TRISA - Travel Rule Information Sharing Alliance

TRISA stands for Travel Rule Information Sharing Alliance. TRISA is a decentralized protocol supported by centralized governance. Any VASP can connect; there are no hidden servers or firewalled API endpoints. This article covers factors to consider when choosing TRISA as a Travel Rule messaging protocol provider.

How does TRISA work?

TRISA applies a peer-to-peer messaging mechanism with a centralized-based Certificate Authority (CA) model to identify and verify VASPs. It also serves as a dictionary for their public key certificates to establish secure communications between VASPs.

According to TRISA’s whitepaper, these certificates should have an expiration date. They should also be subject to revocation by the CA through an Online Certificate Status Protocol (OCSP) mechanism or revocation list.

TRISA operates a hosted certificate authority (CA) which issues certificates to VASPs to authenticate each other. The TRISA CA will issue X.509 test certificates to enable authentication interoperability testing among VASPs. These certificates will first be issued to TRISA members. Access TRISA’s whitepaper to learn more.

Is TRISA a Travel Rule solution or protocol?

TRISA is a protocol.

Is TRISA an open-sourced industry alliance network, a closed network, or a commercial solution?

TRISA is an open-sourced protocol supported by the TRISA Working Group and Rotational Labs.

Is TRISA a fully integrated Travel Rule solution provider?

No. VASPs will still need to partner with a fully integrated Travel Rule solution provider or build additional components to integrate TRISA.

Is TRISA complex to integrate?

Yes. Intense work is required to integrate each Travel Rule messaging protocol into TRISA.

What are the steps to implementing TRISA?

1. Register for TRISA EV Certificate from supported certificate authority (CA)
2. Setup TRISA endpoint
3. Register in TRISA directory
4. Implement VASP selection code in Sending UX
5. Implement TRISA Transaction sending flow
6. Handle TRISA Address Verification requests from originating VASP
7. Handle incoming Transactions from TRISA

Notabene will be able to help with all of the above mentioned integration steps.

How does VASP due diligence work on TRISA?

The TRISA Global Directory Service enables VASPs to look up the VASP name, jurisdiction, contact information and physical address details. Additionally, TRISA utilizes the TRIXA form, akin to the Wolfsberg Principles, to establish and maintain a set of best practice guidelines to perform VASP due diligence.

Does TRISA support non-custodial wallets?

TRISA does not support communication with non-custodial wallets.

Is there industry support for TRISA?

Yes. TRISA has a good response from regulators, alongside excellent initial support from several VASPs.

What is TRISA’s membership fee structure?

TRISA charges a verification fee that VASPs must pay to receive an operational certificate. Users typically incur further costs through the implementation of other service providers.

Does Notabene support TRISA?

Notabene aims to provide its clients with support to the widest range of VASPs. We are currently evaluating adding support for TRISA. One concern we have is that it is currently centered around a single vendor and may not be seen as sufficiently open by the industry.

What are the benefits of using TRISA?

• High availability: There is no single point of failure after VASPs get the X509 certificate.

What are the drawbacks of using TRISA?

• Closed solution: TRISA is currently centered around a single vendor, which will cause interoperability issues in the long run
• Inflexible technology: X509 certificates are rigid and archaic.
• Outdated tech: Although a proven technology that still works, X509 certificates were created by telecoms (not tech companies) three decades ago. We believe that the format of signing a key has been improved.
• Complex integration: Intense work is required to integrate each Travel Rule messaging protocol into TRISA

Notabene is investigating how we can use our decentralized identity technology to solve these drawbacks for VASPs supporting TRISA.

Has there been a testnet using TRISA?

TRISA has a current testnet. View TRISA’s testnet on Github.

Developers:

TRISA is based on certificate authorities due to concerns from their customers regarding the new FATF guidelines. TRISA is full-featured and under semi-active development. Most development occurred in 2020 and has since stalled.

What are the features?

The TRISA protocol supports the following:

• Go language reference implementation.
• x509 EV based identification of VASPs with custom TRISA fields
• Supports all cryptocurrencies
• Centralized VASP Directory
• Originating VASP’s customer selects beneficiary’s VASP in UX through directory search
• Uses native blockchain address format for customer requests
• Direct server to server messaging based on gRPC
• Integration with PayID
• Support for InterVASP IVMS 101 Message Standard

TRISA Open API Documentation

TRISA has frequent and recent GitHub activity. Visit TRP’s GitHub page to see the latest commits.

Requesting changes on TRISA

As a closed network solution, all changes will be decided by and implemented by TRISA.

Relevant links:

TRISA | Travel Rule Information Sharing Architecture for Virtual Asset Service Providers Whitepaper v8