NEW YORK, NY March 16, 2022 - Bitstamp, the world’s longest-running cryptocurrency exchange partnered with Notabene to implement its end-to-end solution for crypto regulatory compliance to comply with global Travel Rule regulations across the US, EU and Singapore.

The Crypto Travel Rule, an anti-money-laundering regulation introduced in 2019 by the Financial Action Task Force (FATF), mandates virtual asset service providers (VASPs) to disclose, collect, screen, and transmit customer personally identifiable information (PII) when transacting in crypto asset amounts over a particular threshold. Currently, large crypto exchanges look to employ a comprehensive solution that handles the different jurisdictional interpretations of the FATF Travel Rule–commonly referred to as the Sunrise issue. 

An example of different thresholds and data points set by different regulators is as follows:

• Singapore: The Monetary Authority of Singapore requires the ordering institution to value originator and beneficiary information to the beneficiary regardless of the transaction amount, with further information required exceeding 1,500 SGD. 
• The United States: Financial Crimes Enforcement Network (FinCEN) set a suggested crypto Travel Rule threshold of $3,000. 
• Europe: The European Banking Authority (EBA) set a threshold of EUR 1000, in line with the FATF recommended guidelines. 

Bistamp is one of the largest exchanges to date, and processes a large volume of transactions to countless counterparties daily. In such, Bitstamp required a sophisticated solution that streamlines VASP due diligence, counterparty wallet identification, automates transactions, and routes Travel Rule compliant data transfers to the largest number of VASPs.

Pelle Brændgaard, CEO of Notabene, adds: 

“As a storied exchange with a high volume of global transactions and numerous counterparties, interoperability is crucial for Bitstamp. Bitstamp chose our sunrise-friendly universal end-to-end travel rule solution which features our proprietary protocol switch offering the widest coverage of VASPs globally. Notabene is proud to collaborate with Bitstamp, the world’s longest-running cryptocurrency exchange.”

Julian Sawyer, CEO of Bitstamp comments: 

“Our partnership with Notabene reflects our position as a leader in crypto security. Ensuring investors can trade safely and securely is a key priority for us and today’s partnership will enable us to deliver this to a growing number of traders across different jurisdictions, through the use of Notabene’s pioneering technology. Notabene’s global reach was one of the main reasons we decided to work together so we can roll out our solution to markets around the globe to further support investors.”

About Bitstamp

Bitstamp is the world’s longest-running cryptocurrency exchange, supporting investors, traders, and leading financial institutions since 2011. With a proven track record, cutting-edge market infrastructure, and dedication to personal service with a human touch, Bitstamp’s secure and reliable trading venue is trusted by over four million customers worldwide. Whether through their intuitive web platform and mobile app or industry-leading APIs, Bitstamp is where crypto enters finance. For more information, visit www.bitstamp.net. 

About Notabene

Notabene is a reg-tech Software-as-a-Service solution that turns regulatory compliance into a competitive advantage. Notabene is working to make crypto transactions a part of the everyday economy by providing software, tools, and comprehensive data to manage regulatory and counterparty risks in crypto transactions. Companies leverage our end-to-end FATF Travel Rule solution to identify virtual asset accounts, perform mandated VASP due diligence, and manage global transactions from one dashboard. Trusted by leading exchanges, Luno, Bitso, Crypto.com, and more. Notabene is headquartered in New York with offices in Zug and Santiago de Chile. To learn more, visit www.notabene.id. Download a copy of Notabene’s State of Crypto Travel Rule Compliance Report. 

The ongoing conflict between Russia and Ukraine has resulted in new sanctions being imposed on Russian entities and individuals. Select Russian banks have been removed from the Society for Worldwide Interbank Financial Telecommunication (SWIFT) messaging system, limiting the country's access to global financial markets and international payment systems. 

If the conflict persists, the sanctions list will likely become expansive, and the potential for evasion via crypto may become a more significant threat. Although the extent to which sanctioned parties may turn to crypto is unknown, virtual asset service providers (VASPs) worldwide have begun to rethink how they approach sanctions compliance.

This article covers actions VASPs can take today to block transactions with sanctioned individuals, regardless of their Travel Rule compliance status.

The growing scope of Russian sanctions

As of February 2023, Russian sanction lists have risen to 10,608 individuals, 3,431 companies, and nearly 500 institutions. 

Additionally, the FATF has taken action by suspending Russia's FATF membership. The organization has also issued an advisory urging all jurisdictions to remain vigilant and be aware of current and potential risks associated with efforts to circumvent measures taken against Russia to protect the integrity of the international financial system.

‍

‍

A recent uptick in OFAC designations has shown that VASPs worldwide must rethink how they approach sanctions compliance. On January 18, 2023, the Financial Crimes Enforcement Network (FinCEN) issued its first order pursuant to section 9714(a) of the Combating Russian Money Laundering Act. FinCEN labeled crypto exchange Bizlatzo a "primary money-laundering concern" concerning illicit Russian finance. Days later, the US Justice Department charged Bitzlato with money laundering, and authorities in several countries seized control of Bitzlato's crypto wallets containing over $19 million. 

Compliance with the crypto Travel Rule provides VASPs with valuable information on their counterparties and sanctions insight at the transaction level. This enables them to identify whether their clients are making transactions to sanctioned entities, wallets, or jurisdictions, thus improving their ability to detect and prevent potential legal and financial risks. VASPs adhering to the Travel Rule can more effectively safeguard themselves against such threats.

‍

How FATF's crypto Travel Rule helps to prevent transactions with sanctioned parties

Since 1996, banks have complied with the Travel Rule to block transactions with sanctioned individuals. The original regulation mandated financial institutions to pass customer information in certain fund transmissions involving multiple financial institutions. Banks use know-your-customer (KYC), transaction-monitoring programs, and SWIFT to manage counterparty risk and send/receive Travel Rule messages. 

In 2019, the FATF recommended crypto companies comply with the Travel Rule on or at the time of transactions over $1,000. VASPs currently have AML/CFT processes to identify and sanction screen customers. These programs help them block sanctioned individuals from directly using their products to initiate transactions. 

However, the crypto industry lacks a SWIFT network to identify counterparty VASPs, assess security risks, send Travel Rule data, and block sanctioned transactions. Crypto Travel Rule compliance mitigates counterparty risk at the transaction level.

‍

What does the Travel Rule require crypto companies to do?

The sanctions currently being levied against specific individuals present a prime example of what the Financial Action Task Force's crypto Travel Rule requirements are looking to solve. 

To comply with the crypto Travel Rule, a VASP must:

• Collect and verify their customer's name and further PII based on jurisdiction requirements.
• Collect the counterparty's name and perform sanctions screening.
• Identify and perform due diligence on the counterparty institution (for transactions with custodial wallets.)
• Share the originator and beneficiary customer PII with the counterparty institution, confirm its accuracy, and allow or block the transfer.

‍

‍

As Travel Rule requirements are relatively new for the crypto industry, companies are in different stages of compliance, as detailed in our State of Crypto Travel Rule Compliance Report, published in January 2022. This unequal adherence to the regulation is called the 'Sunrise period,' leaving many companies vulnerable to exposure to sanctioned individuals.

Below, we outline what Notabene customers can do today to block transactions with sanctioned parties. We also share steps not-yet-compliant companies can take to mitigate transactions with sanctioned parties. 

‍

What can Notabene customers do today to block transactions with sanctioned parties?

Travel Rule–compliant crypto exchanges can use tools like Notabene provides to perform counterparty risk management and implement the sanction requirements for counterparties. Notabene customers can effectively identify securely sanctioned counterparties and block ensuing transactions using the features noted in the image below.

‍

‍

To identify counterparty VASPs, perform VASP due diligence, identify counterparty customers, monitor wallet risk scores, and sanction screen at scale, customers can set risk-based rules in our Rule Engine to restrict incoming or outgoing Travel Rule data transfers with VASPs that do not meet their diligence criteria.

By defining these risk-based rules in our Rule Engine to prevent incoming or outgoing Travel Rule data transfers with VASPs that don't fulfill their diligence standards, Compliance Officers can effectively mitigate AML-related counterparty risk by tying this mechanism into the transaction flow.

Customers can use Notabene's Rule Engine to identify other VASPs involved in a transaction, perform VASP due diligence, identify counterparty customers, monitor wallet risk scores, and screen for sanctioned parties at scale. By setting risk-based rules in the Rule Engine, customers can restrict Travel Rule data transfers with VASPs that do not meet their standards. This helps Compliance Officers effectively reduce AML-related counterparty risk by integrating the mechanism into the transaction flow.

‍

‍

How can companies get started if they are not yet Travel Rule compliant? 

Companies not yet Travel Rule compliant begin the following compliance phases:

• Collect counterparty names for crypto transactions.
• Implement Notabene or a similar tool that provides alerts for transactions to sanctioned individuals or high-risk addresses.
• Integrate your sanctions screening and blockchain analytics providers.
• Add a list of high-risk VASPs to Notabene's Rules Engine to flag their transactions for review or automatic rejection. At this point, you can restrict data transfers with high-risk counterparty VASPs, and use the platform for counterparty risk assessment.
• Tie Notabene to your custodian/transaction flow to restrict/block high-risk transactions.
• Begin performing data transfers with counterparty VASPs when ready to comply with all Travel Rule requirements.

‍

Is Notabene creating a SWIFT system for the crypto industry?

Notabene does not believe that a centralized system like SWIFT should control future financial rails for the crypto industry. When power is in the hands of a few, it can be easily misused. Prudence and caution must be exercised at all times. As crypto-native founders, we are proponents of a more open system where no one entity has the capacity to impose a set of blanket restrictions. This is why we've created holistic Travel Rule compliance software to securely route data transfers to multiple networks. In the crypto industry, regulators can set rules, but it's up to licensed institutions to apply the restrictions based on their risk-based approach.

How to get started today for free?

Notabene's Sunrise plan includes unlimited incoming Travel Rule data transfers and a monthly outgoing transaction volume of up to $10K. This plan is ideal for crypto companies just starting and needing to ease into Travel Rule compliance, and it is available at no cost.

‍

{{cta-bookademo="/cta-components"}}

Determining whether a transaction is with another Virtual Asset Service Provider (VASP) is the first crucial step in a comprehensive due diligence process. This assessment is pivotal in understanding whether the counterparty VASP is eligible to establish a business relationship ^[1]. Additionally, this evaluation process helps VASPs avoid transacting with illegitimate and sanctioned actors and ensures that their counterparties can protect the confidentiality of shared Travel Rule information ^[2].

The Counterparty VASP’s due diligence process must consider several factors, such as:

• The robustness of the counterparty's data storage and security framework
• The licensing and registration mandates in the jurisdiction where the VASP operates
• Compliance with the Travel Rule ^[3]

Additionally, this evaluation must occur before any Travel Rule data is transferred ^[1].

‍

The Operational Importance of VASP Due Diligence 

Accurate identification of the counterparty is not just a procedural formality but a necessity for Travel Rule compliance, as the entire anti-money laundering (AML) process hinges upon accurate counterparty identification. The counterparty type unveils the applicable Travel Rule requirements for each transaction.

Travel Rule requirements differ depending on whether the transaction is with an unhosted wallet or another VASP and whether the counterparty VASP operates in the same jurisdiction or a different country. This makes due diligence an even more critical aspect. Although the Financial Action Task Force (FATF) requires VASPs to perform due diligence on their counterparties, it has been noted that pinpointing the beneficiary wallet manager is a technically challenging endeavor ^[4].

‍

Current VASP-to-VASP Due Diligence Process

As crypto transfers are recorded in public ledgers, VASPs treat their wallet address books as confidential information. Revealing wallet addresses would grant competitors and other third parties access to information about the VASP’s business and transactions that would be treated as strictly confidential in the traditional finance world. Because of this, VASPs currently rely on customer input or blockchain analytics providers like Chainalysis, Elliptic, and TRM to determine whether a transaction is with another VASP and to pinpoint which VASP it is. Yet, even with these mechanisms in place, VASPs routinely name counterparty identification as a hinderance to Travel Rule compliance.

‍

Travel Rule messaging protocols due diligence limitations

Travel Rule messaging protocols only address sending and receiving customer data, so they do not provide solutions for conducting due diligence on counterparties. Instead, they rely on third-party services to perform due diligence on their network VASPs. It is improbable that a third party would have information on smaller exchanges, leading VASPs to painstakingly carry out due diligence on each of their counterparties themselves.

‍

How Notabene Streamlines the Counterparty VASP Due Diligence Process

We've incorporated the Global Digital Finance (GDF) VASP Due Diligence Questionnaire (DDQ) into our platform to streamline this process. The GDF's AML Working Group developed this standardized questionnaire for VASP-to-VASP interactions and modeled it after the Wolfsberg DDQ—commonly used for traditional finance participants to perform due diligence on each other.

‍

Integrating the DDQ into our Travel Rule Compliance dashboard enables straightforward sharing of critical information between parties, simplifying an otherwise complex process. When widely adopted, this questionnaire has the potential to not only streamline compliance but also mitigate the drawbacks of slowed transaction speeds and volumes caused by due diligence requirements.

Unlocking Key Benefits: Enhanced VASP Collaboration with Notabene

• Seamless VASP Communication: Within the Notabene network, VASPs can quickly request access to another VASP's due diligence questionnaire. If the DDQ is incomplete, we proactively invite the counterparty VASP to finish it, encouraging better cooperation between parties.
• Complete Data Control: The platform allows you to effortlessly share, decline, or revoke access to the questionnaire, giving you full control over who can see your data.
• Transparent Activity Monitoring: Notabene provides transparency through a feature that lets you view the shared history of your documents. This keeps you well-informed about who has accessed your data.

Comprehensive Dashboard: SafeTransact's snapshot view of the questionnaire share history offers valuable insights, aiding you in effectively managing and monitoring interactions.

‍

SafeTransact: Elevating VASP Identification and Due Diligence

Notabene offers a comprehensive Travel Rule compliance solution, making it easier for VASPs to perform due diligence on their counterparts. By embedding the VASP DDQ, we incorporate the industry standard for scalable and reusable due diligence. Additionally, the Network Discoverability feature further simplifies the verification process by offering a privacy-preserving mechanism for identifying VASPs through blockchain addresses.

‍

{{cta-notabene-network="/cta-components"}}

Our dev and product team have been working hard to ship our first official full version release of Notabene. Release v1.0 introduces the Due Diligence Questionnaire, multi-entity support, and adds access to over 250 new VASPs’ licensing and regulatory data powered by VASPnet. 

Click here to view the changelog in our Compliance and Developer guide: Devx.

What's new in v.1.0

• Multi-Entity support
• Due Diligence Questionnaire 
• VASPnet Integration
• Starting a partial Travel Rule data transfer; completing at a later date 

and much more.

‍

1. Global VASPs can now differentiate multiple entities

• ‍What is multi-entity support? 

Many VASPs (both Originating and Beneficiary) have entities in multiple jurisdictions. End customers and blockchain analytics services are unlikely to identify the subsidiary receiving the transaction. As threshold and PII requirements differ in various jurisdictions, providing multi-entity support is crucial for a best-in-class Travel Rule compliance solution.

• ‍Why is multi-entity support needed?

The Travel Rule requires VASPs to identify their counterparty and share the necessary Travel Rule data transfer. When a Counterparty VASP has multiple subsidiaries, it is unlikely that end customers and blockchain analytics services will identify the subsidiary that will receive the transaction.

For example, when Alice sends a transaction to Bob, she likely doesn’t know if his account is with Bitstamp Singapore, Bitstamp USA, or any other Bitstamp entity. She simply inputs his alphanumeric address and sends the transaction. A normal crypto transaction flow puts the onus on providers to determine which entity controls Bob’s address.

‍

Still, 

• The Originator VASP must ensure that the Travel Rule data transfer is sent to the correct entity; and 
• The Beneficiary VASP has to receive and keep records of the Travel Rule data transfer within the relevant subsidiary. 

Additionally, Travel Rule obligations vary across jurisdictions. Different subsidiaries within a group will be subject to various Travel Rule obligations. Therefore, VASP subsidiaries must set rules for their particular jurisdiction’s Travel Rule obligations. 

How does Notabene support VASPs with multiple entities? 

Notabene’s platform supports the creation of subsidiary VASPs connected to a parent company.

Going forward,

• Each subsidiary will have its own profile
• All subsidiaries of a VASP are connected to a parent company 
• Originator VASP and customer only see (and only need to identify) the parent company 
• The parent company forwards Travel Rule data transfers to the right subsidiaries

The parent company of the Beneficiary VASP will have access to the blockchain address book of all the subsidiaries, and each Beneficiary VASP can tie a blockchain address to a customer and the specific entity within the group. The Originator Customer (Alice) will only have to identify the parent Beneficiary VASP (Bitstamp), where the Travel Rule data transfer will be directed. Bitstamp will then route the transaction to the correct subsidiary. 

Learn how Notabene uses cutting-edge technology Decentralized Identifiers for VASP identification.

2. Perform due diligence with industry-standard questionnaire

• ‍What is the Due Diligence Questionnaire?

The Due Diligence Questionnaire is the crypto industry’s adaptation of The Wolfsberg Questionnaire for financial institutions. The Wolfsberg Group produces AML, KYC, and CTF/CFT standards for finance. They’ve created 19 documents that establish rules for bank transparency.

• ‍Why is the Due Diligence Questionnaire needed? 

The Wolfsberg Form is needed for VASPs to perform due diligence, as required by paragraph 197 of FATF’s updated Draft Guidance for a Risk-Based Approach to Virtual Assets and VASPs.

The Global Digital Finance (GDF) has adapted the Wolfsberg Correspondent Banking Due Diligence Questionnaire to the VASP due diligence process, resulting in an industry-specific VASP-to-VASP due diligence questionnaire. If adopted by the industry as a standard, this questionnaire could facilitate this component of Travel Rule compliance. 

This release integrates the first version of the GDF Questionnaire. We will continually update the document as the GDF releases the final standard.

• ‍How does Notabene support VASP due diligence?

From the VASP Network, VASPs can:

• Sign up for a free account
• Fill out and submit their VASP Due Diligence Questionnaire
• Request a completed questionnaire from another VASP within the Notabene network (providing they filled it out already.)

After this release, a VASP will be able to:

• Request a questionnaire from another VASP within the Notabene network, even if they haven’t yet filled it out. This request will trigger an email directly to the VASP, inviting them to complete the questionnaire.
• Share their questionnaire with a selected VASP.

3. Rich data points from VASPnet

• ‍What does the VASPnet x Notabene integration entail?

We've partnered with VASPnet to provide comprehensive regulatory information on over 250 new crypto companies.

This collaboration solves a crucial challenge presented by FATF’s Travel Rule requiring businesses to carry out due diligence on their counterparty VASPs before exchanging Travel Rule data transfers. This update also adds the “Responds to Travel Rule data transfers” section in the Network, indicating which counterparties Notabene clients can expect a response from.

‍

• ‍Why is the VASPnet integration needed? 

This in-product integration of VASPnet’s reference data allows VASPs to:

• Access a larger number of VASPs to perform due diligence on in the Notabene Network
• Leverage high-quality data directly sourced from regulators to make well-informed risk-based decisions
• Manage AML/CFT risk with real-time, comprehensive, verifiable data

How to view and verify Counterparty VASP’s regulatory information before sending/accepting a Travel Rule data transfer.

1. Go to Notabene's VASPs & Crypto Companies Network.
2. Search your counterparty VASP.
3. Navigate to “License and registration information” in their VASP profile.
4. The green checkmarks indicate the source of the data. There you will see which information is provided by VASPnet.*

*Sign up to Notabene’s VASP Network to gain access to100 the regulatory data*

Visit Notabene’s VASP Network to learn more.

4. Start a partial Travel Rule data transfer; complete itat a later date

We’ve added support to creating a partial Travel Rule data transfer. This allows Compliance Officers to begin a transaction, save it in the inbox, and add missing Beneficiary Customer information later. 

How to access this feature as a client:

‍

NEW YORK, NY - Notabene, an end-to-end solution for crypto regulatory compliance, announces partnership with Refinitiv, an LSEG (London Stock Exchange Group) business, one of the world’s largest providers of financial markets data and infrastructure, addressing FATF mandated counterparty screening during Travel Rule transactions. 

Since 2018, the Financial Action Task Force (FATF) has compelled virtual asset service providers (VASPs) to share counterparty information when their customer’s crypto asset transactions exceed specific amounts. In order to comply with its targeted AML requirements, FATF also requires VASPs and other obligated businesses to screen their clients' counterparties.

Through the product integration with Refinitiv’s World-Check, Notabene customers can now automatically screen counterparties to the crypto transactions processed on their platform. In addition, the screening solution is built into Notabene’s rules engine, which allows joint customers to automatically detect and block transactions routed to sanctioned individuals. This interception can also be applied to incoming transactions–VASPs can stop or reject transfers coming from high-risk individuals. 

Phil Cotter, Group Head Customer & Third Party Risk Solutions, Data & Analytics at LSEG comments:

“The Travel Rule is a critical step in regulating virtual assets, and will help ensure firms are better able to deter or detect money laundering, terrorist financing and related offenses. Refinitiv World-Check has been at the forefront of compliance in this space for over two decades, and we are excited to partner with firms such as Notabene that provide much-needed solutions to address the practical and technical challenges around Travel Rule Implementation. We look forward to expanding our cooperation with Notabene to provide the industry with further value-added solutions.”

Pelle Brændgaard, CEO of Notabene, adds:

“The Refinitv x Notabene functionality is a fantastic addition to any Compliance Team's arsenal of Travel Rule tools. The ability to automatically detect and halt transactions to and from sanctioned individuals from a single dashboard advances our efforts to combat money laundering and screening counterparties to  cryptocurrency transactions. We’re looking forward to working together to make the process even more seamless and help the industry reduce frictions associated with screening of counterparties.” 

About Refinitiv

Refinitiv, an LSEG (London Stock Exchange Group) business, is one of the world’s largest providers of financial markets data and infrastructure. With over 40,000 customers, and 400,000 end-users across 190 countries, Refinitiv is powering participants across the global financial marketplace. We provide information, insights, and technology that enable customers to execute critical investing, trading and risk decisions with confidence. By combining a unique open platform with best-in-class data and expertise, we connect people with choice and opportunity – driving performance, innovation and growth for our customers and partners. For more information visit: www.refinitiv.com. 

About Notabene

Notabene is a reg-tech Software-as-a-Service solution that turns regulatory compliance into a competitive advantage. Notabene is working to make crypto transactions a part of the everyday economy by providing software, tools, and comprehensive data to manage regulatory and counterparty risks in crypto transactions. Companies leverage our end-to-end FATF Travel Rule solution to identify virtual asset accounts, perform mandated VASP due diligence, and manage global transactions from one dashboard. Trusted by leading exchanges, Luno, Bitso, Crypto.com, and more. Notabene is headquartered in New York with offices in Zug and Santiago de Chile. To learn more, visit www.notabene.id. 

Media contacts

Refinitiv:

Silke Marsh – Director, Communications

Silke.marsh@lseg.com

Notabene:

Alice Nawfal – COO

alice@notabene.id

On a mission to help companies adjust to the new crypto regulatory landscape, Notabene, creator of market-leading end-to-end Crypto Travel Rule solution has completed the first ever comprehensive global Travel Rule compliance survey, releasing results in The State of Crypto Travel Rule Compliance Report. 

“Our experience with the regulators and Travel Rule implementation have taught us that there are many unique challenges with roll out. The pace is different across companies, countries and many businesses are still unaware of which protocol they intend to use. Now with looming regulatory deadlines, it is essential for the industry to come together to solve some of the implementation and roll-out challenges,”  said Pelle Braendgaard, CEO of Notabene. “We started this report aiming to provide first-hand insights from a broad range of crypto businesses on the challenges they’re facing, how they plan to overcome them, and their projected timelines.” 

The State of Travel Rule study contains information on how prepared financial institutions and crypto firms are for impending laws from around the world. The poll was completed by 56 businesses from all over the world. In total, 45 percent of respondents had primary operational jurisdiction in Asia-Pacific (APAC), 30% in Europe, Middle East and Africa (EMEA) and 25% in the Americas. 13% of respondents have a banking license or are a banking institution, and 86% of respondents are crypto-native businesses. 

By delving into the important components of Travel Rule compliance, the research offers a transparent grasp of compliance preparedness levels and pain spots. It examines the disparities in Travel Rule adoption among countries, as well as ways to implementation and adoption difficulties.

“The report highlighted legal uncertainty and the sunrise period as hindrances to most companies’ roll-out of the travel rule. This is consistent with what we have heard from the industry, where many exchanges have committed the resources to fully prepare for the travel rule but are looking for regulatory clarity around enforcement dates. They would like travel rule roll-out to be fair across the industry. This calls for closer collaboration between regulators and the industry to ensure expectations are clear around roll-out.”

- Alice Nawfal, Co-Founder and COO of Notabene
‍

Enter your information below to download the State of Crypto Travel Rule Compliance Report 2022.

‍

Why this matters

Compliance officers at crypto companies and financial institutions have a new task on their plates- complying with the Financial Action Task Force’s (FATF) Recommendation 16–the Crypto Travel Rule. 

Crypto businesses must now securely collect, exchange, screen, and store customer and beneficiary information to a crypto transaction. Businesses that must perform this include all enterprises that exchange between virtual assets (VAs) and fiat currencies, exchange between one or more forms of VAs, transfer VAs; safe keep and/or administer VAs or instruments enabling control over VAs; and participate in and provision of financial services related to an issuer's offer and/or sale of a VA.

Travel Rule enforcement dates rise at different times around the world, with considerable variations. As crypto transactions are inherently cross-border, VASPs must not only comply with their local jurisdictions’ stipulations, they must also account for the mandates in their Counterparty VASP’s jurisdiction as well. ​​

In October 2021, Notabene conducted a survey to assess industry-wide Travel Rule compliance readiness. Noteworthy results show that financial institutions and cryptocurrency companies are taking compliance seriously but are at varying states of compliance–largely dependent upon their primary operating jurisdiction.

CLICK HERE TO ACCESS THE FULL REPORT

Report highlights

1. Most respondents plan to become fully compliant by the end of Q2 2022.

2. Half of the respondents point to the sunrise period and legal uncertainty regarding the most relevant hindrances to Travel Rule adoption.

3. Close to one-third of companies (31%) are either complying with the Travel Rule or are currently sending or responding to Travel Rule data transfers. 

4. Although most respondents desire to be fully compliant within the next six months, more than 60% have not started implementation.

Download the State of Travel Rule Report for more trends

What this means:

The takeaways listed above and the remaining six listed in the State of Travel Rule Report demonstrate that VASPs are taking Travel Rule compliance seriously–yet they seemingly underestimate the resources and time investment required to comply with the Travel Rule fully. 

To comply with theFATF's Crypto Travel Rule, crypto companies and financial institutions need to: 

• Identify Travel Rule transactions 

• Determine wallet type and counterparty

• Identify and verify Beneficiary VASP 

• Analyze beneficiary risk level through a blockchain analytics provider

• Detect and verify wallet ownership

• Leverage sanctions screening integrations to identify illicit actors

• Verify Counterparty VASP’s ML/TF information 

• Apply appropriate jurisdictional requirements

• Send and receive customer data in a GDPR-compliant manner

• Interact with a wide variety of blockchain messaging protocols

All while accounting for the differences in Travel Rule messaging protocols, the required originator and beneficiary information, transactions with unhosted wallets, and enforcement of de minimis thresholds in their counterparty’s jurisdiction. 

5. Top 6 Pitfalls to Crypto Travel Rule Adoption.

Chapter 4 of Notabene’s first semi-annual State of Crypto Travel Rule Compliance Report also outlines the commonly reported six pitfalls to Travel Rule adoption. 

These include:

• The sunrise period
• Counterparty VASP due-diligence
• Data protection considerations
• Effective sanction screening vs. data accuracy requirements
• Requirements applicable to cross-border transactions
• Protocols and interoperability.
  

5.1. The sunrise period

The Travel Rule, like the sun, rises at different times around the world. The industry has aptly named the period when the Travel Rule is not fully implemented across jurisdictions, as the "sunrise period."  

Compliance with the Travel Rule during the sunrise period is problematic for VASPs because crypto transactions are inherently global. Unless their counterparties take a proactive approach to compliance, VASPs situated in countries where the Travel Rule is already in effect may struggle to continue business connections with their counterparties. Of the surveyed VASPs, 25% point to the sunrise period as the #1 obstacle to complying with the Travel Rule. 

The FATF acknowledges the dawn period's compliance challenges. The FATF offers numerous measures that VASPs can implement to comply with Travel Rule requirements regardless of their counterparties' compliance stages.

Chapter 3 of the State of Travel Rule report details the sunrise period. 

5.2. Counterparty VASP due-diligence

Another reported pitfall that VASPs face is difficulty identifying who controls the wallet they are transacting with. Travel Rule requirements change in many jurisdictions depending on whether the funds are being transmitted to a hosted or non-custodial wallet. Moreover, regulations vary depending on whether the Counterparty VASP is located in the same jurisdiction or not. Therefore, correctly identifying the counterparty is a critical part of compliance. 

The due diligence process must take place before conducting any Travel Rule data transfer (FATF's Updated Guidance [OCT 2021], paragraph 196) while considering the following factors:

• the robustness of the counterparty's data storage and security framework
• the licensing and registration requirements of the jurisdiction where the VASP is based, and
• whether the counterparty is complying with the Travel Rule
  (FATF's Updated Guidance [OCT 2021], paragraph 199)

Learn more about Counterparty VASP due diligence in Chapter 4 of the State of Travel Rule Report.

5.3. Data protection considerations

The Travel Rule obliges VASPs to transfer customer PII, which increases personal data exposure and thus prompts novel data protection risks during a previously-anonymous crypto transaction. Before, the originator simply entered a blockchain wallet address and sent the transaction.

Now:

• VASPs’ customer personal data now must be transmitted and shared with the counterparty VASP.
• The personal data of the counterparty Originator or Beneficiary Customer must be used to assess transaction risks (e.g., screening against sanction lists); 
• Both VASPs must keep records of their customers’ and counterparty Originator or Beneficiary Customer’s personal data.
  

The new requirements prompt various areas of potential data leakage. 

For this reason, assessing the robustness of the counterparty VASP's data storage and security framework is an essential part of the due diligence process before transacting with any new counterparty VASP.

See Chapter 4, Section 2 of The State of Travel Rule Report to learn more. 

5.4. Effective sanction screening vs. data accuracy requirements

A primary goal of enforcing Travel Rule requirements on VASPs is to prevent designated persons and entities from circumventing sanctions by using virtual assets. VASPs are required to take freezing actions and prohibit transactions with designated persons and entities. The exchange of Travel Rule information allows VASPs to take these actions concerning their counterparty originator or Beneficiary Customer.

VASPs are required to rely on data that they do not need to verify to screen their counterparties against sanction lists. The data used to screen their counterparties against sanction lists is often insufficient and non-verifiable. Identifying false-positive sanction screening findings may prove to be complex when the Beneficiary Customer's name is all the Originator VASP needs to obtain. 

Under FATF's Recommendation 17, countries can permit obliged entities to rely on third parties to perform parts of the customer due diligence process. The FATF explicitly recognizes that VASPs can act as third parties, allowing companies to rely on the sanction screening performed by the VASP that has more comprehensive access to the underlying data and the obligation to verify it. 
‍
Learn more about effective sanction screening in Chapter 4 of The State of Travel Rule Report.

5.5. Requirements applicable to cross-border transactions

As highlighted in Chapter 3 of the State of Travel Rule Report, the implementation of the Travel Rule varies substantially across jurisdictions, which, due to the international nature of crypto transactions, causes difficulties in the collaboration between VASPs to achieve Travel Rule compliance.

Compliance becomes particularly challenging when the VASPs' jurisdictions enforce different de minimis thresholds and set forth different scopes of required Originator and Beneficiary Customer information. VASPs will tend to set their processes to fulfill the requirements of their prospective jurisdiction. However, that may not always be enough to successfully complete transactions with VASPs in jurisdictions that enforce stricter, or simply different, rules. This will cause delays in the transaction flow and ultimately force all VASPs to adhere to the most stringent requirements among the involved jurisdictions, regardless of the policy decisions made by their local authority.

Download the State of Travel Rule Report to read more. 

5.6. Protocols and interoperability

Upon the release of FATF's Initial Guidance [JUN 2019], various companies and industry working groups began developing Travel Rule messaging protocols to address a significant component of Travel Rule compliance: a method to safely and securely transfer customer PII alongside blockchain transactions. Today, there are nine Travel Rule messaging protocols on the market, with various underlying tech and data transmission methods. This presents issues around interoperability and adds copious amounts of time to find a best-fit solution.

The following factors need to be considered when VASPs are selecting Travel Rule messaging protocols:

• Integration effort
• Interoperability with various protocols 
• Governance model
• Non-custodial wallet support
• Launch date
• Industry support
• Membership/usage fee
• Building an in-house solution on top of a messaging protocol or choosing a fully-integrated software provider

Learn more about Protocols and Interoperability in Chapter 4 of the State of Travel Rule Report.

6. Survey Methodology

The State of Travel Rule Report survey was conducted in October 2021. Before release, the Notabene team prepared the questions, and advisors and fellow industry members reviewed them. The survey questions were shared in a digital format directly with VASPs and financial institutions eligible to provide crypto services. The survey provided the option for companies to remain anonymous in their responses.

Fifty-six companies completed the survey, representing broad global coverage. Overall, 45% of respondents (or 25 respondents) have primary operating jurisdiction in APAC, 30% in EMEA (or 17 respondents), and 25% in the Americas (or 14 respondents). A table is included below with a breakdown by operating jurisdiction.

Of the 56 participants, 13% (or 7 respondents) have a banking license or are a banking institution, and 86% (or 48 respondents) are crypto-native businesses. One participant requested to remain anonymous.‍

‍

Enter your information below to download the State of Crypto Travel Rule Compliance Report 2022.

‍

‍

Notabene’s mission is to make crypto transactions a part of the everyday economy. Our end-to-end Travel Rule solution, SafeTransact, includes counterparty wallet identification tools, a VASP due-diligence directory, and a secure dashboard to manage regulated crypto transactions. Our software, tools, and comprehensive data help businesses manage counterparty risks without hindering user experience. 

Our ability to carry out this comprehensive vision is contingent upon the assurance that Notabene interacts securely with our client’s existing systems and that we’ve built with security best practices in mind from day one. 

Now, we can make that commitment official. 

Today, we are proud to announce that our SOC 2 Type II report is clean, confirming that our information security policies, practices, procedures, and personnel exceed the high SOC 2 security standards.

What is the SOC 2 certification?

The Association of International Certified Professional Accountants (AICPA) developed the System and Organization Controls (SOC) certification. SOC 2 to allow businesses to certify their adherence to industry security requirements thoroughly. To receive certification, an organization must codify specific security policies and procedures, continuously monitor the execution and conformance of these procedures, and annually submit documentation to a third party to ensure compliance.  

Why is SOC 2 important?

A SOC 2 report is intended to provide assurances regarding the effectiveness of controls in place at a service organization that pertains to the security, availability, or processing integrity of the system used to process clients’ information, as well as the confidentiality or privacy of that information.

SOC 2 reports are used by businesses to identify and mitigate the risks associated with third-party technological services. Independent third-party auditors give these reports.

What is the process of receiving a SOC 2 certification?

AICPA examined Notabene over the course of three months and concluded with reasonable assurance that we achieved our service commitments and system requirements based on the trust services criteria relevant to security and privacy outlined in TSP section 100, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services Criteria).

We would like to extend a special thanks to Vanta’s security and compliance automation platform and the fantastic team behind it. Our customers extend their trust in our team, and we’re committed to providing them with an iron-clad product. Customers can access a copy of our SOC 2 audit report upon request.

Rebecca Macieira-Kaufmann is an accomplished CEO who has an unblemished track record of achievement. Her extensive experience as a Financial Services leader in sales & marketing, risk management, and international business operations, combined with her outstanding track record of leading highly successful business turnarounds, has resulted in the effective scaling of new businesses and expanding existing operations globally for Fortune-50 financial services organizations.

Throughout her distinguished 30+ year career, which includes 11 years at Citigroup, Banamex, Wells Fargo, and Revolut, Rebecca Macieira-Kaufmann has served as a business leader for financial institutions, assisting them in growing while adhering to requirements around complex regulatory obligations and large cross-border trade.

She sits down with Notabene to share how crypto business leaders should approach compliance, including setting up their defense lines, balancing business opportunities with compliance, and performing a reverse root cause analysis to prepare for hypothetical worst-case scenarios. Rebecca currently serves as an advisor to Notabene.

1. Please tell us about yourself and your journey into banking and the financial services space.

Like all journeys, they’re often meandering. I never imagined myself in banking. I went to business school to become an entrepreneur. I studied international business and worked in Hong Kong and London. After failing to get a job in manufacturing, I ended up in consulting, which is like a Ph.D. in business strategy.

Interestingly, the firm I ended up with had a lot of financial services clients. I was able to see the inside of building societies and the British financial services space. I was intrigued. Later in France, in the insurance space, I learned that financial services are not only fascinating but incredibly complicated. This kept me interested.

Upon my return to the United States, I wanted to be a product manager because I think that’s one of the best ways to learn how to run a business and manage a P&L (Profit & Loss line of business.) The areas hopping at the time were technology in Silicon Valley and banking in San Francisco. I ended up in a banking role in San Francisco.

2. When was the first time you had to deal with AML compliance as an executive leader?

Being in the finance space, I encountered AML compliance pretty early in my career. The institution I was with at that time had a matter requiring attention (MRA), which was the first time I had to solve an MRA. An MRA is when a regulator examines your company and tells you that a matter requires your attention immediately. If the issue is not addressed and resolved, it will potentially become a consent order.

I learned to step back and dig deep to understand complex issues and solve them with a team. We set out to solve this issue as a team for the long term. We gathered people from operations, legal, compliance, and customer service, designed a framework, and subsequently implemented it. We got out of that MRA probably faster than any other MRA.

3. How do you design a balance between business opportunities and compliance?

You design a balance between business opportunities and compliance by creating your products within a legal and regulatory environment from day one. In the 30+ years of working in financial services, we often thought in lines of defense; first, second, third, fourth, and so on. 

Financial service lines of defense:

1. ‍The Business team
   When designing a new product, I want the Chief Compliance Officer and/or General Counsel members at the table with Product Design. Aim to solve for 99% of risk here. 
   ‍
2. The Compliance team 
   The compliance team should test the products and processes’ edges. Where could the fraud happen? Where could things fall apart? 
   ‍
3. Internal/External auditors
   Internal auditors should run risk-based internal audits on a 12-24 month plan. Particularly high-risk events should be audited in 12-month increments, whereas the lowest risk areas could stand to get audited every 24 months. Your compliance team should have the same plan. Note that smaller firms typically rely on external auditors.
   ‍
4. Regulators
   Regulators are four levels away for a reason. Risk areas should be accounted for before they reach this level. You don’t want someone four levels away telling you about your risk areas during an examination. 
   

‍

Another first line area I often learned about risk was via client complaints. Clients tell you what isn’t working. Reading client complaints should be a C-suite activity. 

4. How did you approach budget and resource allocation for the compliance function? 

My approach would be one of stepping away from the view of “business opportunity versus compliance” and into the mindset of “compliance by design.”

First, you’ll need enough capacity to set up and invest in training your front line of defense; the product developers, the technology development team, and the customer service team. They should understand their role in the lines of defense. 

When designing a new product, I want the Chief Compliance Officer and/or General Counsel members at the table with product design. A good Chief Compliance Officer knows the regulations and the rules in your industry and could inform you of those trade-offs of how many people they need in-house and what you would bring from the outside. If your company has a reputation of giving compliance a seat at the table, you’ll attract great Chief Compliance Officers. This framework attracts better talent and costs companies less in the long run. 

5. Were you surprised how much of your role covered compliance? 

Yes, and no. Pre-2008, the financial services industry always thought we were doing things the right way. We had an embedded culture of excellent execution. Post-2008, increased scrutiny seeped into every department. After the financial crash, I noticed a shift in the industry that spilled over from the compliance/audit department and affected each department. 

The fascinating thing about shifts is that we aren't usually witnessing the exact issue we should be concerned about; that knowledge is usually hindsight. What initially had roots in the mortgage space ended up affecting the entire finance industry. 

There’s a similar shift happening in the crypto industry right now–for different reasons, of course. Currently, there’s a global regulatory shift, where people have to figure out how to deal with compliance for new asset classes and payment methods. 

It’s difficult to remain ahead of the related risks concerning the current shift that we’re in right now in the crypto industry: AML rules, KYC, the Travel Rule, understanding the originator and the beneficiary are critical frameworks currently requiring focus. What are the unidentified elements? What will pose the next tectonic shift? Embedding a culture of compliance will help prepare your firm for unexpected issues.

6. When should a CEO of a new and up-and-coming crypto company prioritize compliance, and how should they attack it?

Most business leaders of crypto institutions today are faced with significant regulatory burdens when it comes to AML/CFT processes, with requirements like the Travel Rule, or they face shut-down. They are currently building up their compliance teams and introducing new methods to manage risk.

Business leads must weigh income probabilities to make compliance spending and business opportunity trade-off decisions daily under looming uncertainty. To keep the team and investors motivated and engaged with the company’s long-term health at all times, balance a certain number of short-term wins as part of the equation with the end goal, which is often a public exit or a merger. 

It’s a balancing act of saying, “We need enough short-term wins that are happening at some level of frequency to motivate the team, with a strong focus on achieving the long-term goal.” Constantly building up that compliance muscle strength along the way gives a competitive advantage. 

7. Let’s imagine a worst-case scenario where a local regulator fines up-and-coming crypto company two years from now. How can they work back from that?

I’d recommend performing a reverse root cause analysis as early as possible. A premortem tabletop exercise is one of the many tools to combat a worst-case scenario preemptively. 

Comparable to a business continuity plan, you envision that the hurricane has happened and strategize around what to do going forward. You can do the same thing for regulatory actions; you can say, the event has happened, and now we’re being fined for XYZ violation. Launch yourself into the future and ask:

• What did we learn?
• What went wrong?
• What do we do when an event occurs? 
• What is our media strategy and external communication plan? 
• What is our internal communications plan?
  Etc. 
  

8. Any parting thoughts or general advice to business leaders in the crypto space?

Know your regulator.

A good exercise is to go through each crypto regulator and determine what risk they are trying to mitigate. For instance, the FDIC is one of the critical regulators trying to protect customer deposits in banking. Understand the motivation behind the SEC, CFTC, or the OCC’s regulations. If regulators are trying to stop human trafficking funding, terrorist financing, wouldn’t it be best to side with them? No CEO wants their platform to be tied to facilitating human trafficking. Reputation is priceless.  

NEW YORK, January 6, 2021 10:00 AM ET -- Notabene, the leading end-to-end Travel Rule solution provider, has announced the successful completion of phase one of a Travel Rule testnet between Bitfinex, a state-of-the-art digital token trading platform, Okcoin, one of the largest cryptocurrency exchanges in the world, and Tether Operations Limited (Tether), the blockchain-enabled platform that powers the largest stablecoin by market capitalization.

Notabene runs regular testnets for market-leading digital token and traditional financial companies to simulate cross-jurisdictional Travel Rule transactions in a low-risk environment as they gear up to comply with impending regulations. New anti-money laundering (AML) rules, commonly known as the “Travel Rule,” require companies in the digital token space to share personally identifiable customer information alongside a transaction of a particular threshold. 

As enforcement deadlines approach, financial firms rush to implement new compliance tools, train compliance teams to implement new processes and understand the appropriate actions to take across various scenarios. 

The successful completion of this testnet allowed companies to perform simulated Travel Rule transactions between each other and collaborate on setting up compliance processes, which will be crucial going forward. 

Bitfinex, Tether, and Okcoin tested real-life scenarios, including interactions with firms operating in other jurisdictions where thresholds and requirements vary. Other scenarios tested included:

1. Automatically sending Travel Rule transfers to trusted counterparties.
2. Sending and receiving Travel Rule data transfers to/from companies that are not Notabene customers 
3. Sending and receiving Travel Rule data transfers to/from companies that may not be live with Travel Rule compliance procedures
4. Requesting missing Travel Rule transfers from counterparties 
   

Alice Nawfal, COO of Notabene, says:

‍“We’re thrilled to assist Bitfinex, Tether, and Okcoin in adopting the Travel Rule, which is a critical component of the FATF’s current recommendations for Virtual Asset Service Providers. Each company shares our belief in the long-term viability of the open cryptocurrency ecosystem. Testnets are an effective mechanism for businesses to collaborate on how to implement Travel Rule compliance.”

Peter Warrack, Chief Compliance Officer at Bitfinex, said:

“We are delighted to have successfully completed Notabene’s phase one of the Travel Rule testnet in collaboration with Tether and Okcoin. This has enabled us to simulate a myriad of transactions as part of our efforts to put in place robust compliance processes in order that we meet all requirements of the Travel Rule.” 

Joanna Lane, Head of Regulatory at Okcoin USA, adds:

‍“As a company with entities in many jurisdictions offering services around the world, working out how we can meet the different iterations of the Travel Rule required by different regulators is pivotal. Participating in the testnet with several of our entities has helped us walk through different permutations of transactions we will encounter going forward, where we will be in a much better position to comply and manage our regulatory risk.”

‍

Notabene is committed to facilitating further testing, providing integration support, moderating compliance team discussions, and publishing ‘blueprint’ compliance flows to the industry. Please find out about our next testnet here.

‍

About Notabene

Notabene is a reg-tech compliance SaaS solution connecting the traditional financial and crypto industries. We are working to make crypto transactions a part of the everyday economy by providing software, tools, and comprehensive data to manage regulatory and counterparty risks in crypto transactions. Using privacy-preserving technology, strategic partnerships, and commitment, our first-to-market FATF Travel Rule solution helps financial institutions, crypto exchanges, and businesses turn compliance into a competitive advantage. Key investors include Castle Island, Green Visor Capital, Illuminate Financial, CMT Digital, and a cadre of top-tier angel investors. Trusted by leading exchanges, Luno, Bitso, Crypto.com, and more.

Notabene is headquartered in New York with offices in Zug and Santiago de Chile. To learn more, visit www.notabene.id. Follow us on LinkedIn and Twitter.

About Bitfinex

Founded in 2012, Bitfinex is a digital token trading platform offering state-of-the-art services for traders and global liquidity providers. In addition to a suite of advanced trading features and charting tools, Bitfinex provides access to peer-to-peer financing, an OTC market and margin trading for a wide selection of digital tokens. Bitfinex’s strategy focuses on providing unparalleled support, tools, and innovation for experienced traders and liquidity providers around the world. Visit www.bitfinex.com to learn more.

About Okcoin

Established in 2013, Okcoin is one of the world’s fastest-growing cryptocurrency platforms. Seeking to build a more inclusive finance future that builds wealth for everyone, Okcoin is building the next generation of tools to help anyone invest in and trade crypto easily and with industry-low fees. Okcoin supports millions of customers across more than 190 countries, assisting them in taking advantage of staking and DeFi offers and trading Bitcoin, Ethereum, and more than 50 other crypto assets. Headquartered in San Francisco, Okcoin has a remote, globally-distributed team and offices in Miami, Hong Kong, Singapore, Malta, and Japan.

2021 has been a transformational year for the world and the cryptocurrency industry.

As the world grew accustomed to starts and stops to the economy, WFH policies, Zoom rooms, meme coins, and NFTs ensured that crypto was here to stay. The greater public found their first foray into the crypto space through meme coins, word of mouth, and monkey NFTs.

2021 is the year that digital assets went mainstream. Crypto attracted more money in 2021 than the previous years combined–the total market cap of cryptocurrency reached $3 trillion in 2021. Venture capital funds invested around $30 billion into cryptocurrency this year. At the same time, 2021 was a monumental year for crypto losses. Overall losses caused by DeFi exploits have totaled $12 billion so far in 2021, according to Notabene partner Elliptic. Fraud and theft accounted for $10.5 billion of that sum — a sevenfold increase from last year.

This is where Notabene comes in. 

Notabene makes crypto transactions a part of the everyday economy by providing software, tools, and comprehensive data to manage regulatory and counterparty risks in crypto transactions. We are actively working on bringing both businesses and their end-users better, safer, and more privacy-preserving approaches to managing risk around crypto interactions. 

In early 2020, we founded Notabene to solve the compliance headache that exchanges now face. To solve Travel Rule compliance for the entire financial services industry, we began building a trusted data layer to blockchain transactions for protocol-agnostic communication. 

Notabene is on a path to remove global regulatory compliance complexity to cement crypto’s role in mainstream transactions. Ultimately our mission is to allow more people to transact on public blockchains safely. The proof is in the pudding–Notabene customer Bitbuy became the first Canadian crypto firm to be both a registered marketplace and restricted dealer. Additionally, we’ve made it even easier for companies to get started by introducing a free Sunrise plan, which helps VASPs kickstart their compliance journey at their own pace. In particular, counterparty VASPs to our customers can now respond to travel rule requests securely and at ease.

This post highlights product launches, team metrics, and accomplishments that defined Notabene in 2021.

1. We raised $10.2M

In November, we announced our A round, co-led by Jump Capital and F-Prime, two very relevant funds. Jump Capital is a thesis-led venture investor specializing in scalable software opportunities in fintech, crypto, IT, and data infrastructure. F-Prime invests in healthcare and technology companies that impact lives worldwide. The two funds joined the fundraise by Illuminate Financial, Fenbushi Capital, CMT Digital, and institutions like Gemini Frontier Fund, BlockFI, Luno, and BitSo. Existing investors who believed in our mission from day one, Castle Island Ventures, Green Visor, and Signature Ventures, continued to grow their investment. This round lets us expand on this to help us reach even more exchanges and financial institutions. 

2. We grew the team from 6 to 19

Notabene started the year off with four founders and two fearless devs, Lluis and Bruno. We ended the year with 19 employees, growing across marketing, sales, product, and engineering. Notabeenies now span three continents and eight countries. 

It was vital to hold a company offsite as a fully distributed team. In late November, we officially took our relationships from URL to IRL–connecting over Jamon Iberico, tapas, and informative deep-dive sessions in Girona, Cataluña.

3. We broadened our ecosystem reach to 75+ exchanges

From our first customers coming live with the Travel Rule in 2021, we grew the ecosystem of VASPs interacting with each other to 75+. VASPs include Bitbuy, Bitfinex, Luno, Paxful, and more. Solutions Engineer Michele Marrali and Legal Engineer Catarina Veloso joined to help smooth the onboarding process. 

4. We launched 3 testnets with 15+ exchanges

Travel Rule testnets present an excellent opportunity for collaborative learning as cryptocurrency businesses and financial institutions gear up to comply with impending regulations. 

In 2021, Notabene set up three collaborative environments where they tested the following real-life Travel Rule testnet scenarios:

• Interactions with firms operating cross-jurisdictionally where thresholds and requirements vary. 
• Rejecting transfers when data didn’t match internal records.
• Interacting with companies who are not Notabene customers and may not be live with Travel Rule.
• Requesting missing Travel Rule transfers from counterparties. 
• Automatically sending Travel Rule transfers to trusted counterparties.

Completed testnets:

1. ‍Singapore Testnet, between Crypto.com, Luno, Xfers, Onchain Custodian, and Sparrow Tech Pte Ltd.‍
2. Abu Dhabi Testnet, between Matrix, Aarna Capital, DEX, and MidChains, Amber Group, Liquid, and Zipmex, under the observation of the Financial Services Regulatory Authority (FSRA) of Abu Dhabi Global Market (ADGM.)
3. Tether, Bitfinex, and OkCoin testnet.
   

In 2022, we will continue to facilitate further testing, provide integration support, moderate compliance team discussions, and publish ‘blueprint’ compliance flows to the industry. Sign up for the next testnet here.

5. We partnered with best-in-class compliance and data products to bring a more seamless and rigorous Travel Rule compliance 

Industry partnerships are crucial to building an end-to-end Travel Rule compliance solution. In 2021, Notabene entered into partnerships with the following solutions:

Blockchain analytics: 

• Elliptic
• Chainalysis
• Crystal
• Coinfirm
• TRM Labs
  

Regulatory VASP reference data:

• VASPnet
  

6. We've consistently shipped new features to make Travel Rule compliance scalable and frictionless

Our product and dev team have tirelessly shipped updates to build components for a best-in-class end-to-end Travel Rule solution. In 2021, we’ve added the following integrations and features to our offering:

‍

7. We share our favorite content pieces from the year

7.1. Cryptocurrency regulatory recaps

The team spent many hours reading and summarizing regulatory docs, so you don’t have to. 

• 5 Key Takeaways: Germany’s Implementation of the FATF Travel Rule
• Germany Enforces Crypto Travel Rule from October 1, 2021
• Top 10 Takeaways from the European Commission’s Crypto Travel Rule Proposal
• 5 Key Takeaways from HM Treasury’s Crypto Travel Rule Amendments 
• 12 Outcomes from FATF’s Oct 2021 Updated Guidance for Virtual Assets and VASPs

7.2. Jurisdiction pages

We curate knowledge about Travel Rule regulations across the globe on our Jurisdiction Pages. 

• The United Kingdom 🇬🇧
• South Korea 🇰🇷
• Liechtenstein 🇱🇮
• Canada 🇨🇦
• Singapore 🇸🇬
• Japan 🇯🇵
• Australia 🇦🇺
• Gibraltar 🇬🇮

7.3. Webinars and Podcasts

Throughout the year, Notabene thought leaders shared knowledge through the following webinars and podcasts.

• Navigating crypto regulations in Singapore in 2021‍
• Navigating crypto regulations in the UK and EU in 2021‍
• Cracking Down on Evolving Crypto Regulations (Podcast)‍
• New FATF Guidelines for Crypto Industry‍
• FATF’s Final Guidance for Virtual Assets and VASPs. What now?
• ‍Crypto Compliance Deep Dive: A talk with former regulator Charles V. Senatore‍
• ACAMS: The FATF Travel Rule: Challenges and Solutions‍
  

8. We released the first VASP survey on Travel Rule to bring actionable insights to the industry

We began an initiative to collect relevant data on the industry's implementation of Travel Rule requirements and across jurisdictions. We will share our results and pertinent insights of a quarterly report in Q1 2022. Until then, feel free to take a look at the preliminary data. 

‍
Our goal is to o help crypto companies reduce compliance complexity on their path to cement crypto’s role in mainstream transactions. If you’d like to join us on this quest, check out our Careers page. We have open roles across various departments.

Thank you for joining us on this journey. We can’t wait to see what’s in store for 2022!

Yours,

The Notabene team. 

In October 2018, the Financial Action Task Force (FATF) announced that it would be recommending member countries apply the Travel Rule — a longstanding compliance requirement for traditional financial institutions — to virtual assets (VAs) and virtual asset service providers (VASPs). While the rule may be implemented differently depending on the jurisdiction, as its core, the Travel Rule requires VASPs to identify the originators and beneficiaries of transfers above a certain threshold and transmit that information to their VASP counterparty, where one exists.

The Travel Rule has presented a novel challenge for the cryptocurrency industry, as blockchains are not inherently conducive to sending personally identifiable information alongside a transaction. To comply with FATF’s Travel Rule Recommendation, VASPs must implement messaging protocols to exchange originator and beneficiary information with other VASPs securely.

Various providers have kicked off several initiatives to build such protocols and end-to-end Travel Rule compliance solutions, including a joint offering from Chainalysis and Notabene to help VASPs meet all compliance requirements. But there are several elements of a successful Travel Rule solution, which VASPs should keep in mind as they search for the right one. With over 30,000 registered VASPs operating in over 190 jurisdictions and all the differences in Travel Rule regulatory frameworks and tech stacks, those numbers imply that interoperability has emerged as a critical factor for compliance officers evaluating Travel Rule solutions in the cryptocurrency industry. 

Below, we’ll define what interoperability means in the context of the Travel Rule and explain how to pick a Travel Rule solution that works across all jurisdictions and VASPs. 

1. What is Travel Rule interoperability?

Interoperability is generally defined as the capacity for computer systems or software applications to exchange information and fulfill specific tasks based on that information in conjunction with one another. In the context of Travel Rule solutions, interoperability refers to VASPs’ ability to communicate and exchange data with counterparty VASPs using multiple messaging protocols. Interoperability is essential because if VASPs are limited to exchanging information only with VASPs using the same messaging protocol, they’ll be cut off from exchanging information in a compliant manner with other VASPs using different protocols. 
‍

2. Why is interoperability important?

With the emergence of multiple Travel Rule messaging protocols domestically and globally, VASPs are faced with the challenge of integrating numerous protocols to achieve full coverage of possible counterparty VASPs. If this excessive fragmentation persists, the cost and complexity of Travel Rule compliance will increase significantly, especially if different jurisdictions begin to adopt varying versions of FATF’s Travel Rule Recommendation. 

While existing protocols are adapting and are likely to become more interoperable in the future, they cannot currently “speak” directly to other protocols. Until then, solutions like Notabene can integrate multiple protocols to form an “interoperability bridge” on behalf of VASPs, helping teams circumvent interoperability issues manually and transact compliantly with partners using other protocols.

3. What is a Travel Rule messaging protocol? 

A messaging protocol is a set of rules for formatting, processing, and transmitting data. A Travel Rule messaging protocol is a particular set of rules for formatting, processing, and exchanging originator and beneficiary information alongside blockchain transactions, as recommended by FATF.

For comparison, the two most widely used internet standard communication protocols for email transmission are SMTP (Simple Mail Transfer Protocol) and Internet Message Access Protocol (IMAP). Mail servers and other message transfer agents use SMTP and IMAP to send and receive mail messages. 

To comply with FATF’s Travel Rule Recommendation, VASPs need similar messaging protocols to exchange originator and beneficiary information.

4. Why are there so many protocols?

Various industry leaders, commercial companies, and working groups took up the task of creating a messaging protocol that VASPs could use to send required PII alongside blockchain transactions. While the industry agreed upon one data messaging format–IVMS 101–there are currently nine Travel Rule Messaging Protocols on the market, leaving VASPs unsure of which solution to choose. Over time, existing protocols may merge or deprecate. 

‍

‍

5. Messaging protocols do not provide full Travel Rule compliance.

VASPs must meet five requirements on all transactions they process in order to comply with the Travel Rule Recommendation.

Identify transactions that fall under the Travel Rule. 

To pinpoint transactions that fall under the Travel Rule, VASPs need to verify if another VASP hosts their customer’s counterparty address on a given transaction. This is where Chainalysis Know Your Transaction (KYT) comes in. When a transaction meets the monetary value threshold for the Travel Rule, an API call is sent to KYT from the Notabene platform to determine if the wallet is hosted (by a VASP) or unhosted (non-custodial). If the address is hosted by a VASP, VASPs can then identify the counterparty VASP, collect and record missing counterparty data and apply necessary regulatory requirements. Some jurisdictions require additional due diligence requirements for transactions with non-custodial wallets, such as proof of wallet ownership.

Identify and verify the Beneficiary VASP. 

VASPs must identify the counterparty VASP in a transaction and confirm wallet ownership with them.

Assess the risk involved with the transaction.

VASPs must analyze the beneficiary risk level through blockchain analysis providers like Chainalysis and leverage sanctions screening integration to identify illicit actors before deciding to allow a Travel Rule transfer to be initiated. This step is essential, as some VASPs appear on sanctions lists, and exchanges must be sure not to send transactions to those entities.

Verify counterparty VASP’s AML/CTF information.

Paragraph 197 of FATF’s Updated Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers requires VASPs to conduct counterparty due diligence before sending Travel Rule information to a counterparty: “Assess a counterparty VASP is an eligible counterparty to send customer data to and to have a business relationship with.” 

By leveraging VASP and Crypto Company directories that integrate open-source research, blockchain analysis, and real-time data from regulators and third parties, compliance officers can assess the risk level of their counterparties and determine whether they feel comfortable sending Travel Rule data transfers to their counterparty VASP. Directory information includes regulation status, the level of robustness of their AML/CFT program, a signal of whether they will be able to protect PII with robust cyber security standards, and so forth.

Securely send and receive customer data.

In certain jurisdictions, customer PII falls within the General Data Protection Regulation (GDPR) scope. UK VASPs must uphold the data protection principles outlined in the GDPR when performing Travel Rule transfers. 

Messaging protocols only assist with two of the five components needed for an end-to-end Travel Rule solution: sending and receiving customer data and identifying and verifying the Beneficiary VASP. Compliance Officers must look for end-to-end Travel Rule solutions that address all components.

6. Consider the fee schedule for Travel Rule Messaging Protocols.

Travel Rule messaging protocols have varying fee structures; some charge by transaction volume, some by membership fees, and some are free to use.  As messaging protocols constitute a small part of compliance, VASPs should consider the usage and membership fees (where applicable), costs involved with direct integration into a protocol, and/or the costs to service providers when choosing the best-fit solution.

7. IVMS 101 is the industry-standard data model for Travel Rule messaging protocols.

In October of 2019, a cross-industry working group of experts from the Chamber of Digital Commerce, Global Digital Finance, and the International Digital Asset Exchange Association developed a technical standard for Travel Rule message formatting known as the interVASP Messaging Standard IVMS 101. IVMS 101 is a universal language for communicating the required originator and beneficiary information between VASPs. FATF and critical regulators such as FinCEN, MAS, the FCA, and the JFSA were kept informed during the development of IVMS 101. On May 6, 2020, IVMS 101 was recommended for adoption at an InterVASP closing plenary. Today, all Travel Rule messaging protocols use IVMS 101, which is an excellent first step toward interoperability.

8. Open network protocols will ensure comprehensive transaction coverage.

Regarding Travel Rule messaging protocols, an open Travel Rule messaging protocol enables any two VASPs to use the protocol without consent or even knowledge of any third party. Users are granted access to closed (proprietary) Travel Rule messaging protocols through a membership process.

Open-network Travel Rule messaging protocols are vital to ensuring comprehensive coverage when facilitating transactions with VASPs across the cryptocurrency community. TRP and OpenVASP are decentralized, secure, scalable, reliable, and globally available protocols with open-source architecture. 

9. Travel Rule solution providers (not protocols) should account for jurisdictional differences in threshold applications. 

Various jurisdictions have implemented the Travel Rule for cryptocurrency differently, leading to different minimum thresholds, varying PII requirements, further obligations for the originator and beneficiary VASPs, and divergent treatment of transactions with non-custodial wallets. These gaps in implementation and thresholds are critical to note as companies ramp up their Travel Rule compliance plans and test cross-jurisdictional Travel Rule transactions. 

Many global regulators chose to adopt FATF’s recommendation that VASPs apply the Travel Rule to any cryptocurrency transaction over 1000 USD/EUR involving another VASP, while in the US, the Travel Rule for cryptocurrency applies at a higher threshold of USD 3000, in keeping with the US’s Travel Rule for fiat wire transfers. Meanwhile, some jurisdictions do not specify any threshold at all. Jurisdictional requirements add an added layer of complexity to complying with regional-specific virtual asset transfers.

Compliance Officers should look to their Travel Rule solution provider to help them account for these differences, as protocols will not solve this complexity. An end-to-end compliance solution that automatically updates its underlying tech to include changes in regional regulatory information while allowing VASPs to send Travel Rule data alongside each transmission over $0 is best. 
‍

10. Interoperability between protocols today is very early.

While there have been a few press releases and announcements on interoperability, there hasn’t been much interoperability implementation. Recent FATF guidance calls for cooperation between regulatory authorities and private sector organizations to ensure interoperability of Travel Rule solutions. In their second 12-month review, FATF urged countries to prioritize the Travel Rule implementation and enforcement.

While interoperability is not yet the standard across Travel Rule messaging protocols, FATF does not recognize a lack of interoperability as an excuse for noncompliance. As long as there are working solutions in production, FATF urges countries to implement the Travel Rule and additional robust control measures to interact with VASPs in jurisdictions where the Travel Rule is not yet implemented or has no solution in place. Additionally, early implementation of Travel Rule solutions can ensure operational continuity when regulatory deadlines arise in local jurisdictions. VASPs will benefit from implementing these solutions sooner rather than later.

FATF’s guidance also highlights the importance of cooperation and coordination among supervisory authorities and private sector organizations to ensure the interoperability of Travel Rule solutions adopted by VASPs. Collaboration and coordination are also crucial for the effective adoption of the Travel Rule worldwide.

How the Chainalysis + Notabene integration solves the challenges of the Travel Rule

‍Notabene provides an end-to-end Travel Rule platform that allows VASPs to manage regulatory and counterparty risks at scale. With its rule-setting tools, compliance officers can automate the exchange of Travel Rule data across the cryptocurrency business’ preferred communication protocols. From data collection and counterparty identification to secure data transmission, Notabene helps companies fully comply with the Travel Rule.

Chainalysis is the blockchain analysis platform trusted by investigators and compliance teams worldwide. Chainalysis KYT (Know Your Transaction) is an AML compliance solution for monitoring cryptocurrency transactions to detect and triage suspicious activity. The software conducts automated funds tracing and generates alerts for suspected high-risk activity, from OFAC sanctioned addresses and darknet markets to scams. KYT allows cryptocurrency businesses to identify Travel Rule transactions in real-time, analyze counterparty wallets, and perform instant due diligence on counterparty VASPs so that they can get the information they need to stay compliant.

Frictionless Compliance at Scale

Chainalysis and Notabene have partnered to provide a solution that allows VASPs to identify transactions that meet the rule’s requirements without compromising user experience. When a Travel Rule scenario is detected, an API call is sent to KYT from the Notabene platform to determine if the wallet is hosted or unhosted and identify the counterparty VASP. Users can leverage this information with real-time verified data about the VASP to conduct due diligence and take the appropriate next steps to stay compliant. Notabene has the widest protocol support, enabling users to transact with any VASP, all in one dashboard.

With our integrated solution, cryptocurrency businesses can automate transactions with trusted counterparties while providing them with the data they need to detect suspicious activity and meet their regulatory requirements, including: 

Wallet Identification

• Collect required Travel Rule data using a user-facing widget and API.
• Identify and verify wallet ownership for non-custodial.
• Automatically detect transactions that meet Travel Rule requirements and get alerts on potentially high-risk activity, all at once. 
  

Counterparty VASP Due Diligence

• Access to verified and up-to-date VASP information to perform informed decisions quickly.
• VASP data includes licensing, incorporation, AML/CFT processes.
  

Multi-protocol Support

• Transact with any VASP with TR:Now’s multi-protocol support.
• Transfers across all protocols are easily managed in the one API dashboard.
• Encrypted and segregated customer data.
  

Automated Transfers

• Customize, preset, and automate transfer requests using tools for rule-setting.
  

By adopting both Chainalysis and Notabene, cryptocurrency businesses can immediately signal Travel Rule compliance, putting themselves in a better position with regulators while gaining a market advantage. 

As other VASPs become compliant, they may be forced to stop doing business with counterparties if their compliance program isn’t up to par. By meeting Travel Rule requirements now, you can give your customers and partners the confidence to keep working with you, open up new opportunities, and gain an advantage in the market.

If you are interested to know more about how our solutions can help you build a complete Travel Rule solution to meet developing regulatory requirements, contact the Chainalysis or the Notabene team. 

You can also schedule a Notabene demo here.