Crypto Rule: Solving the Unsolvable (Webinar)
A deep dive into the current state of crypto regulation, the FATF Travel Rule, and how our recently-launched solution, Veriscope, has solved the unsolvable: the Sunrise Issue.
On May 4th at 11:00 am EST, Shyft Network launched the debut edition of the Unhosted Webinar Series, with 80 attendees joining. It was presented by Shyft Network and Veriscope’s Head of Strategy for Global Regulatory and Compliance Solutions, Malcolm Wright.
The webinar’s theme was the current state of crypto regulation, the FATF Travel Rule, and how Shyft Network’s recently-launched solution, Veriscope, has solved the unsolvable: the Sunrise Issue.
We’ve also done a short re-cap of the key themes and challenges discussed in the Webinar:
FATF Recommendations on Virtual Assets
Financial Action Task Force, the global anti money-laundering & terrorism financing watchdog, has made recommendations to prevent the use of virtual assets in illicit activities. Countries are required to adopt these recommendations within a definite period of time, which will then become a guideline for the industry to follow.
After countries implement FATF recommendations, the global watchdog will make periodic assessments on the implementation of the guidelines. Countries that fail to receive satisfactory scores on various parameters can be penalized by FATF, which can affect their financial standing globally and impact their ability to obtain funding from external sources, such as the World Bank and the IMF.
The Travel Rule
The Travel Rule is the most crucial recommendation on virtual assets issued, to date, by FATF. It was adopted in June 2019 when FATF issued draft guidelines. Then, during the first (June 2020) & second (June 2021) assessments, FATF found that countries and industries are still not following its recommendations. Then, in October 2021, FATF issued its final guidelines on virtual assets & Virtual Asset Service Providers (VASPs).
Under the Travel Rule, both originator and beneficiary VASPs must store and exchange certain personally identifiable information, such as the customer’s name, wallet address, location, national ID number, and DOB. They must also present the information to authorities when requested.
Risk of Sanctions
Although Know-Your-Customer (KYC) and blockchain analytics are among the must-have tools that VASPs should have to ensure sanctioned parties cannot find a way around sanctions through virtual assets, they aren’t enough to mitigate the sanctions risk.
To fully comply with the FATF recommendations, it is crucial to know both parties involved in the transaction, which requires the implementation of the Travel Rule. Failing to comply with FATF recommendations can result in sanctions from authorities, which can yield devastating results.
To mitigate the risks, ensure GeoIP monitoring, proper KYC with name screening, implement blockchain analytics, and Travel Rule. Following these steps enables businesses with a significant amount of business volume outside their jurisdiction to have a solid defense against any potential sanction violation.
1. Poor Data Accuracy
Receiving incomplete or inaccurate data from the originator or beneficiary VASPs can result in significant challenges, such as increased customer support & compliance costs, failed payments, and poor customer experience.
Shyft Network’s Veriscope has implemented automated discovery of counterparty VASP through the token’s address to solve this problem. Also, Veriscope has automated exchange of personally identifiable information (PII) of both originator and beneficiary to ensure 100% accuracy.
2. Data Security
Storing PII on Travel Rule Service Provider’s (TRSP) infrastructure can result in internal and external hacking attacks, intermediaries meddling in and snooping on the data, and malicious actors exploiting the entire process to obtain counterparty PII by submitting fake transactions. There are also challenges to storing PII without user consent.
The solution? Veriscope. It offers data security through three measures.
(i) User consents every time before PII is shared.
(ii) PII is encrypted and off-chain to prevent malicious actors from accessing the user data.
(iii) The transmission of PII data between VASPs is through peer-to-peer mode only, which means Shyft Network does not handle PII at any point in time.
3. Know Your VASP (KYV)
Opting for just any average TRSP comes with a fair share of challenges. First, all data that a VASP relies on is collected by the TRSP; with such TRSPs, there is no option to choose a counterparty VASP. Then, there is the issue of inaccurate VASP discovery, as it may fail to capture granular data at the entity level.
Veriscope’s design mechanism enables it to solve these complex problems swiftly. It ensures that PII data is sent to the correct VASP entity and that the network participants have undergone due diligence at internationally recognized standards. It is also highly scalable and can easily accommodate the growing needs of both legal and operational teams.
4. Payment Screening
The usual approach to obtaining beneficiary data is to collect the information from the originator. There are several issues with this approach. For instance, such data can be incomplete or inaccurate, further complicating screening efforts. It can even lead to higher exposure to sanctions risk.
Veriscope has implemented a mechanism that mandates obtaining beneficiary data from the beneficiary VASP. Shyft Network’s approach ensures that the data is accurate and complete, resulting in efficient name screening. That’s not all, as it also enables VASPs to request any additional information through the RFFI process.
Sunrise Problem: A Major Roadblock in Implementing the Travel Rule (Recap)
The most significant problem that VASPs face in implementing Travel Rule is the Sunrise issue. The problem is that countries have adopted or will adopt the Travel Rule into local regulations at different times. Thus, most VASPs located in jurisdictions that have not yet adopted the Travel Rule are unlikely to have a Travel Rule Solution and will issues for those VASPs who do have a Travel Rule Solution.
Recent data suggests there are over 600 cryptocurrency exchanges globally. Depending on their jurisdiction, they may or may not have adopted the Travel Rule yet. That’s where the problem lies, as the countries that have adopted the Travel Rule may mandate compliance both domestically and internationally. So, a compliant VASP must obtain data from the counterparty VASP regardless of their compliance status. If the compliant VASP fails to comply with the rule, they may receive severe penalties.
Suppose a VASP based in a country that has adopted the FATF Travel Rule (VASP A) sends Requests for Information (RFI) to a VASP operating in a country yet to adopt the Travel Rule (VASP B) on day zero (April 1st, 2022). They may or may not provide the information. After all, they are not legally obligated to do so yet. But VASP B will want to respond after the country they are based in implements the regulations. Meanwhile, without the necessary information, how can VASP A be compliant? This problem is referred to as the sunrise problem.
So, what’s the solution here? Veriscope. Thanks to Veriscope’s Historic Look Back feature, whenever VASP B’s home country adopts the Travel Rule, they can sign up for the solution and access all the RFIs sent to them even before they were legally required to comply with the Travel Rule.
Let’s say the VASP B joins six months after day zero (October 1st, 2022). They will see all the RFIs when they join and can respond to all of them. So, VASP A & VASP B finally successfully exchanged the information required under the Travel Rule because of Shyft’s Veriscope.
About Shyft Network
The Shyft Network aggregates and embeds trust into data stored on public and private ecosystems, allowing an opt-in compliance layer across all systems. The key pillar for Shyft is user consent, allowing users to track the usage of their data. Therefore, no one can use personal data without consent from the owner. Shyft Network allows and gives incentives to individuals and enterprises to work together to add context to data, unlocking the ability to build authentic digital reputation, identity, and credibility frameworks.