Travel Rule, VASP Due Diligence, and Sanctions

Joseph Weinberg, co-founder of Shyft, highlighted three main points on the Travel Rule at the GDF Emergency Summit on Sanctions.

VASP due diligence is becoming increasingly important

With regards to the Financial Action Task Force’s (FATF) so-called Travel Rule, the key is to implement as much identification as possible so that virtual asset service providers (VASP) can effectively put controls in place. 

How the industry identifies people is crucial to the growth and security of our industry. How do we solve universal identification at the VASP level? How do we know the counterparties of the VASP, down to the user level? 

As we move from peace-time to conflict, now is the key time to make sure our systems are resilient. 

Data security cannot be forgotten 

The Travel Rule is based on trust assumptions. Many of the solutions to the Travel Rule have been built under the assumption that the data being shared is shared with honest entities, in jurisdictions with non-hostile governments. 

Where users’ data is being shared, we are opening up a data attack vector that most Travel Rule solutions do not account for. User’s consent is key. Compliance officers need to be mindful of the security from a GDPR/data protection perspective. Does the solution provide mitigations in cases where another VASP may be using the transaction to mine data? 

CTA: Collaboration, collaboration, collaboration

The industry has long been grappling with the Travel Rule’s sunrise problem, in which the rule is implemented at different times across various jurisdictions. To make a success of the measures, the industry needs to put aside competitive discussions on the Travel Rule, and come together on standardization and data interoperability. 

In doing so, and by remaining open to engagement with regulators and policymakers, we will show that the industry is prepared to deal with the requirements of necessary sanctions. 

Watch Weinberg’s full keynote here.