protocols

OpenVASP

No longer actively developed

Please note that this document is for historical purposes only, as the protocol has been discontinued and replaced by TRP.



OpenVASP was an open Travel Rule messaging protocol that introduced the Virtual Assets Account Number (VAAN). VAAN borrows elements from proven payment routing systems (such as the IBAN) without compromising the decentralized approach. VASPs and customers are both identified through the VAAN.

This article covers factors to consider when choosing OpenVASP as a Travel Rule messaging protocol provider.


How does OpenVASP work?

Each VASP establishes its identity with a VASP code. Akin to bank transactions, the originating customer attaches the beneficiary customer’s VAAN number alongside the transaction, which automatically confirms the identity of the originating VASP.

The protocol uses the Ethereum blockchain as a decentralized public-key infrastructure. Each participating VASP must deploy a standardized smart contract representing its identity on the blockchain, similar to how a traditional public-key certificate would function.

The Ethereum address of the standardized smart contract deployed by a VASP is defined to be the VASP identity. The last 32 bits are called the “VASP code.” Both values are numbers encoded as hexadecimal, which are easy to process and human-readable. However, the “0x” radix, typically used to indicate the hexadecimal format, is omitted for the VASP code.

At the outset, the beneficiary wants to receive virtual assets on a wallet hosted by a VASP and therefore provides the originator with routing information on where to send them. The originator then instructs their VASP to transfer the virtual assets based on the routing information.

Traditional payment systems use bank account numbers combined with bank identifiers (e.g., BIC/SWIFT, IBAN) as routing information.

OpenVASP suggests a similar yet decentralized approach in the form of the Virtual Assets Account Number (VAAN). VAANs are a 24-character hex code, including a 2-character checksum. The leading eight characters correspond to the VASP code, while the remaining characters are customer-specific.


Is OpenVASP an open-sourced industry alliance network, a closed network, or a commercial solution?

OpenVASP is well-designed open-source software, made “to ensure a full transparency and a broader reach, avoiding proprietary solutions that are concentrating sensitive information.” With a vibrant multi-vendor ecosystem, several Swiss Crypto Banks and regulated institutions in the space initiated OpenVASP, including Bitcoin SuisseSEBASygnum, and Lykke.


Is OpenVASP a fully integrated Travel Rule solution provider?

OpenVASP is a messaging protocol. Messaging protocols cover only one part of the Travel Rule puzzle. VASPs will need to partner with a fully integrated Travel Rule solution provider or build additional components to integrate OpenVASP.


Is OpenVASP complex to integrate?

Yes. Although well designed, OpenVASP is one of the more complex Travel Rule messaging protocols to implement. VASPs must fully own and manage a smart contract (VASP contract) on the Ethereum blockchain to register a VASP code. Implementation and management require running an Ethereum whisper node.


What are the steps to implementing OpenVASP?

Companies implementing OpenVASP must:

  1. Register VASP Code
  2. Perform due diligence on other VASPs
  3. Show VAAN code to the customer in UX
  4. Connect to OpenVASP network
  5. Integrate OpenVASP transaction sending flow
  6. Receive and authorize incoming transactions from OpenVASP

Notabene’s Solution Engineer helps clients implement OpenVASP.


How does VASP due diligence work on OpenVASP?

Completing a VASP identity verification is optional to be listed on OpenVASP’s directory. VASPs can also choose to use a separate verification process to speed up the onboarding of counterparties.


What is OpenVASP’s governance model?

OpenVASP is governed by an Association which holds weekly calls on technical implementation and improving standards. Additionally, technical partners have voting rights, including 21 Analytics, Merkle Science, Lykke, Notabene, and more. Firms can use the OpenVASP protocol without being a member of the OpenVASP Association.


Does OpenVASP support non-custodial wallets?

OpenVASP does not support communication with non-custodial wallets.


Is OpenVASP live?

OpenVASP is not yet live. It is in a testnet phase.


Is there industry support for OpenVASP?

OpenVASP has a limited level of industry support.


What is OpenVASP’s membership fee structure?

OpenVASP is license-free. However, any fees, licenses related to implementation, service of software providers, etc., are the responsibility of the implementing VASP. The association charges a fee to be listed in the OpenVASP directory. Further costs may include but are not limited to documenting the legal and contractual arrangement ensuring that any information exchange is done in compliance with applicable laws, e.g., GDPR.


Does Notabene support OpenVASP?

Notabene fully supports integration with OpenVASP. Notabene provides an easy-to-use turn-key Travel Rule SAAS solution, which includes support for OpenVASP. Once OpenVASP goes live, every Notabene customer will have access to the live OpenVASP network. The decentralized identity aspects of the VASP code allow compliance officers to perform more nuanced due diligence quickly.


What are the benefits of using OpenVASP?

  • An increasing amount of industry support
  • Good response from Regulators
  • Good initial support from prominent VASPs
  • Hosted SAAS support from Notabene for VASPs
  • Multi-vendor on-premise solutions for banks and institutional clients


What are the drawbacks of using OpenVASP?

  • There is a slow momentum of OpenVASP around going live, which impacts adoption.
  • VASPs must pay to register in their VASP directory and pay for a VAAN.
  • Requires significant changes to VASP’s withdrawal and sending flow


Has there been a testnet using OpenVASP?

Yes.


OpenVASP for Developers

What are the features?

The OpenVASP protocol supports the following:

  • Multi-language implementation (.NET, Java, JavaScript)
  • Started by industry and not a service provider
  • Decentralized issued VASP Code
  • Decentralized VAAN (Virtual Asset Account Number) customer account number, equivalent to the IBAN in banking
  • Decentralized Messaging Framework using Whisper
  • Built-in Decentralized Identity support for VASP identification
  • Mainnet Ethereum based VASP lookup
  • Supports all cryptocurrencies
  • Promised Support for InterVASP IVMS-101 Message Standard


OpenVASP Open API Documentation

OpenVASP has frequent and recent GitHub Activity. Visit OpenVASP’s GitLab page to see the latest commits.


Requesting changes on OpenVASP

Members requesting changes must submit an OpenVASP Improvement Proposal (OVIP). OVIPs are a transparent improvement process that includes community participants’ ideas and use cases. It comes together with a Standard Committee, where members of the OpenVASP association review and validate the proposed improvements. This open process allows everyone to contribute to the OpenVASP success.



Relevant links:

OpenVASP | OpenVASP: An Open Protocol to Implement FATF’s Travel Rule for Virtual Assets.

Integrate once. Connect with many.


Thinking of integrating OpenVASP? Save time and integrate Notabene's API to connect with OpenVASP and many others.
Contact sales

Notabene's commitment to privacy + security:

Bank-grade security for an insecure world
  • Passed rigorous security reviews by more than 150 institutions, including global banks and top 20 crypto exchanges
  • Annual SOC 2 Type II Audit for Security and Data Privacy Categories
  • Regular penetration testing by security audit leader Cobalt
Industry’s strongest protection for your customer data
  • Industry’s only escrowed exchange of encrypted PII
  • Compliant with EU GDPR, Singapore PDA
  • Plug-and-play Travel Rule end-user data consent component
Enterprise White Glove features
  • 24h/7 days a week uptime
  • Configurable enterprise SLA
  • SOC2 compliant disaster recovery and business continuity plans
Learn more about our commitment to security