Deficiencies in Travel Rule Solutions
The Financial Action Task Force’s (FATF’s) crypto Travel Rule (Recommendation 16) has been around for more than 3 years now. However, many working in compliance or with virtual asset service providers (VASPs) are still using Travel Rule solutions that are not compliant with the Travel Rule, creating problems instead of solutions.
Last year the FATF published a Targeted Update on Implementation of the FATF Standards on Virtual Assets and Virtual Asset Service Providers, which included guidelines to assist VASPs in choosing Travel Rule solutions and providers. In their research, the FATF discovered that VASPs are unsure of what they need in a solution, oftentimes choosing Travel Rule solutions that are attractive in price but do not meet the required compliance standards.
Below we delve into the common Travel Rule solution deficiencies according to the FATF’s guidelines.
Common Travel Rule Solution Deficiencies:
No Travel Rule Data Retention Functionality
The FATF recommends that Travel Rule data should be retained for recordkeeping and transaction monitoring for a period of 5 years. In other words, VASPs need access to this data within the solution in order to download the Travel Rule data in case of an audit or investigation. It has been found that some solutions do not store the required Travel Rule data, which defeats the objective of the Travel Rule, and those that do, either do not provide VASPs with the option of downloading the data or only offer limited file exports.
VASPs need to bear in mind that they can be met with severe penalties if they do not adhere to this requirement: data retention proves adherence to the Travel Rule.
Support Limited to Only Few Virtual Assets
The Travel Rule applies to all virtual assets. Therefore, a compliant Travel Rule solution must support all virtual assets and submit the appropriate Travel Rule data with each transaction. If the solution does not support a virtual asset, the software must reject these transactions. Transactions cannot be processed without Travel Rule data.
Non-Compliant Threshold on Transfer Value
Irrespective of the transfer value, Travel Rule solutions must facilitate the submission of Travel Rule data by VASPs. It has been noted that some software types do not submit Travel Rule information for low-value transactions, which is not compliant with Travel Rule standards. Solutions that don’t apply the Travel Rule to all transfer values can easily be circumvented by users splitting their transactions into multiple transactions with amounts below the threshold.
Travel Rule Information to Be Exchanged as per the FATF
As a reminder, the originator VASP is required to verify and forward the following information before conducting a transaction:
Originator's account number,
Originator's physical address OR
Originator's national identity number, or customer identification, or date and place of birth.
With the below information to be obtained and verified by the beneficiary VASP before transacting,
Beneficiary's account number.
The verification process is just one aspect of the essential components of the Travel Rule. To implement the Travel Rule effectively, this information must be communicated to the beneficiary VASP and retained. The guidelines outlined above are intended as a reference; however, it's important to note that the additional requirements may be mandated depending on the jurisdiction where the transaction takes place.
Incorrect Timing of Travel Rule Information Exchange
Another issue that has come up in Travel Rule software is the timing of Travel Rule information exchange. The purpose of the Travel Rule is to enable VASPs to act in real-time on suspicious virtual asset transfers, which necessitates the timing constraints of the transmission of information. Therefore, Travel Rule data must be shared before or immediately as the transaction is executed. On top of this, the shared data must be done securely and in line with the region's general data protection regulations.
Use of Transaction ID Instead of Originator Wallet Address
The FATF requires VASPs to use the originator’s wallet address or their internal account number to accompany the transaction, not the transaction ID. Transaction IDs only become available after the transaction has happened on the blockchain. As mentioned above, Travel Rule data needs to be exchanged before the transaction or immediately as it is executed.
The Real Travel Rule Solution
21 Travel Rule addresses all these issues above. Firstly the solution allows VASPs to store data for 5 years and beyond, and this information can be downloaded in various formats to fit compliance needs and processes. When attempting a transaction using 21 Travel Rule, VASPs are prompted to complete the customer’s Travel Rule information as per the Travel Rule requirements before attempting the transaction.
Moreover, our product’s featured protocol, TRP, allows VASPs to reject or approve inbound transactions before any on-chain activity happens, ensuring Travel Rule legislation is upheld. Additionally, this functionality aids VASPs if they do not trade in the specified currency - a quick click and the transfer is rejected. Lastly, an internal account number and a postal address accompany all transactions, making 21 Travel Rule, the most Travel Rule compliant software currently available.
Choosing a compliant solution for the Travel Rule shouldn’t be a challenge.
Find out more about 21 Travel Rule.