Aside from sharing customer data with other VASPs or the authorities, VASPs also have a number of other duties they must fulfil in order to be compliant. The first is that ongoing transaction monitoring needs to take place. This means that VASPs will need to determine what typical transactions look like for each user so that they are able to spot any changes to the established pattern which could signify criminal activity. Financial institutions already do this in most countries and it is part of a risk-based approach to AML and CTF.
VASPs should also screen customer wallets and potentially share any blacklists with other VASPs and relevant parties. Additionally, VASPs should be licensed and/or registered in their jurisdiction. As you can see, it’s a big ask for an industry that is largely anonymous and decentralized.
While the Travel Rule sounds similar to Know Your Customer (KYC), it does have a couple of key differences:
- During KYC, the data collected is only used by the organization that collects it. With the Travel Rule, KYC information needs to be shared between VASPs and/or the relevant authorities.
- KYC is an internal process while the Travel Rule is an external one.