This article (Part 1 of 2) takes a look at 4 AML compliance lenses (Governance, Technology, Identification and Implementation) that VASPs and regulators should use to assess the merits of FATF Travel Rule solutions, including Sygna Bridge.
Table of Contents
- What is the FATF Travel Rule?
- How can the Travel Rule mitigate ML/TF risks?
- Aligning with FATF: Singapore and Switzerland
- Steps to comply with FATF Travel Rule
- The 4 Lenses To Review Travel Rule solutions
- The 4 types of FATF Travel Rule solutions
- What is Sygna Bridge?
On 25 February 2021, CoolBitX General Manager International Elsa Madrolle kicked off our 2021 Sygna Bridge series of crypto regulation webinars. We decided to start with an educational talk on the FATF Travel Rule to help the EMEA industry and specifically its regulators better understand how they should respond to its challenges. This information can of course also be applied to the rest of the world.
Specifically, the webinar covers four recommended lenses that country regulators and virtual asset service providers (VASPs) should utilize to fairly assess the many solutions that are becoming available in the market.
This 2-part article has been adapted from Elsa’s presentation, includes some of her insights verbatim and builds on them in some areas.
Read Part 2: Viewing Sygna Bridge Through the Travel Rule’s 4 Lenses
It also aims to serve as preparation for our next webinar, “FATF Travel Rule Solution Lens 1: Technology”, presented by our product manager Vince Lee, which will take a more technical look at Travel Rule solution requirements. Vince’s talk is scheduled for release on our YouTube channel for the last week of March.
You can watch Elsa’s informative presentation below:
Overview of this 2-part article
Part 1 will provide a brief overview of FATF and its “Travel Rule” implementation globally, with an introduction to various solutions and four lenses to view through.
Part 2 (published next week) will use the 4 lenses to evaluate how a solution like Sygna Bridge is faring as a Travel Rule solution.
What is the FATF Travel Rule?
The Travel Rule is originally an American term that refers to the mandatory exchange of personal data when doing wire transfers, which dates back to the Bank Secrecy Act in 1997.
In June 2019, under U.S. presidency, the Financial Action Task Force (FATF) promulgated international guidance around its existing anti-money laundering (AML) and Combating Financing of Terrorism (CFT) recommendations, after first proposing it in February 2019. This guidance built on the FATF’s late 2018 definition of virtual assets and VASPs.
For the first time, it stated how they also apply to the crypto industry, specifically guidance around Recommendation 16 on Wire Transfers, which declared that countries should ensure that VASPs require personal information when processing transfer requests, and record and make them available to regulators as needed.
While FATF guidance is not legally binding, it must be followed by member countries in order to avoid possible punitive actions due to AML/CFT violations.
FATF is a supranational organisation that only issues these guidelines in accordance with its mandate from the G20, therefore the onus is on each individual national regulator of the broader FATF organization to create individual legislation that aligns with the guidance per the terms of engagement.
How can the Travel Rule help to prevent money laundering and terrorist financing?
This has been a hotly debated topic. In theory, the Travel Rule should act as a deterrent to bad actors due to the requirement of including personal information. One of the biggest criticisms in the industry is that the bad money simply won’t transact on exchange and instead will just use private wallets.
This is why FinCen is looking so closely at private wallets and proposing to regulate them. Moreover, the new March 2021 FATF guidance proposal currently under public consultation also takes aim at peer-to-peer wallets as expected. The final document will likely be accepted by FATF during its June Plenary as an update to 2019’s guidance on virtual assets and VASPs.
However, we see that blockchain analytics like that conducted by ourselves and our strategic partner Elliptic have come a long way. The Travel Rule, when part of a broader AML strategy that includes all the components we discussed earlier and blockchain analytics, can definitely make it much more difficult for bad actors to transact.
How Countries are Aligning with FATF Recommendations
Let’s look at Singapore as a simple example of how the actual requirements can be aligned but also can be tweaked. As you can see, the Payment Services Act (PSA) regulation that the Monetary Authority of Singapore has issued features a minimum threshold of SGD1500, not the USD 1000 standard. That wasn’t mandated by FATF, but a decision taken by Singapore.
This example highlights how countries are free to interpret the rules however they see fit as long as they meet the minimum FATF requirements.
So where are we in terms of the rollout of regulation by each individual country specific to the Travel Rule across the globe?
Well, there are over 200 jurisdictions that are either FATF members or belong to one or more of the various FATF-Style Regional Bodies (FSRB) and their 200+ country-strong network that has also committed to meeting FATF’s recommendations in response to current FATF President Marcus Geyer’s request to lead by example and be the first to align with the recommendations.
This can take the form of amending existing legislation or creating completely new laws. We’ve seen examples of both. Although very few G20 countries have actually completely transposed the FATF Travel Rule into law, those in green on the slide have fully aligned their regulation.
The remaining 20 countries in yellow have either announced a date in the future, or have been quite public that they are progressing with legislation. So it’s early days.
The whole world has not created Travel Rule regulation yet, and this staggered approach is one of the most commonly cited headwinds for the industry. It’s been referred to as the “sunrise problem”, the fact that different regulations are coming to light at different times.
Regulators are not just on different timelines, they also have the freedom to create the laws that they see fit. Switzerland for example, reiterated its existing legislation because they said it went further to combat AML than the FATF guidance so they didn’t feel the need to create new rules.
Because of the need to exchange personal information, privacy laws come into play, particularly when it comes to issues like GDPR in Europe. Future regulation can also complicate things. In the US, FinCen’s proposal to regulate unhosted wallets has opened up a lot of new questions. And finally the unexpected development of having so many different technical solution providers that all tackle this issue in very different ways.
Sygna Bridge makes the case that we have demonstrated cross-jurisdictional Travel Rule transfers, that the technology is ready, we use a common messaging format which will lend itself to interoperability and we have managed so far to adapt our model to GDPR requirements.
Before looking at the lenses, let’s take a quick look at the necessary general steps in the life of a transaction subject to the Travel Rule. View this as a high-level summary of the steps from a workflow perspective to keep that in mind as we’re going through the lenses.
Necessary steps for FATF Travel Rule compliance
- Sender gives transfer instructions to sender VASP, including beneficiary details
- Sender VASP receives and verifies wallet address ownership
- Sender VASP verifies the identity of the receiving VASP, or “VASP discovery” (
- Share VASP routing information
- Exchange required personal information securely
- Proof of compliance
The 4 Lenses To Review Travel Rule Solutions
Sygna Bridge suggests that you assess any service wanting to provide Travel Rule data transfer through these four lenses:
From these focal points, we have to ask essential questions to ascertain whether the Travel Rule solution you’re considering meet specific criteria. For example:
- How is the firm capitalized?
- What’s the business model?
- How is the firm being held accountable?
- Will they still be around 12 months from now?
Technological prowess is obviously a non-negiotable requirement, but there are very different approaches proposed to the market. From blockchain-based services to more traditional centralized APIs and everything in between, technology also covers encryption and security which is a crucial component given the privacy issues.
- Do you understand the difference between the solutions’ core technologies?
- How important is the centralization/decentralization debate for your organization?
- How strong is the development team on encryption and security?
- Do they have a proven background in fintech security?
- How does the solution protect your data privacy from breaches?
The identification of VASPs is unfortunately far more complicated than simply identifying individuals and institutions like in traditional finance. Several reasons account for this, such as the pseudo-anonymous nature of digital assets and how digital wallets fit into the equation, lack of infrastructure and standardized global Know-Your-Cystomer (KYC) verification processes.
- Does the solution have an accurate identification service that can be trusted?
- Does it have the right partners to scale accordingly worldwide?
- Is it using accepted data standards that are interoperable with other solution providers?
- How does the solution store data and is it privacy-secure?
- How strong is its network of VASP members?
How realistic is it for solutions to successfully come to market without unwanted disruption both to internal workflows but also to the user experience?
- Is the solution easy to implement without major operational disruption?
- Can it be integrated within a short timespan?
- Does it require a dramatic overhaul of existing systems or a simple API integration?
- How costly is the implementation and monthly fee structure?
Applying the 4 Lenses to Sygna Bridge and its competitors
Now that we know a few things to look for in a Travel Rule solution, let’s compare these 4 lenses as applied across Sygna and its main competitors.
The 4 types of FATF Travel Rule solutions
Our table lists competing solutions into 4 broad categories:
- Integrated Software providers, like Sygna Bridge
- Open Systems Certificate Networks (such as X.509)
- Centralized bulletin boards,
- Blockchain-based protocols.
(If you are unable to read the table images, please refer to our Google Drive presentation here, slides 9 and 10).
We see new solutions pop up all the time, but these categories cover a large part of the market, and we are only able to summarize publicly available information.
This next slide goes into a bit more detail around identification and technology, hopefully it can be useful in your analysis.
The competitive landscape will make more sense when we review them by applying the 4 lenses to Sygna Bridge in Part 2 of this article.
What is Sygna Bridge?
Sygna Bridge is an automated messaging technology developed by CoolBitX that allows for the real-time exchange of Travel Rule data amongst its members. VASPs have to apply to join the network and access is made through a simple API.
We then create privacy-secure tunnels for the personal data to be exchanged off-chain, without gaining access to this data or storing it. Again, we’ll take a closer look in part 2.
Sygna Bridge has over 25 VASPs at various stages of onboarding across the world, all over Asia but also in Canada, the UK and South Africa. It has been implemented and successfully between leading VASPs in Taiwan, Singapore, Japan and Korea and have demonstrated cross-border Travel Rule data exchange in those countries.
Sygna Bridge has also received a favorable assessment by ACCESS Singapore, conducted successful Proof-of-Concept interoperability test with CipherTrace’s TRISA solution and uses the industry-created InterVASP messaging standard IVMS101.
CoolBitX partnered with blockchain analytics pioneer Elliptic in 2019 and recently launched Sygna Gate, a new integrated wallet address screening filter combining our technology with that of Elliptic Lens’ non-custodial wallet filter to proactively protect our users against expected incoming regulations.
We hope this article provided the reader with a glimpse into the future of crypto regulation. As regulation is starting to flourish across the world, several jurisdictions are now offering licencing which is great, and is a welcome development because it really helps establish legitimacy in a new industry.
However, what we have seen is that in order to piece together an AML strategy that will pass minimum licensing requirements, VASPs will not have to just come up with a Travel Rule solution, they have to come up with multiple AML tools that are usually completely different areas of expertise so will require multiple solution providers. So, analytics screening, custody KYC, and probably more to come.
The large majority of VASPs, other than the very very biggest ones, do not have the resources to do due diligence on so many service providers, and it makes the process of licencing as a result complicated and painful and may even exclude some from the ability to be licenced because they just can’t meet the AML requirements.
Join us for part 2 next week where we’ll subject Sygna Bridge to the 4 lenses for a closer assessment of the competitor landscape and how a Travel Rule solution should perform in lieu of not only current, but possible incoming regulations.
Over the next couple of months, we will be releasing targeted webinars on our YouTube channel that take a detailed look at each Lens interpretation by both Sygna Bridge and other solutions, and which we’ll revisit on our blog.
Read Part 2: Viewing Sygna Bridge Through the Travel Rule’s 4 Lenses
Additional Viewing- GDF Asia Conference
In the meantime, if you’d like to hear about Elsa’s views on where AML compliance is leading us, here’s her keynote speech at this past week’s Global Digital Finance Asia Conference, titled “Converging Paths to #AMLCompliance in the Blockchain Security Ecosystem”.
Written by Werner Vermaak
Disclaimer: CoolBitX provides these blog posts for general educational purposes only. Information on this blog expresses the opinion of the author only. It does not constitute professional legal or financial advice and should not be considered as such. The author or company may update the information on this article at any time without prior notice and do not guarantee the work to be up to date and accurate. To the best of our knowledge, the information provided here is factual at the time of writing.