TL;DR - To comply with new AML/CTF requirements, crypto companies in Singapore are partnering with compliance companies like Notabene. We are deeply committed to data security and privacy, and as such, we have taken significant steps to meet MAS’s new requirements for technology service providers. We have also successfully completed an Independent Assessment from ACCESS and are working on a SOC2 Audit. Our efforts will help companies streamline the vendor assessment process and allow them to start implementing the Travel Rule quicker.
Singapore’s financial regulator, the Monetary Authority of Singapore (MAS), has been at the forefront globally in implementing a regulatory framework for crypto companies operating in the country. In short, crypto companies will need to follow similar AML/CTF requirements to traditional financial institutions. They also have to apply for a Payment Service Provider Licence (activity type: digital payment token service) under the Payment Services Act (PSA) to continue operations.
Once the first licenses are issued, it will be a boon for these businesses as it allows them to expand services to the traditional financial world. We are seeing many international crypto companies applying for licenses in Singapore to take advantage of these benefits.
Most of the focus has been on the new AML/CTF processes that licensees will have to implement such as the Travel Rule and non-custodial wallet identification. We are working closely with many Singaporean PSA license applicants to solve these issues.
There is a lot more to it than AML though. Data security, privacy, and customer protection are equally important.
In particular, MAS requires licensees to implement the following:
Most of these requirements are about protecting customers’ data and financial transactions. The Outsourcing Guidelines specifically deal with how regulated financial institutions in Singapore have to deal with service providers like Notabene.
The Technology Risk Management Guidelines are a new set of guidelines issued on January 18th, 2021, and require financial institutions to assess whether third party vendors employ a high standard of care and diligence in protecting data confidentiality and integrity as well as ensuring system resilience.
Financial institutions need to assess whether technology vendors can fulfill their security obligations, and then ensure that this is reflected in legal agreements with them. During a time when companies are looking to quickly adopt new AML/CTF tools quickly, we understand that this can be a challenge and delay the procurement process.
To make this process more seamless for our Singaporean customers, we have taken the following steps:
First, ACCESS completed an Independent Assessment of our service
The report contains an assessment of various aspects of our business as required by the outsourcing guidelines, including data security and business continuity processes. Per their assessment of both the Notabene product as well as these guidelines, we satisfy the requirements put forth by MAS.
ACCESS also engaged an external vendor to conduct a rigorous cybersecurity assessment of the Notabene product using the Gray Box Testing Method and then benchmarked against Open Web Applications Security Project (OWASP) standards. The objective was to uncover vulnerabilities in our API by setting up a rogue VASP with malicious intent. No vulnerabilities were identified.
The report has been shared with MAS, FATF and IDAXA. If you are an ACCESS member, you can purchase the report here. We are able to provide a limited amount of codes that will allow you to download it at no cost. Please reach out to us for a code.
Second, we are fully SOC 2 certified
Notabene has achieved a clean SOC 2 Type II report, underscoring our adherence to top-tier security standards through robust information security measures. This accolade, coupled with AICPA's three-month evaluation affirming our compliance with key service and system standards, highlights our commitment to security and privacy. Supported by Vanta's compliance platform and our dedicated team, we ensure our product's integrity, with our SOC 2 audit report available to customers upon request.
Finally, we are one of the first third-party vendors to meet the new Technology Risk Management guidelines put forth by MAS
This is now reflected in a special version of our commercial agreement, which includes specific addendums surrounding personal data protection, outsourcing guidelines, and technology risk management. We are offering this as an option to Singaporean companies.
Has your company applied for the Digital Payment Token Service License in Singapore, or are you considering it? With our end-to-end Travel Rule solution, we can help you meet the latest requirements. You can reach out to us at hello@notabene.id.
In the light of our recent fundraising round, I wanted to share some thoughts on Notabene today and on our future to help mark this important milestone for our team.
1. Our mission is to give everyone the confidence to perform crypto transactions
My co-founders and I are all big believers in the underlying mission of cryptocurrencies, DeFi, and their underlying blockchain protocols. The permissionless nature of these protocols is a requirement for them to function correctly. It also allows developers and startups to create groundbreaking new innovative products that just would not be possible in a permissioned world.
However, it is easy to forget that behind each transaction flowing through these protocols are real people and businesses. They do need to be able to make educated decisions if they want to perform a transaction or not.
I firmly believe that one of the biggest problems affecting the adoption of crypto is that most people and businesses are still finding it difficult to trust the counterparties to a transaction:
- Who sent me this BTC?
- How do I know I’m sending my ETH to the correct DeFi address?
- Is my customer who is withdrawing funds sending it to themselves, or am I inadvertently interacting with someone from a sanctions list?
- Who do I reach out to if I sent the funds to the wrong address?
For some, such as end-users, it is primarily about the risk of losing funds. Will I lose money sending a transaction to the wrong address or a fraudulent business? As someone who sent his first Bitcoin transaction in 2010, I am still worried every time I send a crypto transaction.
Regulated companies like banks and crypto exchanges also have a regulatory requirement to know with whom they are transacting, which increases the risk of doing business. This risk is present regardless of whether they send funds to their customer’s Ledger Nano or send funds to another exchange.
Sending or receiving funds to another exchange adds multiple parties to the transaction, thus substantially raising the risk. Not managing these risks can have very extreme consequences for a regulated company like an exchange. There may be fines involved, but you could also lose your license or go to jail in some severe cases.
We started Notabene specifically to help regulated companies have the confidence to send and receive more transactions on behalf of their customers. I believe this will ultimately allow broader adoption of crypto and DeFi by everybody and push the technology into mainstream usage.
This year we have seen a remarkable resurgence in Bitcoin and an incredible amount of innovation in DeFi. These two technologies, together with stablecoins, are now no longer just the talk of crypto Twitter. They have reached the top of mind for central bankers, regulators, investors, and bankers. The main reason is that the value proposition of these protocols has become so much clearer to them.
There has never been a more important time to grow the amount of value transferred through these decentralized protocols. Not just by 2x or 10x. Let’s shoot higher to 100x and 1000x.
As an early Bitcoiner, I have never felt more confident in us reaching the broad and inclusive adoption goals that we have been speaking about at conferences and on podcasts for the last ten years.
2. New global regulations are challenging for the crypto industry
Last year the global Anti Money Laundering watchdog FATF laid down a new global framework for regulating crypto businesses based on applying their existing recommendations to crypto businesses. In 2013 the US was the first country to apply its existing regulatory framework to crypto businesses. Now regulators from most major economies are figuring out how to implement this framework.
Unfortunately, in many jurisdictions, such as Singapore and the Netherlands, established companies struggle to fulfill the new licensing requirements required to continue operating.
Since its start, the crypto industry has had a problem with regulation. Regulation seems antithetical to the technology’s permissionless aspect. Also, when it comes to a decentralized protocol like Bitcoin, whom do you regulate? I, like many others, joined the space because of this promise of permissionless innovation.
3. Lack of access to financial institutions
Lacking access to the traditional financial system ended up being one of the most significant issues for many startups working with crypto. After all, how can I sell Bitcoin if my customers can’t pay for it?
Our CTO Andrés Junge launched the first Bitcoin brokerage, Yaykuy, in Chile back in 2012. The banks shut off access to Yaykuy one by one since they did not know how to manage the risk of having an unlicensed crypto exchange as a customer. They finally had to shut down. I went through something similar in Kenya with my old startup Kipochi when mPesa shut down our operational account within a week of our press launch.
In both of these cases, it wasn’t the regulators closing these startups down. It was traditional financial institutions shutting them out since they had no clear path towards regulation. More importantly, they couldn’t prove the source of funds for our customers’ transactions.
“Derisking” is the term usually used for this process of banks shutting off access. Without access to the correct tools, there is a real risk that well-regulated exchanges start derisking away transactions to less well-regulated ones.
When the last significant change in regulation happened in the US in 2013, it became a competitive advantage to actively seek out and manage relationships with both regulators and banking connections.
4. The Travel Rule gives companies the tools to manage risk
The most controversial part of the FATF framework for crypto regulation has to be the “Travel Rule,” which many saw as impossible to implement for blockchain applications.
The Travel Rule comes into effect when a regulated financial institution sends funds on behalf of a customer to an account at another regulated institution. The rule requires the sending institution to transmit information about its customer to the receiving institution, who have to take this information into account when managing the risk of the transaction.
One of the main reasons regulators require companies to implement the Travel Rule is to perform better sanctions list checking. Governments, the EU, the UN, and others create sanctions lists to list known terrorists, corrupt politicians, and organized crime members. In some cases, they include known blockchain addresses of sanctioned people, but checking only for sanctioned addresses is insufficient for compliance.
If an institution accidentally facilitates a transaction with someone on one of these lists, it can lead to fines. A lawyer friend who has advised companies accused of this calls it an extinction-level event for many unprepared companies. Defending it becomes a case of proving you have set up correct processes to avoid it.
Sanctions list checking is a requirement for both the sending and the receiving institution. Doing so based solely on public data from blockchains is impossible, so the Travel Rule sets up a new layer on top of the underlying blockchains enabling them to do so correctly.
In reality, the Travel Rule is not new, and most traditional payment systems such as SWIFT have implemented it since the 90s. When banks say they can’t trust the source of funds for crypto companies, they are typically referring to the lack of the Travel Rule.
5. How are we helping crypto businesses today?
Notabene takes a very holistic view of managing the regulatory risk of crypto transactions. Our current offering consists of a unified API and dashboard helping compliance officers within crypto businesses manage risk for both Travel Rule and regular non-custodial transactions in a single place.
While the Travel Rule is used to help regulated institutions manage risk, we also see it as an excellent way to give their end-users the confidence to transact more. We provide innovative companies with the tools to help use the travel rule to increase their transaction volume and, ultimately, revenue.
There are currently many protocols for solving the Travel Rule today. All of them help businesses involved in a particular transaction to exchange information about their customers. They also require every transacting party to be on the same protocol. This lack of a clear winner amongst all of the protocols has made it even more difficult for crypto businesses to pick just a single protocol.
From talking with leadership and compliance staff at countless crypto companies, I believe this has only caused confusion and slowed the industry’s overall implementation. Notabene provides a switch on top of them and even allows our customers to continue transacting with exchanges that aren’t yet actively implementing the Travel Rule. Our Travel Rule switch gives our customers access to by far the broadest amount of crypto businesses.
Since we launched in August, over a dozen companies, have started using Notabene for Travel Rule compliance. Ania Lipinska, our head of product, has personally had deep dives with compliance teams at over 100 different crypto businesses this year. Our team’s strong focus on their needs has made us the default choice for most exchanges looking to implement the Travel Rule. By the end of 2021, I expect the majority of exchange to exchange transactions globally to have their risk managed at least partially through Notabene.
6. Privacy concerns
Data privacy and surveillance are always subjects that rightly come up when thinking about KYC and AML. There is also a fundamental paradox between the transparent public aspects of blockchains and the goals of privacy.
Notabene helps our customers manage sensitive data about their internal business operations, including identity data about their customers. Being part of this process is a big responsibility that we take very seriously.
We designed our core architecture around privacy-preserving identity data to ensure the privacy and integrity of our customers’ data and the privacy of their end-users. We do not and will not ever maintain a global identity graph as Facebook or Google do around financial data.
My entire team is very passionate about this data privacy. We all worked together to build the framework for privacy-preserving user-centric identity at ConsenSys’ uPort project. Many of the architectural decisions we have made were specifically to ensure privacy also made our platform much more difficult to develop. We will share more about our approach to data privacy in future posts.
7. A unique international family
My incredible co-founders Alice Nawfal, Ania Lipinska, Andrés Junge, and I worked together before at ConsenSys. There we built the foundational decentralized identity platform, uPort. The technology and ideas that we pioneered at uPort now form the basis for many sizable regional identity initiatives such as the EU’s eIDAS SSI bridge, Spain’s Alastria, and the Inter-American Development Bank’s groundbreaking LACChain project.
Early this year, right before COVID-19 hit the world, the four of us decided we wanted to use our unique experience and knowledge to solve fundamental problems the crypto industry has been facing pretty much since its inception. With its seven nationalities (several dual), our five-member team is global, just like our customers. We are based in New York, Santiago de Chile, Switzerland, and Zoom.
8. We only just started on our mission
The crypto industry is continually changing. DeFi and stablecoins have shown regulators and the financial world that the basic building blocks are soon ready to replace traditional financial products.
Regulators are anxious about money laundering and fraud in these platforms and are already discussing how to apply existing rules to this technology. At the recent V20 event, FATF agreed that they have to work closely with the industry. I spend a lot of time with regulators and industry groups to help solve their concerns in ways that don’t halt innovation.
There is a lot to do if we want to enable everybody to perform crypto transactions with confidence, particularly in an industry as innovative and fast-moving as ours. We are looking for new team members who share our mission to help us get there. In particular, we are looking for technical and operational roles.
Thank you so much to our customers and investors for placing their trust in us and our mission.
We are thrilled to announce a significant milestone for Notabene — we have raised $1.765 million in venture capital led by Castle Island Ventures, joined by Green Visor Capital, Lynett Capital, Dialectic, Pardon Makumbe, and more.
This seed round brings our total funding to date to $2.3 million with some of our early supporters including Y Combinator, Signature Ventures, Joachim Sonne, and others.
We are also excited to welcome Matt Walsh of Castle Island Ventures to the Notabene Board of Directors. Matt explains why they invested in us:
Regulatory compliance has been a barrier to entry to public blockchain assets for most financial services firms. The Notabene team has built a best in class solution that is the safest and most convenient way to immediately address these compliance requirements.
Lou Forster from Green Visor Capital adds:
Green Visor believes that compliance in the entire cryptocurrency ecosystem will be a growth area. As cryptocurrency and blockchain solutions are developed for more and more use cases, regulatory authorities will focus keenly on the sector and will demand guardrails, disclosure and oversight. Notabene is well-positioned to develop tools to address the regulatory concerns whilst influencing the regulatory process itself.
We are incredibly excited to work with these great investors and have already benefited from the great insight and experience they bring.
1. The promise of regulatory clarity is opening crypto to the world
This year, we have seen a remarkable resurgence of interest in virtual assets by central bankers, regulators, and institutional investors. Despite that interest, adoption is still only just starting to happen more broadly. Traditional-finance actors have most often noted a lack of regulatory clarity and trust in transactions preventing broader and faster adoption.
The global Anti-Money Laundering watchdog, FATF, recently started to change this by introducing the first global regulatory framework for crypto assets. It consists of extending existing rules for financial service firms to the crypto industry. Major economies are currently implementing these rules locally by introducing new licensing regimes for crypto businesses.
One of the most challenging requirements is the “Travel Rule”, which requires businesses to exchange customer information when performing transfers between an originator and beneficiary customer.
The Travel Rule is not new and has been a foundation of most traditional payment systems such as SWIFT since the 90s. Implementing it will not only allow crypto businesses to receive operating licenses but will also open up banking relations with traditional financial service firms. This can have a serious positive business impact.
Complying with these new rules is quickly becoming a major competitive advantage. One of our clients, Wirex, is the first crypto native platform to have received MasterCard principal member status. Wirex CEO Pavel Matveev says:
One of Wirex's key value propositions to customers is remaining secure and compliant with any regulatory changes, including the Travel Rule. The simple fact is that Travel Rule compliance will be a must for companies like Wirex going forward. In Singapore, it's already a requirement and we are working with local providers to integrate Travel Rule compliance there. Likewise in the US, Wirex is regulated as a Money Service Business with Fincen, and we are exploring solutions to ensure compliance with Fincen rules. Regulatory compliance is a top priority for us, as ultimately it ensures we can continue to provide quality services to our customers.
2. How we are helping crypto businesses today
We started Notabene with a mission to give people and businesses more confidence in crypto transactions. Our CEO, Pelle Braendgaard, explores our mission and product vision in this blog post.
We take a holistic view of managing the regulatory risk of crypto transactions. Our current offering consists of a unified API and dashboard helping compliance officers within crypto businesses to manage risk for both Travel Rule and non-custodial transactions. We provide our customers with access to the widest reach of crypto businesses for them to interact with. Notabene does more than simplify compliance for them. We also bring more confidence to transactions on their platforms - ultimately helping them grow the number of their transactions and, thus, revenue.
We believe in the importance of data privacy and are deeply committed to it, just like our customers. Our founding team has worked together before at uPort (ConsenSys) to build the framework for privacy-preserving, user-centric identity. We started Notabene bringing this prior knowledge and expertise to help the crypto industry solve these new regulatory burdens the right way - without compromising privacy. We have built our core architecture around privacy-preserving identity data, and customer data is always segregated and encrypted.
Since we launched our product in August, over a dozen companies have started using Notabene for Travel Rule compliance. We have had deep dives with compliance teams at over 100 crypto businesses. This strong focus on their needs is quickly making us the default choice for exchanges looking to implement the Travel Rule. By the end of 2021, we expect a significant portion of exchange-to-exchange transactions to be managed through Notabene.
3. What is next for Notabene
The crypto industry is rapidly evolving, and innovation must be allowed to continue as it already has. However, we need to channel this innovation into safe products that can be used by everyone.
With our current momentum and this new funding, we’re excited to continue simplifying compliance for the crypto industry. The new investment will help us grow our traction among crypto businesses and extend our market to meet the needs of traditional financial institutions. We will also introduce an offering for service providers operating with Defi and layer 2 technologies, as they develop increasingly acute risk management needs.
As we continue to build out our platform, we will be growing our team.
Thank you to our investors, customers and partners for joining us on this journey. It is only the beginning!
Merkle Science, a leading provider of blockchain transaction monitoring and intelligence solutions, has partnered with Notabene to help companies dealing with cryptocurrencies comply with the Travel Rule. Notabene is a compliance platform designed to bridge crypto markets with traditional financial systems. The company helps financial service companies comply with new crypto regulations coming into effect such as the Financial Action Task Force’s (FATF) Travel Rule for virtual asset service providers (VASPs).
What’s the Travel Rule
FATF, a global intergovernmental organization to combat money laundering and terrorism financing, announced in June 2019 that its Recommendation 16 — which relates to the inclusion of sender and beneficiary information during wire transfers — would also apply to Virtual Asset Service Providers on cryptocurrency transactions. This guideline is commonly referred to as the crypto Travel Rule and is currently being implemented and enforced locally by the FATF’s members in their jurisdictions. For instance, the Monetary Authority of Singapore (MAS) has enacted this rule as part of its Payment Services Act, which went into effect on January 28, 2020. VASPs are required to be compliant with this new rule or face consequences including not receiving a license for continued operations in a jurisdiction, receiving fines, or being shut down. To comply, VASPs need to solve for multiple technical and operational challenges:
- Identifying who’s behind a blockchain address, and assessing the risk associated with the transaction.
- If it is a custodial address, performing due diligence on the counterparty VASP.
- Sharing customer information with the counterparty in a secure way.
Why the Merkle Science and Notabene Partnership is Crucial for VASPs
Merkle Science and Notabene have partnered to help VASPs comply with the Travel Rule and local anti-money laundering regulation. Notabene provides a comprehensive travel rule solution for VAPSs, allowing them to easily perform due diligence on counterparties and securely share customer information. Through a product integration with Merkle Science, compliance officers at VASPs who use both services will be able to better assess the risks of counterparty VASPs and blockchain wallets. They would be able to view risk scores in the Notabene platform and set rules to manage these transactions accordingly.
“Complying with local as well as international crypto crime prevention regulations is now a mandatory criterion for VASPs. Our partnership with Notabene is aimed at making regulatory compliance seamless for VASPs and financial institutions. The joint platform will enable organizations to effectively manage high-risk transactions, customize transaction monitoring rules according to local laws, seamlessly download and file STR/SAR reports, and comply with stringent regulatory requirements,” said Mriganka Pattnaik, Co-founder and CEO of Merkle Science, on the occasion.
“Juggling regulatory compliance while enabling growth into new markets is quickly becoming a competitive advantage among VASPs. The new global regulatory framework from FATF is becoming not only a requirement to do business, but also opens up a wider segment of retail and institutional customers. We believe that holistically managing risk around crypto transactions will end up enabling businesses to increase their transaction volume. We are excited to work together with Merkle Science on helping our customers manage regulatory requirements and transaction risk,” explained Pelle Braendgaard, Co-founder and CEO of Notabene, about the potentials of the partnership.
About Merkle Science
Merkle Science provides blockchain transaction monitoring and intelligence solutions for cryptoasset service providers, financial institutions and government agencies to detect, investigate and prevent the use of cryptocurrency for money laundering, terrorist financing, and other criminal activities. Merkle Science is headquartered in Singapore with offices in Bengaluru, Seoul, and Tokyo and backed by Digital Currency Group, Kenetic, SGInnovate, and LuneX.
About Notabene
Notabene helps crypto asset service providers and other financial institutions manage risks around transactions by intelligently combining identity data around their customers and financial counterparties. This allows their customers to implement the new requirements of the FATF Virtual Assets guidelines including the Travel Rule and ownership proofs of blockchain accounts. Notabene is a Y Combinator company and has offices in New York, Zürich, and Santiago de Chile.
FATF's Recommendation 16, informally called the Travel Rule, requires VASPs (Virtual Asset Service Providers) that transact with each other to exchange relevant customer information. However, before they can even begin transferring data and funds, they first have to identify and perform due diligence on each other.
In response to the new regulations, multiple industry groups are building different protocols that focus on secure VASP-to-VASP information-sharing. While much needed, these protocols work under the assumption that all companies will be using the same protocol. We can already see that this single-protocol future is still a long way off, if at all ever possible.
1. Companies are forced to implement multiple protocols to operate in a truly global fashion and interact with any VASP.
Even then, the lack of an overreaching cross-protocol framework still poses critical challenges:
Let’s suppose an Originator VASP wants to send customer information to a Beneficiary VASP.
- How does the Originator know which protocol(s) the Beneficiary supports?
To exchange customer information, the Originator VASP must first figure out if they and the Beneficiary VASP support any common protocols. If they do, then they have to determine each others’ unique VASP identifiers. These are created to enable VASP-to-VASP discovery and establish a secure communication channel. The challenge is that there is not a universal VASP identifier, and protocol-specific identifiers work only within their particular network.
- How does the Originator verify a Beneficiary?
Even when the VASPs find a common protocol and identify each other within that network, to fully comply with the Travel Rule, they’re still required to due diligence each other. Such business-to-business verification often results in a burdensome back and forth between compliance officers that can take up to 6 weeks.
2. Notabene created a free, public-data network for all VASPs, regardless of which Travel Rule protocol they support.
The Notabene Network allows companies to search for counterparties and easily determine which, if any, Travel Rule protocol they are using. It also provides access to relevant business information, helping counterparties build trusted relationships and take first steps towards Travel Rule compliance.
Using Notabene's VASP Network, companies can:
- Create their VASP profile, so it's easily discovered by counterparties
- Search for other VASPs and view their incorporation, licensing and registration information
- Determine which Travel Rule solutions counterparties are using
3. First steps towards Travel Rule compliance with VASP verification
Many businesses worry (and rightfully so!) that complying with the Travel Rule will significantly slow down both incoming and outgoing transactions.
Currently, it takes time and resources to identify and get in touch with a Beneficiary VASP. And after that, compliance officers on both sides are still wrapped up in an endless back and forth to gather the necessary information for accurate risk assessment.
With Notabene's public network, a compliance officer can simply look up a business and quickly access verified information about them. To help perform due diligence even faster, we introduced three verification levels:
- Verified by Notabene: Every VASP that creates or claims their profile has their business details vetted by the Notabene team. After ensuring data accuracy, the VASP receives a "Verified by Notabene" badge. Remember though, while we can verify information about a VASP, it is always up to a VASP to make the decision if they want to do business with them.
We will be adding third-party providers specializing in business identity verification. Contact us if you're interested in this type of partnership.
- Pending Verification: After a VASP creates or claims their profile, we confirm its accuracy. During this time, the VASP has a "Pending Verification" status. If there are any questions or issues, they must be resolved before we provide the "Verified by Notabene" badge.
- Not Verified: This designates a VASP profile that we created based on publicly available data. Because this profile is unclaimed and Notabene cannot fully verify its accuracy, "Not Verified" provides some information but is not at the same level as a fully vetted profile with the "Verified by Notabene" badge.
4. Travel Rule protocols directory
When VASPs create or claim a profile, we also ask them to provide a list of Travel Rule protocols they use and relevant VASP identifiers. This way, an Originator VASP can easily determine which protocol they should use to transfer customer data to a Beneficiary VASP securely.
5. The goal of the free and open VASP directory is to address the challenges of multiple Travel Rule protocols and to build a trusted network of verified crypto businesses.
We hope to bring the community together in efforts of making compliance easier, regardless of the technical solutions each individual company supports.
As the extension of that mission, Notabene’s Travel Rule compliance platform enables a seamless cross-protocol data exchange between VASPs by supporting all major protocols. This allows our customers to not be limited by any one protocol, and send / receive transfer requests with all their counterparties. In addition, companies using Notabene can streamline their counterparty due diligence process even further, beyond the public business information available in the directory. Our platform allows VASPs to securely share private data with each other for further diligence and quickly establish bilateral relationships for Travel Rule transactions.
6. Notabene’s directory is a community-driven initiative.
As you create your profile, contact us with any input or suggestions you may have. We’re looking forward to hearing how we can make it better for you and your business partners.
We invite organizations from the space to partner with us to build a truly global network of crypto companies. Interested? Contact us.
We're excited to announce that Notabene is a part of Y Combinator's Summer 2020 batch! 🎉
At Notabene, we help financial companies comply with the latest crypto regulations that came into effect in June. The urgency in the market and participation at YC made the last three months quite a ride!
Y Combinator is a Silicon Valley-based, globally-known fund that invests twice a year in early-stage startups. Besides financial support, YC offers its portfolio companies advice and resources to help them go from "great idea" to "market-leading business." It's a recipe that's worked well for alumni like Stripe, AirBnB and Dropbox.
These last three months at YC have been invaluable and highly rewarding. We learned first-hand from the founders of top companies like Stripe and Brex, as well as leading investors, marketers, and YC partners. We're beyond grateful for the opportunity and will remember this as a time full of incredible lessons and advice from our group partners: Tim Brady, Aaron Epstein, and Kevin Lin.
During our time at YC, we launched our first commercial product and onboarded key customers - compliance officers at crypto companies. Thanks to our unique technology solution, users are able to comply with the most pressing regulation in the space, the Travel Rule, from day one. Notabene enables digital asset providers to save time and money on complex technical integrations and multi-protocol interoperability challenges. The financial sector spends today $180B on compliance costs. As crypto building blocks continue to gain adoption in the financial sector, we aim to serve the market's compliance needs.
We’ve received great initial feedback from our users and are excited to continue building a platform that helps companies transfer crypto assets in a compliant way. We believe this will fuel the growth of the industry and bring crypto to the world's financial markets.
YC has been a special experience and with a clear roadmap ahead, we’re excited to see what the future brings 💚.
It’s been a year since the FATF (Financial Action Task Force) released comprehensive guidelines for crypto companies to implement anti money-laundering processes for virtual asset transactions. In July 2020, FATF recognized in its annual review (we summarized it for you here) that many companies have demonstrated willingness and effort to implement the Travel Rule into their day-to-day business.
1. Travel Rule brings many challenges into the crypto world.
While the crypto industry has made significant stride toward proposing technical solutions for the Travel Rule, crypto companies still face many challenges when it comes to implementation of the guidelines:
- Lack of interoperability between protocols: Multiple Travel Rule protocols lead to interoperability issues where one VASP (Virtual Asset Service Provider) cannot transact with another because they’re supporting different protocols.
- Time spent on integration: Companies need to spare weeks of development effort to integrate with a protocol and maintain it over time. As a consequence of the issue mentioned above, many companies might be forced to implement more than one protocol. This leads to a lot of development resources spent on compliance, which otherwise could have been spent building the core business product.
- Change of internal processes and user flows: In many cases, Travel Rule implementation forces companies to introduce significant changes to their user flows. Until there are Travel Rule solutions broadly adopted, it’s difficult to predict at this point how seriously those changes will impact businesses’ internal processes and user experience.
- Waiting on the sidelines: High implementation costs lead to a situation where VASPs are waiting on the sidelines to see which solution other VASPs will choose. Obviously, no one wants to invest in implementing a protocol that no one else uses. This is an issue because it delays compliance with the Travel Rule.
- Pressure from local regulators: The challenges above are causing delays in adoption. Local regulators in multiple jurisdictions are starting to pressure companies to move forward with integrations and prove that they are working towards Travel Rule compliance.
2. Notabene’s TR:Now as a jumpstart towards compliance
To help companies overcome challenges related to implementation of the Travel Rule, Notabene built TR:Now, a lightweight email-based solution that helps VASPs comply from day one.
TR:Now consists of sending Travel Rule requests to any VASP via email, regardless if they have implemented the Travel Rule or not. The counterparty VASP can then access IVMS-101 Originating Customer information via a secure dashboard. We built TR:Now based on demand from compliance teams to start testing Travel Rule flows within their systems and to show regulators that they are taking steps toward compliance.
This lightweight solution has the following benefits:
- No need to decide on a protocol yet
TR:Now does not require companies to be on a protocol yet, so it solves the chicken/egg problem of implementing the Travel Rule. VASPs can start securely exchanging data between each other regardless of which protocol they use or if they don’t use any protocol.
- Easy jumpstart to future protocol integrations
The originating and beneficiary customer data is stored in IVMS101 format (industry technical standard), and securely saved on the dashboard. This solution acts as a bridge to the TRP protocol and OpenVASP.
- Fast onboarding, no technical work required
To use TR:Now, compliance officers just need to create their VASP’s profile and they're ready to go. There is no need to involve developers to implement APIs into the backend or make changes to existing user flows.
- First step towards compliance
TR:Now allows compliance officers to test and learn about the potential impact of the Travel Rule on their daily operations and user flows. It already comes with built-in counterparty verification, helping compliance teams perform due diligence on other VASPs. By using TR:Light, they familiarize themselves with these new processes and can start planning ahead how to create more seamless flows for their business. In addition, this could serve as proof to local regulators that a VASP is taking its first steps towards Travel Rule compliance.
If the challenges above sound familiar, contact us to learn more about TR:Now.
It has been one year since the Financial Action Task Force (FATF) released a global regulatory framework for the crypto industry. The Guidelines for Virtual Assets and Virtual Asset Service Providers (VASPs) was released in June 2019. One of its most notable requirements is Recommendation 16, the so-called Travel Rule. The guidelines also required that jurisdictions implement AML/CFT regimes in accordance with FATF’s guidelines, including the registration or licensing of VASPs.
On July 7th 2020, FATF released a report containing a 12-month review and assessment, measuring implementation of these guidelines by jurisdictions and the private sector. The release of the report followed a virtual Plenary meeting held by the FATF on June 24th, 2020. In the review, the travel rule is highlighted as “the issue of most focus in terms of VASPs’ compliance with the revised FATF Standards.” What were the key findings of this review, and what does it mean for compliance teams in the crypto industry?
Below is a short summary outlining high-level take-aways and what’s next from FATF, in addition to implications for your business.
Summary of the 12-month review
- The 12-month review was prepared by FATF to measure the implementation of the revised Standards that it introduced in 2019 by both jurisdictions and the private sector. It also covers any changes in risks, typologies and market structure of the virtual asset industry.
- FATF reports that there has been marked progress by jurisdictions in the implementation of a regulatory regime for virtual assets, with 35 out of 54 reporting jurisdictions having implemented the revised FATF standards. 32 of these jurisdictions introduced a regulatory framework for crypto businesses, with the majority by method of new legislation. A large number of these regulations apply to VASPs that operate in their jurisdictions but who may be domiciled in other jurisdictions. So far, 20 jurisdictions have reported a total of 1,133 registered or licensed VASPs.
- The FATF review highlights that there has been increased readiness by the private sector for travel rule compliance, with the emergence of multiple travel rule solutions as well as technical standards to facilitate interoperability.
- Many issues were raised by jurisdictions and the private sector during the implementation of the regulatory framework. These include specific concerns with implementing the Travel Rule, like the identification and due diligence of VASPs in a timely manner, as well as broader concerns with how to deal with non-custodial wallets and stablecoins.
What’s next from FATF?
Going forward, FATF expects all of its members and its broader global network of FATF-Style Regional Bodies (FSRBs) to have fully implemented these guidelines by June 2021. While FATF has deemed that at this point there is no need to update its existing Standards, it will be providing additional Guidance to the industry by October 2020 (mainly in response to the concerns raised in the report). It will also continue its engagement with the private sector through its Virtual Assets Contact Group.
Finally, the FATF will continue to closely monitor the risks posed by stablecoins and anonymous peer-to-peer transactions via non-custodial wallets. Should there be substantial changes in market trends, it may choose to revisit its guidelines.
What does this review mean for your business?
If your business is a VASP, it is recommended that your compliance team:
- Assess which jurisdictions that you are incorporated in or operate in require that you are regulated. If you are not yet regulated, you need to determine how to become compliant and if there are licensing or registration requirements. If you are in doubt whether you need to be regulated, contact the local regulators for more information. Please note that requirements may change across jurisdictions, and you will have to keep up-to-date with the latest requirements.
- Start early (if you haven’t already) implementing comprehensive AML/CFT policies in line with your regulating jurisdiction’s guidelines.
- Implement the travel rule as soon as possible. The travel rule requires changes to current compliance processes and flows. It is recommended that the compliance team start testing early and accommodate these changes into current processes, so that the impact of the travel rule on your daily operations is minimized.
- Perform an internal ML/TF risk assessment of existing and new products, in particular if they are of a cross-border nature or have been highlighted as sources of potential concern (eg stablecoins, non-custodial wallets). For new products, these risks are best addressed before their launch.
In June 2019, the Financial Action Task Force (FATF) released a global regulatory framework for the crypto industry. One year later, on July 7th 2020, FATF released a report containing a 12-month review and assessment that measures implementation of these guidelines by jurisdictions and the private sector.
To read a summary of the report, check our blog post: “Time is running out to implement the travel rule, says FATF in its 12-month review”.
In this review, FATF found that there has been substantial progress made by jurisdictions in implementing the revised FATF standards. It is important to note that these assessments are based on members’ self-assessment and not any official FATF assessment. It also found that the private sector has made progress in working on the travel rule, but will need to focus on implementation and interoperability going forward.
Marked progress by jurisdictions
35 out of 54 reporting jurisdictions have now implemented the revised FATF standards. Of these, 3 jurisdictions have prohibited VASP operations altogether. Meanwhile, 19 jurisdictions have not yet implemented a regime, and wide variation exists in terms of progress. 2 out of the 19 plan to prohibit VASP operations, and 4 are still undecided. The below chart outlines the state of implementation across jurisdictions.
Among the 32 jurisdictions who decided to regulate VASPs, it is noteworthy to point out that implementations vary across:
- A majority introduced new legislation for virtual assets. However, a smaller number of jurisdictions decided to extend current existing AML/CFT guidance to cover VASPs.
- No common terminology exists for virtual assets and VASPs among these jurisdictions, with at least 11 different terms reported for VASPs.
- 18 jurisdictions have introduced registration requirements, and 12 have introduced licensing regimes. These requirements generally apply to VASPs who are incorporated in their countries, but also apply in many cases to VASPs selling products/services in their jurisdictions even if incorporated overseas (18 VASPs) or VASPs operating from their jurisdiction (20 VASPs). So far, 20 jurisdictions have reported a total of 1,133 registered or licensed VASPs.
- 15 jurisdictions have started conducting on- and/or off-site inspections of VASPs and 8 reported that they have already imposed sanctions on VASPs for noncompliance with existing guidelines.
These emerging complex and non-uniform regulatory landscapes present challenges for VASPs looking to be regulated.
Increased readiness by the private sector for Travel Rule compliance
The FATF acknowledges progress by the private sector in developing comprehensive technological solutions for the Travel Rule, but notes that none is yet widely adopted. This has delayed the introduction of travel rule guidance by jurisdictions, with only 15 jurisdictions having implemented the travel rule. However, FATF believes that jurisdictions should not wait any longer to fully implement AML/CFT obligations for VASPs, including the travel rule, and calls on the industry to “redouble its efforts towards the swift development of holistic technological solutions encompassing all aspects of the travel rule”.
FATF is technology-neutral, and is supportive of industry efforts to develop technical standards like messaging standards that allow interoperability among the different solutions.
What happens next?
Going forward, FATF expects all of its members and its broader global network of FATF-Style Regional Bodies (FSRBs) to have fully implemented these guidelines by June 2021. It also expects the virtual asset industry to be compliant with the travel rule. FATF will be releasing additional guidance by October 2020 to shed light on any issues that have arisen in implementation.
In June 2019, the Financial Action Task Force (FATF) released a global regulatory framework for the crypto industry. One year later, on July 7th 2020, FATF released a report containing a 12-month review and assessment that measures implementation of these guidelines by jurisdictions and the private sector.
This report highlights a number of issues that regulators and representatives from the private sector have raised during implementation and asked for greater clarity and guidance on them. We have summarized these issues below. To shed more light on these issues and how to resolve, FATF is likely to introduce additional guidance by October 2020.
1. Definitions in the FATF guidelines
- Increased guidance on the definition of virtual assets - For example, stablecoins can be categorized as traditional financial assets but built with virtual asset technologies. Under which AML/CFT regime should they be regulated?
- Clarification on the scope of VASP activities (eg safekeeping and/or administration of virtual assets) - This can help increase consistency across jurisdictions in terms of which companies are regulated as VASPs.
2. Transacting with non-custodial wallets
- Gap in tracing illicit flows of crypto - Some jurisdictions raised concerns that if non-custodial wallets remain unregulated, they may represent “a leak in tracing illicit flows of virtual assets”. However, FATF has reported that currently there isn’t sufficient evidence that they present a lot of risk and will continue to not cover them for the time-being.
- Anonymous P2P transactions are a concern - If a ‘privacy coin’ gains wide mass adoption, then FATF will study the prevalence of non-custodial wallets associated with it and reassess whether this constitutes a threat to existing ML/TF regimes.
3. Identifying VASPs for registration and licensing
- Many jurisdictions are requiring the regulation of VASPs not only incorporated in their countries but also operating there or selling services to their citizens. Some jurisdictions have reported challenges identifying which VASPs should be regulated and by whom.
- In particular, they are interested in what approach they should take with VASPs operating from overseas but selling to their citizens. They are interested in identifying who the ‘right’ regulatory authority is for these VASPs, especially if they were decentralized and had no home country.
4. Travel rule implementation
- Identifying counterparty VASPs and performing due diligence in a timely manner remains a challenge. In particular, concern has been raised about difficulty in identifying if a VASP is registered / licensed by a jurisdiction with adequate AML/CFT regimes. A proposed way forward is a ‘global list of VASPs’, but in theory is difficult to implement due to a number of reasons, including maintaining accurate and secure information and who governs and supervises this list.
- Concerns with how to deal with transactions with non-custodial wallets - There are challenges identifying whether a wallet is non-custodial. VASPs would like more clarity on whether they are allowed to transact with non-custodials, and what AML/CFT requirements they should put in place to mitigate risks.
- Guidance on frequency and timeliness of travel rule information sharing - Some VASPs requested whether they can do batch data submission of transfers, submit travel rule data at a later time (end of day, in 5-6 days) instead of immediately, and whether they have to do travel rule for past transfers.
- Interoperability of travel rule solutions - Common messaging standards will need to have built-in flexibility to accommodate for changes in privacy or AML/CFT standards across jurisdictions
- Sunrise issue - VASPs are not sure yet how to deal with VASPs in jurisdictions that do not yet mandate travel rule guidelines.
On July 3rd 2020, Malcom Wright, Co-Lead of Global Digital Finance’s working group for the travel rule (“Joint Working Group for interVASP Messaging Standards”), wrote this article about the Travel Rule. In it, he describes the “Travel Rule Discovery” problem. Basically, how can an originator VASP know which Travel Rule protocol the beneficiary VASP is using? In the article, the proposed solution is to build a “Global List of VASP” (GLoV) which is a centralized registry that maps a “Common Shared VASP Code” (or GLoV VASP Code) to some VASP information, mainly which Travel Rule protocols they support. This solution, in our view, has the problem of being centralized, which could make it difficult for all VASPs to be part of.
Our founding team at Notabene comes from the Self-Sovereign Identity industry, and believe a simple decentralized solution can be built under those principles.
1. Notabene's protocol-agnostic solution
In the article, Notabene is named as an alternative solution to OpenVASP, TRP, Shyft and Sygna. In fact, we do not offer our own protocol but take a “protocol-agnostic” view. We support (or will support) many of the protocols named. VASPs who use Notabene will be able to send and receive Travel Rule information using any of the available protocols, starting with OpenVASP and TRP.
Regarding a solution to the Travel Rule deadlock problem, we propose a decentralized solution using a DID for every VASP. Every VASP can then describe in its DID Document which protocol they support and the particular parameters for it. We also propose to use Verifiable Credentials (VC) as a standardized way to manage trust and knowledge information (KYV) between VASPs.
This decentralized approach can lead to faster adoption by VASPs, since VASPs can “onboard” to the system by themselves, without asking permission from anyone, apply to anything or pay any fee.
2. VASP DID as common shared VASP identifier
Our proposal is to use VASP DIDs as a commonly shared identifier for VASPs. DID stands for “Decentralized Identifier”. It’s a standard that is being developed by the W3C, and is currently being used by many organizations and financial service companies around the world including Microsoft and MasterCard. As described in the W3C standards,
DIDs are URLs that associate a DID subject with a DID document allowing trustable interactions associated with that subject.
Every DID can be created independently by any VASP, without the need for coordination. There are many DID methods available so VASPs can choose which one fits best for them. All of them are interoperable by design. Some examples of VASP DIDs can be the following:
did:ethr:0xE6Fe788d8ca214A080b0f6aC7F48480b2AEfa9a6
did:sov:CYQLsccvwhMTowprMjGjQ6
did:web:exchange-b.com
3. Implemented travel rule protocols on DID Document
Every DID “resolves” to a DID Document. The information on the DID document is controlled by the DID subject (the VASP in this case), and the way to define it and update it is specific to the DID method. The DID documents can have many “service” endpoints which describe services on how to interact with the DID subject. We propose to use this mechanism to describe which protocols a VASP supports and how to access them.
An example DID Document can be the following:
In this example, the VASP identified by the DID did:example:123456789abcdefghi has implemented the OpenVASP and TRP protocol. The DID also defines the end points used to interact with them. In the case of OpenVASP, it points to the OpenVASP’s VASP Code which can be used to get the keys and start a session. In the case of TRP, the endpoint is the base endpoint for the TRP /address-query and /transfer-notification. The public keys for TRP can also be published in the DID Document (there is a publicKeysection for it).
4. Proposed flow
The flow in Malcolm’s article would change to look something like this:
- Customer A of Exchange A wants to send Customer B of Exchange B 1 BTC
- Exchange A supports Sygna, OpenVASP, and TRP
- Exchange B supports Shyft, and OpenVASP
- Customer B provides their name and VASP DID to Customer A
- Customer A provides Exchange A with the VASP DID that resolves to a DID document to see which protocols Exchange B supports (and the parameters of the protocol, like encryption keys).
- Exchange A then asks Customer A to request any additional proprietary information from Customer B (such as an OpenVASP VAAN), or wallet address
- Customer B supplies the information to Customer A, who provides it to Exchange A
- Exchange A then uses the common protocol information (OpenVASP in this example) to transmit the required information on Customer A to Exchange B.
This flow does not require any central service or database. It still has the problem that Customer A needs to ask Customer B for information twice: first the VASP DID, then the proprietary protocol routing information. There are possible ways to solve this, but are out of the scope of this proposal.
5. Know your VASP (KYV)
The last point of Malcolm’s article is about the need for VASPs to trust each other. In the case that every VASP is identified by a VASP DID, then the W3C Verifiable Credential standard will help to create VASP Credentials that can be transmitted and shared to ease the bi-directional KYV process.
We will discuss this in the relevant GDF working groups.
Today we are launching Notabene, a new crypto compliance platform for the financial industry. Notabene combines our expertise in financial markets and privacy-preserving systems to enable the industry to solve its most pressing challenge - regulatory compliance.
Our platform enables businesses to comply with new financial reporting requirements more efficiently, broadly known as the Travel Rule. These critical requirements are part of the new worldwide regulatory framework for Virtual Assets Service Providers (VASPs) from FATF, the global anti-money laundering watchdog.
June 24th marks the deadline for national regulators to put in place this new regulation. For crypto businesses, this means increased regulatory scrutiny and a need to comply with rules at the risk of severe penalties that could include both steep fines or even the loss of operating licenses. Our new product enables businesses to more easily adhere to the Travel Rule without any interruption to existing business operations.
1. Why You Should Care About the Travel Rule
Put simply; the Travel Rule requires financial institutions participating in a transaction to exchange both relevant beneficiary and originator KYC (know-your-customer) information.
Also known as the Wire Transfer Rule, this regulation was initially created for banks transferring funds on behalf of their customers. While this worked well for traditional financial systems, modern blockchain solutions make it impossible to adequately implement this rule for three main reasons:
- The pseudonymous and permission-less nature of existing blockchains makes direct implementation impossible
- No standardized frameworks exist for establishing trusted relationships between industry players
- There are no existing technical solutions that can be easily adopted and scaled to meet the requirements of the Travel Rule
Over the past year, several industry groups and bottom-up initiatives have proposed a variety of protocols for solving the Travel Rule. This proactivity was welcomed by regulators, but the diversity of solutions creates confusion for companies looking for the best fit.
If implemented correctly, we see the Travel Rule as a competitive advantage for companies. It would optimize their revenue generation by building better relationships with a variety of partners (including banks). In contrast, failure to implement could seriously damage business operations and increase regulatory risk.
2. A Turning Point for Crypto
Cryptocurrencies and their underlying blockchains are at a turning point and ready to become more mainstream. As the technology continues to mature, use-cases are also becoming more apparent.
Fintech companies and institutional players are already building with the technology and getting ready to reap its many benefits and opportunities.
Since its infancy, our industry has had regulation and compliance hanging over us. However, some companies, operating in proactive countries like the US where regulatory systems were developed early, have used compliance as a competitive edge, and are now market leaders.
The presence of this new global regulatory framework regardless of jurisdiction is a game-changer for the industry. This framework provides a framework for existing crypto companies to become regulated and work with traditional financial institutions. At the same time, it allows traditional financial institutions to safely work with cryptocurrencies and public blockchains.
The framework still has to be translated into local law in many places around the world. But at least national regulators now know how to start applying the rules locally, instead of having to understand the technology from scratch.
If you ask banks and regulators how crypto should be regulated, they have always said just like the traditional institutions. But, crypto is very different from traditional banking systems. The underlying blockchains are permission-less and public. Traditional core-banking software and customer due diligence processes are hard to fit on top of this new technology.
3. How Notabene Solves the Travel Rule
The Travel Rule affects how your customers send or receive funds from your service. We built this product to minimize the impact of the Travel Rule on day-to-day business operations.
The primary reason for the Travel Rule is that it finally allows compliance officers to take a risk-based approach for analyzing incoming transactions and accept or decline them.
We provide compliance officers with a simple dashboard allowing them to monitor incoming and outgoing transactions and set rules for approving them automatically.
The dashboard also allows compliance officers to:
- Set compliance rules
- Automate transfer request handling
- Manually accept/decline transfer requests
Notabene allows you to start integrating the Travel Rule into your compliance workflow while avoiding concerns about new protocols. We are protocol and blockchain agnostic and will support the major protocols and blockchains within the industry.
4. Notabene Helps Build Trust Between Crypto Businesses
A significant change to how you do business will be that you now need to work more closely with other crypto businesses.
When you receive an incoming transfer request from Mr. Smith at Exchange A, how do you know that Exchange A performed proper KYC on Mr. Smith? Is the exchange even a legitimate one? Are the operators on a government sanctions list?
When you send a transfer request from Mrs. Jones to Mr. Smith at Exchange A, do you trust them with your customer’s private data?
These questions are all new for an industry built on decentralized, trust-less payment systems. Traditional banks solve this through a combination of licensing and trust frameworks like within payment associations like SWIFT and Visa. To manually perform due-diligence on another institution can be an expensive, time-consuming process.
Notabene takes a decentralized identity approach to this. When you receive an incoming transfer request from an unknown business, we present you with up-to-date information about the business. Where are they incorporated, registered, and licensed?
Businesses create profiles for themselves with a mixture of self-reported information and company details verified by us and others. These profiles are continuously updated.
Notabene’s system allows compliance officers to rapidly perform due-diligence, monitor changes, and even directly ask the compliance officer on the other side for additional information required. This leads to a massive reduction in due diligence costs, making it easier to establish bilateral relationships with new business partners.
5. Simple API Based Integration for Back- and Front End Systems
We provide a straightforward REST and GraphQL API, allowing your developers to integrate it into your flow. Because your customer fronting interface might require some changes, we also provide a simple JavaScript API making implementation painless.
Most of the protocols require special nodes to be running for sending and receiving transfer requests. We manage these nodes, so you don’t have to set up and maintain them yourself.
At launch, we support the OpenVASP protocol and the InterVASP IVMS-101 messaging standard. OpenVASP is an industry-led open protocol for the transmission of transaction information between VASPs and other parties. Its founding members include Bitcoin Suisse, SEBA, Sygnum, and Lykke. OpenVASP already has a vibrant multi-vendor ecosystem, and Notabene has joined the OpenVASP Association as a technology partner
David Riegelnig, Head Risk Management of Bitcoin Suisse and President of the OpenVASP Association, says
"We are excited that Notabene is joining OpenVASP as an implementation partner. The industry is in need of a turnkey hosted solution so companies can easily comply with the new rules. In addition, Notabene's trust framework seems a promising solution to help VASPs with due diligence efforts of their counterparties."
Based on demand and readiness, we will also support the following protocols shortly: TRP, PayID, TRISA, and BIP-75
6. What about non-custodial wallets?
When the FATF guidelines were released in 2019, there was fear that a 2 class blockchain world would be created - one for regulated entities and one for users managing their own keys.
Luckily, regulators have been clear that they don’t want this to happen. Businesses will, however, have to take an extra step that wasn’t necessary before. They must now be able to prove that any transaction going to a non-Travel Rule account belongs to their customer.
We offer our customers a way of integrating account ownership proofs for non-custodial wallets into your compliance flow.
We can also help non-custodial wallet developers add a Self-sovereign Identity Verification flow to their wallets, allowing their users to easily onboard with regulated businesses.
As the first official “Identity Issuer” for the Concordium blockchain, we are already providing this solution for its users. "Concordium is designed from the ground up for regulatory compliance," says Lone Fønss Schrøder, Concordium's CEO. "Notabene helps with identity verification at the protocol level. Using zero-knowledge proofs, our users are able to verify their identity using the blockchain without sharing any private information.”
7. Our Team
The Notabene founding team consists of Pelle Braendgaard as CEO, Alice Nawfal as COO, Ania Lipinska as CPO, and Andrés Junge as CTO. Based in New York, Zug, and Santiago, the team worked previously together at uPort, ConsenSys’ Ethereum-based, decentralized identity protocol.
Pelle and Andrés were uPort co-founders as well as founders of early bitcoin startups (Kipochi, Mondome, Yaykuy, and 37coins). Several of their early bitcoin companies were affected by the lack of a proper crypto regulatory framework.
As part of our work at uPort, we pioneered many of the core concepts of user-controlled data and self-sovereign identity currently being deployed. Recent examples are the European Union’s eIDAS SSI initiative, the Inter-American Development Bank's LACChain initiative in Latin America, and Alastria in Spain.
Notabene Is built on a deep commitment to data ownership, privacy, and security.
8. Work with Notabene for Travel Rule Compliance
Over the summer, we will expand early access within Notabene. If Travel Rule compliance is critical to your business, let’s connect.
Read more about the Travel Rule and its national implementations here.
What is the Financial Action Task Force (FATF) and what does it do?
Virtual Assets and VASPs (Virtual Asset Service Providers): What are they?
What is the Crypto Travel Rule?
What Is Anti-Money-Laundering (AML) and How Does It Apply to Crypto?
What is Counter-Terrorism Financing (CTF), and how does it apply to Crypto?
What is KYC in Crypto, and why do crypto exchanges require it?
FATF's Final Guidance for Virtual Assets and VASPs
What is the Sunrise Issue?
Travel Rule compliance challenges and opportunities for VASPs
What Are Travel Rule Messaging Protocols?
How Can VASPs Ensure Travel Rule Compliance During Transactions With Unhosted Wallets?
How Decentralized Identifiers (DIDs) are Shaping the Crypto Travel Rule Infrastructure
What Is Counterparty Crypto Wallet Identification & How Does It Work?
VASP Due Diligence: Establishing Trust in Counterparty Sanctions Screening
Six Reasons VASPs Are Investing in Travel Rule Solutions Right Now
Ten Interoperability Tips for VASPs
Travel Rule Implementation by jurisdiction
The Current State of Crypto Travel Rule Enforcement [April 2023]
Which VASPs are Currently Travel Rule compliant?
Travel Rule Compliance in the European Union: An In-Depth Analysis
Notabene vs. FATF's Travel Rule Compliance Tool Criteria
Travel Rule Compliance in the European Union: Summary
FATF Travel Rule Requirements in the European Union
FATF Travel Rule Requirements in Singapore
The State of Crypto Travel Rule Compliance Report 2024
The Crypto Pre-Transaction Decision-Making Guide
FATF Travel Rule Requirements in Canada
FATF Travel Rule Requirements in Malaysia
FATF Travel Rule Requirements in the Philippines
Notabene vs. Hong Kong SFC’s Compliance Criteria
The State of Crypto Travel Rule Compliance Report 2023
FATF Travel Rule Requirements in Gibraltar
FATF Travel Rule Requirements in Hong Kong
FATF Travel Rule Requirements in Dubai
FATF Travel Rule Requirements in Japan
FATF Travel Rule Requirements in the United Kingdom
Crypto Travel Rule 101 Guide
FATF Travel Rule Requirements in Switzerland
FATF Travel Rule Requirements in Estonia
How Luno Singapore met Travel Rule Regulations using Notabene
Crypto Compliance: Unique Cases and State of Regulatory Landscape in 2022
The State of Crypto Travel Rule Compliance Report 2022
Become an Expert on Travel Rule in the EU
Do you have customers in the EU?
The European Union's Transfer of Funds Regulation, complemented by the European Banking Authority (EBA)'s Travel Rule Guidelines, sets new benchmarks for financial transparency and security requirements for any Virtual/Crypto Asset Service Provider (VASP/CASP) that has customers in the EU.
How does this your company? The answer depends greatly on the unique needs of your business. It's critical that you educate yourself on the specifics of TFR regulation before implementing your Travel Rule program for the EU.
Take the first step by completing our in-depth certification course that will clarify all of the new rules and transform you into a true expert on Travel Rule in the EU.
Course Coming Soon - Sign up to be notified when our comprehensive course on TFR regulation is ready for enrollment.
Notabene Launch Event: SafeTransact for Networks Live Demo
In an era marked by a thriving bull market and increasingly complex regulatory environments, achieving maximum reachability with your transaction authorization solution is more critical than ever. Walled gardens and competing closed networks not only slow your entry into new jurisdictions but can also significantly impact your revenues.
Introducing: SafeTransact for Networks 🌐
SafeTransact for Networks instantly increases reachability for all our customers. It enables existing networks, such as custodial services, settlement, and liquidity providers, to seamlessly integrate multi-party transaction authorizations within their current operations. No more joining multiple Travel Rule protocols or worrying about interoperability. With SafeTransact, businesses gain instant access to all its active members, fostering trust and connectivity across different crypto ecosystems.
We are thrilled to announce that Fireblocks will join us for this event. As a leader in digital asset custody and security, Fireblocks will share insights from our partnership and their perspective on the future of custody infrastructure and payments. Discover how integrating compliance into their network has benefited them and how SafeTransact for Networks can further enhance your operations.
Live Demonstration Highlights
- SafeTransact for Networks: Extend the power of SafeTransact to your entire network, boosting reachability and transaction volumes while staying compliant with international regulations.
- New Capabilities: Enjoy enhanced support for multiple counterparties, expanded use cases beyond the Travel Rule, and leverage our innovative decentralized Transaction Authorization Protocol (TAP).
- 2024 Travel Rule Milestones: Learn how these updates align with the December 30th deadline for TFR compliance in the EU.
This live event was held on June 27, 2024. To watch the recording, fill out the form on this page and you will be redirected to the video.
Insights From the State of Crypto Travel Rule Compliance Report 2024 — APAC
Register for this on-demand webinar to dive into the latest crypto compliance challenges and insights, featuring key findings from Notabene's "State of Crypto Travel Rule Compliance Report 2024."
Our in-depth exploration will highlight the current compliance landscape, drawing on a comprehensive industry survey to share exclusive proprietary knowledge.
Topics include:
Principal insights from the industry survey
Overview of key regulatory developments in 2023 crypto
Analysis of prevalent compliance challenges
Evaluation of stakeholders poised to address these challenges
Global compliance metrics and due diligence protocols among VASPs
Strategies by VASPs for managing non-compliant transactions
Join us to gain a thorough understanding of the Travel Rule adoption in crypto and prepare your organization for success in 2024.
Insights From the State of Crypto Travel Rule Compliance Report 2024 — EMEA / Americas
Dive into an in-depth exploration of the latest compliance challenges and insights in crypto Travel Rule adoption, featuring key findings from Notabene's "State of Crypto Travel Rule Compliance Report 2024."
Drawing on a comprehensive industry survey, we will provide an extensive overview of the current compliance landscape and share exclusive proprietary knowledge.
This webinar covers:
Principal insights from the industry survey
Synopsis of significant regulatory developments in crypto for 2023
Analysis of prevalent compliance challenges
Evaluation of stakeholders poised to tackle these challenges
Global compliance metrics and due diligence protocols among virtual asset service providers (VASPs).
Approaches adopted by VASPs for managing non-compliant transactions, and much more.
and much more.
Enter your information to watch this webinar on demand.
Notabene Launch Event: Preparing Your Business for Mass Travel Rule Adoption in 2024
Join us for the Notabene Launch Event, where we're unveiling pioneering solutions to tackle compliance complexities, and prepare your business for mass Travel Rule adoption in 2024.
As Travel Rule adoption reaches its inflection point, navigating its implementation across various jurisdictions, or meeting the rigorous demands of handling unhosted wallets presents a formidable challenge for companies of all sizes.
This virtual event showcases pressing compliance issues in 2024 with insights and strategies to keep your organization ahead of the curve.
Here's what you can expect:
Unlock exclusive insights from Notabene’s report on the State of Crypto Travel Rule Compliance, revealing the urgency of adoption this year. 🔒
Discover how Notabene is the only solution on the market that allows you to maintain your global reach while complying with local regulation anywhere in the world.
How Notabene supports over 300 wallets to address growing regulatory requirements for unhosted wallets.
Dive into handling compliance and Travel Rule for all real-world transactions and counterparty types. Addressing the fallacy of existing Travel Rule protocols.
Don't miss this exclusive Launch Event where Notabene provides invaluable guidance and pragmatic solutions to navigate the compliance landscape of 2024.
Pre-Transaction Decision-Making in Crypto: Preventing Illicit Activity Before Transaction Settlement
Empower Your Crypto Transactions: Understanding Pre-Transaction Obligations
Join the Notabene team, as we explore the pivotal topic of pre-transaction decision-making in crypto transactions. In this insightful webinar, we will dive into the essential strategies that can help you prevent illicit activity before it occurs in the world of cryptocurrency transactions.
This on-demand webinar covers:
- Strategies to Mitigate Illicit Activities: Learn how to prevent illicit activities before crypto transactions are finalized.
- Crypto vs. Fiat Travel Rules: Understand the critical differences and why early risk management is essential.
- Regulatory Landscape: Explore pre-transaction regulatory obligations with examples from UK guidelines.
- Benefits of Pre-Transaction Decision-Making: Discover how it can enhance your compliance efforts in the crypto space.
- Operational Challenges: Address challenges such as returning funds
- Key Features: Integrations and blockchain authorization flows.
And much more.
Watch on-demand by filling in the form above.
Everything Intermediary VASPs Need to Know About The Travel Rule
Travel Rule flows often involve Intermediary VASPs. It is important to understand what your obligations look like if you qualify as an Intermediary or when you interact with one. In this webinar we examine the definition of Intermediary VASP under different jurisdictions and investigate obligations that apply to these stakeholders.
Spoiler alert: if you are a custodian, this webinar is for you!
Speakers:
Moderator: Lana Schwartzman, Head of Regulatory and Compliance at Notabene
Andrew Price, Chief Compliance Officer at Zodia Markets
Laurent Girouille, General Manage at Komainu
Catarina Veloso, Regulatory and Compliance, Senior Associate at Notabene
Why Travel Rule & Counterparty Risk Management Is Required To Get Your VARA License
Learn how the Travel Rule fits into your Compliance Stack
In January 2023, Dubai’s Virtual Asset Regulation Authority (VARA), provided a detailed framework for regulation with a focus on Travel Rule.
During this webinar, Lana Schwartzman, Notabene’s Head of Regulatory & Compliance, will host compliance experts, as they discuss where Travel Rule sits in the VARA Rulebook and why it is important.
Panelists:
Amardeep Thandi, Compliance & Regulation EMEA, Chainalysis
Tracy Ellen Angulo, J.D., CFE, CAMS, Director, Guidehouse
Laurent Girouille, General Manager, Komainu
Watch on-demand today to find out:
How Travel Rule is required to get your VARA license
How Travel Rule is part of the Compliance/AML stack
What is the global picture for travel rule
What are the main requirements and challenges VASPs should be aware of?
A comparative look at Travel Rule in the USA and Canada
When? 🗓 Dec 7 @ 3pm GMT / 10am ET
When transacting cross-borders, it’s important that VASPs consider any jurisdictional differences in Travel Rule requirements and best practices.
During this Compliance Deep Dive, Notabene’s Lana Schwartzma, Head of Regulatory & Compliance, and Catarina Veloso, Legal Engineer, will compare the approaches to Travel Rule in the USA and Canada.
Our hosts will deep dive into several components of Travel Rule requirements and discuss the key differences in these two regions that all compliance professionals should be aware of.
Travel Rule in Crypto: What all Compliance Officers should Know
Join Catarina Veloso, Notabene's Legal Engineer (and Travel Rule expert), and Tung Li Lim, Elliptic’s Senior Policy Advisor, APAC, as they dive into the real world challenges and opportunities of Travel Rule implementation.
When? 19th October 9am BST / 4pm SGT
This webinar will cover:
The Travel Rule explained
Regulatory Landscape review
FATF’s Targeted Update
Travel Rule implementation
The Pitfalls of Travel Rule compliance
There will be time saved at the end of the webinar for Q&A.
How to Solve the Crypto Travel Rule's Sunrise Issue Today
The Travel Rule, like the sun, rises at different times worldwide. Therefore, the "sunrise period" in crypto compliance refers to the period during which the Travel Rule is not in full effect across jurisdictions, which causes additional challenges for VASPs that are already required to comply. - coining the term Sunrise Issue within crypto Travel Rule compliance.
A growing number of VASPs are receiving requests for travel rule data transfers before they have Travel Rule solutions in place but are still expected to respond. FATF's Travel Rule guidelines stipulate that VASPs should limit or completely restrict transactions with counterparty VASPs that do not reply to their Travel Rule data transfers.
Notabene's Legal Engineer - Catarina Veloso, will host a webinar to help break down what the Sunrise issue actually means, the hindrances that the sunrise period brings, as well as practical solutions that allow compliance teams to overcome these challenges without needing technical resources or budget approvals.
Register today to find out more about:
What is the Sunrise Issue
Operating during the 'Sunrise'
Dealing with the Sunrise Issue - practical solutions
VASPs subject to travel rule requirements
VASPs that are not yet subject to Travel Rule requirements
What Does the FATF Targeted Update on Implementation Mean For You?
Watch on-demand
Three years have passed since the Financial Action Task Force (FATF) extended its anti-money laundering and counter-terrorist financing (AML/CFT) Standards to financial activities involving Virtual Assets (VAs) and Virtual Asset Service Providers (VASPs) to respond to the threat of criminal and terrorist misuse.
On June 30th 2022, the FATF released its' Targeted Update on Implementation of FATF’s Standards on VAs and VASPs’, which provides an overview of areas of progress that countries and the industry have made and continued implementation gaps and concerns.
Join Notabene’s CEO, Pelle Braendgaard and FATF Virtual Asset Contact Group (VACG) Co-Chair, Takahide Habuchi, as they discuss:
- Key takeaways from FATF’s Targeted Update
- Global approach to Travel Rule
- Transactions with unhosted wallets
- Crypto Compliance vs Traditional Finance
Compliance Deep Dive: Travel Rule in the European Union (2022)
In this session, Catarina Veloso covers the Transfer of Funds Regulation and dives into how it impacts Travel Rule obligations for European VASPs. She guides a group of crypto Compliance Cfficers through the European legislative process and the milestones that the Transfer of Funds Regulation has already gone through. Additionally, she touches upon the regulation’s critical provisions around Travel Rule while bearing in mind that all of this is still subject to change.
Register today to dive into, The European legislative process, The European Transfer of Funds Regulation’s key provisions around Travel Rule, and The scope of application, including:
De-minimis threshold
Required PII
Counterparty due-diligence
Sanction screening
Unhosted wallets
Exceptions
+ Much more.
Compliance Deep Dive: Back to the Basics of Travel Rule
In this Compliance Deep Dive session, Notabene’s Legal Engineer, Catarina Veloso, will cover the basics of Travel Rule compliance.
Currently, we see many companies getting started on tackling Travel Rule compliance due to the increasing urgency from both regulators and counterparties.
Hence, we figured that this would be good timing to:
Reiterate the key Travel Rule compliance requirements; and
Demonstrate a Travel Rule flow, from A to Z, using Notabene's platform and with the help of illustrative diagrams.
Navigating Crypto Regulations in Singapore in 2021
2020 marked an instrumental year for crypto companies in Singapore. As they applied for the PSA license, they had to introduce rigorous AML programs and started implementing the Travel Rule. What's next in 2021? A joint webinar brought to you by Notabene and Merkle Science.
Panelists:
Ian Lee - Founding team and VP of Business Development at Merkle Science (Moderator)
Aymeric Salley - Head of StraitsX at Xfers
Julia Chin - Managing Consultant at JFourth Solutions
Pelle Braendgaard - Founder and CEO of Notabene
Navigating Crypto Regulations in the UK and EU in 2021
2021 is a critical year for crypto businesses and financial institutions across the EU and the UK as they grapple with new regulatory requirements. In this webinar, the panelists discuss upcoming trends, potential challenges and areas they'd like regulators to provide insight on. A joint webinar brought to you by Notabene and Merkle Science.
Panelists:
Pelle Braendgaard, Co-Founder and CEO of Notabene (Moderator)
Ian Taylor, Chair of CryptoUK
Jacek Czarnecki, Global Legal Counsel at the Maker Foundation
Lucy James, General Counsel at Luno
Mriganka Pattnaik, Founder and CEO of Merkle Science