In October 2018, the Financial Action Task Force (FATF) announced that it would be recommending member countries apply the Travel Rule — a longstanding compliance requirement for traditional financial institutions — to virtual assets (VAs) like cryptocurrencies and virtual asset service providers (VASPs) like exchanges. And in July of 2022, the EU agreed to codify these recommendations into law
While the rule may be implemented differently depending on the jurisdiction, the cryptocurrency Travel Rule generally requires VASPs to identify the originators and beneficiaries of transfers above a certain amount and transmit that information to their VASP counterparties. This is meant to help cyber investigators detect, investigate, and prosecute money laundering and other financial crimes.
The Travel Rule presents a novel challenge for the cryptocurrency industry, as blockchains are not designed to send personally identifiable information alongside transactions. To comply with FATF’s Travel Rule Recommendation, VASPs must therefore implement messaging protocols to send and receive originator and beneficiary information securely.
Various providers have kicked off several initiatives to build such protocols, including an end-to-end Travel Rule compliance offering from Chainalysis and Notabene, to help VASPs meet these requirements. But there are moving parts in a successful Travel Rule compliance process, which VASPs should keep in mind as they search for the right solution. With over 30,000 registered VASPs operating in over 190 jurisdictions and all the differences in Travel Rule regulatory frameworks and tech stacks, those numbers would imply that interoperability has emerged as a critical factor for compliance officers evaluating Travel Rule solutions in the cryptocurrency industry.
Below, we’ll define what interoperability means in the context of the Travel Rule and explain how to pick a Travel Rule solution that works across all jurisdictions and VASPs.
1. What is Cryptocurrency Travel Rule interoperability?
Interoperability is generally defined as the capacity for computer systems or software applications to exchange information and fulfill specific tasks based on that information in conjunction with one another.
In the context of Travel Rule solutions, interoperability refers to VASPs’ ability to communicate and exchange data with counterparty VASPs using multiple messaging protocols. Interoperability is essential because if VASPs are limited to exchanging information only with VASPs using the same messaging protocol as them, they’ll be cut off from exchanging information in a compliant manner with other VASPs using different protocols.
2. Why is interoperability important?
With the emergence of multiple Travel Rule messaging protocols domestically and globally, VASPs are faced with the challenge of integrating numerous protocols to achieve full coverage of possible counterparty VASPs. If this excessive fragmentation persists, the cost and complexity of Travel Rule compliance will increase significantly, especially if different jurisdictions begin to adopt varying versions of FATF’s Travel Rule Recommendation.
While existing protocols are adapting and are likely to become more interoperable in the future, they cannot currently “speak” directly to other protocols. Until then, solutions like Notabene can integrate multiple protocols to form an “interoperability bridge” on behalf of VASPs, helping teams circumvent interoperability issues manually and transact compliantly with partners using other protocols.
3. What is a Travel Rule messaging protocol?
A messaging protocol is a set of rules for formatting, processing, and transmitting data. A Travel Rule messaging protocol is a particular set of rules for formatting, processing, and exchanging originator and beneficiary information alongside blockchain transactions, as recommended by FATF.
For comparison, the two most widely used internet standard communication protocols for email transmission are SMTP (Simple Mail Transfer Protocol) and Internet Message Access Protocol (IMAP). Mail servers and other message transfer agents use SMTP and IMAP to send and receive mail messages.
To comply with FATF’s Travel Rule Recommendation, VASPs need similar messaging protocols to exchange originator and beneficiary information.
4. Why are there so many protocols?
Various crypto industry leaders, commercial companies, and working groups took up the task of creating a messaging protocol that VASPs could use to send required PII alongside blockchain transactions. While the industry agreed upon one data messaging format–IVMS 101–there are currently nine Travel Rule Messaging Protocols on the market, leaving VASPs unsure of which solution to choose.
Over time, existing protocols may merge or deprecate.
5. Messaging protocols do not provide full Travel Rule compliance.
VASPs must meet five requirements on all transactions they process in order to comply with the Travel Rule Recommendation.
Identify transactions that fall under the Travel Rule
To pinpoint transactions that fall under the Travel Rule, VASPs need to verify if another VASP hosts their customer’s counterparty address on a given transaction. This is where Chainalysis Know Your Transaction (KYT) comes in. When a transaction meets the monetary value threshold for the Travel Rule, an API call is sent to KYT from the Notabene platform to determine if the wallet is hosted (by a VASP) or unhosted (non-custodial). If the address is hosted by a VASP, VASPs can then identify the counterparty VASP, collect and record missing counterparty data and apply necessary regulatory requirements. Some jurisdictions require additional due diligence requirements for transactions with non-custodial wallets, such as proof of wallet ownership.
Identify and verify the Beneficiary VASP
VASPs must identify the counterparty VASP in a transaction and confirm wallet ownership with them.
Assess the risk involved with the transaction
VASPs must analyze the beneficiary risk level through blockchain analysis providers like Chainalysis and leverage sanctions screening integration to identify illicit actors before deciding to allow a Travel Rule transfer to be initiated. This step is essential, as some VASPs appear on sanctions lists, and cryptocurrency exchanges must be sure not to send transactions to those entities.
Verify counterparty VASP’s AML/CTF information
Paragraph 197 of FATF’s Updated Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers requires VASPs to conduct counterparty due diligence before sending Travel Rule information to a counterparty: “Assess a counterparty VASP is an eligible counterparty to send customer data to and to have a business relationship with.”
By leveraging VASP and Crypto Company directories that integrate open-source research, blockchain analysis, and real-time data from regulators and third parties, compliance officers can assess the risk level of their counterparties and determine whether they feel comfortable sending Travel Rule data transfers to their counterparty VASP. Directory information includes regulation status, the level of robustness of their AML/CFT program, a signal of whether they will be able to protect PII with robust cyber security standards, and so forth.
Securely send and receive customer data
In certain jurisdictions, customer PII falls within the scope of the General Data Protection Regulation (GDPR). UK VASPs must uphold the data protection principles outlined in the GDPR when performing Travel Rule transfers.
Messaging protocols only assist with two of the five components needed for an end-to-end Travel Rule solution: sending and receiving customer data and identifying and verifying the Beneficiary VASP. Compliance Officers must look for end-to-end Travel Rule solutions that address all components.
6. Consider the fee schedule for Travel Rule Messaging Protocols
Travel Rule messaging protocols have varying fee structures; some charge by transaction volume, some charge a flat fee, and some are free to use.
As messaging protocols constitute a small part of compliance, VASPs should consider the usage and membership fees (where applicable), the costs involved with direct integration into a protocol, and/or the costs to financial service providers when choosing the best-fit solution.
7. IVMS 101 is the industry-standard data model for Travel Rule messaging protocols
In October of 2019, a cross-industry working group of experts from the Chamber of Digital Commerce, Global Digital Finance, and the International Digital Asset Exchange Association developed a technical standard for Travel Rule message formatting known as the interVASP Messaging Standard IVMS 101. IVMS 101 is a universal language for communicating the required originator and beneficiary information between VASPs. FATF and critical regulators such as FinCEN, MAS, the FCA, and the JFSA were kept informed during the development of IVMS 101. On May 6, 2020, IVMS 101 was recommended for adoption at an InterVASP closing plenary. Today, all Travel Rule messaging protocols use IVMS 101, which is an excellent first step toward interoperability.
8. Open network protocols will ensure comprehensive transaction coverage
Regarding Travel Rule messaging protocols, an open Travel Rule messaging protocol enables any two VASPs to use the protocol without consent or even knowledge of any third party. Users are granted access to closed (proprietary) Travel Rule messaging protocols through a membership process.
Open-network Travel Rule messaging protocols are vital to ensuring comprehensive coverage when facilitating transactions with VASPs across the cryptocurrency community. TRP and OpenVASP are decentralized, secure, scalable, reliable, and globally available protocols with open-source architecture.
9. Travel Rule solution providers (not protocols) should account for jurisdictional differences in threshold applications
Various jurisdictions have implemented the Travel Rule for cryptocurrency differently, leading to different minimum thresholds, varying PII requirements, further obligations for the originator and beneficiary VASPs, and divergent treatment of transactions with non-custodial wallets. These gaps in implementation and thresholds are critical to note as companies ramp up their Travel Rule compliance plans and test cross-jurisdictional Travel Rule transactions.
Many global regulators chose to adopt FATF’s recommendation that VASPs apply the Travel Rule to any cryptocurrency transaction over 1000 USD/EUR involving another VASP, while in the US, the Travel Rule for cryptocurrency applies at a higher threshold of USD 3000, in keeping with the US’s Travel Rule for fiat currency wire transfers. Meanwhile, some jurisdictions do not specify any threshold at all. Jurisdictional requirements add an added layer of complexity to complying with regional-specific virtual asset transfers.
Compliance Officers should look to their Travel Rule solution provider to help them account for these differences, as protocols will not solve this complexity. An end-to-end compliance solution that automatically updates its underlying tech to include changes in regional regulatory information while allowing VASPs to send Travel Rule data alongside every transmission is best.
10. Interoperability between protocols today is very early
While there have been a few press releases and announcements on interoperability, there hasn’t been much interoperability implementation. Recent guidance from FATF calls for cooperation between regulatory authorities and private sector organizations to ensure Travel Rule solutions’ interoperability. In their second 12-month review, FATF urged countries to prioritize the Travel Rule implementation and enforcement.
While interoperability is not yet the standard across Travel Rule messaging protocols, FATF does not recognize a lack of interoperability as an excuse for noncompliance. As long as there are working solutions in production, FATF urges countries to implement the Travel Rule and additional robust control measures to interact with VASPs in jurisdictions where the Travel Rule is not yet implemented or where there are no solutions in place. Additionally, early implementation of Travel Rule solutions can ensure continuity in operations when regulatory implementation deadlines arise in local jurisdictions. VASPs will benefit from implementing these solutions sooner rather than later.
FATF’s guidance also highlights the importance of cooperation and coordination among supervisory authorities and private sector organizations to ensure the interoperability of Travel Rule solutions adopted by VASPs. Collaboration and coordination are also crucial for the effective adoption of the Travel Rule worldwide.
How Notabene and Chainalysis help
Notabene provides an end-to-end Travel Rule platform that allows VASPs to manage regulatory and counterparty risks at scale. With its rule-setting tools, compliance officers can automate the exchange of Travel Rule data across the cryptocurrency business’ preferred communication protocols. From data collection and counterparty identification to secure data transmission, Notabene helps companies fully comply with the Travel Rule.
Chainalysis is the blockchain analysis platform trusted by investigators and compliance teams worldwide. Chainalysis KYT (Know Your Transaction) is an anti-money laundering (AML) compliance solution for monitoring cryptocurrency transactions to detect and triage suspicious activity. The software conducts automated funds tracing and generates alerts for suspected high-risk activity, from OFAC sanctioned addresses and darknet markets to scams. KYT allows cryptocurrency businesses to identify Travel Rule transactions in real-time, analyze counterparty wallets, and perform instant due diligence on counterparty VASPs so that they can get the information they need to stay compliant.
Frictionless Compliance at Scale
Chainalysis and Notabene have partnered to provide a solution that allows VASPs to identify transactions that meet the rule’s requirements without compromising user experience. When a Travel Rule scenario is detected, an API call is sent to KYT from the Notabene platform to determine if the wallet is hosted or unhosted and identify the counterparty VASP. Users can leverage this information with real-time verified data about the VASP to conduct due diligence and take the appropriate next steps to stay compliant. Notabene has the widest protocol support, enabling users to transact with any VASP, all in one dashboard.
With our integrated solution, cryptocurrency businesses can automate transactions with trusted counterparties while providing them with the data they need to detect suspicious activity and meet their regulatory requirements, including:
- Collect required Travel Rule data using a user-facing widget and API.
- Identify and verify wallet ownership for non-custodial.
- Automatically detect transactions that meet Travel Rule requirements and get alerts on potentially high-risk activity, all at once.
Counterparty VASP Due Diligence
- Access to verified and up-to-date VASP information to perform informed decisions quickly.
- VASP data includes licensing, incorporation, AML/CFT processes.
- Transact with any VASP with TR Now’s multi-protocol support.
- Transfers across all protocols are easily managed in the one API dashboard.
- Encrypted and segregated customer data.
Automated Transfers
- Customize, preset, and automate transfer requests using tools for rule-setting.
By adopting both Chainalysis and Notabene, cryptocurrency businesses can immediately signal Travel Rule compliance, putting themselves in a better position with regulators while gaining a market advantage.
As other VASPs become compliant, they may be forced to stop doing business with counterparties if their compliance program isn’t up to par. By meeting cryptocurrency Travel Rule requirements now, you can give your customers and partners the confidence to keep working with you, open up new opportunities, and gain an advantage in the market.
If you are interested to know more about how our solutions can help you build a complete Travel Rule solution to meet developing regulatory requirements, contact the Chainalysis or the Notabene team. You can also schedule a demo.