Crypto exchange BitMEX has published a framework of principles for how best to store additional batches of transactional provenance data, a requirement exchanges face as part of new anti-money laundering (AML) rules.
In order to fall in line with the rest of the financial system, virtual asset service providers (VASPs) have been asked to obtain, hold and exchange information about the originators and beneficiaries of transactions, known colloquially as the “Travel Rule.” Global anti-money laundering watchdog, the Financial Action Task Force (FATF) expects the crypto industry to implement the new rule by June 2021.
The response from the crypto industry has been enthusiastic, including a widely agreed-upon standard for the format of the data payload VASPs must share (known as the InterVASP messaging standard, or IVMS101), as well as a number of technical solutions focused on how best to implement the rule currently being built by crypto firms, banks and consortia.
Less attention has been given to how all this additional customer data should be stored, according to Malcolm Wright, chief compliance officer of 100x Group, the owner of BitMEX.
“Solution providers have been concentrating on the transmission of the data to make sure that it’s immediate and secure,” Wright said in an interview. “But what about when the data actually arrives at its destination? How can you ensure that it’s stored securely and appropriately to the right sort of standards?”
Wright, who led the development of the data-storage principles (and was also instrumental in working with Sian Jones of XReg Consulting to create the IVMS101 standard), decided to leverage BitMEX’s seasoned security experts, with the intent to “start a conversation” around data storage via an open-source project that industry and regulators can chime in on.
“This kind of completes the puzzle,” Wright said. “You have the IVMS standard for the format of the data. You have the protocol providers, who will be transmitting the data. And then you have some principles around the storage of the data.”
Seychelles-based BitMEX was thrust into the spotlight last year following an enforcement action from U.S. authorities around weak compliance procedures at the firm, which saw arrest warrants issued for some senior executives and co-founders.
BitMEX owner 100x Group hired Wright, formerly the compliance chief at Diginex, in October 2020. Since then the firm’s know your customer/anit-money laundering (KYC/AML) processes have been revamped, starting with the removal of any historic non-KYC’d accounts on the platform.
BitMEX’s Travel Rule Data Storage Principles focus on things like access management, encryption standards and keeping Travel Rule data separate from other operational customer data.
Like the IVMS101 messaging standard, Wright thinks this security benchmark will further grease the wheels when it comes to implementing the FATF mandate, which may involve VASPs looking to onboard each other as they side with certain technical solutions.
“So If BitMEX chooses to be exchanging data with another VASP, then we can say, ‘Are you operating to a minimum set such as these?’ So that also helps to get confidence among VASPs that they can work together,” said Wright.