How the FATF’s Travel Rule is Being Implemented Around the World
The deadline for compliance with the FATF Travel Rule is this month. Here’s how different countries around the world are approaching compliance.
Under the FATF Travel Rule, Virtual Asset Service Providers (VASPs) are required to share the identities of users involved with any virtual asset transfers valuing $1000 USD or more. VASPs will now need to obtain and verify customer identification with one another.
SelfKey created a technical and legal solution to help your business comply with the Travel Rule.
Validate any transaction request to determine if Travel Rule compliance is required. This is a check to prove if a withdrawal request is to a personal or a custodial wallet.
Built on SelfKey architecture, user identity data is assigned a decentralised identity key (DID) and stored in Claims documents. The SelfKey registers contain both the DIDs and a hash to these Claims documents.
By using DIDs, user data that is sent can be signed so the beneficiary VASP can validate the source is secure and legit.
A secure messaging system transmits the necessary information to comply with the Travel Rule.
Support for multiple protocols and standards are available, inter-operability provides future-proofing and peace of mind.
A complete end to end solution, providing a frontend for users to make transaction requests and a backend dashboard for VASPs to automatically manage approvals.
Aside from sharing customer data with other VASPs or the authorities, VASPs also have a number of other duties they must fulfil in order to be compliant. The first is that ongoing transaction monitoring needs to take place. This means that VASPs will need to determine what typical transactions look like for each user so that they are able to spot any changes to the established pattern which could signify criminal activity. Financial institutions already do this in most countries and it is part of a risk-based approach to AML and CTF.
VASPs should also screen customer wallets and potentially share any blacklists with other VASPs and relevant parties. Additionally, VASPs should be licensed and/or registered in their jurisdiction. As you can see, it’s a big ask for an industry that is largely anonymous and decentralized.
While the Travel Rule sounds similar to Know Your Customer (KYC), it does have a couple of key differences: