What does the FATF Travel Rule mean for Crypto Users?

Photo: The Blockchain Land

Ever since it was conceived and began gaining traction, Bitcoin has represented a mystery for regulators. After realizing that Bitcoin cannot be regulated directly, they started going to service providers, which they now call VASPs (Virtual Asset Service Providers).

Most of us will quickly point out that any attempt at regulation is against the original cypherpunk ideology that gave birth to crypto. However, even today, many of the Financial Action Task Force (FATF) recommendations are followed to the letter by cryptocurrency exchanges and legitimate service providers.

Why do crypto companies listen to the FATF?

The FATF is an intergovernmental organization that is fighting against money laundering and terrorist financing. Governments follow their recommendations because they don’t want to be grey-listed, or worse, black-listed; a heavy reputational sanction that can translate into a difficult, and costly regulatory improvement path for the listed government. Being on these lists could seriously affect the ability to do business for that country’s financial institutions. For example, Iran and North Korea cannot use traditional banking systems, precisely because they regularly failed to follow through on FATF recommendations.

If one financial organization doesn’t adhere to the regulation that implements the FATF recommendations and is not willing to work on improving its results, it can end up being forced to shut down. Banks and other financial institutions will know not to deal with that particular organization.

Countries that already follow FATF recommendations have a much easier time introducing digital assets to their national law. Mainly it involves creating a new law or finding space for it in existing financial laws.

35 out of 54 jurisdictions have already implemented changes to adhere to the FATF recommendations, with 4 of them (unclear which ones) having decided to completely ban cryptocurrencies for the time being.

The rest are still working on introducing virtual assets in their national laws.

VASPs, overseen by their jurisdiction, must follow these rules once they are committed to national law. However, there is a great amount of leniency in how effective VASPs need to be at this current moment in implementing the recommendations. Often, it is enough that the VASP is actively looking for ways to safely follow the recommendations.

FATF recommendations for VASPs

There are about 40 different FATF recommendations that jurisdictions have introduced, or will introduce, into law for VASPs to follow. Many of these ported directly from banking regulation and can be implemented without any problems. They do not cause additional stress, security requirements, or create additional vulnerabilities for companies.

For example:

KYC/AML data collection is already happening at large, and most users are willing to pay the price of being identifiable in exchange for accessing VASP’s services. Some exchanges, especially crypto-to-crypto still enable active participation without any KYC/AML, but these recommendations will change that.

One of the most conflict-causing and difficult to implement recommendations is called the Travel Rule. This rule requires VASPs to collect, safeguard and share user’s personal identifiable information and KYC records with other VASPs. According to Travel Rule, this data sharing process must happen instantly, at the time of every transaction.

Crypto exchanges and other VASPs experience issues when trying to comply with this rule.

1. Identifying Other VASPs — In order for the Travel Rule to be efficiently implemented, VASPs need a method by which to identify other VASPs they would be transacting with. They also need a way to know if the other VASP is following the same Travel Rule recommendations.
2. Jurisdictions Without Travel Rule — Internally called the “Sunrise” problem, this issue relates to how VASPs that follow the Travel Rule should interact with VASPs that don’t follow the Travel Rule yet.
3. Peer-to-peer Transactions Via Private / Unhosted Wallets — VASPs highlight the risk of treating private wallets as custodial wallets. This misidentification can result in a customer data leak. P2P transactions between private wallets are not required to subscribe to the Travel Rule.
4. Batch And Post Facto Submission And Past Transfers — VASPs are inquiring whether they could send batches of information at the end of the day or a few days later.
5. Interoperability Of Systems — Different Travel Rule solutions to the problem would need to be able to work with each other flawlessly. Ensuring this interoperability is a challenge in itself.
6. Dealing with GDPR — Requirements presented by the Travel Rule go in direct opposition to GDPR. FATF and the EU are still working on developing a win-win solution.

The general attitude of the FATF is that they are tolerating VASPs in this time of change, with the general expectation that the Travel Rule (among other things) needs to be implemented as soon as possible.

However, most VASPs believe they failed to address many of the issues in their latest review in June 2020. Recommendations and expectations remained the same as the year before, with growing clarity for issues preventing VASPs from taking action immediately.

Decentralized Applications may or may not be considered VASPs, depending on the type of service they provide for users. The owner/operator of dApps may also be identified as VASPs, depending on the type of business activities they perform.

How does this impact you?

On a surface level, not a lot will change for the regular cryptocurrency user. You will still be able to send, receive, deposit, and withdraw with ease. However, looking deeper, you will find that the entire crypto space will be a safer place for all.

We’ve developed the Shyft Network with a user-first approach, both in terms of consent and safety, which is why it’s also compliant with GDPR. VASPs that rely on Shyft Network, will provide users with full control over how their data is being used.

Consent is an extremely significant part of what we consider to be a healthy sensitive data transmission system. It simply must involve the users, whenever their personal identifiable information is involved in a transaction.

Beyond Shyft Network, depending on the solution your VASP uses, consent may be provided by default, as part of the terms and conditions, or in an addendum to an already existing business relationship. It’s important to remember, however, that you, as a user, are still in control over access to sensitive data, i.e., consent can be revoked, and past data transfers can be fully identified and tracked.

In general, the safe bet would be to follow the space and make sure that your assets are held by a custodian that follows FATF recommendations, or that you take the full responsibility for securing your assets on a private wallet for anonymous usage.

These rules, once implemented, will continue to evolve over time, until the FATF is convinced that money laundering and terrorist financing is no longer present in crypto. VASPs that fail to work to achieve the recommendations will be punished by the jurisdiction they are part of.

With criminal activity out of the picture, a new dawn for crypto will begin. For the first time, we will be able to identify safe and reliable options for making investments, fully knowing that the institutions that we are doing business with, follow rules that go favour of protecting the individual’s data.

The Cypherpunk’s Travel Rule

Shyft Network and Veriscope are working to create the necessary technology that will help VASPs comply with FATF recommendations for the lowest cost possible. At the same time, this technology needs to live up to the highest standards provided by crypto’s roots, fulfilling the recommendations without compromising private information or user experience.

Veriscope is designed to provide participating VASPs with a platform to coordinate with other VASPs and create efficient user experiences in a secure environment. All while keeping the FATF happy with the implementation.

The FATF has shown to be attentive to the voices in the industry, so now is the time to start raising your voice about these recommendations. VASPs are continually coordinating with FATF’s Virtual Assets Contact Group to contribute to this ever-changing regulatory landscape before the next review in June 2021.

As a cryptocurrency user, your voice matters. In fact, it is critical to ensure proper implementation of these rules takes place.

We want to know what you think about the travel rule, what you want to know, and whether you think the FATF is going in a good direction? Leave a comment below or let us on our social media channels.

Shyft Network aggregates trust and contextualizes data to build an authentic reputation, identity, and creditability framework for individuals and enterprises.

For more information on Veriscope, please visit https://veriscope.network/

Join our Newsletter

Telegram (https://t.me/shyftnetwork)

Follow us on Twitter (https://twitter.com/shyftnetwork)

Check out our GitHub (https://github.com/ShyftNetwork)

Check out our website (https://www.shyft.network)