Back in September, we discussed one of the most significant shifts in the cryptocurrency landscape—the Financial Action Task Force’s (FATF) introduction of the “travel rule.” This rule requires Virtual Asset Service Providers (VASPs), like Coinbase, to collect and store personal identifiable information (PII) for users involved in cryptocurrency transactions exceeding $1,000 USD/EUR. This regulation applies to all 39 FATF member countries and marks a major step toward formalizing oversight in the crypto space. Previously, the exchange of PII was limited by technological constraints, but these new rules compel VASPs to share such data, igniting debates over privacy and compliance within the crypto community.
Meeting the compliance deadline of June 2020 has proven challenging for many exchanges. Several have already delisted specific coins to avoid regulatory non-compliance, and U.S. regulators, including FinCEN, are ramping up pressure on VASPs to adhere to these measures. A CipherTrace report from Q3 2019 revealed that nearly $2 billion in cryptocurrency transactions within the U.S. go undetected annually, raising serious concerns about money laundering through the banking system. Since altering blockchain infrastructure is impractical, most proposed solutions rely on “plug-in” systems—augmented layers designed to integrate with existing networks and ensure mutual implementation among exchanges.
One such solution is TransactID, developed by NetKi. This tool, introduced in 2016, has recently been upgraded to align with FATF’s requirements. TransactID enables secure transmission of PII between VASPs without embedding the information into the blockchain itself. Here’s how it works: When a transaction is initiated, the recipient VASP verifies the PII stored by the sender’s exchange using TransactID protocols. This process involves exchanging digital certificates tied to the initiating wallet and the originating VASP. Importantly, TransactID doesn’t store PII; it ensures that exchanges do and validates its accuracy using a modified SSL protocol. Though effective, TransactID imposes costs, including a fee of approximately $1 per wallet, along with setup and licensing expenses, since it is proprietary technology.
Another innovative approach is the Travel Rule Information Sharing Architecture (TRISA), a protocol developed collaboratively by CipherTrace and Shyft. Unlike TransactID, TRISA leverages a decentralized Certificate Authority (CA) registry that fosters blockchain self-governance. Participating VASPs would store public key information in this registry, enabling communication between exchanges. Although TRISA’s exact transaction method is still under development, it employs TLS 1.3—a more advanced version of SSL—for secure data transfer. Unlike TransactID’s reliance on existing standards, TRISA focuses on proving the existence of PII through hash exchanges between VASPs rather than transmitting full data sets. As an open-source protocol, TRISA eliminates setup fees, leaving individual VASPs responsible for implementation and ongoing maintenance. Operating costs would likely be minimal and covered by user investments.
The crypto industry is at a crossroads. Exchanges and coins now face the challenge of adapting to these rules without compromising blockchain integrity or asset security. Whether these measures mark the end of crypto’s “wild west” era remains to be seen, but it’s clear that anonymity in transactions is being curtailed as compliance takes center stage.