A Financial Action Task Force (FATF) meeting this week is proving to be a popular time for industry players to launch compliance-minded tech solutions.
One such startup, Notabene, announced Tuesday a “trust framework” for crypto exchanges or, in FATF parlance, virtual asset service providers (VASPs). The firm’s know-your-customer (KYC) infrastructure stack is also designed to reach beyond the readily identifiable world into jurisdictions where there is little or no regulation of financial services.
There has been a race to develop anti-money laundering solutions that will bring crypto in line with the rest of the financial system while still sticking to the pseudonymous spirit of crypto as much as possible. Since the FATF first extended its remit to include crypto back in October 2018, this hotbed of innovation has spawned a number of technical solutions and a messaging standard.
Like the other players in the space, Notabene is focused on the so-called “Travel Rule,” which requires financial institutions participating in a transaction to exchange relevant beneficiary and originator KYC information.
Notabene was built by a group of co-founders and technical leads from the ConsenSys-backed uPort digital identity project. The solution uses elements of decentralized identity management to link blockchain addresses to verified profiles, as well as maintaining a useful directory of VASPs.
Know your VASP
Notabene is really tackling two aspects of the travel rule, CEO Pelle Braendgaard explained.
“Notabene is a hosted Travel Rule solution so you don’t have to go and spin up your own node and do your own integration. We handle that with a simple API and dashboard to help businesses comply easily,” Braendgaard said.
Notabene is “protocol-agnostic,” and gives businesses the option to support one or more protocols, he said. The team has been working in tandem with Switzerland’s OpenVASP consortium and the product will be compatible with consortia efforts like the recently launched PayID backed by Ripple, and other group-led solutions in the pipeline.
The second part encompasses a broader sweep of crypto due diligence, or “know your VASP,” that Notabene is solving for by leveraging the team’s experience with decentralized identifiers (DIDs) and the VASPs.id directory – which will follow soon after this week’s product launch, said Braendgaard.
“This will help figure out which VASP is using which provider and what their regulatory status is,” Braendgaard said. “Say you get a request coming in, then immediately you can see it came from Bitcoin Suisse, for example, and they’re regulated by FINMA so I can trust them and start setting up compliance rules for that.”
Indeed, the enthusiastic response from the industry in terms of Travel Rule solutions actually creates a fundamental complexity problem, said Malcolm Wright, head of the AML working group at Global Digital Finance.
A growing crowd of Travel Rule solution providers is proposing to issue VASP codes or something like an IBAN (International Bank Account Number) for VASPs. An originator VASP, particularly if it’s a smaller firm, may use three or four providers, said Wright, then the receiver may also use more than one solution. This then leads to friction because nobody knows what anyone else is using.
Wright suggests something like a Legal Entity Identifier (LEI), which is used in conjunction with market regulation like MiFID II, whereby a VASP code would be issued to all, abstracting this complexity away from the solution providers.
“Going down that road of a global list of VASPs is great, but it has to be industry-wide,” said Wright. “So, regardless of whether it’s OpenVASP or any other protocol, it will need to be separate, and then you have to convince all of the other protocols and all of the VASPs to get on board and get themselves issued with one of those codes to actually make it a viable thing. In my opinion, the only way to solve it is with a tiny fraction of centralization.”
The creators of Notabene have the first-hand experience of being shut out of the financial system because of a lack of regulation.
Back in 2013, a bitcoin app Braendgaard had built in Kenya was clamped down. This was because M-Pesa, the burgeoning mobile money run by Vodafone/Safaricom and overseen by the Central Bank of Kenya, complained that crypto was too obscure to be allowed in the country (some readers may recall M-Pesa tried the same thing with BitPesa a couple of years later).
“We know what it feels like to be shut down because of not being able to prove the source of funds,” said Braendgaard. “Where there isn’t a regulated framework and regulators don’t know what to do with you, the easiest thing is just to say no.”
That said, the FATF guidance last year understood there has to be non-custodial, or “un-hosted” wallets, but that any VASP that performs transactions with one of these non-custodial wallets need to know who that wallet is.
“This is where our ultimate beneficial ownership analysis of blockchain accounts comes in,” said Braendgaard. “It’s a simple ownership proof of an account and that is actually what the Singaporian and Swiss regulators already expect people to do.”
The vast majority of VASPs located in places without any established regulations are actually trying their best to be compliant, said Braendgaard.
“VASPs I’ve spoken to in Latin America and Africa, where there aren’t really e-regulatory rules yet, are all doing KYC and using blockchain analytics for AML and doing their best to be compliant with the Travel Rule.”