Shard
Login

Crypto compliance

What does FATF mean? Every specialist in the field of compliance from any financial company, be it a credit institution or a crypto exchange, knows this abbreviation. FATF is the Financial Actions Task Force on Money Laundering, the world's leading AML regulator. The FATF develops anti-money laundering standards set out in 40 Recommendations that are mandatory for inclusion in national requirements for banks and other financial institutions.

What does the Travel Rule mean

In October 2018, the FATF amended 40 Recommendations to extend their scope of application to the virtual asset service providers (VASPs) such as crypto exchanges and crypto custody providers. The Travel Rule, effectively contained in Recommendation 16, requires all financial institutions and other financial service providers, including VASPs, to provide information on the initiators and beneficiaries of the transactions exceeding $1,000. The rule applies to both domestic and international cryptocurrency transfers. By implementing the Travel Rule, the FATF is making an attempt to create a system similar to the global SWIFT, where data on the payment sender and recipient are available to all interested financial institutions.


It is necessary to make a remark that back in 1996, the US financial intelligence agency FinCEN introduced provisions to the US Bank Secrecy Act similar to the Travel Rule, but applicable to traditional banks. And in 2019, after amendments were made to Recommendation 16, FinCEN issued clarifications, expanding the scope of the BSA provisions to crypto companies. The FATF and BSA requirements differ in the composition of the information provided and the reporting threshold, and the bills being developed in the US provide for the harmonization of national requirements with global ones.

Financial institution - sender of payment
Threshold
FATF1000 USD/EUR
USA3000 USD
NameRequiredRequired
Account NumberRequiredIf Available
AddressRequiredRequired
Crypto Exchange IDNot RequiredRequired
SumNot RequiredRequired
DateNot RequiredRequired
Financial institution - recipient of payment
Threshold
FATF1000 USD/EUR
USA3000 USD
NameRequiredIf Available
Account NumberRequiredIf Available
AddressNot RequiredIf Available
Crypto Exchange IDNot RequiredRequired

As you can see, in terms of requirements for the information transferred, the American standards are stricter as they were originally developed for traditional finance, not cryptocurrency.


In accordance with FATF Recommendation 15, crypto services shall perform Know Your Customer (KYC) checks for each transaction, exclude any possibility of anonymous transactions and transmit the information necessary to identify the sender. In general, the requirements are the same as for banks.


The Travel Rule not only allows crypto companies to comply with the international AML standards but also reduces the risks of being engaged in dubious transactions with unknown counterparts. In addition, these requirements will be further implemented in every country complying with FATF standards, which may open the door to further unification in crypto services and crypto regulation.

Who should apply the Travel Rule

Currently, the requirements are applied primarily to the centralized exchanges and custodial services that conduct transactions on behalf of their clients. In other words, when a company stores client's keys, provides investment or other financial services, it shall apply the Travel Rule.


When developing the European MiCA law, they were thinking about including DEX in the Travel Rule' scope, but the initiative did not find its way forward due to potential complexity of its technical implementation and a subsequent control over its implementation. However, the American legislators continue to consider this issue.


The diagram below shows the TravelRule implementation obligation for different crypto companies, depending on their business.

Diagram of the obligation to apply the Travel Rule

Implementation Problems

One of the main problems on the way to implementation of the Travel Rule in the crypto industry relates to the difference in approaches to this rule implementation in different companies and countries. FATF, banks and crypto companies themselves have different understandings of the requirements, such as data transfer to third parties, and are not always ready to comply with them, hiding behind technical and organizational difficulties.


The FATF does not propose a specific system for implementation of the Travel Rule, nor does it prescribe any one technology approach. Any solution is acceptable as long as it allows sending and receiving entities to meet their AML/KYT obligations.


However, according to the Travel Rule, all VASPs must exchange transaction information, so there is a clear need for a unified interoperability standard. In the future, the crypto industry will have to use a unified approach to establish appropriate standards anyway.


Many companies and developers are focused on implementing the solution complying with the FATF rules. In most cases, this solution is developed by one of the industry players without support of government agencies. Despite this, they all have the same goal - to create a simple product not imposing additional and unnecessary requirements that can be integrated into the available business solutions and is able to ensure interoperability.

Proposed Systems

Cryptographic service providers offer a variety of protocols specifically designed to facilitate transfer and collection of the encrypted data. There are several companies that have already brought their approach to the market. There are currently over 20 solutions available, including:

  • InterVASP

    A standard proposed by the US Chamber of Digital Commerce (CDC) together with the Global Digital Finance (GDF) and the International Digital Asset Exchange Association (IDAXA). In 2020, they proposed a unified standard for the exchange of the data VASPs must share with each other - InterVASP 101 (IVMS101). The solution allows VASPs to organize identification of anonymous senders and recipients of cryptocurrency payments, automatically attach the necessary data to each transaction.

  • OpenVASP

    A decentralized solution built on the Ethereum blockchain. OpenVASP uses the so-called VASP contract which is a VASP identifier in the decentralized Ethereum public key infrastructure.

  • Travel Rule Protocol (TRP)

    A simple solution implemented as an Internet protocol. Identification of a VASP using TRP is made by its underlying technology, which in this case is the Internet protocol. Web2 solution, when each participating company is identified by IP address, and information is exchanged using standard TCP protocol encryption methods.

At the moment, JSC SHARD is working on creating its own solution for the Travel Rule implementation. At present all providers of this service are foreign companies whose services, in most cases, are not available in Russia. Our solution will allow information transfer between banks and crypto companies within the country, as well as, due to compatibility with open protocols, between Russian companies and services in friendly jurisdictions.


Russia remains a participant in the international anti-money laundering system, a member of FATF and EAG, which imposes obligations on the state and its financial institutions to comply with anti-money laundering standards. The requirements of Recommendations 15 and 16 for crypto companies will also become relevant for our country after adoption of the law regulating the circulation of cryptocurrencies in Russia.

Travel Rule will allow crypto exchanges and their clients to make transactions with higher security, but users should still remember to independently check the addresses for risks as this can help save funds! You can report cases of risk of interaction with specific cryptocurrency addresses on our website in the «Report a suspicious address» section.