David Riegelnig - Head Risk Management at Bitcoin Suisse
In conversation with Ian Simpson
What does the FATF Travel Rule and OpenVASP mean for the future of the crypto industry?
The crypto industry is, in and of itself, a challenge – I think we’re all aware of that. This is a new technology and a new way of doing things. Bitcoin (and cryptocurrencies more generally) started out as purely peer-to-peer (p2p) payments, but that is now evolving. So when we come to regulation and the Financial Action Task Force (FATF) guidance for virtual assets – the so-called “Travel Rule” – this is an extra layer of complexity – an extra challenge – on top of the technology. There is also the time element – the Travel Rule was supposed to be applied to virtual assets within one year – now that deadline has been extended. Still, the traditional financial industry had much more time to establish regulatory frameworks. That makes things complicated as well.
And then there is an even finer layer of complexity that gets added to the mix – while the FATF speaks for the world as a whole, the actual regulation that should implement the guidance is created country by country. And different countries are stricter or more lax in implementing this. The UK has been a bit more generous with time allowances, while Singapore and Switzerland are demanding compliance as of now.
At the same time, it’s clear that the crypto industry cannot expect to enjoy the same level of adoption as other technologies and innovations if it does not operate on a, more or less, level playing field with the financial industry where every transaction must meet the same standard. In this sense, the industry itself needs to come up with solutions. Finding a way to be compliant is really like the “entry ticket” to the big leagues – to a “coming of age.”
It’s a key step. And it is necessary so that crypto-financial services can claim to fully challenge the traditional financial industry.
Many companies and groups are working on FATF Travel Rule compliance solutions, how does OpenVASP compare?
So right from the start, you can see, more or less, in the name – “OpenVASP” – it is “open.” That means no intellectual property (IP) protection – everyone can participate. And the whole thing is driven by people who want to adhere to a common, but “open,” standard.
From the beginning, we make it free so that different vendors can use their own solutions. All they have to do is align with the underlying protocol. And already we see that many have jumped on “the bandwagon.”
As an Association (OpenVASP Association), we are also funding open-source implementations that are not rivals to commercial solutions, but which provide a nucleus for those who are building their owns systems.
It’s important to note that these systems for crypto transactions have to be tied to the backend systems of the virtual asset service providers (VASPs). They have to be fully embedded into the existing system landscape – especially because larger VASPs have so many interactions and require “straight-through processing”. So many of them will want “tailor-made” solutions. These open-source, “reference” implementations can be a big help for those who don’t just want a “turn-key” system.
So “openness” is very important. Some of the first systems for Travel Rule compliance have been closed and proprietary. That is the opposite of what OpenVASP is aiming for. We put together a common language, but without a centralised hub in the middle. That way, things can stay as p2p as possible. Not using a kind of hub, ensures better security. A decentralized system is much more robust and there is a lot more room for innovation. The protocol still applies to all – but each vendor or VASP can innovate on top.
Ultimately, having different, competing vendors will lead to more attractive offerings. Because there can be different specific implementations for different use cases, it will also push development forward – to support them across the whole spectrum.
We have to be aware – there is not just one, single use case for VASPs. Retail is much different from custody solutions for institutional clients. We expect that the uses cases will be very different – with different messages for different cases.
The OpenVASP Association has grown quite a bit – what is the significance of this?
We’re quite happy to have strong VASPs who are ready to use the protocol right from the start. This is very positive, in itself. But you can use the protocol without being a member of the OpenVASP Assocation – just to be clear. That’s perfectly fine.
We really are open for all those who want to contribute, improve and help define the message types – or new message types. We’re particularly pleased that so many different vendors have joined as well. We have some from Asia, some from the US. We’re really glad to see all those who are joining to make this grow further.
How will different Travel Rule solutions talk to each other?
I would love to say that OpenVASP is the most comprehensive solution out there. Maybe it is. Others are generally quite “closed” or quite focused on one or two use cases. We try to think about how these different solutions can work together. From an Association point of view, we have been quite active to see how we can make sure that messages are interoperable. And we will continue to do so.
But more immediately, we see that software providers have been working to act as bridges between protocols. They not only implement OpenVASP, but could also serve as bridges to other solutions.
How does Bitcoin Suisse plan to use the OpenVASP protocol?
Bitcoin Suisse was a founding member of the OpenVASP Association, of course. We will start with the protocol and use it wherever possible. As a VASP in Switzerland, we already had to implement the Travel Rule for crypto payments. So far this meant using different channels with different VASPs and things like encrypted PDFs etc for the “messaging” part, which is cumbersome, of course. So we’re really happy to have something like OpenVASP to make our lives easier.
But it’s important to remember that OpenVASP is about VASP-to-VASP transactions. These are the ones that fall under the Travel Rule. We aim to not only fulfill regulatory requirements, but to improve convenience for clients. Many clients are now used to handling transactions with blockchain addresses – but it can be tricky. Addresses are long, they can change and so on. With OpenVASP, there can be a stable, consistent account identifier or a one-off, it doesn’t matter. This can improve the UX of the system and it can help preserve privacy from the outside world.
From Bitcoin Suisse’s point of view, using OpenVASP means we are ahead of the curve. We’re complying with regulation – and we’re on the front lines of innovation at the same time.
Yes, we’re proud to be among the leaders is this whole field.
Are there other developments on the horizon for OpenVASP?
In general, we really see OpenVASP as a crypto-financial protocol like SWIFT. This means that FATF Travel Rule compliance is the first use case – but not the one and only.
Of course, the main focus is anti-money laundering (AML) compliance and there are different flavors, different country-specific add-ons which will be needed. Part of the emphasis on the whole protocol has been “extensibility.” That means we can just plug it in wherever needed.
But beyond AML, there are many different types of messages that could be of interest. For example, for payment use cases, for custody settlement operations and so on. So we expect the uses of the protocol to be extended over time and we actually can’t await it.