested during the development process.
The role of the compliance team here should be to gain an understanding of the new products and keep in mind the timeless principles the regulators care about. If they look back to the essence of what regulators tend to think about, then they can provide input from the onset as to how these principles may need to apply to an emerging setting.
Most compliance principles fall into two major buckets. They are either binary “yes” or “no” decisions or risk-based considerations. An example of a binary decision where there is no debate is the Anti-Money Laundering Currency Transaction Report (AML CTR) requirement to report transactions in excess of $10,000. There is no space for flexibility there and no room for judgment. It just must be done.
But suppose you’re working through a new use case without a specific binary regulatory requirement. In that case, you now have to think about what regulatory principles could apply and what best practice principles you can borrow from to build a program. While you can’t do anything about binary “yes” or “no” requirements except to make sure you identify them, your value as a compliance officer in the absence of such requirements is applying time tested risk-based principles to get a high level of comfort that you’ve assessed your risk appropriately and proposed mitigation steps accordingly.
PB: With this fast-moving crypto regulatory environment, we’ve seen so much happen in the last year, and we expect a lot more is going to happen over the next 1-2 years. What tips do you have for compliance teams as they put together their compliance strategies?
CS: We talked earlier about how compliance can be embedded more meaningfully as a partner and be part of the business and the importance of regulatory engagement. We just covered how compliance teams need to identify the binary requirements and the timeless principles that enable the adaptation or creation of something new. These are all essential elements for compliance teams to consider as they map out their approaches.
I would like to end with one more point. Today, across the industry, we don’t yet have many people with both the technical know-how and the understanding of how to apply regulation.
The key thing is that compliance officers should consider, particularly when entering uncharted waters, is that regulators have these timeless principles that you can use to plan compliance going forward. But at the end of the day, having people who both understand tech and how these regulatory principles will apply to it will be necessary ingredients. The teams with these capabilities will be best suited to nimbly and quickly adapt as new use cases emerge. It will take collaboration among different teams and working seamlessly together to reduce friction and allow innovation to flourish.
PB: Perfect. Thank you very much, Chuck.
Want to learn more about how to empower your business with compliance? Reach out to the Notabene Team.
- Notabene and Elliptic launch a ready-to-use solution that complies with FATF Recommendations to virtual asset service providers (VASPs) and financial institutions (FIs)
- VASPs and FIs can automate the exchange of counterparty information during cryptoasset transactions securely and privately
LONDON, NEW YORK – June 16, 2021: Notabene, a fast-growing FATF Travel Rule solution provider, has integrated with Elliptic, the global leader in cryptoasset risk management and blockchain analytics.
The intergovernmental FATF Travel Rule requires virtual asset service providers (VASPs) to exchange counterparty information when cryptoasset transactions exceed certain limits for all their customers.
Countries that have implemented the Travel Rule include the United States, Switzerland, and Singapore. Other jurisdictions are not far behind in enforcing these rules over the next 12 months.
With Notabene and Elliptic’s integrated solution, VASPs can automate transactions with trusted counterparties while providing them with the data they need to detect suspicious activity and meet their regulatory requirements.
In April, three crypto companies in Singapore completed the testing of automated Travel Rule transfers using Notabene. This made them some of the first VASPs ready to roll out full Travel Rule compliance at scale on their platforms.
Alice Nawfal, Chief Operating Officer of Notabene, comments:
“When it comes to compliance with the Travel Rule, VASPs are now in a rush to implement scalable solutions and come live. We expect the next six to twelve months will be a pivotal time for the crypto industry as VASPs overcome outstanding challenges and determine how to collaborate with each other effectively. We are excited to partner with Elliptic so that VASPs can have access to rich transaction data when performing Travel Rule transfers. This helps them make smarter compliance decisions.”
Elsa Said-Armanet, Director of Partnerships at Elliptic, said:
“Crypto companies are increasingly expecting counterparties to be Travel Rule compliant, or they will not do business with them. Now we can offer Notabene alongside Elliptic’s crypto risk monitoring solutions to help VASPs comply to the Travel Rule today, wherever they are, and transact with any counterparty, even if they didn’t implement a solution on their side yet.”
Notabene provides top crypto businesses and financial institutions with software and tools to manage risk in crypto transactions. Notabene’s customers are able to assess whether counterparties are safe to transact with and perform any regulatory actions required. Notabene offers the most secure Travel Rule fulfillment solution while simultaneously providing the broadest network coverage of compliant VASPs.
Elliptic is the go-to provider of enterprise-grade crypto compliance solutions for fintechs, crypto exchanges, and traditional financial institutions. Elliptic’s customers can assess risk on transactions across more than 100 different assets - including cryptocurrencies, stablecoins, and tokens. This represents the broadest coverage of any crypto transaction screening solution, with support for over 97% of all cryptoassets by trading volume.
#
Media Contact
Alice Nawfal
Sacha Lowenthal
About Notabene
Notabene helps crypto businesses and financial institutions manage regulatory and counterparty risks around crypto transactions. Notabene provides software, tools, and comprehensive data that helps businesses implement the new requirements of the FATF guidelines including the Travel Rule and identification of virtual asset accounts. They use Notabene to manage risk and deliver a best-in-class payment experience to their customers. Notabene is headquartered in New York with offices in Zug and Santiago de Chile. To learn more, visit www.notabene.id and follow us on LinkedIn and Twitter.
About Elliptic
Elliptic is the global leader in cryptoasset risk management for crypto businesses and financial institutions worldwide. A WEF Technology Pioneer, Elliptic is backed by investors including Wells Fargo Strategic Capital, SBI Group, and Santander Innoventures, and has assessed risk on transactions worth several trillion dollars, uncovering activities related to money laundering, terrorist fundraising, fraud, and other financial crimes. Elliptic is headquartered in London with offices in New York, Singapore, and Tokyo. To learn more, visit www.elliptic.co and follow us on LinkedIn, Medium, and Twitter.
GIBRALTAR & NEW YORK, October 13, 2021-- Notabene, the leading FATF Travel Rule solution provider, has partnered with VASPnet, the assured source of VASP regulatory data.
This collaboration solves a crucial yet overlooked challenge presented by FATF’s anti-money laundering standards on virtual assets which mandate that Virtual Asset Service Providers carry out due diligence on their counterpart VASPs before engaging in a business relationship with them. Additionally, if a counterpart VASP’s regulatory status cannot be determined as regulated, the originating VASP may deem it high risk and restrict all transaction flow.
With Notabene’s integration of VASPnet’s reference data, firms can confidently make comprehensive and well-informed risk-based decisions to help manage their AML/CTF risk using real-time, high-quality data directly sourced from regulators.
VASPdata is the world’s largest dataset of up-to-date authoritative regulatory data on 28,000 service providers authorised to conduct virtual asset activities. VASPdata will support Notabene’s mission to remove regulatory complexity by adding transparency to firms’ transaction flows. Armed with VASPdata, Notabene will enhance how firms comply with FATF’s Recommendation 16.
Notabene benefits from data that is assured by the VASPnet Verified freshness seal, ensuring Notabene’s customers receive only up-to-date and accurate regulatory information. With VASPdata and Notabene’s proprietary Rules Engine, Notabene’s customers can set robust regulatory rules into place, and scale ‘safe’ flows to regulated VASPs.
Quote from Notabene’s CEO Pelle Braendgaard:
“Implementing the Travel Rule requires you to trust that your counterparty exchange has properly verified their customers. Performing manual due diligence on the often 100s of counterparty exchanges that an average exchange interacts with will lead to loss of business or increased risk of fines. Notabene’s partnership with VASPnet is the first service allowing exchanges to continue to transact with thousands of counterparties, while at the same time managing their own risk appetite.”
Quote from VASPnet Executive Chair Siân Jones:
“Counterpart due diligence is a cornerstone requirement in FATF’s VASP-to-VASP value transfer standards. With real-time access to VASPdata’s authoritative regulatory information on licensed VASPs around the world, Notabene’s customers will be one step closer meeting their AML compliance obligations.”
About VASPnet:
VASPnet is the assured source of VASP regulatory data. VASPnet provides the authoritative data to confidently make well-informed, risk-based decisions and help meet AML/CTF obligations. VASPnet Ltd, an XReg company, is headquartered in Gibraltar, a leading cryptoasset jurisdiction. Visit www.vaspnet.com to find out more. Follow us on LinkedIn.
About Notabene
Notabene is a reg-tech compliance SaaS solution that connects the traditional financial industry and crypto industry. We are working to make crypto transactions a part of the everyday economy by providing software, tools, and comprehensive data to manage regulatory and counterparty risks in crypto transactions. Using privacy-preserving technology, strategic partnerships and commitment, our first-to-market FATF Travel Rule solution helps financial institutions, crypto exchanges, and businesses turn compliance into a competitive advantage. Trusted by leading exchanges, Luno, Bitso, Crypto.com and more.
Notabene is headquartered in New York with offices in Zug and Santiago de Chile. To learn more, visit www.notabene.id. Follow us on LinkedIn and Twitter.
- With many protocols on the market, Notabene simplifies travel rule compliance by integrating multiple messaging layers into one platform.
- In response to the sunrise period, Notabene offers a ready-to-use solution today - TRNow. You can exchange data transfers with any VASP, even if they didn’t implement a solution on their side yet. No need for them to sign up for or integrate with Notabene either!
Notabene lets you securely exchange Travel Rule data with any counterparty VASP. Yes, really.
Notabene’s multi-protocol approach helps you comply with the Travel Rule without hindering your transaction flow. Our goal is to instantly and securely connect you with all of your transaction counterparty VASPs despite regulatory complexity. The Travel Rule shouldn’t stop you from sending or receiving funds from certain businesses just because you two use different messaging protocols. Avoid spending time and efforts trying to convince all of your counterparties to sign up for the same network, or worse, joining multiple ones yourself!
1. How do I send a travel rule transfer to a counterparty VASP if...
1.1. I don’t know which protocol they use?
You don’t need to! We integrate the most widely adopted and ready-for-deployment protocols into our platform, so you don’t have to. There is no need to involve your dev team to support multiple protocols, run necessary blockchain nodes, and stay abreast of technical changes. We handle it all! You can think of Notabene’s solution as a switch on top of protocols. This means no more worrying about which protocol to choose for the broadest possible coverage.
Once your Travel Rule transfer is ready to send, our system automatically checks against all integrated protocols, the messaging channel you have in common with the Beneficiary VASP.
1.2. They don’t have any Travel Rule solution in place yet?
This is where our in-house solution, TR:Now, comes into play. It lets you send a Travel Rule transfer to any counterparty, even if they don’t have any solution in place yet! After a counterparty VASP is identified, a Travel Rule transfer is created and sent, the Beneficiary VASP receives an email notification. Once they verify that the address belongs to them, they can access the transfer in their browser securely. For security reasons, their access to the transfer information expires 72h after they open it.
Don’t know your Beneficiary VASP’s designated travel rule email address? Leave it to us! Notabene will help you determine the correct contact information for the Beneficiary VASP.
1.3. Notabene doesn’t support the protocol they use?
You can still meet your compliance requirements and send a Travel Rule transfer. Just like the previous example, Notabene enables transfers to any counterparty VASP, regardless of their protocol usage. See the steps described in 1b above for more.
2. How to receive a travel rule transfer from a counterparty VASP if...
2.1. They don’t know which protocol I use?
- If your counterparty VASP wants to send you a data transfer related to an incoming transaction, all they need to do is visit your company’s public profile at Notabene. At the bottom of your profile page, they’ll see all of your supported travel rule protocols with their respective identifiers. The list of available protocols is automatically updated as we integrate new protocols into our platform.
2.2. They don’t have any solution in place yet?
- If your counterparty doesn’t have any solution in place but you need them to send you a Travel Rule transfer, simply share with them a link to your company’s public profile on Notabene. From there, after authenticating themselves, they will be able to access a simple form and fill in all of the data required by the Travel Rule and send it straight to your Notabene dashboard.
2.3. Notabene doesn’t support the protocol they use?
- You can still meet your compliance requirements and receive a Travel Rule transfer. Following the same process as 2b above, Notabene enables transfers to and from any counterparty VASP, protocol or not!
3. How do I verify my counterparty VASPs?
Each company, regardless of the solution they use, can join Notabene’s public VASP directory for free. They create a profile by providing their license and incorporation information along with any respective supporting documents. This allows us to verify their business listing and issue a “Verified by Notabene” badge. After they have created a verified profile, they will be able to share additional information (e.g., AML/CFT processes) securely with you during the due diligence process.
If you’d like us to verify your counterparty, ask them to create their profile here.
4. How do I manage my transfers?
With Notabene, you have access to a secure, all-in-one dashboard where you can manage and monitor all of your transfers, regardless of the protocol over which they were sent. We make it easy and efficient for your compliance team to manage travel rule transfers from one place, and not have to worry about any underlying protocol complexity.
5. What if my company spans multiple jurisdictions?
If you closely monitor the travel rule implementation trends (because we do!), you might have noticed that some protocols get broader adoption in particular jurisdictions. But, have no fear! This doesn’t mean that you’ll have to sign up for different solutions just because your business is global. Notabene ensures coverage with all VASPs and regions, and offers multi-entity support so you can use one platform for seamless compliance and transaction flows, even if the rules differ from country to country.
Have more questions?
Great, we’ve got answers! To learn more about Notabene’s Travel Rule solution and how it can help you comply with the travel rule, book a demo today!
We’re excited to share that a select group of our Singaporean customers, Luno, Crypto.com, and Xfers, have successfully completed the second phase of Notabene’s Travel Rule testnet.
This makes them one of the first VASPs ready to roll out full Travel Rule compliance at scale on their platforms.
In various real-world scenarios, participants exchanged automated Travel Rule transfers that allowed instant counterparty VASP verification and Beneficiary’s VASP blockchain address confirmation. This phase also demonstrated the Notabene’s protocol-agnostic approach by using both TRNow, Notabene’s in-house solution, and TRP, an open-source, industry-led protocol, as messaging channels.
Phase 1 - Counterparty verification and secure data exchange
In the first phase, companies exchanged Travel Rule transfers using Notabene’s manual solution. This was an excellent opportunity for participants to tackle practical challenges in verifying a counterparty and securely performing data transfers.
As a result, participants developed the know-how and exchanged best-practices to improve their internal transaction flows to address Travel Rule requirements.
Phase 1 of the testnet also led to the creation of a testnet working group. Members of compliance, product, and dev teams from the participating VASPs now meet bi-weekly to collaborate on various challenges and agree on best practices for solutions.
Phase 2 - Automating the Travel Rule flow full-scale compliance
The goal of the second phase was to test:
- The automation and scalability of Travel Rule compliance processes using Notabene’s API
- The instant counterparty VASP verification using client-defined whitelists
- Increased customer data protection through blockchain address confirmation for beneficiary VASPs
- The ability to connect, regardless of protocol, with any VASP by using TRNow and TRP
Automatically generated Travel Rule transfers
For this exercise, participants exchanged automatically generated and verified Travel Rule transfers. With simple API integration, data transfers are created seamlessly by collecting Beneficiary’s and Originator’s information from VASPs’ internal systems, the moment a user initiates a transaction.
Did you know? Notabene’s pre-built user interface components instantly identify the wallet type and counterparties involved in a transaction and help collect any missing data from users. This feature was not part of the testnet but is a core part of Notabene’s Travel Rule offering. Learn more here.
Instant counterparty VASP verification
Notabene’s “Trust this company” functionality enabled testnet participants to easily verify and whitelist counterparties. This way, every transfer sent to a trusted VASP is automatically approved, allowing compliance officers to focus only on high-risk transactions.
Did you know? Notabene built a VASP directory that allows any company to create a public profile for free. Create your profile today and reduce the burden of business-to-business verification, a necessary but time intensive step to ensure the secure exchange of Travel Rule information.
Beneficiary VASP’s blockchain address confirmation
To prevent customers’ personal data from being sent to the wrong VASP, Notabene adds an extra layer of trust ensuring that a customers’ data always reaches the intended counterparty. Before a data exchange occurred, participants receiving a transfer were able to automatically confirm that the Beneficiary’s blockchain address belongs to them.
Sending Travel Rule transfers to VASPs outside of the Notabene Network
Notabene enables its customers to work with any VASP, regardless of protocol. The testnet allowed companies to send and receive transfers from a set of mock/simulated counterparties that lacked any Travel Rule solution. With much of the industry still early in its Travel Rule implementation, this capability is critical while different jurisdictions are developing at various speeds.
Participating VASPs also seamlessly exchanged customer data over an external protocol, TRP. As the proliferation and adoption of various Travel Rule protocols grows, Notabene will be adding them to its platform, allowing its customers to reach the most extensive number of counterparties possible.
Meeting FATF requirements without hindering business growth
These three scenarios were critical to test the implementation of the FATF and MAS requirements in a real-world business environment.
This evaluation allowed our customers to better understand what adjustments they need to make within their compliance and transaction flows to roll out a fully scalable Travel Rule solution without hindering business growth.
This is just the beginning
The implementation of the Travel Rule doesn’t happen overnight and will impact user experience, product, and compliance across the entire transaction flow. This is why it’s important to start testing and assessing its impact on existing systems as soon as possible. We’re committed to constantly supporting our customers along this journey from start through post full-deployment. Our bi-weekly meetings and deep-dive sessions will continue, and we hope the group of participants will only grow as we launch the next editions of the testnet.
Call for submission!
If you constantly hear about the Travel Rule but aren’t sure where to start, we’re here to help! We’re currently inviting VASPs interested in participating in the next edition of a global, cross-jurisdiction Travel Rule testnet. Apply here!
It’s been one year since we started Notabene, and what a crazy ride it has been!
Last April, as the world was going into lockdown, pushing the economy further into the unknown, we got together to work on a big challenge. We believed that crypto transactions should be a larger part of the everyday economy. To make this happen, transacting with crypto first had to become safer and easier to use.
And so, we started Notabene. What lay ahead of us was uncertain, but we bet on three things.
First, increasing global uncertainty will push people and businesses to more quickly adopt digital assets and cryptocurrencies.
Second, regulators will not budge on the deadlines set for crypto businesses to comply with new requirements. If anything, they may even put on more pressure to limit access to illicit finance as the financial world becomes more globally connected.
Finally, our confidence that we have the best team possible to tackle these challenges.
Fast forward to today, and what a year it has been! Our three bets have already started to pay off and there’s even more to look forward to than before.
Crypto is here to stay, paving a path for every financial institution to get into the space
We were bullish on crypto, but the speed of global adoption has shocked even us. From Visa launching a settlement layer with USDC, Paypal rolling out crypto for its 370M users, to Defi’s exploding innovation, crypto has roared onto the scene in a big way. Regulators like the OCC have made it possible for any financial institution to start offering crypto products. Momentum is high now, but this is still just the beginning. Tens of thousands of traditional financial companies will be entering the space over the next 5 years. Not to mention the thousands of new companies that have yet to even be created.
Regulators are keeping close watch on crypto
Cryptocurrency’s market impact makes it impossible for regulators to ignore any longer. The compliance landscape has been fast-moving. Local regulators have been enforcing the travel rule and other requirements to prevent the flow of illicit finance. The industry has also increasingly been working alongside, providing feedback and commentary to ensure that innovation can continue to prosper.
Our team built a strong foundation, and we’re ready for what’s next
This past year, we have created a rock solid team. We learned how to adjust to the new realities of a pandemic lockdown and work together remotely. We are proud of the culture we built and the principles we stand by: we are idealistic and ethically driven in how we build, but we are also pragmatic and keep one foot on the ground.
With this mindset, we launched our product just 4 months after starting Notabene. We’ve been releasing features continuously since, making sure our customers have access to the latest compliance requirements as well as best-in-class features.
Today, we serve crypto companies across 4 continents, including some of the largest exchanges like Luno and Crypto.com. We have partnered with companies like Chainalysis to tackle the evolving regulatory landscape together. It has been a pleasure to work closely with and learn from our clients and partners.
Finally, the support we have received this past year has been incredible. From the Y-Combinator partner and founder community, to our investors, advisors and mentors, you have all been an incredible source of support. To our first employees, we are excited to have you. Thank you all for joining our vision!
But this is just the beginning. We are beyond excited for the road ahead, and here's to many more years to come!
- Alice, Ania, Andres and Pelle
At a time where crypto companies and financial institutions are pressing the pedal to grow and meet large-scale retail and institutional demand, they also need to fulfill immediate regulatory obligations and manage risk around transactions. We started Notabene last year to make transacting with cryptocurrencies safer and easier for businesses and individuals alike. Only then, can crypto transactions become part of the everyday economy.
We provide companies with the software and tools to manage counterparty risk and perform regulatory compliant transactions at scale. However, our role does not end there: We also help companies make sense of a fast-moving regulatory landscape and engage regulators on their behalf. As companies look to introduce comprehensive compliance policies, we need to continue investing in our role as a trusted partner who can support our clients along the way.
Today, we are excited to welcome Rebecca Macieira-Kaufmann and Charles “Chuck” V. Senatore to the Notabene team as our advisors. As a seasoned CEO, Rebecca has scaled financial service businesses to exponential revenue while overseeing the implementation of strong regulatory and risk management controls. While leading global compliance programs at major financial institutions, Chuck worked closely with management teams to align compliance and business goals. He also spent years as a regulator at the SEC. Together, their decades of experience working with complex financial and risk issues will be instrumental in helping Notabene build a best-in-class product and support our community of customers during this critical time.
Rebecca spent more than 11 years at Citigroup serving in a range of CEO, President, and General Manager roles. In her last role as Head of Citigroup’s International Personal Bank, Rebecca managed a full P&L line of business serving the offshore wealth needs of multinational clients in more than 100 countries. Rebecca was brought into multiple businesses as the transformation leader to bring a culture of risk management, control and regulatory compliance to the forefront. She remediated issues, simplified operations and digitized the customer experience—all while meeting regulatory standards and growing the business exponentially—leaving them strong and financially secure.
Previously, Rebecca served as President and CEO of Banamex USA, where she turned the business around by remediating a Consent Order while simultaneously meeting the cross-border needs of Mexican businesses and high-net-worth individuals. Today, Rebecca is a member of Revolut’s US board and advises CEOs of start-ups in all phases of growth.
In her role as an advisor of Notabene, Rebecca will support us becoming more effective leaders as we scale our business in this fast-moving market. She will help us better understand our customers and build the right tools for them. She is a big advocate of making compliance a part of the culture of a financial institution. We will continue to leverage her hands-on experience to support our customers as they look to grow their businesses responsibly.
“It is exciting and deeply gratifying to be a part of Notabene at the ground floor as they help clients grow and operate with the right regulatory controls in the digital asset space”, says Rebecca about joining Notabene as an advisor.
Chuck brings decades of experience in compliance, risk and regulatory affairs for financial services and, in more recent years, digital assets. He is a board member and audit committee chair of Fidelity Digital Asset Services, LLC. Most recently, Chuck was Head of Risk Oversight for Fidelity Investments’ Devonshire Investors unit. Before that, he led Fidelity’s global compliance and ethics function and served as the firm’s head of regulatory coordination and strategy. Prior to joining Fidelity, Chuck was Co-Head of Global Compliance at Merrill Lynch, and led the firm’s Regulatory Affairs Group. During his time leading compliance functions, he was instrumental in helping his compliance teams get a seat at the management table and be part of decision-making.
Chuck is also a former regulator. He was the SEC’s Southeast Regional Director, and prior to that an Assistant U.S. Attorney and Chief of the Public Corruption Section in the Southern District of Florida.
More recently, he teaches Compliance and Regulatory Strategy at the University of Chicago Law School, and is a Senior Fellow at New York University's Program on Corporate Compliance and Enforcement. He also founded the Boston Regtech Meetup, and is a member of the Massachusetts Secretary of State's Fintech Advisory Working Group.
In his advisory role at Notabene, Chuck will provide insight on how we can engage regulators constructively and advocate for digital assets and the unique opportunities they bring to the financial markets. He will also be helping us build products that empower compliance teams to meet regulators’ expectations and become more effective decision-makers in their companies. With regulators moving fast to introduce crypto regulations, Chuck believes this is a critical moment for the crypto industry.
He believes that “Digital assets and blockchain use cases are maturing rapidly, and Notabene is poised to make an important contribution to the industry's rapid evolution. I am pleased to have the opportunity to help guide Notabene's very talented team and be part of its effort to lead positive, responsible and innovative change.”
The whole Notabene team is looking forward to working closely with Rebecca and Chuck going forward. Their insights have already helped us and our customers. Please join me in welcoming Rebecca and Chuck to the Notabene team!
Best regards,
Pelle Braendgaard
Singapore, New York – Luno, a leading global cryptocurrency company based in London with over 7 million customers in 40 countries, has partnered with Notabene, the end-to-end Travel Rule compliance platform. With Notabene’s help, Luno is rolling out Travel Rule compliance starting with Singapore.
Luno is using Notabene’s services to manage counterparty risks related to crypto transactions and to meet the latest anti-money laundering (AML) requirements as defined in Singapore’s Payment Services Act 2019 (the PSA). By integrating our solution, the Luno team can now perform Travel Rule transactions securely and at scale.
As consumer demand for cryptocurrency grows across global markets, regulators are introducing requirements to protect consumers and mitigate the risk of money laundering. One of these requirements is the Travel Rule, and it requires that cryptocurrency platforms like Luno share customer data related to a crypto transaction securely with the counterpart exchange.
Besides regulatory compliance, Luno believes that the Travel Rule can promote customer confidence in crypto transactions. When customers are requested to input information about recipients and checks are performed, the risk of a transaction going to the wrong recipient decreases.
Notabene’s solution helps Luno’s team manage counterparty risks. With our rule-setting tools and due diligence service, their compliance officers can now automate the transfers of Travel Rule data with trusted exchanges.
Sherry Goh, Country Manager of Luno Singapore, says:
“We are delighted to partner with Notabene for Luno’s Travel Rule roll out in Singapore. We were impressed with Notabene’s protocol agnostic approach and the decision to build a platform aimed at end-to-end compliance with the Travel Rule. We are confident that the integration with Notabene will mean that our customers’ Luno experience will remain as smooth as ever.”
Pelle Braendgaard, CEO of Notabene, comments:
“With Luno’s continued commitment to compliance, it has brought safe crypto products to millions of consumers worldwide. We are excited to see how our product can help Luno continue on their mission to upgrade the world to a better financial system.”
Luno is also a participant in Notabene’s recently launched Singapore testnet. It is testing travel rule transfers alongside other cryptocurrency platforms.
Are you interested in learning more about our travel rule solution and how we help with managing counterparty risk? Reach out to us at hello@notabene.id.
Media Contact
Alice Nawfal: alice@notabene.id
About Notabene
Notabene helps crypto businesses manage regulatory and counterparty risks around transactions. Notabene provides software, tools, and comprehensive data that helps their customers implement the new requirements of the FATF guidelines including the Travel Rule and identification of virtual asset accounts.
Notabene is a Y Combinator company and has offices in New York, Zürich, and Santiago de Chile.
Find out more here: https://www.notabene.id
About Luno
Luno is a leading global cryptocurrency company on a mission to upgrade the world to a better financial system.
Co-founded by CEO Marcus Swanepoel and CTO Timothy Stranex, Luno launched in 2013 and has built a team of nearly 400 with its headquarters in London with regional hubs in Singapore and Cape Town. With over 7 million customers spanning in over 40 countries, Luno’s products and services make it safe and easy to buy, sell, store and learn about cryptocurrencies like Bitcoin and Ethereum.
Luno has been backed by some of the world’s leading investors including Balderton Capital, RMI, Naspers and Venturra, before recently having been acquired by Digital Currency Group (DCG).
Find out more here: https://www.luno.com
What is the Financial Action Task Force (FATF) and what does it do?
Virtual Assets and VASPs (Virtual Asset Service Providers): What are they?
What is the Crypto Travel Rule?
What Is Anti-Money-Laundering (AML) and How Does It Apply to Crypto?
What is Counter-Terrorism Financing (CTF), and how does it apply to Crypto?
What is KYC in Crypto, and why do crypto exchanges require it?
FATF's Final Guidance for Virtual Assets and VASPs
What is the Sunrise Issue?
Travel Rule compliance challenges and opportunities for VASPs
What Are Travel Rule Messaging Protocols?
How Can VASPs Ensure Travel Rule Compliance During Transactions With Unhosted Wallets?
How Decentralized Identifiers (DIDs) are Shaping the Crypto Travel Rule Infrastructure
What Is Counterparty Crypto Wallet Identification & How Does It Work?
VASP Due Diligence: Establishing Trust in Counterparty Sanctions Screening
Six Reasons VASPs Are Investing in Travel Rule Solutions Right Now
Ten Interoperability Tips for VASPs
Travel Rule Implementation by jurisdiction
The Current State of Crypto Travel Rule Enforcement [April 2023]
Which VASPs are Currently Travel Rule compliant?
Travel Rule Compliance in the European Union: An In-Depth Analysis
Notabene vs. FATF's Travel Rule Compliance Tool Criteria
Travel Rule Compliance in the European Union: Summary
FATF Travel Rule Requirements in the European Union
FATF Travel Rule Requirements in Singapore
The State of Crypto Travel Rule Compliance Report 2024
The Crypto Pre-Transaction Decision-Making Guide
FATF Travel Rule Requirements in Canada
FATF Travel Rule Requirements in Malaysia
FATF Travel Rule Requirements in the Philippines
Notabene vs. Hong Kong SFC’s Compliance Criteria
The State of Crypto Travel Rule Compliance Report 2023
FATF Travel Rule Requirements in Gibraltar
FATF Travel Rule Requirements in Hong Kong
.png)
FATF Travel Rule Requirements in Dubai
.png)
FATF Travel Rule Requirements in Japan
FATF Travel Rule Requirements in the United Kingdom
Crypto Travel Rule 101 Guide
FATF Travel Rule Requirements in Switzerland
FATF Travel Rule Requirements in Estonia
How Luno Singapore met Travel Rule Regulations using Notabene
Crypto Compliance: Unique Cases and State of Regulatory Landscape in 2022
The State of Crypto Travel Rule Compliance Report 2022
Introducing SafeConnect Components: Seamless end-to-end TFR Compliance
On October 29th, we debuted our game-changing solutions for self-hosted wallet compliance, built to meet the latest EU Transfer of Funds Regulation (TFR) requirements.
We'll also showcased our brand-new SafeConnect Components, a powerful embedded UX suite designed to streamline Travel Rule workflows, solve the new TFR requirements, and empower businesses to offer their users a seamless, secure, and fully compliant crypto transaction experience – with just five lines of code ✨
We covered:
- Live demo of the self-hosted wallet solution
- Overview of the product architecture and capabilities
- In-depth exploration of the value that VASPs can capture
- A preview of our upcoming product roadmap
Miss the live event? No worries, we recorded it for you!
Just submit the form on the right to watch the video on-demand.
Become an Expert on Travel Rule in the EU
Do you have customers in the EU?
The European Union's Transfer of Funds Regulation, complemented by the European Banking Authority (EBA)'s Travel Rule Guidelines, sets new benchmarks for financial transparency and security requirements for any Virtual/Crypto Asset Service Provider (VASP/CASP) that has customers in the EU.
How does this your company? The answer depends greatly on the unique needs of your business. It's critical that you educate yourself on the specifics of TFR regulation before implementing your Travel Rule program for the EU.
Take the first step by completing our in-depth certification course that will clarify all of the new rules and transform you into a true expert on Travel Rule in the EU.
Course Coming Soon - Sign up to be notified when our comprehensive course on TFR regulation is ready for enrollment.
Notabene Launch Event: SafeTransact for Networks Live Demo
In an era marked by a thriving bull market and increasingly complex regulatory environments, achieving maximum reachability with your transaction authorization solution is more critical than ever. Walled gardens and competing closed networks not only slow your entry into new jurisdictions but can also significantly impact your revenues.
Introducing: SafeTransact for Networks 🌐
SafeTransact for Networks instantly increases reachability for all our customers. It enables existing networks, such as custodial services, settlement, and liquidity providers, to seamlessly integrate multi-party transaction authorizations within their current operations. No more joining multiple Travel Rule protocols or worrying about interoperability. With SafeTransact, businesses gain instant access to all its active members, fostering trust and connectivity across different crypto ecosystems.
We are thrilled to announce that Fireblocks will join us for this event. As a leader in digital asset custody and security, Fireblocks will share insights from our partnership and their perspective on the future of custody infrastructure and payments. Discover how integrating compliance into their network has benefited them and how SafeTransact for Networks can further enhance your operations.
Live Demonstration Highlights
- SafeTransact for Networks: Extend the power of SafeTransact to your entire network, boosting reachability and transaction volumes while staying compliant with international regulations.
- New Capabilities: Enjoy enhanced support for multiple counterparties, expanded use cases beyond the Travel Rule, and leverage our innovative decentralized Transaction Authorization Protocol (TAP).
- 2024 Travel Rule Milestones: Learn how these updates align with the December 30th deadline for TFR compliance in the EU.
This live event was held on June 27, 2024. To watch the recording, fill out the form on this page and you will be redirected to the video.
Insights From the State of Crypto Travel Rule Compliance Report 2024 — APAC
Register for this on-demand webinar to dive into the latest crypto compliance challenges and insights, featuring key findings from Notabene's "State of Crypto Travel Rule Compliance Report 2024."
Our in-depth exploration will highlight the current compliance landscape, drawing on a comprehensive industry survey to share exclusive proprietary knowledge.
Topics include:
Principal insights from the industry survey
Overview of key regulatory developments in 2023 crypto
Analysis of prevalent compliance challenges
Evaluation of stakeholders poised to address these challenges
Global compliance metrics and due diligence protocols among VASPs
Strategies by VASPs for managing non-compliant transactions
Join us to gain a thorough understanding of the Travel Rule adoption in crypto and prepare your organization for success in 2024.
Insights From the State of Crypto Travel Rule Compliance Report 2024 — EMEA / Americas
Dive into an in-depth exploration of the latest compliance challenges and insights in crypto Travel Rule adoption, featuring key findings from Notabene's "State of Crypto Travel Rule Compliance Report 2024."
Drawing on a comprehensive industry survey, we will provide an extensive overview of the current compliance landscape and share exclusive proprietary knowledge.
This webinar covers:
Principal insights from the industry survey
Synopsis of significant regulatory developments in crypto for 2023
Analysis of prevalent compliance challenges
Evaluation of stakeholders poised to tackle these challenges
Global compliance metrics and due diligence protocols among virtual asset service providers (VASPs).
Approaches adopted by VASPs for managing non-compliant transactions, and much more.
and much more.
Enter your information to watch this webinar on demand.
Notabene Launch Event: Preparing Your Business for Mass Travel Rule Adoption in 2024
Join us for the Notabene Launch Event, where we're unveiling pioneering solutions to tackle compliance complexities, and prepare your business for mass Travel Rule adoption in 2024.
As Travel Rule adoption reaches its inflection point, navigating its implementation across various jurisdictions, or meeting the rigorous demands of handling unhosted wallets presents a formidable challenge for companies of all sizes.
This virtual event showcases pressing compliance issues in 2024 with insights and strategies to keep your organization ahead of the curve.
Here's what you can expect:
Unlock exclusive insights from Notabene’s report on the State of Crypto Travel Rule Compliance, revealing the urgency of adoption this year. 🔒
Discover how Notabene is the only solution on the market that allows you to maintain your global reach while complying with local regulation anywhere in the world.
How Notabene supports over 300 wallets to address growing regulatory requirements for unhosted wallets.
Dive into handling compliance and Travel Rule for all real-world transactions and counterparty types. Addressing the fallacy of existing Travel Rule protocols.
Don't miss this exclusive Launch Event where Notabene provides invaluable guidance and pragmatic solutions to navigate the compliance landscape of 2024.
Pre-Transaction Decision-Making in Crypto: Preventing Illicit Activity Before Transaction Settlement
Empower Your Crypto Transactions: Understanding Pre-Transaction Obligations
Join the Notabene team, as we explore the pivotal topic of pre-transaction decision-making in crypto transactions. In this insightful webinar, we will dive into the essential strategies that can help you prevent illicit activity before it occurs in the world of cryptocurrency transactions.
This on-demand webinar covers:
- Strategies to Mitigate Illicit Activities: Learn how to prevent illicit activities before crypto transactions are finalized.
- Crypto vs. Fiat Travel Rules: Understand the critical differences and why early risk management is essential.
- Regulatory Landscape: Explore pre-transaction regulatory obligations with examples from UK guidelines.
- Benefits of Pre-Transaction Decision-Making: Discover how it can enhance your compliance efforts in the crypto space.
- Operational Challenges: Address challenges such as returning funds
- Key Features: Integrations and blockchain authorization flows.
And much more.
Watch on-demand by filling in the form above.
Everything Intermediary VASPs Need to Know About The Travel Rule
Travel Rule flows often involve Intermediary VASPs. It is important to understand what your obligations look like if you qualify as an Intermediary or when you interact with one. In this webinar we examine the definition of Intermediary VASP under different jurisdictions and investigate obligations that apply to these stakeholders.
Spoiler alert: if you are a custodian, this webinar is for you!
Speakers:
Moderator: Lana Schwartzman, Head of Regulatory and Compliance at Notabene
Andrew Price, Chief Compliance Officer at Zodia Markets
Laurent Girouille, General Manage at Komainu
Catarina Veloso, Regulatory and Compliance, Senior Associate at Notabene
Why Travel Rule & Counterparty Risk Management Is Required To Get Your VARA License
Learn how the Travel Rule fits into your Compliance Stack
In January 2023, Dubai’s Virtual Asset Regulation Authority (VARA), provided a detailed framework for regulation with a focus on Travel Rule.
During this webinar, Lana Schwartzman, Notabene’s Head of Regulatory & Compliance, will host compliance experts, as they discuss where Travel Rule sits in the VARA Rulebook and why it is important.
Panelists:
Amardeep Thandi, Compliance & Regulation EMEA, Chainalysis
Tracy Ellen Angulo, J.D., CFE, CAMS, Director, Guidehouse
Laurent Girouille, General Manager, Komainu
Watch on-demand today to find out:
How Travel Rule is required to get your VARA license
How Travel Rule is part of the Compliance/AML stack
What is the global picture for travel rule
What are the main requirements and challenges VASPs should be aware of?
A comparative look at Travel Rule in the USA and Canada
When? 🗓 Dec 7 @ 3pm GMT / 10am ET
When transacting cross-borders, it’s important that VASPs consider any jurisdictional differences in Travel Rule requirements and best practices.
During this Compliance Deep Dive, Notabene’s Lana Schwartzma, Head of Regulatory & Compliance, and Catarina Veloso, Legal Engineer, will compare the approaches to Travel Rule in the USA and Canada.
Our hosts will deep dive into several components of Travel Rule requirements and discuss the key differences in these two regions that all compliance professionals should be aware of.
Travel Rule in Crypto: What all Compliance Officers should Know
Join Catarina Veloso, Notabene's Legal Engineer (and Travel Rule expert), and Tung Li Lim, Elliptic’s Senior Policy Advisor, APAC, as they dive into the real world challenges and opportunities of Travel Rule implementation.
When? 19th October 9am BST / 4pm SGT
This webinar will cover:
The Travel Rule explained
Regulatory Landscape review
FATF’s Targeted Update
Travel Rule implementation
The Pitfalls of Travel Rule compliance
There will be time saved at the end of the webinar for Q&A.
How to Solve the Crypto Travel Rule's Sunrise Issue Today
The Travel Rule, like the sun, rises at different times worldwide. Therefore, the "sunrise period" in crypto compliance refers to the period during which the Travel Rule is not in full effect across jurisdictions, which causes additional challenges for VASPs that are already required to comply. - coining the term Sunrise Issue within crypto Travel Rule compliance.
A growing number of VASPs are receiving requests for travel rule data transfers before they have Travel Rule solutions in place but are still expected to respond. FATF's Travel Rule guidelines stipulate that VASPs should limit or completely restrict transactions with counterparty VASPs that do not reply to their Travel Rule data transfers.
Notabene's Legal Engineer - Catarina Veloso, will host a webinar to help break down what the Sunrise issue actually means, the hindrances that the sunrise period brings, as well as practical solutions that allow compliance teams to overcome these challenges without needing technical resources or budget approvals.
Register today to find out more about:
What is the Sunrise Issue
Operating during the 'Sunrise'
Dealing with the Sunrise Issue - practical solutions
VASPs subject to travel rule requirements
VASPs that are not yet subject to Travel Rule requirements
What Does the FATF Targeted Update on Implementation Mean For You?
Watch on-demand
Three years have passed since the Financial Action Task Force (FATF) extended its anti-money laundering and counter-terrorist financing (AML/CFT) Standards to financial activities involving Virtual Assets (VAs) and Virtual Asset Service Providers (VASPs) to respond to the threat of criminal and terrorist misuse.
On June 30th 2022, the FATF released its' Targeted Update on Implementation of FATF’s Standards on VAs and VASPs’, which provides an overview of areas of progress that countries and the industry have made and continued implementation gaps and concerns.
Join Notabene’s CEO, Pelle Braendgaard and FATF Virtual Asset Contact Group (VACG) Co-Chair, Takahide Habuchi, as they discuss:
- Key takeaways from FATF’s Targeted Update
- Global approach to Travel Rule
- Transactions with unhosted wallets
- Crypto Compliance vs Traditional Finance
Compliance Deep Dive: Travel Rule in the European Union (2022)
In this session, Catarina Veloso covers the Transfer of Funds Regulation and dives into how it impacts Travel Rule obligations for European VASPs. She guides a group of crypto Compliance Cfficers through the European legislative process and the milestones that the Transfer of Funds Regulation has already gone through. Additionally, she touches upon the regulation’s critical provisions around Travel Rule while bearing in mind that all of this is still subject to change.
Register today to dive into, The European legislative process, The European Transfer of Funds Regulation’s key provisions around Travel Rule, and The scope of application, including:
De-minimis threshold
Required PII
Counterparty due-diligence
Sanction screening
Unhosted wallets
Exceptions
+ Much more.
Compliance Deep Dive: Back to the Basics of Travel Rule
In this Compliance Deep Dive session, Notabene’s Legal Engineer, Catarina Veloso, will cover the basics of Travel Rule compliance.
Currently, we see many companies getting started on tackling Travel Rule compliance due to the increasing urgency from both regulators and counterparties.
Hence, we figured that this would be good timing to:
Reiterate the key Travel Rule compliance requirements; and
Demonstrate a Travel Rule flow, from A to Z, using Notabene's platform and with the help of illustrative diagrams.
Navigating Crypto Regulations in Singapore in 2021
2020 marked an instrumental year for crypto companies in Singapore. As they applied for the PSA license, they had to introduce rigorous AML programs and started implementing the Travel Rule. What's next in 2021? A joint webinar brought to you by Notabene and Merkle Science.
Panelists:
Ian Lee - Founding team and VP of Business Development at Merkle Science (Moderator)
Aymeric Salley - Head of StraitsX at Xfers
Julia Chin - Managing Consultant at JFourth Solutions
Pelle Braendgaard - Founder and CEO of Notabene
Navigating Crypto Regulations in the UK and EU in 2021
2021 is a critical year for crypto businesses and financial institutions across the EU and the UK as they grapple with new regulatory requirements. In this webinar, the panelists discuss upcoming trends, potential challenges and areas they'd like regulators to provide insight on. A joint webinar brought to you by Notabene and Merkle Science.
Panelists:
Pelle Braendgaard, Co-Founder and CEO of Notabene (Moderator)
Ian Taylor, Chair of CryptoUK
Jacek Czarnecki, Global Legal Counsel at the Maker Foundation
Lucy James, General Counsel at Luno
Mriganka Pattnaik, Founder and CEO of Merkle Science