Coindesk Logo

‘Evil VASP’ Simulation Preps Crypto Exchanges for FATF Travel Rule

‘Evil VASP’ Simulation Preps Crypto Exchanges for FATF Travel Rule

‘Evil VASP’ Simulation Preps Crypto Exchanges for FATF Travel Rule

Backed by CipherTrace, TRISA looks to get virtual asset service providers (VASPs) ready for new anti-money laundering rules.

Backed by CipherTrace, TRISA looks to get virtual asset service providers (VASPs) ready for new anti-money laundering rules.

Backed by CipherTrace, TRISA looks to get virtual asset service providers (VASPs) ready for new anti-money laundering rules.

AccessTimeIconFeb 18, 2021, 2:00 PM
Updated Aug 19, 2021, 7:20 AM

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

Getting crypto exchanges across the world to plug into each other and share sensitive customer data is proving to be a complex problem. 

Nonetheless, firms have to show real progress on this by June of this year, according to new anti-money laundering (AML) rules from global AML watchdog the Financial Action Task Force (FATF).

Announced Thursday, the Travel Rule Information Sharing Alliance (TRISA), one of the better-known solutions being proposed, is launching a testnet that includes a directory of virtual asset service providers (VASPs) and scenario testing for inevitable contact with non-compliant firms. 

The FATF rules require crypto companies to share personally identifiable information (PII) for transactions over a certain amount. While a global cohort of compliance-minded exchanges will begin implementing the new rules later this year, there will be many stragglers including smaller firms in far-flung jurisdictions. This is expected to create a so-called “sunrise problem,” as some parts of the crypto world become regulated ahead of others. 

The TRISA testnet begins to address that looming challenge by including a dummy version of an “evil VASP” that will provide false authentication, attempt to steal data and so on.

There are two compliant VASPs as well as the non-compliant exchange on the testnet, explained John Jefferies, co-chairman of TRISA. 

“The evil VASP isn't part of TRISA and it will try and trick people into sharing information,” said  Jefferies. “So what we are building out gives firms the opportunity to test out domains and do interoperability testing from a security dimension and messaging dimension.”

TRISA is backed by blockchain analytics company CipherTrace and has support from the likes of Paxful’s Lana Schwartzman, Bradley Arant Boult Cummings LLP attorney Carol Van Cleef, and Thomas Hardjono of MIT Connection Science & Engineering. 

The solution leverages battle-tested certificate authority infrastructure that allows VASPs to mutually authenticate one another, Jefferies explained. Post-testnet, TRISA will be issuing know-your-VASP certificates, validated by a registration authority.

“The cool thing about having a proper certificate authority is that it has the concept of revocation,” said Jefferies. “So if a VASP turns evil – say they pull some sort of exit or fraud or their licenses are revoked – that public key infrastructure that sets up the relationship can also take it back if the whole community has to stop communicating with a VASP, at least for a little while.”

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.