The growth of digital assets and decentralized finance (DeFi) has fuelled fears of dirty money and crypto-powered laundering, with regulators concerned they may be unable to intervene in a peer-to-peer financial system.
To the rescue, international money-laundering watchdog The Financial Action Task Force (FATF) updated recommendation 16 — also known as the Travel Rule — in June 2019, and further expanded it in October 2021,
This guidance aims to bring the crypto ecosystem in line with traditional banking, and lays out a set of challenging requirements for digital asset firms.
In a nutshell, the Travel Rule requires all Virtual Asset Service Providers (VASPs) to share identifying information — including names, physical addresses, and national ID numbers — for the originators and beneficiaries of digital asset transfers.
The updated guidance of October 2021 expands the definition of VASP to include not only entities such as banks and exchanges that deal in crypto assets, but also businesses providing safeguarding or administration such as licensed custodians.
Businesses undertaking any of the following activities on behalf of clients are captured by the guidance:
Exchange between virtual assets and fiat currencies;
Exchange between one or more forms of virtual assets;
Transfer of virtual assets;
Safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; and
Participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.
Regarding decentralized finance (DeFi), the guidance indicates that a truly decentralized software protocol would not be considered a VASP, though the "creators, owners and operators who maintain control or influence" may still come under this category.
Reflecting recent scrutiny of crypto, October's new guidance extends the obligations of VASPs beyond sharing transaction data to include several additional requirements:
Recordkeeping, requiring VASPs to "maintain all records of transactions and CDD measures for at least five years in such a way that individual transactions can be reconstructed and the relevant elements provided swiftly to competent authorities."
Registration, requiring countries to "register or license individuals and entities that provide virtual asset services and ensure compliance with the relevant AML/CFT requirements."
Reporting, requiring countries to ensure that VASPs " to obtain, hold, and submit required originator and beneficiary information associated with VA transfers in order to identify and report suspicious transactions, take freezing actions, and prohibit transactions with designated persons and entities. "
The transaction threshold at which the full set of obligations kicks in is 1,000 USD / EUR, and at least one jurisdiction has set this value to zero, meaning that every transaction of a certain type must be assessed and appropriate compliance measures put in place.
Yet despite willingness to comply, our conversations with VASPs reveal them to be held back by technical and legal challenges that cannot easily be addressed with existing infrastructure.
Unlike banks that can easily share data via SWIFT, the various VASPs of the diverse crypto ecosystem have no universal messaging system to share transaction data, nor systems for storing and retrieving data on request that would enable compliance.
Qredo's Travel Rule solution overcomes the key challenges of compliance with a unique solution: in-band transactions.
In-band transactions bind the compliance data packet to the asset transfer. This provides full non-repudiation, as no party can deny that it has sent or received a message.
In-band transactions unlock benefits across the whole digital asset business:
As transactions are tightly coupled to metadata, businesses are never left struggling to reconcile thousands of transactions with separate compliance communications.
Qredo's approach is based on existing standards, making it interoperable with other Travel Rule solutions on the market.
Quarantine functionality allows transactions to be paused, approved or rejected based on a data trigger or human interaction, ensuring VASPs are never exposed to assets tainted by illicit activity.
The Qredo API enables compliance operations to be quickly integrated with existing software, and scaled to meet enterprise needs through programmatic rules. For example, a transaction could be automatically approved if the transfer amount is below a certain threshold and automatic KYC checks have passed. Alternatively, if the transfer is above a certain threshold, additional compliance officers may be required to approve the data packet.
“As the regulatory landscape continues to shift, digital asset businesses will need flexible compliance solutions to accommodate changing obligations. Qredo's unique model of decentralized multi-party computation provides the futureproof foundation to enable the architects of the new digital economy to comply with the Travel Rule — and quickly adapt to new regulatory requirements."
As the Travel Rule is gradually transposed into local law around the world, countries veering off course could ultimately be placed on the FATF Black or Gray list.
On the other hand, fully-compliant jurisdictions — such as Switzerland and Singapore — are likely to find themselves at the forefront of institutional digital asset adoption.
👩💻 Contact us to experience a better, more efficient way to comply with Travel Rule requirements.