Travel Rule: Analyzing Sygna Bridge through Its 4 Lenses (Part 2)

Welcome to part 2 of our recap of CoolBitX General Manager International Elsa Madrolle’s first webinar in a series of educational Sygna Bridge FATF Travel Rule-facing webinars to help the crypto industry and regulators better understand how they should respond to its challenges.

Our first article in this 2-part recap gave an overview of the four recommended lenses that country regulators and virtual asset service providers (VASPs) should employ to fairly assess the many solutions that are becoming available in the market.

These 4 lenses are:

Governance, Technology, Identification and Implementation.

Our second article adapted from Elsa’s presentation will now assess our Sygna Bridge Travel Rule solution through the 4 lenses and look at its future roadmap. 

Read Part 1: The 4 FATF Travel Rule Lenses to Assess AML Compliance Solutions

Watch Elsa’s webinar here:

https://youtu.be/uzUGMlk7EJg

It also aims to serve as preparation for our audience in advance of our next webinar, “FATF Travel Rule Solution Lens 1: Technology” on 26 March 2021. To register, please sign up here. 

The 4 Lenses To Review Travel Rule Solutions

Sygna Bridge suggests that you assess any service wanting to provide Travel Rule data transfer through these four lenses:

Lens 1: Governance

The first lens we suggest to look through is governance. Why is governance so important? Well, because of the privacy element of transferring personal data. You need to know that a solution provider is capitalized enough to continue operations and be held accountable in various ways.

Sygna Bridge governance

Looking through the lens of governance, while CoolBitX is a private company, we closed a successful $16 million Series B financing round and are partly owned by several exchanges who are VASPs themselves, such as SBI VC and the Monex Group (Coincheck). Both are licensed by Japan’s FSA.

coolbitx

SBI Holdings is our main shareholder and is a Tokyo-listed public company. 

We were also the first technical service provider to be independently assessed by ACCESS, the leading Singaporean blockchain association. That report was very favorable and is available on their website.

While Sygna Bridge, our Travel Rule information-sharing network for VASPs is viewed as a centralized solution, this is not completely accurate. We share by large much of the ideals of the blockchain and crypto space and this thread weaves through all aspects of our solution, as the dissection below through the 4 lenses will show.

Let’s start with our vision for the governance of Sygna.

We spent a lot of time debating whether Sygna needed to be a profit or non-profit model and we decided that the costs involved in building, marketing and maintaining the network with constant security upgrades meant we needed at least initially to be for profit to allow for agile decision-making and execution. 

Sygna’s future governance: BOT Model

However, we believe the most prudent governance is not for ownership to be centralized long term. Therefore, we are proposing a BOT model which stands for Build, Operate Transfer. 

We would be looking to spin out this line of business and offer our founding member VASPs equity holdings ranging from 1 to 5%. VASPs would nominate council members who would then elect an Executive Committee. 

At such time that this took place, we would probably establish headquarters in a neutral location. We have discussed Switzerland after looking at various jurisdictions, but nothing has been firmly decided yet.

We encourage you to question governance when assessing providers as it’s a tricky lens to get right. 

Lens 2: Technology

Let’s switch gears now and tackle the complexities of the Technology lens.

By the way, our Product Manager Vince Lee will really dig into the Technology Lens during his upcoming Lens 1: Technology webinar, the first of our individual deep dives, which we’ll release next week.

Decentralized vs Centralized

This is really where the Travel Rule solutions diverge. A first major point of debate is around decentralization and blockchain. 

It poses the questions:

  • Does a service provider for the Travel Rule need to be decentralized or not or are there arguments for each?
  • Does the technology to exchange the data need to be peer-to-peer (P2P) or can it rely on a more traditional API?
  • For encryption and security, how is it formatted, how is it transferred and protected?

So we spent a lot of hours on the centralized/decentralized debate. We are originally a hardware wallet company so our roots are in blockchain security. However, we had very real concerns about building out a data transfer service in a decentralized way. 

We firmly believe that there is actually no compelling reason that the transfer of personal data that accompanies a transaction should be on the blockchain or take place peer-to-peer.

It wasn’t an easy choice, as we knew we would find numerous detractors within the passionate crypto community where the concept of decentralization is such a core part of its identity. We understand why.

Advantages of our technology model

Yet, simply put: the downsides of being decentralized seemed to just be too costly versus the advantages in a centralized model for this service.

We offer a one-time integration rather than the incredible burden that would be placed on VASPs in decentralized solutions and we avoid the messaging latency issues that we believe they will encounter.

Another benefit of a centralized model is that we are able to facilitate one-way data transfers – all of the required data gets sent one time, in one direction, the validation response is a simple yes/no.

The problem with two-way transfers is that it becomes very difficult to avoid false transactions designed to mine personal data. So we preferred to design it this way to avoid that possibility.

Interoperability

To address the remaining points, we were part of the working group that created the IVMS101 messaging standard and have fully integrated it into our systems, and we encourage all our member VASPs to use it. Moreover, we conducted the industry’s first interoperability proof-of-concept with Ciphertrace’s TRISA last year and we’re working on doing the same with other Travel Rule solutions. Interoperability of the biggest solutions is not merely a goal but a necessity, as requested by FATF itself.

On Data Privacy

In regards to data privacy, we use the latest Bitcoin-type cryptography to encrypt personal data during the transfer as well as a combination of public and private keys as part of that process to ensure that we never have access to the data, only the VASPs themselves.

Lens 3: Identification

VASP Discovery

The term VASP discovery has come up a lot in various working groups because it poses a problem for most solution providers. If all VASPs in the world were licensed and validated into the Sygna network, there would be no VASP discovery problem. 

We would have validated them, they would be part of our network and we would assign them a VASP code.

However the reality is that there are probably going to be several providers, thus this creates the need for multiple lists of VASPs that hopefully will be able to communicate through interoperability. 

FinCen’s recent announcement on the proposed regulation of unhosted wallets means that this topic is not going away. Currently under a comments review period, a solution should be working towards that possible development as well.

Sygna, because it is a verified network, does not have a VASP discovery problem, we know who our member VASPs are. They are assigned a code that looks a lot like a SWIFT code, and we use a single string of code in our systems that allows end-users to copy and paste or use a QR code to immediately identify the VASP. This is similar to how a user copy/pastes a wallet address today so we minimize the disruption to the user experience.

Sygna Bridge Wallet Address Filter

Again, because of the nature of our model, we have been able to build out a function with the help of our strategic partner Elliptic that will help to differentiate between VASP hosted and unhosted private wallets. 

This is early days, we have only recently launched this service provisionally called Sygna Gate and cannot yet claim 100% guarantee of correct identification, especially if it’s a new wallet with no transaction history, but the point is that we are structured to be able to integrate blockchain analysis to accomplish this. If unhosted wallets are regulated, the very first challenge will be to be able to differentiate between the two types.

Interoperability proof of concept with CipherTrace’s TRISA

Sygna Bridge is also proactively speaking to and partnering with blockchain analytics firms but we are also working on interoperability. As mentioned previously, we have a working interoperability PoC on Github with TRISA, which was the first of its kind in the world, and are working on the same with Netki and the other leading TR solution providers.

Lens 4: Implementation

The last lens to briefly look at is implementation. The pain point here is the true cost of implementation. Time and time again we are told that VASP resources are scarce and that developers are just not available, that compliance budgets are limited. 

VASPs and regulators alike are also concerned about the user experience, as they should be. They raise questions like:

  • What are the timelines to being live internationally?
  • How can this solution fit into a broader AML strategy (since the Travel Rule is only one component)?
  • From a regulatory standpoint, how easy is the audit trail to follow?
  • What data will be made available?

Timeline to implementation

Once again, our choice to develop Sygna the way we did, as a network accessible through an API means that we have a significantly shorter implementation schedule than most others. The lift is not heavy, we estimate as short as 4 weeks and we provide support throughout the process.

VASP network

Sygna Bridge has over 25 VASPs at various stages of onboarding across the world, all over Asia but also in Canada, the UK and South Africa. Most important, it has gone live with VASPs in Taiwan, Singapore, Japan and Korea and have demonstrated cross-border Travel Rule data exchange in those countries. 

This really goes back to the question of whether a global solution is ready. We will grow as quickly as the industry allows us to, and of course that will be country by country, but we are indeed ready.

Data provision and audit trail

Finally, to refer back to the FATF requirements, upon completion of a successful Travel Rule data transfer, beneficiary VASPs issue a confirmation that serves as a compliance certificate and there is therefore each side retains an audit trail for regulatory purposes.

Conclusion

We hope this article provided the reader with a glimpse into the future of crypto regulation. As regulation is starting to flourish across the world, several jurisdictions are now offering licencing which is great, and is a welcome development because it really helps establish legitimacy in a new industry. 

However, what we have seen is that in order to piece together an AML strategy that will pass minimum licencing requirements, VASPs will not have to just come up with a Travel Rule solution, they have to come up with multiple AML tools that are usually completely different areas of expertise so will require multiple solution providers. 

So analytics screening, custody KYC and probably more are to come. 

The large majority of VASPs, other than the very very biggest ones do not have the resources to do due diligence on so many service providers, and it makes the process of licencing as a result complicated and painful and may even exclude some from the ability to be licenced because they just can’t meet the AML requirements. 

OK, ready for a closer look at our first lens?
Here is our product manager Vince Lee’s webinar on the Technology Lens.

https://www.youtube.com/watch?v=RBtdf1DfOEA

Slides: https://docs.google.com/presentation/d/1LIjDwlZuXKIZGDaWbEgBhwdhL0Xo38Er9AM_ky9IQNs/edit

Q&A

How does Sygna Bridge apply in different jurisdictions where the Travel Rule currently is not in use?

Sygna Bridge is a service open to any VASP in any jurisdiction. We mentioned Japan and Taiwan where we have live clients today, neither of these countries have established Travel Rule regulation yet, however this has not stopped us from entering that market and onboarding VASPs.

The challenge is really when enforcement begins, which cannot really begin in our opinion until all countries have issued regulation. But the short answer to this question is that the Travel Rule does not need to be enacted for a client to onboard, some even see this as a marketing opportunity for new clients. This leads nicely into the next question around

Travel Rule compliance monitoring. This prompted an interesting discussion within our team and we concluded that there is no reason that a regulator could not be given access to certain limited functions within Sygna Bridge for monitoring purposes. So this is not something that we have developed but would certainly be open to discussion. We see the roll-out of the Travel Rule as having several stages – regulation needs to be issued and timelines given for compliance and/or as part of licensing. Onboarding. Interoperability needs to fit in there somewhere. Monitoring. And finally enforcement. 

How can the Travel Rule help to prevent money laundering and terrorist financing, and what are its potential weaknesses?

This is also a topic that has been hotly debated. In theory, the Travel Rule should act as a deterrent to bad actors due to the requirement of including personal information. One of the biggest criticisms in the industry is that the bad money simply won’t transact on exchange and instead will just use private wallets.

This is why FinCen is looking so closely at private wallets and proposing to regulate them. However, we see that blockchain analytics have come a long way and the Travel Rule when part of a broader AML strategy that includes all the components we discussed earlier, and blockchain analytics, can definitely make it much more difficult for bad actors to transact. 

The 4 FATF Travel Rule Lenses to Assess AML Compliance Solutions (Part 1)

FATF Travel Rule Solution Lens 1: Technology