TRISA - Travel Rule Information Sharing Alliance

​​TRISA stands for Travel Rule Information Sharing Alliance. TRISA is a decentralized protocol supported by centralized governance. Any VASP can connect; there are no hidden servers or firewalled API endpoints. This article covers factors to consider when choosing TRISA as a Travel Rule messaging protocol provider.

How does TRISA work?

TRISA applies a peer-to-peer messaging mechanism with a centralized-based Certificate Authority (CA) model to identify and verify VASPs. It also serves as a dictionary for their public key certificates to establish secure communications between VASPs. 

According to TRISA’s whitepaper, these certificates should have an expiration date. They should also be subject to revocation by the CA through an Online Certificate Status Protocol (OCSP) mechanism or revocation list.

TRISA operates a hosted certificate authority (CA) which issues certificates to VASPs to authenticate each other. The TRISA CA will issue X.509 test certificates to enable authentication interoperability testing among VASPs. These certificates will first be issued to TRISA members. Access TRISA’s whitepaper to learn more.

Is TRISA a Travel Rule solution or protocol?

TRISA is a protocol.

Is TRISA an open-sourced industry alliance network, a closed network, or a commercial solution?

TRISA is an open-sourced protocol by Blockchain Forensics/Analytics company CipherTrace. 

Is TRISA a fully integrated Travel Rule solution provider?

No. VASPs will still need to partner with a fully integrated Travel Rule solution provider or build additional components to integrate TRISA. 

Is TRISA complex to integrate?

Yes. Intense work is required to integrate each Travel Rule messaging protocol into TRISA.

What are the steps to implementing TRISA?

1. Register for TRISA EV Certificate from supported certificate authority (CA)
2. Setup TRISA endpoint
3. Register in TRISA directory
4. Implement VASP selection code in Sending UX
5. Implement TRISA Transaction sending flow
6. Handle TRISA Address Verification requests from originating VASP
7. Handle incoming Transactions from TRISA

Notabene will be able to help with all of the above mentioned integration steps.

How does VASP due diligence work on TRISA?

The TRISA Global Directory Service enables VASPs to look up the VASP name, jurisdiction, contact information and physical address details. Additionally, TRISA utilizes the TRIXA form, akin to the Wolfsberg Principles, to establish and maintain a set of best practice guidelines to perform VASP due diligence.

What is TRISA’s governance model?

CipherTrace is the primary member of the TRISA Alliance, which governs TRISA and approves certificates. There may be other unnamed members.

Does TRISA support non-custodial wallets?

TRISA does not support communication with non-custodial wallets.

Is TRISA live?

We are uncertain if TRISA is live; yet, there have been mentions of testnets.

Is there industry support for TRISA?

Yes. TRISA has a good response from regulators, alongside excellent initial support from several VASPs

What is TRISA’s membership fee structure?

TRISA charges a verification fee that VASPs must pay to receive an operational certificate. Users pay further implementation costs through CipherTrace subscription fees or the implementation of other service providers.

Does Notabene support TRISA? 

Notabene aims to provide its clients with support to the widest range of VASPs. We are currently evaluating adding support for TRISA. One concern we have is that it is currently centered around a single vendor and may not be seen as sufficiently open by the industry.

What are the benefits of using TRISA?

• High availability: There is no single point of failure after VASPs get the X509 certificate.
  

What are the drawbacks of using TRISA?

• Closed solution: TRISA is currently centered around a single vendor, which will cause interoperability issues in the long run
• Inflexible technology: X509 certificates are rigid and archaic.
• Outdated tech: Although a proven technology that still works, X509 certificates were created by telecoms (not tech companies) three decades ago. We believe that the format of signing a key has been improved. 
• Fractured focus: CipherTrace, the creator of TRISA, is primarily a Blockchain Forensics company. Time will tell if they dedicate enough resources and extend development support to flesh out TRISA.
• Complex integration: Intense work is required to integrate each Travel Rule messaging protocol into TRISA
• Privacy Concerns: As CipherTrace is primarily a Blockchain Forensics service provider and has close ties to law enforcement agencies, some VASPs have data privacy concerns.
  

Notabene is investigating how we can use our decentralized identity technology to solve these drawbacks for VASPs supporting TRISA.

Has there been a testnet using TRISA?

TRISA has a current testnet. View TRISA’s testnet on Github.

Developers:

TRISA is based on certificate authorities due to concerns from their customers regarding the new FATF guidelines. TRISA is full-featured and under semi-active development. Most development occurred in 2020 and has since stalled.

What are the features?

The TRISA protocol supports the following:

• Go language reference implementation.
• x509 EV based identification of VASPs with custom TRISA fields
• Supports all cryptocurrencies
• Centralized VASP Directory run by CipherTrace
• Originating VASP’s customer selects beneficiary’s VASP in UX through directory search
• Uses native blockchain address format for customer requests
• Direct server to server messaging based on gRPC
• Integration with PayID
• Support for InterVASP IVMS 101 Message Standard
  

TRISA Open API Documentation

TRISA has frequent and recent GitHub activity. Visit TRP’s GitHub page to see the latest commits. 

Requesting changes on TRISA

As a closed network solution, all changes will be decided by and implemented by TRISA.

Relevant links:

TRISA | Travel Rule Information Sharing Architecture for Virtual Asset Service Providers Whitepaper v8