This FAQ is designed for compliance, legal, and product teams. Technical documentation is available at trisa.dev.
The Basics
1. What Is Envoy?
Envoy is a secure messaging service for Travel Rule compliance. It functions like a dedicated “telephone line” for encrypted Travel Rule data exchanges, supporting both the TRISA (Travel Rule Information Sharing Architecture) and TRP (Travel Rule Protocol) standards.
- Simplicity: One unified interface for multiple protocols
- Security: Protect your customer’s PII
- Flexibility: “Sunrise” messaging feature allows communication with out-of-network VASPs
- Cost-Effective: Available as open source (self-hosted) or fully managed hosting
2. What Is the Travel Rule?
The Travel Rule is a Financial Action Task Force (FATF) requirement that obligates Virtual Asset Service Providers (VASPs) to share specific customer information (personally identifiable information, or PII) for cross-border digital asset transfers to combat money laundering and terrorist financing.
3. Why TRISA & TRP?
TRISA and TRP are open-source, peer-to-peer protocols that standardize how VASPs securely exchange Travel Rule information:
- TRISA: Uses a certificate authority and public-key encryption to validate VASPs.
- TRP (Travel Rule Protocol) : Utilizes unique travel addresses for decentralized exchange.
Both protocols interoperate through a “bridge,” ensuring global reach and compatibility.
4. Can Envoy Handle VASPs Not Using TRISA or TRP?
Yes. Envoy’s “sunrise” feature can initiate a secure Travel Rule exchange via email. This bridges the gap for counterparties that are not yet equipped for TRISA or TRP or are in a jurisdiction without Travel Rule requirements.
5. Who operates Envoy?
Envoy is part of TRISA, which is open source so VASPs can self-host their own Envoy service and contribute to its open source development. Rotational Labs is a TRISA Service Provider (TSP) and core contributor to the TRISA open-source codebase. Rotational builds, hosts, and maintains Envoy for VASPs seeking a hosted solution.
6. What Is TRISA’s Global Directory Service (GDS)?
A trusted network of VASPs, backed by the TRISA Verified Certificate Authority (TVCA). Members must register with TRISA GDS to use Envoy. Upon verification, the GDS issues X.509 identity certificates that allow end-to-end encryption and prevents mis-delivery (only the intended recipient can read the data).
7. Who Should Use Envoy?
Cryptocurrency exchanges, wallet providers, money service businesses, payment service providers, and other VASPs moving digital assets cross-border.
Compliance teams that need robust Travel Rule solutions with minimal technical overhead.
Compliance & Regulatory Coverage
8. Do you also support compliance with other global Travel Rule requirements (e.g., FinCEN, UK FCA, MAS in Singapore)?
TRISA Envoy provides a peer-to-peer encrypted messaging service on top of an open protocol designed to meet FATF Travel Rule standards globally. At the same time, local compliance obligations always remain with the VASP. TRISA’s open framework can be adapted for various jurisdictions, but specific regulatory requirements should be confirmed by each VASP. Envoy is designed to be interoperable with other protocols and flexible to adapt to changing regulation. Envoy adheres to the IVMS101 data structure for global accessibility.
9. How do you assist clients in case of regulatory audits?
It depends. Envoy is available as a self-hosted or hosted solution. In both implementations, Envoy keeps an off-chain record of all secure envelopes (see below). In case of a regulatory inquiry, present the final secure envelope, which is cryptographically signed and identical for both counterparties.
If self-hosted, then your organization will set up, configure, maintain, and update your Envoy service, encryption keys, and stored messages. In the event of an audit or legal enforcement action, your organization will be required to provide access to the relevant encrypted secure envelopes (see below) containing transaction details from your storage systems.
If your organization opts for the hosted service, then Rotational will store your encrypted messages and assist in retrieving the secure envelopes required for an audit or legal enforcement action. Secure envelopes are backed up in triplicate with the hosted solution.
Data Security & Privacy
7. How Does Envoy Keep Data Secure?
Envoy uses proven technology and “secure envelopes,” which are multi-layer encrypted messages containing Travel Rule data. Security is enhanced by:
- End-to-End Encryption
- Public Key Infrastructure (PKI)
- Mutual Transport Layer Security (mTLS) to open secure channels between counterparties
- Hash-Based Message Authentication Code (HMAC) Validation for authenticity and tamper evidence
- Trusted Counterparty Verification through TRISA’s certificate authority
8. What Data Gets Collected and Exchanged for Travel Rule Compliance?
Envoy is designed to meet FATF guidelines for travel rule compliance while being flexible to adapt to local regulatory requirements. Envoy’s primary encrypted message payload is called a secure envelope.A secure envelope includes identity and transaction information using the IVMS101 standard:
- Originator PII (e.g., name, account number, date of birth, physical address)
- Beneficiary PII (e.g., name, account number)
- Transaction Details (asset type, amount, network, etc.
Envoy also collects data about the originator VASP and beneficiary VASP. The type and amount of data depends on the jurisdiction. For example, some jurisdictions require Date of Birth, while jurisdictions do not. Envoy accommodates both.
9. What encryption standards do you use?
Envoy employs cryptographic security standards for data in-flight and at-rest. Envoy applies end-to-end encryption using mTLS and public key infrastructure (PKI).
Data exchanges are secured by mTLS when conducted over the TRISA network and if available for a TRP exchange. All TRP exchanges require valid TLS certificates to establish a secure connection.
Travel Rule PII is stored as secure envelopes with original cryptography. Even if the transfer occurs over TRP, a secure envelope is created to store the information on disk. Secure envelopes use multi-stage strong encryption, encrypting data symmetrically with AES-256, signing the data with HMAC-256, then encrypting the encryption keys and HMAC secrets via asymmetric encryption using RSA-OAEP-256. Envoy automatically checks each envelope’s HMAC to confirm it has not been altered. If an HMAC is invalid, the system rejects the message to prevent tampering.
10. How long do you retain transaction and customer data, and how do you ensure data minimization?
Different jurisdictions have different record retention requirements. If self-hosted, your organization can configure data retention policies as needed in your storage system. If hosted, Rotational will configure data retention policies per your policies.
11. Can users request data deletion in accordance with GDPR’s right to be forgotten?
Yes, this is possible in Envoy, though typically AML and CFT regulations often take precedence over GDPR. We advise you to consult legal counsel to address this situation.
12. How Many Secure Envelopes Are in a Typical Transaction?
A typical transfer requires 6 envelopes. One message creates 2 secure envelopes, one for the originator and one for the beneficiary, to mathematically prove both counterparties received the same data at the same time with no tampering. In a typical transfer:
- Originator VASP’s initial message to Beneficiary VASP = 2 secure envelopes that contain originator’s PII
- Beneficiary VASP’s response = 2 secure envelopes that contain beneficiary’s PII and originator’s PII
- Originator VASP’s receipt confirmation, including hash ID = 2 secure envelopes
If the beneficiary VASP cannot accept the originator VASP’s initial message (e.g. missing information), the beneficiary VASP may request a “repair”, which creates an additional secure envelope.
13. How Can I Verify Message Integrity?
Envoy automatically checks each envelope’s HMAC to confirm it has not been altered. If an HMAC is invalid, the system rejects the transaction to prevent tampering.
14. Is any data written to the blockchain?
No, you don’t want customer PII on the blockchain. All data is encrypted in secure envelopes. You store your secure envelopes in a database – imagine a file cabinet of locked envelopes. In the event of an audit or legal enforcement action, you unlock and show the regulator the last secure envelope related to the transaction.
15. If no data is written to the blockchain, how is travel rule data associated with an on-chain transaction?
When the originator VASP completes the on-chain transfer, it provides the blockchain-generated transaction hash or hash ID in the final message, which is the proof that the transaction really was sent to the network and not just planned or scheduled.
It’s important because:
- Proof of Transfer – The hash is your on-chain receipt that the funds actually moved to the recipient address.
- Reconciliation – Both parties can reference the same transaction ID to verify that the transfer matches the Travel Rule details they exchanged (e.g., amounts, addresses).
- Compliance & Record-Keeping – Regulators often require you to record and be able to produce evidence of the on-chain transaction. Tracking the hash in Envoy ensures an auditable compliance trail.
Interoperability & Integration
16. Do you support any specific protocol or industry standards?
Currently, Envoy supports the following open protocols:
- TRISA: Uses a certificate authority to validate VASPs and public-key encryption and mTLS for secure, private, and P2P messaging between counterparties.
- TRP (Travel Rule Protocol) : Utilizes unique travel addresses for decentralized exchange between counterparties.
- Sunrise/ Email: Uses email to initiate a travel rule data exchange between any counterparty with a valid email address. Used for messaging counterparties that are not members of the TRISA or TRP networks.
TRISA has initiated interoperability discussions with closed protocols and providers such as Binance GTR, Coinbase TRUST, and VerifyVASP. The success of these discussions is contingent upon their willingness to integrate. For now, Envoy users can use the sunrise/ email feature to initiate a travel rule data exchange with any out-of-network counterparty.
17. Can your solution operate with other travel rule compliance services?
TRISA supports open and closed protocols, so if other solutions adopt compatible approaches or APIs, integration is feasible. Envoy’s API is designed as a multiplexer (mux) that supports any protocol willing to interoperate with TRISA.
Transaction Screening & Counterparty Verification
18. How do you verify the legitimacy and compliance status of counterparty VASPs?
VASPs that join TRISA are verified before joining the TRISA network. VASPs must register with TRISA’s Global Directory Service by completing the registration form. When a registration is received, TRISA conducts domain and sanctions checks and a physical phone call check. Once verified, a VASP is issued x.509 identity certificates for both the TestNet and MainNet networks. x.509 identity certificates are valid for one year and will be reissued provided the VASP is in good standing.
19. What happens if a recipient VASP does not respond or does not support the Travel Rule?
If a counterparty does not support the travel rule, a VASP can use the sunrise/ email messaging option in Envoy to initiate contact with a counterparty via email. If a TRISA-certified VASP repeatedly fails to respond, a VASP can report the counterparty and TRISA can take corrective action. In the EU, counterparties are required to report non-responsive counterparties.
20. Can your solution identify and block transactions to high-risk jurisdictions?
No, Envoy is strictly an encrypted messaging solution.TRISA is not a sanctions-screening tool. VASPs remain responsible for risk analysis, screening, and any blocking actions within their compliance processes. It does not conduct AML or KYC checks. Future 3rd party plugins with chain analytics vendors are planned. However, Envoy will have the ability to set policies for auto-rejection of messages (not transactions) from selected counterparties.
Operational & Technical Considerations/ Implementation & Hosting
21. How Long Does It Take to Deploy Envoy?
- Open Source (Self-Hosted): Download and configure the code, register with TRISA’s Global Directory Service (GDS), integrate with your backend, then test and deploy. If self-hosted, successful deployment typically involves some developer and compliance resources on the VASP’s side. TRISA offers reference implementations for Envoy, documentation, and community support channels. Self-hosted users maintain their own Envoy service and provide their own time, compute, key management, and data storage. We estimate planning 2-3 two-week sprints
- Hosted Service: Rotational will set up and manage Envoy for you. Existing TRISA members can be onboarded almost immediately. Non-members typically complete TRISA registration in about one business day.
22. What Are My Responsibilities for Each Hosting Option?
- Self-Hosted: You maintain your node, manage encryption keys, integrate secure storage, and handle compliance reporting.
- Hosted by Rotational: Rotational handles deployment, secure key management, storage, support, and maintenance.
23. Do you offer technical support and a dedicated compliance contact?
Technical support is included in the hosted solution. If self-hosted, we offer separate optional technical support services. For the hosted solution, we have a dedicated compliance contact who can assist in retrieving data for audits or legal enforcement actions. The compliance contact is not a legal advisor nor is expected to act in a legal capacity.
24. Can we customize Envoy to meet specific compliance needs?
With the self-hosted option, a VASP has full control to customize. With the hosted solution, a VASP can customize using the API.
DeFi & Self-Hosted Wallets
25. Does Envoy Work with DeFi or Self-Hosted Wallets?
Envoy focuses on VASP-to-VASP data transfers. For self-hosted wallets, VASPs generally require proof-of-ownership (e.g., verifying a small test transfer). Envoy does not provide KYC services directly but can integrate with partners like iComply, Ospree, and Chainalysis.
Travel Addresses
26. What Is a Travel Address?
A unique identifier under TRP serving as the “IBAN” of crypto transactions. It includes VASP and account/wallet details. An example Travel Address:
taMgkZxSMgvtkp2PFR861UnJTDdM3wR5TwBb49iN6JSkZ3gpqgbGy1rZ9jRD2GQpYVgyw5QGi48XSVH6ufyT4HTGGKHLwmDPZAJoKJmtg4k7iFFPVo
Travel addresses often change based on transaction type, requiring originators to collect the address from beneficiaries each time.
Travel addresses function similarly to URLs. While part of the address, such as the host component, remains consistent for a given VASP, other details like account or wallet information may vary. Consequently, the travel address for the same counterparty may change depending on the transaction specifics. Compliance teams should be aware of this variability and plan accordingly.
Practically speaking, the only way to obtain the travel address is for the originator to collect the travel address from the beneficiary as part of the transaction initiation process. This is because TRP emphasizes decentralization, requiring users to obtain the travel address directly from the beneficiary. Unlike centralized systems, TRP does not provide a central directory of travel addresses. If the counterparty is not listed in the TRISA directory but uses the TRP protocol, you can utilize the “prepare transaction” endpoint to send messages using the counterparty’s travel address.
27. Does Envoy generate travel addresses for pre-screening?
Yes, your node will generate travel addresses. The travel address is a URL used globally across TRISA and TRP networks. The travel address utility in Envoy can decode these addresses to identify counterparties.
Sunrise Messaging
28. What Is Sunrise Messaging?
Sunrise Messaging allows Envoy users to send Travel Rule data to any counterparty, even those not using TRISA or TRP. Messages are encrypted and sent via email to expand interoperability and coverage.
User Experience & Practical Considerations
29. How Do I Handle Non-Responsive VASPs?
Compliance officers typically batch-review transactions once or twice a week. If a TRISA-certified VASP repeatedly fails to respond, TRISA can take corrective action. You can also rely on email or direct outreach.
30. Is There a Wait Time for Transfer Acceptance?
This depends on each VASP’s policies:
- Auto-Accept: Instant for trusted repeat counterparties.
- Manual Approval: May introduce a self-imposed delay, depending on internal compliance procedures.
31. How About Protocol Differences in the Dashboard?
Envoy tracks transactions from both TRISA and TRP nodes; the current interface does not label them distinctly, though API data can reveal the protocol source.
32. How Do I Prove Compliance to Regulators?
Envoy keeps an off-chain record of all secure envelopes. In case of a regulatory inquiry, present the final secure envelope, which is cryptographically signed and identical for both counterparties.
33. Are Travel Rule Checks Stored On-Chain?
No. TRISA/Envoy stores these checks off-chain for privacy. On-chain storage could expose sensitive information.
34. Can Envoy Automate or Streamline Repeat Transactions?
Yes. Envoy is developing auto-accept and auto-reject features, as well as whitelisting/blacklisting policies for repeat counterparties or known wallets.
35. Does Envoy Support Webhook Notifications?
Yes. When a new request arrives, Envoy can call your internal API so your compliance team immediately knows to approve or reject transactions.