skip to Main Content

Travel Rule Information Sharing Alliance (TRISA.io) Announces Rapid Adoption of Compliance with the FATF’s Cryptocurrency Guidelines

TRISA sets standards for a directory of virtual asset companies and secures data transmission.

Menlo Park, CA (June 23rd, 2020)

Travel Rule Information Sharing Alliance (TRISA.io) announces collaboration from over fifty leaders in the cryptocurrency space. TRISA’s Travel Rule Alliance integrates solution providers to enable Virtual Asset Service Providers (VASPs) to meet the Financial Action Task Force’s (FATF) Travel Rule regulation’s requirements on a global level.

The Travel Rule Information Sharing Alliance (TRISA.io) is a coalition of companies and non-profit agencies to develop protocols and standards to help cryptocurrency companies comply with global regulations requiring cryptocurrency companies to exchange the identity information of senders and receivers of cryptocurrencies.

Who is the Financial Action Task Force and What is the Travel Rule?

The Financial Action Task Force (FATF) rules are already in force in the United States and many other countries. The pending global regulations represent an existential crisis for many VASPs that fail to comply. TRISA’s introduction of a VASP directory and a Certificate Authority model will enable VASPs to achieve compliance with the Travel Rule while retaining security and privacy.

The TRISA model enables a global interoperable infrastructure for VASPs to determine which bitcoin, ethereum or other cryptocurrencies are associated with which VASPs, and where to send the required customer and beneficiary information.

In June 2019, the FATF, a global money laundering and terrorist financing watchdog, issued new guidance for a risk-based approach to virtual assets and virtual asset service providers (https://www.fatf-gafi.org/media/fatf/documents/recommendations/RBA-VA-VASPs.pdf). This guidance has become known as the “Travel Rule,” requiring VASPs to share certain sender and receiver information for cryptocurrency transactions. This personally identifiable information (PII) includes names and account numbers of both parties and either the originator’s physical address, national id number, customer id number, or date and place of birth. The Travel Rule requirements created a unique challenge for VASPs: how to achieve compliance while retaining user privacy and security—core values inherent to the cryptocurrency ecosystem.

On June 24th, the FATF will hold a plenary meeting during which VASPs’ progress with the Travel Rule will be considered by its thirty-nine members. TRISA supports and is compliant with the interVASP data model standard and works together with the OpenVASP Association to make Travel Rule networks interoperable.

TRISA’s updated white paper proposes key technical solutions that include a directory of validated VASPs as well as a Certificate Authority (CA) model to ensure the public key cryptography is anchored to a known root of trust.

What are Virtual Asset Service Providers?

Virtual Asset Service Providers, VASPs, under the FATF guidance, are defined as businesses providing cryptocurrency exchange to virtual or fiat currencies, transfer, safekeeping, administration, offer or sale of virtual assets. This covers pretty much every cryptocurrency business.

Verified Directory of VASPs Enables Trusted Communication

In order for VASPs to securely share information with other entities, they first need to trust those entities. TRISA presents the TRIXO VASP Verification Questionnaire to create a directory of validated VASPs. The questionnaire captures the critical attributes that VASPs need to know about another entity before conducting transactions valued over 1,000 EUR with another VASP. The TRIXO VASP Verification Questionnaire’s twenty-three questions were based on extensive collaboration with the Global Digital Finance (GDF) group. Ultimately, the VASP Directory will support VASPs in verifying that another VASP is licensed and compliant with privacy laws, such as GDPR.

TRISA’s VASP Certificate Authority Model Provides Anchor of Trust

To create an anchor of trust between communicating entities, TRISA presents a Certificate Authority (CA) model, adopted from the International Organization for Standardization (ISO) and used to secure most e-commerce and government communications. To establish secure messaging between VASPs, a private-public key pair is deployed to establish a secure encrypted channel. Identity Certificates assist in bonding the public-key to the entity that legally owns the private-public key pair.

Thomas Hardjono at MIT Connection Science, who is working with TRISA to create the CA whitepaper, explained, “By adopting the ISO standard for digital certificates, with Extended Validation (EV) for VASP business information, TRISA ensures that VASPs in the ecosystem can readily comply to the Travel Rule. The use of the certificates protects VASPs and customers and provides the broadest possible interoperability with current and future trust infrastructures.”

Minakshi Yerra, Sr. Director, BSA & Sanctions at Ripple, said, “TRISA’s integration with the newly launched PayID enables regulated virtual currency companies to comply with Travel Rule requirements and to extract the information needed to meet other Financial Crime Compliance requirements such as AML transaction monitoring and sanctions screening. For the cryptocurrency industry to progress, solutions need to be open, easy to integrate and compliant with international law. TRISA’s solution stands out in its simplicity and security.”

Jack Gavigan, head of regulatory relations at the Electric Coin Company, the creators of Zcash, said, “TRISA is an innovative approach to solving the Travel Rule compliance challenge that works for all virtual assets, including those with privacy features like Zcash. It demonstrates that the virtual asset sector is serious about implementing effective AML/CFT controls, and that privacy is compatible with AML/CFT compliance.”

Convener of the Joint Working Group (JWG) for interVASP Messaging Standards Siân Jones, a Senior Partner at XReg Consulting, said “TRISA’s support for and compliance with the IVMS101 interVASP data model standard will help VASPs mitigate risks, reduce costs and ensure early rapid compliance with their Travel Rule obligations.”

OpenVASP Association President David Riegelnig, Head Risk Management at Bitcoin Suisse, conveyed, “OpenVASP and TRISA share the same goals of helping VASPs to comply with the Travel Rule based on open platforms and a peer-to-peer approach. We continue to work with TRISA on interoperability, particularly in the field of identity verification for VASPs.”

Dave Jevans, Co-Chairman of TRISA and CEO of CipherTrace, expressed, “Through our work with the FATF, we have identified the Sunrise Problem as a fundamental issue, wherein adoption of regulations inevitably occurs at different rates around the globe. Our proposed directory of VASPs combined with a CA model solves that problem by enabling the interoperability needed for universal Travel Rule compliance. Every week we are seeing more VASPs engage in TRISA’s working group, which testifies to a growing sense of urgency around achieving Travel Rule compliance.”

Unlike other solutions that address local issues, TRISA breaks geographic constraints and enables the VASP community to bootstrap a global solution despite discrepancies in technical deployments and regulation timelines. VASPs and financial institutions can immediately begin using TRISA, whose testnet has been live since January 2020, to comply with Bank Secrecy Act (BSA) requirements as well as FATF Travel Rule guidelines.

For media inquiries, please contact Kili Wall at (310) 260-7901 or Kili(at)MelrosePR(dot)com.

About TRISA

Travel Rule Information Sharing Alliance (TRISA) is an open-source framework to support VASPs in sharing sender and receiver information to comply with Travel Rule requirements without compromising privacy. By applying a proven Certificate Authority (CA) model, TRISA reliably identifies and verifies VASPs to enable interoperability and ensure Personally Identifiable Information (PII) stays private and not sent to the wrong entity. The peer-to-peer design eliminates a single point of failure and provides resilience against attacks and scales to accommodate extreme volumes. VASPs and financial institutions can immediately begin using TRISA to comply with the Financial Action Task Force (FATF) and Bank Secrecy Act (BSA) requirements as well as Travel Rule guidelines.

Back To Top