The world's most secure end-to-end Travel Rule compliance platform

Notabene was built from the ground up by veterans of the digital identification and crypto industries. We created a next-generation cloud platform that passes bank-grade security compliance assessments and uses advanced cryptographic techniques. This architecture protects our customers' data in the volatile world of cryptocurrency.

Show your counterparties that you take security seriously by integrating the world's most secure end-to-end Travel Rule compliance platform.

Why is security important? 

Implementing the Travel Rule involves trusting counterparty exchanges with your customer data. Just as your VASP must audit its counterparties' regulatory compliance and security procedures, your counterparties must do the same with you.

This data exchange increases the exposure of personal data and, therefore, creates data protection risks.

• VASPs' customer personal data now must be transmitted and shared with the counterparty VASP
• VASPs must use the personal data of the counterparty Originating Customer or Beneficiary Customer to assess transaction risks (e.g., screening against sanction lists)
• Both VASPs are required to keep records of their customers' and counterparty Originator or Beneficiary Customer's personal data.

Assessing the robustness of the counterparty VASP's data storage and security framework is an essential part of the due diligence process before transacting with any new Counterparty VASP. 

Show Travel Rule counterparties that you take security seriously.

Using Notabene signals that you have implemented the Travel Rule securely. Our customers' counterparties can continue to authorize transactions our clients as the Travel Rule requirements are being implemented globally.

Notabene's security at a glance:

Secure by design

Notabene is designed and developed using many cryptographic and security technologies commonly used in blockchains and decentralized identity:

• All data elements are individually cryptographically signed and immutable as W3C Verifiable Credentials. This ensures the integrity of data and allows external audits of all data.
• We segregate all data elements and databases to ensure privacy and ownership, and exportability of individual VASPs
• Personal Identifying (PII) customer records are individually encrypted.
• PII being transmitted to another exchange as part of the Travel Rule is not only encrypted but also held in escrow by Notabene's servers until due-diligence checks of counterparty and additional checks are always carried out on a per-transaction basis
• We support customer-managed keys for both signing and encryption.
• All data is encrypted in transport and at rest.

Continual testing

• Passed rigorous security reviews by more than 50 institutions, including top tier global financial institutions and top 20 crypto exchanges
• Annual SOC 2 Type II Audit for Security and Privacy Categories by Johanson Group LLP
• Regular penetration testing by security audit leader Cobalt
• 79 SOC2 security controls and 132 security tests monitored in real-time by Vanta
• Cloud Security Alliance CAIQ questionnaire available on Whistic
• All data encrypted at rest, at transport, and the option for user-managed keys

Fully-audited bank and crypto grade security

• Penetration testing is an integral part of maintaining the security of our systems.
• We contract Cobalt, a world-leading white hat penetration testing provider, to regularly attack and verify the security of our services.

These reports address controls relevant to the security, availability, and processing integrity of the service organization's systems to process users' data and the confidentiality and privacy of the information these systems process.

We are also audited in real-time by Vanta. The Vanta platform has read-only integrations with the most popular cloud services, identity providers, task trackers, and more to automate the complex and tedious gathering of evidence for security audits. Vanta checks these systems every hour to ensure they are set up securely - and remain compliant over time. We can provide our customers' security teams access to our latest SOC2 reports and a real-time view into Vanta's real-time audit of our SOC2 and security controls.

‍Integrating into your organizations Identity Access Management systems

Notabene allows you to integrate your organization’s IAM providers such as GSuite and SAML providers such as OKTA. You can set up your own internal rules around adding users and travel rule-specific roles for multiple levels of compliance personnel.

Travel Rule protocols and security

Notabene helps you implement your organization’s Travel Rule compliance program securely and safely. However, implementing the travel rule also requires you to evaluate the security of different Travel Rule messaging protocols.

Some protocols have a centralized component, and we recommend having an equally strict security evaluation of them as you would any core cloud infrastructure provider. Others are fully peer-to-peer and should be evaluated differently.

See our Travel Rule Messaging protocol page for more information. Our solution engineers are happy to help advise you on how to evaluate the security of individual protocols.

How to evaluate Notabene

As an end-to-end Travel Rule solution, we are an internal tool similar to other tools your compliance teams currently employ, such as cloud identity verification and name screening services that touch sensitive data.

We are experienced in answering questions from bank and crypto company security teams and have already helped more than 50 companies evaluate and be satisfied with our security practices.

For most of our standard contract levels, we provide the following as part of your evaluation:

• Access to the latest SOC2 audit reports
• Access to real-time VANTA dashboards
• Access to most recent penetration test reports
• Access to our latest Cloud Security Alliance CAIQ questionnaire available on Whistic

For larger enterprise contract levels and major RFPs, we also offer:

• Completion of customer enterprise security questionnaires
• Security deep dives between our team of security experts and yours