How to regulate virtual assets? –about FATF Travel Rule recommendations
The Travel Rule is a new regulatory requirement regarding counterparty risks. As we mentioned in our previous article, it is relevant to almost all cryptocurrency industries operating under the jurisdiction of the FATF. The Travel Rule requires that a VASP (Virtual Asset Service Provider), such as an exchange, must identify the originator and beneficiary of cryptocurrency transactions over a certain scale initiated by their users. If the counterparty to those transactions is also a VASP, then the original VASP must transmit the user’s information to the second VASP.
The regulatory decree corresponding to the actual amount is shown in the figure above.
The Travel Rule aims to help cryptocurrency enterprises reduce counterparty risk and establish a source of funds for cryptocurrency received by the users. Although some jurisdictions have implemented different rules, the versions in FATF states that VASPs must exchange counterparty information with each other for cryptocurrency transactions valued at more than USD 1,000 or EUR 1,000. Specifically, the originator and beneficiary VASPs must provide the following information to each other:
Information content to be exchanged in a transaction
At first glance, Travel Rule appears to be a simple matter transferring counterparty information between two VASPs. However, the Travel Rule actually requires end-to-end changes to the existing compliance process, as VASPs must identify and take action on all transactions that meet the rule’s thresholds in real time. This brings significant technical challenges especially for large-scale implementation, as blockchain analysis shows that approximately 12% of all VASP transactions in February 2021 (approximately 2 million transactions in total) meet the current FATF proposed USD 1,000 threshold. The technical challenges introduced by the Travel Rule is listed below:
Challenge 1: Identifying Travel Rule Transactions
When a customer initiates a transaction, the originating VASP needs to automatically determine if the transaction meets the Travel Rule requirements. This means they must :
- Determine if the transaction amount meets the Travel Rule thresholds of the relevant jurisdiction.
- Determine if the counterparty’s wallet is held by another VASP.
- Collect any missing counterparty information.
All of this needs to happen immediately.
Challenge 2: Conducting Due Diligence on Counterparty VASPs
Once the originator VASO determined that a transaction meets the requirements of the Travel Rules, it must:
- Identify counterparty VASPs
- Assess the counterparty VASP’s risk level to determine if the shared user’s personally identifiable information (PII) is secure
During the assessment of counterparty risk, the originator VASP must consider the reputation of the counterparty VASP, the quality of the compliance program, the level of information security, and the scope of the company’s own exposure.
Challenge 3: Initiating and completing a Travel Rule transfer
Finally, the originator VASP must have an appropriate communication channels or protocols for secure data transmission with the counterpart VASP. Both VASPs must have a secure way to store the data they receive in order to protect the privacy of customers and prevent internal abuse of that data.
But in fact, there is no standard protocol to follow at present. There are more than eight protocols for Travel Rule alone - OpenVASP, TRISA, USTRWG, TRP, SYGNA, Shyft, NETKI, Notabene. For VASP industry, which is inherently weak regional and decentralized, interoperability has become a major obstacle to compliance with regulations.
KryptoGO Helps VASP Reduce Regulatory Friction
Starting to comply with travel rules early and send signals to regulators to state that the cryptocurrency business is taking regulations seriously. This helps VASPs obtain licenses on time without disrupting the plans which bring their products and services to market.
However, in order to comply with the rules, VASP needs to identify transactions that meet the requirements of the rules, extract KYC information from users, and send it to VASP counterparties when the transaction is completed. All of this needs to happen immediately to avoid affecting the user experience, which is not easy for cryptocurrency businesses that process thousands of transactions per day. These three challenges bring us two problems:
1 Can all of these challenges be addressed on a large scale with minimal impact on the transaction flow?
2 How can VASP comply without creating unnecessary friction for users?
KryptoGO's KYABC includes checks for natural persons, corporate entities, and blockchain funds.
- Know Your Address: Check the blockchain addresses of our identified counterparties, including wallet type, transaction information, corresponding services or entities, and risk scores.
- Know Your Business: Review the reputation of the counterparty VASP to ensure that the transaction and information exchange is safe and secure.
- Know Your Customer: Review the identity of originators and beneficiaries for compliance with anti-money laundering regulations.
Moreover, through KryptoGO's relay API, cryptocurrency businesses can automatically transact with trusted counterparties while providing them with the data needed to detect suspicious activity and meet regulatory requirements, and complete transactions in different Travel Rule protocols, so as to help our customers meet all the challenges required for large-scale Travel Rule compliance.