CipherTrace has unveiled its answer to one of the thorniest questions now facing the cryptocurrency industry: how to securely share information about customers under new global regulatory guidelines.
On Tuesday, the blockchain security firm published its final white paper and open source software for wallet providers and crypto exchanges to comply with the Financial Action Task Force (FATF)âs âtravel rule.â
The intergovernmental body dedicated to fighting money laundering and terrorism financing recommended in June that countries require exchanges and wallet providers to pass each other information about customers when transferring cryptocurrency.
This means that âvirtual asset service providersâ (VASPs) worldwide will have to hold sensitive personal information not only about their customers, but who their customers are transacting with.
Opponents of the recommendation had claimed implementing such a rule would be âonerousâ at best, but failed to sway FATF. Now, tech vendors are jockeying to offer solutions.
âThe industry itself has said itâs virtually impossible to adhere to the travel rule,â CipherTrace chief marketing officer John Jefferies told CoinDesk. âThe reality is it can be done.â
CiperTraceâs Travel Rule Information Sharing Architecture (TRISA) would allow exchanges and wallet providers to share payment details and confidentially exchange customer know-your-customer (KYC) information, Jefferies said.
The reference implementation, a basic version of the software that others can modify, âisnât even that heavy,â he said, meaning it wonât require much in the way of processing power. Much of the requirements are met once the exchanges establish theyâre âtalkingâ to the right counterparty.
âWhile this rule may cause some consternation with respect to privacy because these exchanges are exchanging their data, theyâre going to have to do thatâ confidentially, Jefferies said. âAssuming VASP A and VASP B need to share data, confidentiality is the most importantâ part.
CipherTraceâs announcement comes a day after Netki announced it was updating its own digital identity service, to help firms comply with the FATF travel rule.
Exchanges adopting TRISA would essentially create an âextended validation know-your-VASPâ certificate, which would be sent from the exchange originating a transaction to the one receiving it. These certificates would be verified through a third-party trusted certificate authority.
The exchanges receiving a transaction should in turn confirm that they did actually receive a transaction with a receipt (or otherwise send a receipt saying the exchange would reject the transaction, should a party be on a sanction or other black list).
According to the white paper, exchanges should also ensure they have secure and reliable communications set up between each other.
âItâs much like websites, right? The whole architecture is identical to SSL,â said Jefferies, referring to the secure sockets layer (SSL) protocol. âItâs not prohibitively expensive because half the sites use SSL.â
The company plans to let exchanges test the implementation for âa little whileâ to ensure it works as advertised. Any issues would be fixed by updating the open-source code, he explained.
Binance, currently the worldâs largest crypto exchange by volume, is examining CipherTraceâs code (though the exchange hasnât yet committed to implementing it). A few other exchanges are supposedly also considering whether to implement the code, though Jefferies said he could not disclose the names.
FATFâs recommendations have yet to be formally adopted by most countries, so any exchange implementing travel rule compliance would be doing so proactively. Jefferies predicted that exchanges would either add the code as a possible boost over other exchanges or otherwise wait until âitâs forced upon them.â
âWhat weâre starting to see is compliance used as a competitive advantage,â he said.
While the ink is barely dry on the FATF recommendations, the U.S. Financial Crimes Enforcement Network (FinCEN) may be forcing exchanges to comply with the travel rule already.
FinCEN, a bureau of the U.S. Department of the Treasury, published guidance in May imposing its own version of the travel rule.
The guidance, released May 9, gave exchanges 180 days to do so (meaning until Nov. 27).
Unlike FATFâs recommendations, exchanges are expected to immediately comply with FinCEN guidance, Jefferies said, adding:
âThe difference between FinCEN and FATF is FinCEN is a law, right? They have no choice.â
He told CoinDesk that FinCEN has already begun enforcement actions, though he did not provide any names. âFinCEN is from my understanding actively taking action against people and VASPs in the U.S. who are not complying with the travel rule so we expect to see some disclosure of that in the not-so-distant future,â according to Jefferies.
His comments echo Netki, which said in its announcement Monday that âthe U.S. FinCEN agency has begun enforcement actions against VASPs who are not in compliance.â
FinCEN has not announced any new enforcement actions in the crypto space since April. The agency did not reply to a request for comment.
Keys and cash image via Shutterstock
