In order to use the VASP Compliance Hub with your exchange platform, there are a some integration steps that need to be implemented. Please contact us to talk with our technical experts to learn more about how the implementation process works.
UI / UX Updates
At present, an exchange withdrawal request can go to any wallet without any kind of verification. This workflow is non-compliant with FATF Recommendations.
In order to achieve compliance, some updates to the UI/UX are required in addition to the API Integration.
- Upon withdrawal request, a user must choose the withdrawal type, if it is to another VASP or to a non-custodial wallet address.
- If it is a non-custodial wallet address, the user should prove ownership by providing a valid signature
- The user is given step by step instructions on how to create the address
- The address is then verified as valid and scanned using the wallet screening service
- If the verifications are successful a claim will be issued associated the users KYC data with the wallet address
- The user can then withdraw funds to their non-custodial wallet
- If they select VASP address, it will begin the compliance process for inter-VASP transfers
- First the system will attempt to automatically identify which VASP the address belongs to
- If this is successful then it will attempt to communicate with the VASP and continue the withdrawal approval process
- If the wallet cannot be associated with a VASP, the user will be requested to provide the VASP name
- If the VASP does not have the ability to provide compliance data, the user will be informed that withdrawals to this VASP are not available due to non-compliance and they should either select another VASP or withdraw to a non-custodial wallet under their ownership
In order to use the features provided by the Compliance Hub, the exchange will be required to setup some minor API integrations. We have designed the system to require the minimum amount of development work possible to minimize the impact of the integration.
Integration steps include:
- Setting up an internal API Key for communication between the Exchange and the Compliance Hub API Gateway
- Setting up an Ethereum Signing Key for
- DID Registration
- Claim Document Signing,
- Writing to the Claims Registry
- LWS Authentication with External Hubs
- Setting up a response endpoint to accept incoming requests from the Hub