Travel Rule Compliance Made Simple

The growth of digital assets and decentralized finance (DeFi) has fuelled fears of dirty money and crypto-powered laundering, with regulators concerned they may be unable to intervene in a peer-to-peer financial system.

To the rescue, international money-laundering watchdog The Financial Action Task Force (FATF) updated recommendation 16 — also known as the Travel Rule — in June 2019, and further expanded it in October 2021,

This guidance aims to bring the crypto ecosystem in line with traditional banking, and lays out a set of challenging requirements for digital asset firms.

What is the Travel Rule?

In a nutshell, the Travel Rule requires all Virtual Asset Service Providers (VASPs) to share identifying information — including names, physical addresses, and national ID numbers — for the originators and beneficiaries of digital asset transfers.

What is a VASP?

The updated guidance of October 2021 expands the definition of VASP to include not only entities such as banks and exchanges that deal in crypto assets, but also businesses providing safeguarding or administration such as licensed custodians.

Businesses undertaking any of the following activities on behalf of clients are captured by the guidance:

• Exchange between virtual assets and fiat currencies;

• Exchange between one or more forms of virtual assets;

• Transfer of virtual assets;

• Safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; and

• Participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.

Regarding decentralized finance (DeFi), the guidance indicates that a truly decentralized software protocol would not be considered a VASP, though the "creators, owners and operators who maintain control or influence" may still come under this category.

The obligations of VASPs

Reflecting recent scrutiny of crypto, October's new guidance extends the obligations of VASPs beyond sharing transaction data to include several additional requirements:

• Recordkeeping, requiring VASPs to "maintain all records of transactions and CDD measures for at least five years in such a way that individual transactions can be reconstructed and the relevant elements provided swiftly to competent authorities."

• Registration, requiring countries to "register or license individuals and entities that provide virtual asset services and ensure compliance with the relevant AML/CFT requirements."

• Reporting, requiring countries to ensure that VASPs " to obtain, hold, and submit required originator and beneficiary information associated with VA transfers in order to identify and report suspicious transactions, take freezing actions, and prohibit transactions with designated persons and entities. "

The transaction threshold at which the full set of obligations kicks in is 1,000 USD / EUR, and at least one jurisdiction has set this value to zero, meaning that every transaction of a certain type must be assessed and appropriate compliance measures put in place.

Yet despite willingness to comply, our conversations with VASPs reveal them to be held back by technical and legal challenges that cannot easily be addressed with existing infrastructure.

Unlike banks that can easily share data via SWIFT, the various VASPs of the diverse crypto ecosystem have no universal messaging system to share transaction data, nor systems for storing and retrieving data on request that would enable compliance.

Qredo for Travel Rule compliance

Qredo's Travel Rule solution overcomes the key challenges of compliance with a unique solution: in-band transactions. 

In-band transactions unlock benefits across the whole digital asset business: 

Reduce operational burden

As transactions are tightly coupled to metadata, businesses are never left struggling to reconcile thousands of transactions with separate compliance communications. 

Seamlessly connect with other compliant digital asset firms

Qredo's approach is based on existing standards, making it interoperable with other Travel Rule solutions on the market.

Never receive toxic assets

Quarantine functionality allows transactions to be paused, approved or rejected based on a data trigger or human interaction, ensuring VASPs are never exposed to assets tainted by illicit activity.

Scale to meet enterprise needs

The Qredo API enables compliance operations to be quickly integrated with existing software, and scaled to meet enterprise needs through programmatic rules. For example, a transaction could be automatically approved if the transfer amount is below a certain threshold and automatic KYC checks have passed. Alternatively, if the transfer is above a certain threshold, additional compliance officers may be required to approve the data packet. 

More news and thought leadership from Qredo