Since the onset of 2018, cryptocurrency regulation has been a hot topic. So far this year, there have been quite a few developments in how crypto businesses are classified and what they’ll need to comply with moving forward. Cryptocurrency exchanges are now essentially classified as a new type of financial institution known as virtual asset service providers (VASPs). This has many benefits, such as greater recognition and respect within the financial industry. But it also adds greater scrutiny by anti-money laundering regulators, requiring them to closely monitor transactions for any potential terrorist activity or money laundering schemes.
A side effect of the new regulation is that these new rules also provide guidelines for other obligated institutions such as banks, international lawyers and accountants to start interacting with cryptocurrencies legally. This presents an array of new opportunities to the cryptocurrency industry as a whole. Many experts see this as the catalyst for bringing cryptocurrencies and related technologies into everyday use.
With opportunity also comes a significant new set of requirements to comply with. Cryptocurrency exchanges rightly feel like they are in a tough spot. If exchanges don’t comply with new regulations by the various deadlines set forth, they run the risk of being sanctioned, blacklisted, and barred from functioning in specific jurisdictions. Most companies in the space that we speak to are equally excited by the new opportunities as they are worried about how to adopt the new requirements at scale.
How to collaborate with others to verify customers using the travel rule
One of the new requirements facing VASPs is that they now need to understand who the counterparties are to a transaction. If you come from banking or traditional financial services, you may be wondering why VASPs aren’t already doing this.
Banks typically collaborate on this using the SWIFT network, but cryptocurrencies do not have a built-in method of exchanging this information. This is by design, as all crypto transactions are public on blockchains. Adding this information to blockchains themselves presents serious privacy concerns.
Since 2019, FATF (the Financial Action Task Force) has recommended that all national regulators require that VASPs implement this. Their recommendations map very closely to how financial institutions implement it using SWIFT and is also known as the travel rule.
The overall concept of the travel rule is simple. The idea is that a VASP customer’s data “travels” with the transaction, allowing counterparty institutions to run sanctions screens and perform record keeping around the transaction.
Common compliance challenges
But there are compliance challenges for VASPs:
- Uneven rollout
A particular question that comes up is around the uneven rollout of this regulation around the world. VASPs in highly regulated jurisdictions like Singapore are rightly concerned about what would happen if they are required to implement the travel rule and competitors in other countries are not. According to CoinMarketCap, there are more than 380 cryptocurrency exchanges worldwide that collectively trade trillions of dollars worth of cryptocurrency daily. Funds move quickly and frequently between exchanges globally as people are looking for the best price and liquidity.
We see this as a temporary issue; there is already a lot of pressure on significant exchanges forced to add KYC to their services. We are also seeing major financial institutions around the world that will be requiring full travel rule compliance for any and all transactions from day one.
- A lack of existing technology or trust frameworks
The crypto industry is young and heterogeneous. Each business is built on varying technology and is run by diverse business models. Each company has different risk appetites that have to be closely aligned with its overall business model, yet each potential counterparty and transaction also presents very varied types of risks.
This makes it difficult to directly apply the models from the traditional payment associations such as SWIFT, Visa, Mastercard offer widely-used trust frameworks for banks to plug and play and immediately comply with the travel rule. These rely on the most common risk models that each association’s membership approval process can simply classify and handle.
- Unknown compliance and implementation costs
The industry has been focused over the last couple of years on new methods of compliance and implementation while hoping for a simple solution to plug into. However, the reality is that after investigating for two years, most VASPs have come to the realization that implementing it requires significant changes to their platform, processes and overall compliance workflow.
Successful implementation requires careful thought and planning, ideally three to six months before your jurisdiction’s deadline or new requirements from your business counterparties.
What are the solutions for travel rule compliance?
Fortunately, there are an array of industry solutions for VASPs looking to comply with the FATF travel rule. Most industry initiatives and solutions focus on the messaging aspect of implementing the travel rule and not helping companies implement it into their day-to-day operations. Most solutions are also focused on a single messaging protocol. If each VASP chooses a solution that only offers a particular messaging protocol as their solution, this will create a walled garden of compliance. The latest legislation from the European Commission demonstrated that consulted stakeholders expressed concern about the possible exclusion of more minor industry participants.
The trick is finding the best solution that covers all of the travel rule components:
- Sanctions-screening and blockchain analytics integration
- A GDPR (Europe’s General Data Protection Regulation)-compliant storage solution for customer PII (personally identifiable information)
- Interoperability with a wide variety of blockchain messaging protocols.
The crypto market is growing and changing at a rapid pace. As more jurisdictions adopt the travel rule, starting your compliance journey now will ensure that your company will avoid sanctions and penalties.