US Crypto Giants Build First Version of FATF-Compliant ‘Travel Rule’ Tool

A group of the largest U.S. cryptocurrency exchanges and custodians have been tackling the challenges of bringing digital assets in line with anti-money laundering (AML) rules as they exist in traditional finance. 

Now they say they have an answer.

One hurdle is how to share customers’ personally identifiable information (PII) when regulated firms move cryptocurrency around, a Financial Action Task Force (FATF) provision known as the “Travel Rule.”

The first version of a proposed solution to this problem has been built by a team of engineers from BitGo, Coinbase, Gemini, Kraken and Fidelity, all members of the U.S Travel Rule Working Group (USTRWG).

BitGo and Fidelity are also members of the Travel Rule Protocol (TRP), an institutional crypto group that also includes big banks like ING and Standard Chartered. 

A demonstration of version 1.0 of the Travel Rule solution built by the U.S. virtual asset service providers (VASPs) is immaculately timed: This week, global AML watchdog the Financial Action Task Force (FATF) completed a review of progress made by the crypto industry across various jurisdictions, calling out the majority of countries for lagging behind when it comes to complying with the Travel Rule.

“The USTRWG is a great example of the crypto industry coming together to problem-solve and develop an innovative solution to comply with regulatory requirements that were not built for crypto,” Gemini’s chief compliance officer, Elena Hughes, said via email. “This thoughtful approach to compliance underscores Gemini’s ethos of building trust in this ecosystem.”

The fruits of the USTRWG’s labors will now be leveraged by many other VASPs, including the 30 or so members of the working group, said Chris Metcalfe, engineering manager at BitGo.

How it works

The first transactions sent among the five VASPs are using dummy PII, just to test that the plumbing works. (PII such as the beneficiary’s and sender’s name and date of birth “travel” with the crypto transaction. The message payload is set out using the Inter-VASP Messaging Standard, or IVMS 101.) 

The U.S. Travel Rule Group expects to begin sending transactions accompanied by real customer PII by the end of Q4, said Metcalfe, adding that a system of VASP address attestation is yet to be baked into version 1.5 of the group’s travel rule solution.

“This notion of proof of address ownership is a key component we are still working on,” said Metcalfe in an interview, adding:

“It’s something VASPs require before being comfortable sending real PII. So instead of just saying, ‘Hey, that’s my address,’ there is a digital signature that proves ownership of an address, so now the sender can feel confident transferring the PII knowing it’s going to the intended party.”

For now, the U.S. Travel Rule Group is solving bite-sized chunks of crypto’s global AML problem, and as such, the version 1.5 to emerge towards the end of this year will only support transactions in Bitcoin and Ethereum.

“Initially, we’ve decided to narrow the scope to just solve for just those two protocols. Then we will expand to include ERC-20 tokens, and later other protocols,” Metcalfe said.

One-year milestone

This first milestone will hopefully be well received by the FATF, and it also shows rapid progress, particularly given it involved a concerted approach among a group of firms that are normally locked in stiff competition with one another.

“This isn’t something we can all agree on overnight,” said Metcalfe. “But we went from just a design on PDF a year ago, to the beginnings of a working solution. This kind of progress in one year shows an incredible amount of coordination and effort put in by a number of parties.”

Coinbase said “substantial progress” had been made towards launching an industry driven Travel Rule compliance solution by the coalition of U.S. VASPs.

“Our solution is tailored to the industry’s needs and places a very strong emphasis on data privacy and security, while enabling participants to send the required Travel Rule data to the correct counterparty,” a Coinbase spokesperson said via Telegram. “The significant resources and planning that this coalition of VASPs has devoted to developing this solution demonstrates our strong commitment to compliance.”