Payment processing in the crypto era: What do the ‘Travel Rules’ require?

Since the publication in June 2019 of the FATF guidance on cryptocurrencies – the ‘Travel Rules’ – efforts have been under way worldwide to develop a variety of solutions for ensuring that the crypto world complies with measures to combat money laundering and terrorist financing. Now, just one year later, a Swiss company has succeeded in executing a FINMA-compliant bitcoin transaction between two virtual asset service providers (‘VASPs’) that for the first time implements the FATF Travel Rules fully automatically. But why are various providers ‘competing’ to be pioneers and what are the differences between the existing approaches/solutions?

What do the FATF Travel Rules actually cover?

In contrast to fiat transactions, crypto transactions can be partly or completely anonymous. This characteristic manifestly entails an increased potential for money laundering or terrorist financing. An amendment expanded the scope of FATF Recommendation 16 to include virtual currencies. It sets out that transactions between VASPs with a value in excess of USD 1,000 must contain information about the originator and the beneficiary, and that this information must be exchanged by the VASPs.

From the SWIFT network to crypto Travel Rules transactions

The establishment of the Society for Worldwide Interbank Financial Telecommunication (SWIFT) in 1973 marked an important milestone in international payments. To this day, the network to which it gave rise processes payments and messages and is still considered to be the industry standard for communication between banks and financial intermediaries. And so, in an echo of the events of 1973, another type of network that specifically addresses the exchange of data on crypto transactions is currently being established. The ability to create a new SWIFT network and growing regulatory pressure have mobilised a correspondingly large number of market participants to work on potential solutions and bring them to market. The various approaches are strongly influenced by relevant issues such as decentralisation, GDPR, KYC, AML and PSD directives.

The challenges posed by the Travel Rules

The anonymous character of crypto transactions outlined above primarily arises from the underlying blockchain technology. The decentralised, public nature of that technology basically allows anybody to use the infrastructure without undergoing checks of any sort. Additionally, as a rule there is no central organisation behind a crypto currency that can exert control over what happens on the blockchain or directly influence its development. While blockchain enthusiasts regard this as a particularly positive feature, it brings certain challenges from a regulatory perspective, including the question of how to implement FATF Travel Rules. Accordingly, most are adopting an off-chain approach with the aim of avoiding changes at the level of the blockchain itself, and instead developing a protocol based on it that in turn communicates with the blockchain but still enables a flexible, tailored structure.

Current approaches

In most cases, there are no central entities or organisations behind a protocol. In keeping with the blockchain principle of decentralisation, various leading industry participants from all over the world have formed groups that collaborate openly on implementing and advancing a solution. There are also projects by individual companies that are attempting to implement the Travel Rules on the basis of existing products. In simplified terms, their different approaches are based on the distinction between two levels – the transmission level and the verification level. The transmission level describes the technology employed to exchange data between VASP A and VASP B, while the verification level describes the identification and authentication of the participants (VASPs). That is why some protocols rely on proven technologies and others leverage the decentralised characteristics of a blockchain, with hybrids of the two approaches also apparent.