‘Evil VASP’ Simulation Preps Crypto Exchanges for FATF Travel Rule

Backed by CipherTrace, TRISA looks to get virtual asset service providers (VASPs) ready for new anti-money laundering rules.

AccessTimeIconFeb 18, 2021 at 2:00 p.m. UTC
Updated Sep 14, 2021 at 12:13 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

Getting crypto exchanges across the world to plug into each other and share sensitive customer data is proving to be a complex problem. 

Nonetheless, firms have to show real progress on this by June of this year, according to new anti-money laundering (AML) rules from global AML watchdog the Financial Action Task Force (FATF).

Announced Thursday, the Travel Rule Information Sharing Alliance (TRISA), one of the better-known solutions being proposed, is launching a testnet that includes a directory of virtual asset service providers (VASPs) and scenario testing for inevitable contact with non-compliant firms. 

The FATF rules require crypto companies to share personally identifiable information (PII) for transactions over a certain amount. While a global cohort of compliance-minded exchanges will begin implementing the new rules later this year, there will be many stragglers including smaller firms in far-flung jurisdictions. This is expected to create a so-called “sunrise problem,” as some parts of the crypto world become regulated ahead of others. 

The TRISA testnet begins to address that looming challenge by including a dummy version of an “evil VASP” that will provide false authentication, attempt to steal data and so on.

There are two compliant VASPs as well as the non-compliant exchange on the testnet, explained John Jefferies, co-chairman of TRISA. 

“The evil VASP isn't part of TRISA and it will try and trick people into sharing information,” said  Jefferies. “So what we are building out gives firms the opportunity to test out domains and do interoperability testing from a security dimension and messaging dimension.”

TRISA is backed by blockchain analytics company CipherTrace and has support from the likes of Paxful’s Lana Schwartzman, Bradley Arant Boult Cummings LLP attorney Carol Van Cleef, and Thomas Hardjono of MIT Connection Science & Engineering. 

The solution leverages battle-tested certificate authority infrastructure that allows VASPs to mutually authenticate one another, Jefferies explained. Post-testnet, TRISA will be issuing know-your-VASP certificates, validated by a registration authority.

“The cool thing about having a proper certificate authority is that it has the concept of revocation,” said Jefferies. “So if a VASP turns evil – say they pull some sort of exit or fraud or their licenses are revoked – that public key infrastructure that sets up the relationship can also take it back if the whole community has to stop communicating with a VASP, at least for a little while.”

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.