VASP Compliance Hub - FATF Travel Rule Solution

The FATF Recommendations updated in June 2019 stated that all Virtual Asset Service Providers (VASP) must share user identity data with each other when transactions between VASPs take place.

This means that in order to achieve compliance with the FATF Recommendations (also known as the Travel Rule) all transactions moving funds in and out of the VASP platforms (ie: custodial wallets they are responsible for) must have identity data associated with them.

The VASP Compliance Hub is a complete, self-hosted, peer-to-peer software solution that integrates directly with Crypto Exchanges (VASPs) to provide a set of services required to achieve customer identity data compliance.

Services Overview

API Gateway

This is how your exchange will communicate with the Compliance Hub.  It uses an internal API Key to authenticate and is intended for communications in a private cloud environment.

Secured Data

Verification  Service

Provides all the logic for customer due diligence process and connects to the KYC, Claims and External Communications Services. Additionally it returns data to the API Gateway to be passed on the Exchange.

KYC Service (Optional)

The VASP Compliance Hub provides 2 optional services related to KYC processing:

  1. Cross referencing user’s KYC data with the UN, US and EU Sanctions Screening lists.
  2. AI powered OCR and image verification of user KYC documents.

Claims Service

The Compliance Hub provides several Claims related services. Importantly, it verifies the validity of existing Claim documents and creates new Claims, using user data, and incorporates it into a Claims Registry Smart Contract.

Wallet Service

The Hub enables a number of Wallet related services. It verifies the signature of a wallet to prove ownership and supports signature verification for wallets on multiple blockchains (currently supporting BTC and ETH). Additionally it is able to check for flagged wallets and pre-determined exchange ownership.

Communication Service

The VASP Compliance Hub will enable businesses to communicate with other Compliance Hubs, in order to request and receive identity data for a specified cryptocurrency wallet.

Want to learn more about how we can help with FATF Travel Rule compliance?
Talk to our experts today and schedule a demo of our solutions

Technical Integration Overview

In order to use the VASP Compliance Hub with your exchange platform, there are a some integration steps that need to be implemented.  Please contact us to talk with our technical experts to learn more about how the implementation process works.

UI / UX Updates

At present, an exchange withdrawal request can go to any wallet without any kind of verification.  This workflow is non-compliant with FATF Recommendations.

In order to achieve compliance, some updates to the UI/UX are required in addition to the API Integration.

  1. Upon withdrawal request, a user must choose the withdrawal type, if it is to another VASP or to a non-custodial wallet address.
  2. If it is a non-custodial wallet address, the user should prove ownership by providing a valid signature
    • The user is given step by step instructions on how to create the address
    • The address is then verified as valid and scanned using the wallet screening service
    • If the verifications are successful a claim will be issued associated the users KYC data with the wallet address
    • The user can then withdraw funds to their non-custodial wallet
  3. If they select VASP address, it will begin the compliance process for inter-VASP transfers
    • First the system will attempt to automatically identify which VASP the address belongs to
    • If this is successful then it will attempt to communicate with the VASP and continue the withdrawal approval process
    • If the wallet cannot be associated with a VASP, the user will be requested to provide the VASP name
    • If the VASP does not have the ability to provide compliance data, the user will be informed that withdrawals to this VASP are not available due to non-compliance and they should either select another VASP or withdraw to a non-custodial wallet under their ownership

API Integration

In order to use the features provided by the Compliance Hub, the exchange will be required to setup some minor API integrations.  We have designed the system to require the minimum amount of development work possible to minimize the impact of the integration.

Integration steps include:

  • Setting up an internal API Key for communication between the Exchange and the Compliance Hub API Gateway
  • Setting up an Ethereum Signing Key for
    • DID Registration
    • Claim Document Signing,
    • Writing to the Claims Registry
    • LWS Authentication with External Hubs
  • Setting up a response endpoint to accept incoming requests from the Hub

We have a project with fintech firm KYC-Chain, to improve our client on-boarding process. The project, which uses blockchain (...) can recognise and verify identities of clients in a reliable and fuss-free way.

Standard Chartered CIO, Michael Gorriz