CipherTrace Announces Travel Rule Information Sharing Architecture (TRISA)
Two major regulators recently shook the foundations of the crypto economy with new guidelines that will have a major impact on exchanges and other virtual asset service providers (VASPs). The global watchdog for combating money laundering, the Financial Action Task Force (FATF), recently updated its guidelines, which include a “Funds Travel Rule”. In short, the new rule requires Virtual Asset Service Providers (VASPs), sender (originators) and recipient (beneficiaries) to share and store information A cryptocurrency (or cryptocurrency) is a digital asset that … more Transactions. In addition, in May 2019, the US Treasury Department’s Financial Crimes Enforcement Network (FinCEN) clarified its guidelines for categorizing VASPs as Money Services Enterprises (MSBs), which means that they now comply with the long-standing Funds Travel Rule under the Bank Secrecy Act (BSA.) must adhere to).
G20 makes the implementation of the FATF guidelines for virtual assets a virtual security
At the end of their summit in Osaka, Japan on June 29th, finance ministers and central bankers of the G20 economic bloc officially announced their support for the updated FATF virtual guidelines, including the travel policy. As a result, a number of important voices in the crypto economy complained that the new rule is impractical, and not just given the current status A blockchain – the technology that underlies Bitcoin and other technologies. More Technology, but also stands in opposition to the pseudo-anonymous nature of cryptocurrencies.
At the end of their annual summit held in Osaka, Japan in June 2019, G20 finance ministers and central bank governors declared: “We reaffirm our commitment to applying the recently amended FATF Standards to virtual assets and related providers for AML and CFT.
A compliance conundrum
As regulators around the world begin to translate the clarified FATF guidelines into local law, VASPs face an enormous technical challenge – how to comply with travel rules in a trustworthy and reliable manner. According to the FATF, “… it is of vital importance that countries ensure that VA credit transfer providers – be they VASPs or other obligated parties – provide the necessary information about the sender and the beneficiary immediately and safely, especially in view of the fast and cross-border nature of VA transfers … “
Change blockchains or add an overlay layer?
Developing a solution that will help VASPs overcome this compliance challenge poses major technical obstacles. For example, trying to change the existing blockchain protocols will inevitably fail as there are many different protocols and enforcing hard Forks just isn’t feasible.
The enforcement of a FATF Travel Rule had long been expected since February 22, 2019, when the Interpretive Note on virtual currencies was issued. IT defines implementation requirements for effective regulation, supervision and monitoring of (“VASPs“), Which is why CipherTrace has already developed a solution that enables the secure sharing and storage of transaction identity information without changing the core protocols of the blockchain and cryptocurrency. Instead of modifying existing blockchains, the reference architecture creates a separate out-of-band mechanism to expand existing blockchains and cryptocurrencies for compliance purposes.
This Travel Rule Information Sharing Architecture (TRISA) uses the trustworthy public key infrastructure to reliably identify and verify VASPs. It is similar to the way clients and servers establish trustworthy communication on the web and other Internet applications.
A solution based on proven cryptographic controls
The CA is the cornerstone of trust for public key infrastructure (PKI) by issuing trusted digital certificates and managing, distributing, and revoking those certificates. The CA issues digital certificates that identify the entity associated with a particular public key to ensure that users are working with that entity in a trustworthy manner and not as a scammer impersonating the entity. PKI is the key to trustworthy information exchange.
What is a Virtual Asset Service Provider (VASP)? A virtual A … more Address verification protocol prevents leaks
The FATF recognizes that, unlike traditional fiat transfers, not two obligated parties can be involved in every virtual asset transfer. When initiating a VA transfer, VASPs do not have to transmit the required information to individual users who are not obliged to do so. However, the FATF does not address the difficulty VASPs have in determining whether or not a transfer is going to be made or going to a subject, or the security risks that could arise from transferring private information to the wrong facility.
TRISA promotes the VASP address verification protocol, which reduces the risk associated with sending private information to the wrong VASP by verifying that the receiving address is actually controlled by the specified beneficiary VASP. This protocol requires a high-speed search, whereby the sending VASP can query the receiving VASP for the address and confirm that the receiving address actually belongs to this VASP. A CipherTrace TRI white paper describes this VASP address verification protocol in more detail.
In addition, the FATF guidelines require both ordering and beneficiary institutions to take blocking measures and prohibit transactions with named persons and institutions. The VASP Address Confirmation Protocol through Enhanced Validation Know Your VASP (EV KYV) also offers a solution for this. Receiving VASPs should return receipts, ideally digitally signed, to sending VASPs to confirm that the transaction identity information has been received. It may be desirable to be able to reject a transaction in a receipt, for example if the identity of the sender or the identity data of the alleged beneficiary do not pass sanctions or other blocking tests by the receiving VASP. In such cases, the sending VASP should not continue the blockchain transaction and should inform the sender of a failed transaction.
To learn more about the Travel Rule Information Sharing Architecture architecture, read the whitepaper Here.