How the Travel Rule Protocol (TRP) Benefits VASPs

The increasing implementation of the Financial Action Task Force's (FATF) Travel Rule and interpretations thereof, like the European Union's Transfer of Funds Regulation, has posed several challenges for virtual asset service providers (VASPs), listed by the FATF in its recent Targeted Update on Implementation of FATF’s Standards on VAs and VASPs.

This blog will explain how the Travel Rule Protocol (TRP) can benefit VASPs by briefly discussing the Travel Rule standards, followed by the deficiencies in Travel Rule solutions per the FATF, and how the TRP addresses these challenges.

TRP: Built for the Travel Rule and VASPs 

How TRP Benefits VASPs

Firstly, by meeting the Travel Rule requirements, explained in detail below, VASPs can be guaranteed a Travel Rule-compliant transaction in every instance. 

Moreover, TRP operates as a permissionless, decentralised, and open-source protocol, enabling unrestricted contributions to its development and implementation without dependencies on specific entities or gatekeepers. In other words, VASPs can implement the protocol into their existing software at no additional cost or monthly subscription fee. 

Access the specifications here.

In alignment with FATF's recognition that the Travel Rule has not been widely adopted by low-resource countries, primarily due to the cost of Travel Rule software and protocols, efforts are being made to enable their participation in the virtual asset arena.  As part of this initiative, FATF is prompting the development and adoption of open-source protocols and solutions like TRP. 

Travel Rule Compliance Standards 

The FATF Travel Rule, established in 2018, aims to help law enforcement monitor fund transmissions through authorised payment systems to combat illicit financial activities. Originally applicable to fiat wire transfers, it expanded to include digital technology and cryptocurrencies. 

In 2019, Recommendation 16 extended the rule to cover virtual assets, including transfers between VASPs and self-hosted wallets. However, jurisdictions can interpret and implement the rule differently. 

VASPs, defined by FATF, must verify control of destination addresses to avoid sanctioned entities exchanging requisite data before transaction execution. Verification criteria include originator and beneficiary information like name, account number, and physical address.

It is essential for VASPs to establish robust processes for customer due diligence (CDD), transaction monitoring, and reporting to adhere to AML policies and the Travel Rule. This requirement applies to VASPs of all but the smallest scales and typically necessitates adopting technological solutions.  However, this also presents a new challenge for VASPs, as they must ensure that their technological tools - Travel Rule solution - fully comply with applicable policies. 

Deficiencies in Travel Rule Solutions per the FATF

Based on the above, the FATF has noted that many existing Travel Rule solutions lack the necessary foundational elements to ensure compliance, leading to ineffective risk management. Examples of these deficiencies include:

Failure to Exchange Required Travel Rule Information According to Regulations

Before initiating a transaction, the originating VASP is required to validate and provide the following details, 

• Full name of the originator

• Originator's account number

• Either the originator's physical address or their national identity number, customer identification, or date and place of birth.

Similarly, the beneficiary VASP must obtain and verify the following information before conducting any transactions:

• Complete name of the beneficiary

• Beneficiary's account number.

The verification process is integral to the Travel Rule and must be communicated securely to the beneficiary VASP; failure to exchange this data results in VASPs being unable to release the assets.

Incorrect Timing of Data Transmission

Another issue arising in Travel Rule software relates to the timing of Travel Rule information exchange. The primary objective of the Travel Rule is to enable VASPs to promptly respond to potentially suspicious virtual asset transfers, necessitating strict timing requirements for data transmission. 

Therefore, Travel Rule data should be disseminated before or alongside the transaction in strict adherence to regional data protection regulations to ensure secure handling.

Facilitating Transfers to Sanctioned Addresses and Countries

According to the FATF Travel Rule and its implementations, originators and beneficiaries must be aware of the destination of funds to avoid transactions with sanctioned addresses and countries. 

Travel Rule solutions need to provide a means for users to verify this information before exchanging sensitive Travel Rule data and releasing assets. However, many solutions lack this functionality, resulting in virtual asset transfers on behalf of sanctioned entities.

Lack of VASP Discovery

As mentioned earlier, individuals and entities cannot send or receive funds to or from unknown VASPs. In typical cases, such as with a bitcoin address, only limited information, such as the currency, is provided. Consequently, additional essential information required for a Travel Rule-compliant and low-risk transfer is not available.

Read: Is There a Difference Between an IBAN and a Travel Address?

Inadequate Due Diligence

Merely exchanging an address is insufficient for VASPs to conduct proper due diligence. They cannot ascertain whether funds are being sent to a self-hosted wallet or VASP, check if the beneficiary has undergone KYV (Know-Your-VASP) procedures, or determine if the beneficiary has been sanctioned. 

The FATF Virtual Assets Contact Group (VACG) expressed concerns about the increasing use of shell VASPs for illicit activities.

Limited Virtual Asset Support

The Travel Rule applies to all virtual assets, necessitating Travel Rule-compliant solutions to encompass all virtual assets and provide the requisite Travel Rule data with each transaction. 

If the solution does not support a virtual asset, transactions must be declined as the software is not Travel Rule compliant. It is crucial to emphasise that transactions must not proceed without including Travel Rule data.

Read: 21 Analytics Supports over 1800 Crypto Assets Leveraging DTI

TRP Meets Travel Rule Compliance Requirements

The FATF Travel Rule mandates thorough data collection, verification, and storage to ensure secure transactions, necessitating a protocol that meets these requirements. As evidenced by numerous failed exchanges, relying solely on information from counterparties is reckless. It must be authenticated through trustworthy means, such as protocols like TRP.

TRP effectively addresses the challenges mentioned above within the virtual asset transaction realm. When using TRP for transactions, VASPs must input customer Travel Rule information strictly adhering to regulatory requirements before proceeding. 

Additionally, TRP empowers VASPs to authorise or reject inbound transactions before any on-chain activities, ensuring comprehensive Travel Rule compliance. This is enforced at a protocol level by sharing blockchain destination addresses only upon validating the provided Travel Rule data satisfactorily. This is particularly advantageous for VASPs not engaging in transactions involving specific currencies; this feature streamlines rejection procedures swiftly.

Furthermore, all transactions facilitated by TRP include internal account numbers and postal addresses, positioning the protocol as the most Travel Rule-compliant software available. TRP stands out as one of the few protocols fully adhering to FATF Recommendations due to its robust functionalities. Its attributes offer a global perspective, enabling VASPs to operate across jurisdictions seamlessly.

Find out more about TRP and how it addresses the challenges presented by the Travel Rule.