An Interview with Neil Samtani, Technical Editor, IVMS101
The Joint Working Group for interVASP Messaging Standards (JWG) recently made global news headlines for successfully publishing its first technical standard, IVMS101.
IVMS101 is a universal common language to allow Virtual Asset Service Providers (VASPs) to communicate the required data to be exchanged with cryptoasset transactions. Necessary to comply with anti-money laundering standards from the Financial Action Task Force (FATF), IVMS101 represents the first crucial step toward meeting the obligations of the Travel Rule.
As Technical Editor of IVMS101, Neil Samtani led the content work of the JWG via teleconference every Wednesday from January 2020 through to the concluding plenary on 6 May 2020. IVMS101 was developed and approved in 19 weeks, which the Gibraltar native describes as a “Herculean effort,” given he would normally expect an ISO standard to take up to two or three years to develop.
Samtani drew upon his earlier experiences leading the team that created a new data sharing system to improve transparency across the traditional banking industry, in response to hundreds of millions of dollars in anti-money laundering (AML) lapses by the global banking giant, HSBC. The HSBC scandal was such an important moment in the history of institutional money laundering, it was captured by Netflix in the documentary series, Dirty Money: Cartel Bank.
Here, Samtani tells The Regulator about his personal experiences with the JWG and shares insights into what it was like to directly influence the creation of the virtual asset industry’s first global technical standard — a common lexicon that will be relied upon for decades to come.
Where did the idea to standardise interVASP messaging come from?
It wasn’t long after I joined XReg Consulting as Chief Information Officer in November 2019, that my colleagues and I were talking about the challenges posed to VASPs by the FATF’s Travel Rule and the resultant need for standards in the virtual asset industry. Siân Jones, Senior Partner at XReg, would eventually become convenor of the JWG when it was established in December 2019. Siân knew I had a strong background in data and compliance, so she was the one who suggested I take on the role of Technical Editor.
Siân and I originally met back in 2017, when we worked together at the Gibraltar Financial Services Commission, which successfully delivered the world’s first legislative framework for the regulation of virtual assets. So we already had good knowledge and hands-on experience to be able to understand what was required to build the foundations of a safe, efficient and compliant industry. Particularly in areas where parity is key, standardisation goes a long way in introducing efficiencies and reducing risk.
The FATF’s guidance specifically required VASPs to share with each other information on the originator and beneficiary of crypto transactions, in order to prevent money laundering and terrorism financing. So when we started considering what the standard could look like, it was the data model, rather than the implementation, that was the first thing that came to mind. We knew that we had to go and explore what data needed to be transmitted, and how it would be structured and standardised, so it could be reused across industry, regardless of implementation.
Someone might look at the guidance and think it’s really not that much of a challenge. You’re talking about sending information such as a name, a customer number, a date and place of birth, and the like. Surely it’s not that hard. But when you dig a bit deeper and consider all the various ways that data can be represented, as well as all the different contexts that might apply, it is actually a really tricky problem.
Above: Neil Samtani, Technical Editor of IVMS101, CIO of XReg Consulting.
Why is this required of the virtual asset industry? Why now?
At some point, this had to happen to the virtual asset industry. As long as there is a means by which the mechanisms that exist in financial services can be used for nefarious purposes, they will be used for nefarious purposes. So there must be controls in place to investigate if it has been misused for that purpose, or better yet, prevent it from happening in the first place.
With traditional finance, we’ve had these requirements imposed since the 1990’s and that was accelerated after the terrorist attacks of 2001. So for crypto, we have the benefit of hindsight. We can look back at the way that policies have been implemented in the traditional financial ecosystem and ask: How was it done there? How did they do it right? How did they do it wrong? What information is really required? How can we do it better?
How did your experiences at HSBC influence your approach to the JWG?
We started exploring some ideas and I mentioned the Know Your Customer (KYC) utility that we stood up at HSBC. The service had been designed as a partnership between a consortium of financial institutions to collect, verify, store and share KYC data in order to comply with AML regulations. While it was created in response to AML requirements, it was recognised that by standardising and centralising the required information, members would benefit from high quality client data and an optimised compliance process that reduced operational risk and lowered costs.
But, you see, the thing about working in private enterprise, especially in banking, is that you often have these boundaries established between you and other financial institutions. You don’t talk a great deal with the other banks, especially not about things that may be deemed proprietary to your bank. You talk about the touch points, the protocols, and how you do business together, but not necessarily the ins-and-outs of the work that you do.
However, when it comes to compliance, the goal is for industry to adopt a rigorous approach to ensuring that money laundering is identified and controls are in place to prevent the financing of terrorism. So for that reason, and because of HSBC’s troubles with the US regulators at the time, the bank felt they could do something to ensure that as an industry, we all operate to the highest possible standards. We knew that a proverbial chink in the armour would cause problems, systemic problems, for the entire industry. As Stuart Gulliver, CEO of HSBC Group at the time had stated, we need to pursue this with “courageous integrity”.
So HSBC came together with Deutsche Bank, CitiBank and Morgan Stanley and we had an open kimono moment. This was monumental because you can only do that when there’s an element of trust. These kinds of conversations have to be candid. You have to rely on a degree of candour from your counterparts and you have to bring the same to the table, knowing that what is discussed isn’t something that anyone there is going to take advantage of.
With this in mind, when we looked at the way that the JWG could be structured, it was clear that a tacit code of conduct was needed, so we could talk candidly through the sessions. But until the standard was published, we’d keep things within the group. Because when you talk openly about compliance, there are simply some things that you wouldn’t want the whole world to know.
How did the JWG first come together?
It’s best to tackle these challenges collaboratively, rather than the initiative being pushed by any single institution. That’s why it was so important to have the backing of our co-leads from three supranational blockchain industry bodies — Amy Davine Kim, Chief Policy Officer at the Chamber of Digital Commerce, Malcolm Wright, Chair of the Advisory Council at Global Digital Finance, and Anson Zeall, Executive Director of the International Digital Asset Exchange Association — to establish the JWG and help communicate the importance of our work to their members across the globe.
We also wanted to ensure that IVMS101 was inclusive, right from the beginning. With entities, subsidiaries and branches spread out all across the world, we needed to have representation from jurisdictions that speak different national languages and have different national character sets when writing their text, such that members of the group would be able to talk on those subjects. By doing so, we reduce interpretive errors, the risk of misunderstanding, and failing to interpret data as it was intended by the sender. This was fundamental because the geographic borders you see in traditional payments don’t necessarily exist for blockchain, so the data itself would have to treat cross-border as the de facto standard.
When the data model is standardised, you see the efficiencies improve, you see risks being reduced and you see interoperability opening up.
One way we made the JWG inclusive was to schedule our weekly calls on a rotating roster. I confess that I was a little more awake for the 3pm calls as opposed to the 11pm calls, but the rotating times were critical to ensure that no part of the world received preferential treatment, or was excluded by default, in terms of participation.
When we started there were only 15 or 16 people and now we’ve grown to more than 130 technical experts. Momentum developed because industry realised the value of the standard and there was a degree of credibility and confidence that it would be adopted too.
The JWG was closed to the public. So what was it like behind-the-scenes?
At times, it was really hard going. It’s not like each call was alive with constant, dynamic conversation. Particularly when we were discussing a fairly dry topic, it might not provoke an immediate response. So it was important that Siân and I were able to read the group to understand if it were a pressing issue that needed to be unpacked that moment, or if it were ok to continue on.
During the Utility experience, when I was with HSBC, I learned that even when no one is vocally interacting, it’s important to just keep plugging away. I remember the exasperation from the convenor when there was zero response to a question, but he would just keep pressing ahead, without taking it personally or thinking that the group members were not actively engaged. At times it’s a discourse, at times it’s a conversation, depending on how the team is responding!
Between the weekly meetings, we took discussions offline to go over any outstanding points and the results of those discussions would be fed into the working document. Obviously, when you’re running the working group completely remotely, you can’t have those kinds of sideline conversations that you would normally enjoy when you’re physically walking to and from a meeting with someone. So we filled that gap with telephone calls instead.
In many ways, working remotely actually reduced barriers to participation. Even before lockdown, before we learned that no one would be conducting any face-to-face meetings, we were already engaging the working group remotely and we had a range of tools to make it work. For example, the Slack workspace was really helpful to get information circulated. All members of the group were on Slack, so you could also see when they were available and just pick up the phone, like, I’m working on this right now so let’s just chat about it.
We had a member of the group who was based in Milan, which was one of the global hot spots for COVID-19, so we would always kick off the call a few minutes early to get the lowdown, making sure he and his family were ok. So even when the world outside was falling apart, every Wednesday, we knew we would get together and talk about data. It might sound mundane, but the JWG was something concrete and structured in our lives. It offered a sense of normalcy and consistency for us, when everything else felt so volatile and unpredictable.
What does IVMS101 mean for the virtual asset industry going forward?
One of the intentions of the standard was to ensure that when an originator VASP transmits data to a beneficiary VASP, it is done so in a way that is meaningful and the message is received as intended. When the data model is standardised, you see the efficiencies improve, you see risks being reduced and you see interoperability opening up.
Ultimately it’s about capital and where that capital is deployed. If an institution has to reinvent the wheel just to define the data, this is a very inefficient use of capital. But when there’s less investment required in order to analyse the business context, that capital can go into innovation or R&D instead. When we come together as an industry to define the regulatory challenges and set standards, as we did with the JWG, organisations won’t always have to play catch up. I think VASPs will find that’s the most effective way to handle the compliance challenge in front of us now.
This will be symbolic for the FATF too. The formation of the working group could have been superficial, but the fact that a high quality piece of work has been delivered by such a high calibre group of industry experts, is proof that we have been effective. Because when the FATF goes into its June plenary and undertakes its 12-month progress review, its members will look at how the industry has handled itself. My hope is that the FATF will also recognise that the work of the JWG can and will continue.
What are the next steps for the JWG?
A number of prominent Technical Solution Providers (TSPs) including TRISA established by CipherTrace, Sygna by CoolBitX, as well as Netki, Notabene and Securrency, have already committed to implementing the standard. VASPs too, including Onchain Custodian, BC Group and OSL, BitIt, Diginex and Paxful have also said they will select IVMS101-based solutions.
So as we move forward, and the model is implemented, we will see that it’s not perfect. There will inevitably be nuances country by country so the standard is something that I expect will continue to develop. Thus, a maintenance agency will be needed to prevent it from going stale. Especially in an industry as fast-moving as ours.
While IVMS101 concerns the structure of the data, the actual content of the data is going to be important too. Beyond the originator and beneficiary specific information, there will be other forms of information, such as static data and reference data, that have to be catered for as well. Malcolm has already talked about enhanced reference data for VASPs, and the requirement to find a central repository for such data. That’ll be our next challenge.
The JWG has always been bold and ambitious but, without a plan, it would have been folly. We had a plan, the right competencies, the right abilities, and the right technical experts. And because of this, I think we’ve been able to demonstrate that the industry has confidence in IVMS101, the work of the JWG will continue, and we’ll see IVMS102 come soon enough.
Learn more about the JWG and download IVMS101 at: https://intervasp.org/
Connect with Neil Samtani on LinkedIn: https://www.linkedin.com/in/neilsamtani/
Connect with Neil Samtani on Twitter:
https://twitter.com/neilsamtani
