CipherTrace Enters Race to Solve Crypto's FATF Compliance Headache

CipherTrace has rolled out software for sharing sensitive customer information under the FATF’s new “travel rule” for global crypto exchanges.

AccessTimeIconSep 10, 2019 at 1:00 p.m. UTC
Updated Sep 13, 2021 at 11:25 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

CipherTrace has unveiled its answer to one of the thorniest questions now facing the cryptocurrency industry: how to securely share information about customers under new global regulatory guidelines.

On Tuesday, the blockchain security firm published its final white paper and open source software for wallet providers and crypto exchanges to comply with the Financial Action Task Force (FATF)’s "travel rule."

The intergovernmental body dedicated to fighting money laundering and terrorism financing recommended in June that countries require exchanges and wallet providers to pass each other information about customers when transferring cryptocurrency.

This means that "virtual asset service providers" (VASPs) worldwide will have to hold sensitive personal information not only about their customers, but who their customers are transacting with.

had claimed implementing such a rule would be "onerous" at best, but failed to sway FATF. Now, tech vendors are jockeying to offer solutions.

"The industry itself has said it’s virtually impossible to adhere to the travel rule," CipherTrace chief marketing officer John Jefferies told CoinDesk. "The reality is it can be done."

CiperTrace’s Travel Rule Information Sharing Architecture (TRISA) would allow exchanges and wallet providers to share payment details and confidentially exchange customer know-your-customer (KYC) information, Jefferies said.

The reference implementation, a basic version of the software that others can modify, "isn’t even that heavy," he said, meaning it won’t require much in the way of processing power. Much of the requirements are met once the exchanges establish they’re "talking" to the right counterparty.

"While this rule may cause some consternation with respect to privacy because these exchanges are exchanging their data, they’re going to have to do that" confidentially, Jefferies said. "Assuming VASP A and VASP B need to share data, confidentiality is the most important" part.

CipherTrace’s announcement comes a day after Netki announced it was updating its own digital identity service, to help firms comply with the FATF travel rule.

How it works

Exchanges adopting TRISA would essentially create an "extended validation know-your-VASP" certificate, which would be sent from the exchange originating a transaction to the one receiving it. These certificates would be verified through a third-party trusted certificate authority.

The exchanges receiving a transaction should in turn confirm that they did actually receive a transaction with a receipt (or otherwise send a receipt saying the exchange would reject the transaction, should a party be on a sanction or other black list).

According to the white paper, exchanges should also ensure they have secure and reliable communications set up between each other.

"It’s much like websites, right? The whole architecture is identical to SSL," said Jefferies, referring to the secure sockets layer (SSL) protocol. "It's not prohibitively expensive because half the sites use SSL."

The company plans to let exchanges test the implementation for "a little while" to ensure it works as advertised. Any issues would be fixed by updating the open-source code, he explained.

Binance, currently the world’s largest crypto exchange by volume, is examining CipherTrace’s code (though the exchange hasn’t yet committed to implementing it). A few other exchanges are supposedly also considering whether to implement the code, though Jefferies said he could not disclose the names.

FATF’s recommendations have yet to be formally adopted by most countries, so any exchange implementing travel rule compliance would be doing so proactively. Jefferies predicted that exchanges would either add the code as a possible boost over other exchanges or otherwise wait until "it’s forced upon them."

"What we’re starting to see is compliance used as a competitive advantage," he said.

FinCEN stepping up?

While the ink is barely dry on the FATF recommendations, the U.S. Financial Crimes Enforcement Network (FinCEN) may be forcing exchanges to comply with the travel rule already.

FinCEN, a bureau of the U.S. Department of the Treasury, published guidance in May imposing its own version of the travel rule.

The guidance, released May 9, gave exchanges 180 days to do so (meaning until Nov. 27).

Unlike FATF’s recommendations, exchanges are expected to immediately comply with FinCEN guidance, Jefferies said, adding:

"The difference between FinCEN and FATF is FinCEN is a law, right? They have no choice."

He told CoinDesk that FinCEN has already begun enforcement actions, though he did not provide any names. "FinCEN is from my understanding actively taking action against people and VASPs in the U.S. who are not complying with the travel rule so we expect to see some disclosure of that in the not-so-distant future," according to Jefferies.

His comments echo Netki, which said in its announcement Monday that "the U.S. FinCEN agency has begun enforcement actions against VASPs who are not in compliance."

FinCEN has not announced any new enforcement actions in the crypto space since April. The agency did not reply to a request for comment.

Keys and cash image via Shutterstock


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk offers all employees above a certain salary threshold, including journalists, stock options in the Bullish group as part of their compensation.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.