How to overcome the challenges of the Travel Rule for VASPs

Understanding the Travel Rule and how VASPs can implement it  

In Episode 5 of Blockchain Unpacked special guest Harm Aarts joined Jason Boud and Marina Khaustova to discuss the implications of the Travel Rule, and what VASPs should consider ahead of the UK Travel Rule implementation deadline for VASPs. 

Harm has 15 years of experience as a software engineer and founded four different startups. He bought Bitcoin when it was still 3 cents and his Master’s in Artificial Intelligence and subsequent Pre-master’s in economics further underlines his keen interest in the sector. He is currently the Co-founder of 21 Analytics, a Swiss company that focuses on solutions for Travel Rule Compliance. 

Here we summarize the key points in the discussion. 

What is the Travel Rule? 

Jason introduced the Travel Rule by reminding us of its origins. 

The Travel Rule was first issued by FinCEN in 1996 and became effective on 28 May that year as part of the US Bank Secrecy Act. ‘Often called the ‘Travel’ rule – [sic] it requires all financial institutions to pass on certain information to the next financial institution, in certain funds transmittals involving more than one financial institution.’ 

The regulation seeks to help law enforcement agencies detect and prosecute financial crimes including money laundering, by maintaining a trail of information about persons sending and receiving funds. 

In 2012 FATF included the Travel Rule in its recommendations for financial institutions to combat money-laundering. It then extended these measures to VAs and VASPs in 2019 to prevent misuse of funds and criminal activity in this sector. 

‘FATF’s Travel Rule (or Recommendation 16) requires VASPs to obtain, hold, and transmit required originator and beneficiary information, immediately and securely, when conducting VA transfers.’  

Why are VASPs slow to implement the Travel Rule? 

Marina pointed out that despite the Travel Rule having been in existence for some time, and it has been more than four years since FATF included it in its recommendations for VASPs, not much has been done yet. 

Harm said that implementing compliance with the Travel Rule is complicated. In his experience, VASPs are massively underestimating the extent of the project, the planning and the technology required to solve it. The Travel Rule touches everything from the user interface, compliance departments, counterparties, and inbound requests.  

He also emphasized how the slow pace of regulatory guidance inhibits the fast pace of technological development in the crypto space.  

Further challenges include: 

• The technology gap between fiat and crypto transfers  
• The varying approaches taken in different jurisdictions 
• The sheer number of digital assets  

The need to educate the market and regulators  

Harm emphasized that FATF is very clear about what information needs to be exchanged and when. But jurisdictions have approached the recommendations with varying requirements which make it extremely difficult for providers to streamline technology solutions.  

There is also a need to educate product and compliance teams in VASPS. It is imperative that both understand how to achieve and balance their goals within the context of the Travel Rule. 

Marina reflected on the evolving role of compliance officers and the need for educational efforts to help understand and combine the array of compliance solutions available to VASPs. The importance of both technological expertise and industry knowledge was stressed.  

Also, a mindset change is required – VASPS must move faster to reconcile ideals about decentralized finance and compliance. “There is no way out,” said Harm. “The fact is that the Travel Rule is here and to operate, VASPs need to comply.”   

Can technology solve the Travel Rule? 

VASPs have a choice, according to Harm. They can either hire large compliance teams or invest in technology to source, screen and store the information required for the Travel Rule.  

To hire in large teams comes with its own set of new challenges – one of which is having the capability to quickly retrieve data on request should a regulator wish to see it. 

On the other hand, technology can be an enabler for compliance. But choosing the right solution is crucial. Harm highlighted the TRP protocol as a favorable solution.  

Seeing a shift to a less fragmented landscape 

The conversation shifted to how the Travel Rule protocols have evolved from a fragmented landscape to a more consolidated one.  

Harm said this consolidation is happening around three specific geographical areas which are Southeast Asia, America, and Europe. He noted that all these regions have varying emphases on privacy and compliance. He sees this as a positive sign of market maturity and specialization. 

The advantages of implementing the Travel Rule successfully for VASPs 

Harm points to three advantages, all of them long-term, for VASPS: 

1. Building a moat.
   By implementing the Travel Rule and meeting regulations, a VASP will strengthen its ability to maintain a competitive advantage to protect market share and long-term profits. 
2. Closing the user experience gap.
   By asking for the names of the beneficiaries, the process becomes incredibly reminiscent of bank payments for the user, closing the gap between a traditional finance experience and digital assets. 
3. Engaging with the regulator.
   Maintaining good relations with the regulator, through showing commitment to compliance is necessary to facilitate the adoption of cryptocurrencies. 

How will VASPS cope with the inconsistency in regulatory approach across jurisdictions from a technological point of view? 

In Harm’s opinion, VASPs will be likely to opt for a minimum such as simply requesting the name of the beneficiary.   

The success of the Travel Rule implementation over the long term is highly dependent on regulators working with VASPs in the interim to achieve this minimum of compliance. To focus on collecting the beneficiary’s name as the starting point would also help streamline transactions on a global level across different jurisdictions.  

Harm also called for alignment globally in the terminology used. He describes the example that the UK’s Financial Conduct Authority uses the term Crypto Business (CB) while FATF uses Virtual Asset Service Provider (VASP), and the recent MiCA regulations refer to Crypto Asset Service Provider (CASP) which causes confusion globally.  

The contagious nature of the Travel Rule. 

The Travel Rule is contagious. Any VASP that wishes to engage with a VASP based in Europe will have to implement the Travel Rule. There is no escape operating from a jurisdiction where it is not yet implemented.  

“If you want to send coins to a European exchange, you can’t put yourself in a jurisdiction which doesn’t enforce it. You still need to do it (the Travel Rule),” said Harm. 

There are still many jurisdictions that are not compliant yet. But this is irrelevant for VASPS. They need to look at where they are sending the coins.  Ultimately this is the goal of the regulator. VASPS need to know their customer; they need to know where the money is going. 

The future of the Travel Rule, VASPs and DeFi 

Harm emphasized that the industry needs to choose between decentralized or centralized Travel Rule solutions. TRUST is a good example of a centralized approach, similar to the SWIFT system in traditional finance, where companies need to join a closed network, while TRP, that allows only peer-to-peer communications between VASPs, does not. Harm speculated that the choice will largely be determined by privacy laws and how certain jurisdictions apply these. 

With regards to Decentralized finance (DeFi), Harm suggested that while there are challenges with implementing the travel rules in DeFi, regulators and VASPs have tools beyond the Travel Rule to fight financial crime. 

Practical tips for VASPs to get started with Travel Rule compliance 

Harm wrapped up the discussion by sharing two tips to get started with the Travel Rule immediately. 

1.  To use tools like Crystal to understand counterparties better. 
2.  To set up a travel rule-specific email address to ensure compliance with incoming travel rule data. 

Tune in and watch the whole episode here. 

For more information about the Travel Rule or how Crystal can transform your approach to compliance, book in call with us here. 

About Blockchain Unpacked 

Blockchain Unpacked is a videocast and podcast series hosted by Jason Boud of RegTech Associates and Crystal Blockchain’s Marina Khaustova.  

Every month, with our special guests, we explore the real-world impact of criminal activity beyond the blockchain. We look at innovation, regulation, technology and much more as we share the latest news, trends, and predictions.