This is the second session of our new 4-part educational series presented by CoolBitX’s Elsa Madrolle, International General Manager and Vince Lee, Sygna product manager, on how to assess a FATF Travel Rule solution by looking through 4 different lenses: Technology, Identification, Implementation, and Governance. What needs to happen after a user submits a transaction request in order to identify a wallet address and the VASP it belongs to?
Read the previous articles in our Travel Rule Solution Lens series:
- Travel Rule Solution Lens 1: Technology
- Travel Rule Solution Lens 3: Implementation
- The 4 FATF Travel Rule Lenses to Assess AML Compliance Solutions (Part 1)
- Travel Rule: Analyzing Sygna Bridge through Its 4 Lenses (Part 2)
View our Identification presentation slides here:
View our Identification webinar here: http://tny.im/oCv
Introduction
Looking through the Travel Rule Identification lens, our aim is to answer a simple question:
What needs to happen after a user submits a transaction request in order to identify a wallet address and the VASP it belongs to?
To answer this question, we’ll do the following:
- Identify 2 identification issues to tackle.
- Review 3 benchmarks that can help us assess a Travel Rule protocol by looking at the way it identifies the beneficiary VASP.
- Compare how 4 different protocols that exist in the market today handle identification quite differently.
- Explain Sygna Bridge’s identification methodology.
We’ll also share a decision tree and a summary sheet that compares different types of solutions as we understand them.
2 Travel Rule Identification Issues To Tackle
Identifying the beneficiary VASP is a crucial step in order to exchange the FATF “Travel Rule”’s required personal information before the transaction. This is not a complicated concept, in theory, if this was a postal service, the sender would write the receiver’s info on an envelope and place it into a mailbox.
There are two issues that we have to tackle with identification.
1) Identify the type of wallet owner
First, – currently, a blockchain address alone cannot establish the nature of its related wallet, because it is unclear whether any given address is a hosted or unhosted wallet address. And if it is hosted by a custodial solution, who exactly is hosting that address? So the first step to any Travel Rule solution is the need to identify the entity that hosts the wallet, before exchanging the required information with that entity.
2) Ensure counterparty security and data privacy are in place
Second, once the ownership of the wallet has been established, we need to remember that we are dealing with private information, which comes with its own world of often complex regulations. Therefore, a VASP needs to ensure that this counterparty has the right security and privacy policies for data storage since they are sending their customer’s information to them. Being licensed could be a good indicator for identification.
These two issues must be resolved in every VASP-to-VASP transaction and there are three key benchmarks that differentiate each identification protocol.
3 Identification Benchmarks to differentiate between protocols
1) VASP Directory
First, there is a need for a VASP directory. It simply is not feasible to build the resources to do VASP due diligence on each transaction. Therefore, building up a trusted VASP list is absolutely necessary to save valuable time and resources for your company that you could and should rather be spending elsewhere.
2) Address Format
Second, you need to look at the Address Format your solution is using because each blockchain wallet address has its own native protocol for formatting in order to late the transaction information on the distributed ledger.
Changing the wallet address to a new account number format would require users to update their existing wallet address when they want to receive a deposit. We say keep it simple and recommend you stay with the original blockchain wallet address format to minimize the disruption and operational fallout you might encounter during migration.
3) Efficiency
Third, efficiency is the last major benchmark to consider. When there are millions of transactions per day, the right solution or method to find the beneficiary VASP should ideally be low cost with a fast execution time.
Using these three benchmarks, we will introduce the four different protocols on how they manage the identification with the three benchmarks.
4 Different Travel Rule Identification Protocols
1. URL Format
Instead of a wallet address format, a new URL-type server endpoint format to represent each unique user is established. In this example, VASP.com is the VASP code for an originator VASP to identify which VASP they are transacting with and the userID behind the slash represents the user code to tell the beneficiary VASP I want to send a transaction to this user.
Once the beneficiary VASP has received the right URL, the two counterparty VASPs create a messaging channel without the need for central validations. The Travel Rule required data can be exchanged after the confirmation of both the entities.
Benchmarks vs URL Format design
Let’s put our benchmarks to the test in regards to URL format identification.
- First, there are no validations and no VASP directory in between the VASPs so it requires extra effort to complete their VASP counterparty due diligence.
- Second, the Address Format has been modified to a URL format so it requires potentially complicated migrations.
- Third, direct data exchange leads to no wasting of computing resources.
2. Smart Contract
The second protocol is identification by smart contract.
A blockchain ledger is a great place to store information with incorruptible features. Every VASP uses a standard smart contract to register their information on a public blockchain. Also, the information of the credit or trust to another VASP can be also registered on-chain. That makes it possible to build a trusted VASP directory like an up-voting system.
- Because of how blockchain works, each VASP is identified as a public address on-chain with the smart contract.
- The new wallet address format is similar to that used by the International Bank Account Number, IBAN.
- It is merged with a part of the VASP public key and the customer’s unique ID so that originator VASPs can check with the VASP information on-chain immediately when they receive the IBAN-like account number.
Identification benchmarks vs smart contract design
First, It creates a VASP directory that is accessible to all the network members.
Second, the change of the wallet address format creates extra disruptions to the protocol adopters.
Third, reading VASP information on-chain is a low-cost and quick way for identification. Although there is extra work for VASPs to up-vote other VASPs on blockchain, there will be more tools developed to accommodate these needs.
3. Bulletin Board
The third protocol is identification by bulletin board. This is one of the older ways of sharing information. Anyone can put a post on the public board and people who are interested can pick up the post and contact the poster.
In VASP identification, a centralized bulletin board can be created for every VASP to post their transfer requests.
For an originator VASP, they post transfer requests to search for who hosts each wallet address.
The beneficiary VASP screens every post on the board in order to claim ownership of the address and sends a message to the poster.
Because each wallet address is screened by all the VASPs in the network, the originator VASP does not need to specify which beneficiary VASP they need to transact with, so VASP codes are not necessary in the identification.
Identification benchmarks vs Bulletin Board design
When we look at the benchmarks, a bulletin board design features the VASP directory and keeps the original wallet address format.
However, it comes up short in the third benchmark.
The biggest issue with bulletin board identification is efficiency. It is not ideal to screen every transaction within all the network members. It wastes extra computing resources on irrelevant information. If there are 100 VASPs in the network, a beneficiary VASP will have to process the other 99 VASPs irrelevant transaction information.
Considering there are millions of VASP-to-VASP transactions happening every day, it would seem very inefficient to use a bulletin board as a Travel Rule identification protocol.
Now that we’ve reviewed the three identification protocols, let’s look at Sygna Bridge.
4. Sygna Bridge (Centralized Directory)
Our Travel Rule solution has been designed to bridge the gap between the Virtual Asset Industry and broader adoption, so we decided from the start to keep things as flexible, safe, and efficient as possible.
To achieve this, we look towards recognized industry standards and have implemented three proven protocols within Sygna.
1) BIP21
BIP21 is a Bitcoin Improvement Proposal that is well-adopted by existing wallet providers. It is used when the transaction receiver wants to share their wallet address and includes extra information like a memo, tag, and the amount of transfer. We use it to bundle the different information into one string of code.
2) IVMS101
Also known as the InterVASP messaging standard, IVMS101 is an industry-led common messaging language that fosters interoperability between travel rule solutions like Sygna Bridge and our competitors.
3) ISO 9362
Third, ISO 9362, which is known as SWIFT code or Business Identifier Code (BIC). Sygna uses the same standard as SWIFT code so that a VASP can register the same code in the crypto and financial industry.
Sygna’s 2-step identification process:
First, beneficiary users will share their wallet address with the VASP code and User code to originator users. This allows the originator VASPs to know which VASP is behind the wallet address.
Example:
The name of our beneficiary user is Bob Harris. His account information is bundled in the BIP21 payment format with the blockchain wallet address attached with a User code in IVMS101 standard and the VASP code in the SWIFT Code format.
Second, Sygna redirects each transfer request to the assigned trusted VASP. A list is provided to members to verify the beneficiary’s VASP identity and regulatory information.
Benchmarks vs Sygna Bridge
At the beginning of Sygna Bridge’s development, we wanted to find a way to merge existing technology and the blockchain nature of digital assets to serve both crypto and the traditional investors who might want to enter the market. This is why we decided that personal information did not belong on-chain nor in a fully decentralized design.
As illustrated above, Sygna Bridge fulfils every benchmark.
- 1) We provide a trusted VASP list in the form of a directory,
- 2) retain the native blockchain wallet address format, and
- 3) do all of this in only 0.5 seconds per transfer cycle.
There are several VASPs that are already live with Sygna today. For example, DigiFinex, a Singapore crypto exchange that ranks 50-70 on CoinMarketCap, went live with Sygna in December 2020. When a user wishes to receive a deposit, a wallet address with a User code and VASP code can be provided to the transaction sender on the website interface.
Comparing Different Protocols vs the Identification Benchmarks
Conclusion
Each Travel Rule solution provider uses its own protocol which you can now see has its own pros and cons. While reviewing them can be a subjective endeavor at times, we hope we’ve given you a largely unbiased overview of what you should look at and why.
And of course, we are extremely confident that Sygna outperforms others in each of these three benchmarks. I hope this was helpful, thank you for your time.
This session was created by Vince Lee, the product manager for Sygna on behalf of CoolBitX.
Lens 1: Technology webinar
Read the previous articles in our Travel Rule Solution Lens series:
- Travel Rule Solution Lens 1: Technology
- Travel Rule Solution Lens 3: Implementation
- The 4 FATF Travel Rule Lenses to Assess AML Compliance Solutions (Part 1)
- Travel Rule: Analyzing Sygna Bridge through Its 4 Lenses (Part 2)
About CoolBitX
CoolBitX is a Taiwan-based blockchain security company that was founded in 2014, with two main lines of business. The first is a pioneering Bluetooth hardware wallet first launched in 2016, and the second is a technical solution for the travel rule called Sygna Bridge. Thanks for listening. See you in the next session.