Unchained - Why The Travel Rule Is One Of The Most Significant Regulations In Crypto - Ep.184
Episode Date: August 4, 2020Dave Jevans, CEO of CipherTrace, and Siân Jones, Senior Partner at XReg Consulting, give the lowdown on the Financial Action Task Force’s travel rule and how it applies to businesses in the crypto ...space. They discuss: their background and journey into crypto what the travel rule is the consequences for countries that are not compliant whether the regulation will apply to staking providers in the future the type of companies and transactions that will be covered under the travel rule the type of information that has to be provided how banks comply with the travel rule and whether crypto companies can use the same system the different open standards available for sharing information how the information will get shared between entities who use different travel rule solution providers the “sunrise problem” in which different companies implement their compliance systems at different times the security of user data being shared between different entities how it applies to central bank digital currencies and centralized stablecoins how the rule would affect privacy coins the inherent contradiction between the cypherpunk philosophy and regulatory compliance unintended consequences of the travel rule how the travel rule may play out in the coming years A glossary of terms discussed in the episode: FATF: Financial Action Task Force, an intergovernmental organization that develops policies to combat money laundering and terrorist financing VASP: virtual asset service providers, who are custodial entities that run fiat-to-crypto or crypto-to-crypto exchanges, or run businesses related to transfer and safekeeping of virtual assets and financial services. FinCEN: Financial Crimes Enforcement Network, the United States federal bureau that analyzes information about financial transactions in order to fight money laundering, terrorist financing, and other financial crimes FCA: Financial Conduct Authority, the financial regulatory body of the UK Thank you to our sponsors! Crypto.com: https://www.crypto.com Tezos: https://tquorum.com/ Episode links: Dave Jevans: https://twitter.com/davejevans CipherTrace: https://ciphertrace.com/ Sian Jones: https://twitter.com/COINSULT XReg Consulting: https://www.xreg.consulting/ Financial Action Task Force (FATF): https://www.fatf-gafi.org/ The Osaka conference where crypto got serious about FATF’s travel rule: https://www.coindesk.com/inside-the-osaka-conference-where-crypto-got-serious-about-fatfs-travel-rule Will Osaka be crypto’s Bretton Woods moment? https://forkast.news/will-osaka-be-cryptos-bretton-woods-moment/ InterVASP Messaging Standard: https://intervasp.org OpenVASP: https://openvasp.org OpenVASP white paper: https://openvasp.org/wp-content/uploads/2019/11/OpenVasp_Whitepaper.pdf?cache=1 FATF report on “so-called stablecoins”: http://www.fatf-gafi.org/media/fatf/documents/recommendations/Virtual-Assets-FATF-Report-G20-So-Called-Stablecoins.pdf OKEx’s Korea arm delisted privacy coins: https://www.theblockcrypto.com/post/39724/okex-korea-delisting-all-privacy-coins-including-monero-zcash-and-dash-as-these-violate-fatfs-travel-rule Some of the potential FATF compliance solutions: Travel Rule Information Sharing Alliance (TRISA): https://trisa.io/ Coinbase’s messaging board solution: https://www.theblockcrypto.com/daily/72293/coinbase-exchanges-fatf-travel-rule-solution CoolBitX: https://www.theblockcrypto.com/post/56853/coolbitx-raises-16-75m-series-b-to-help-crypto-exchanges-comply-with-fatfs-travel-rule Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
Hi everyone. Welcome to Unchained, your no-hype resource for all things Crypto. I'm your host, Laura Shin.
Subscribe to Unchained on YouTube, where you can watch the videos of me and my guests. Go to YouTube.com
slash C slash Unchained podcast and subscribe today.
Crypto.com is waiving the 3.5% credit card fee for all crypto purchases until the end of September.
Download the Crypto.com app today.
T-Corum is a weekly virtual.
series about all things Tezos.
Every Wednesday, join thought leaders, innovators, and blockchain enthusiasts for presentations
about the latest advancements that help the ecosystem grow together.
Sign up and learn more about the virtual series at T-Quorum.com.
Today's topic is the Travel Rule.
Here to discuss are Dave Jevins, CEO of CipherTrace, and Sean Jones, senior partner in X-Regg
consulting.
Welcome, Dave and Sean.
Hi, hi, Laura.
Hello, Dave.
Hey, Laura, it's to be with you.
Before we start, disclosure that CipherTrace has been a sponsor of my shows.
To begin, let's have each of you explain what you do and how you came to work in crypto.
Dave, do you want to start?
Sure, be happy to.
Laura, as you know, I'm CEO of CipherTrace.
We are a company that helps make cryptocurrency safe and compliant.
Our customers are banks, their cryptocurrency exchanges.
and their government agencies, including regulators and law enforcement.
And, you know, I got into crypto, well, quite some time ago in the early days of Bitcoin.
Well, actually, if I recall, I believe you kind of got into digital currency well before Bitcoin even existed.
Can you talk a little bit about that?
I did. Yeah, I got interested in cryptocurrency in 1999, I would say, as sort of, you know,
as the cyphor punk movement was kind of starting to trail off a little bit.
And I got to go to the early financial cryptography conferences.
So I was at the one in 2000 on Anguila.
I got to meet the early folks at Digicash, David Chalm.
I got to meet the e-gold guys who were building a gold-backed digital currency,
Mondex, which at the time was being promoted by MasterCard.
and also the zero-knowledge guys from Montreal,
who eventually that technology is now some of the foundational technology
for zero-knowledge proofs that are used in Z-Cash.
Great.
And so then can you just bring us up to how it is that you started, SaferTrice?
Sure.
So I got interested in Bitcoin in 2011, so a little late to the game.
But I did start tracking and reporting how the price of Bitcoin related to cryptocurrency.
currency crimes primarily break-ins into exchanges.
But there were some other ones as well.
And you could see a linear correlation between the price of Bitcoin.
It would drop 30, 40 percent the day after a major crypto theft.
And I would report that every year at the electronic crime conference.
So I started back then.
We were doing some early mining as well, building custom mining rigs, liquid cooling, that kind
of stuff.
As a hobby, you know, you make a few tens of bitcoins, you know, 100 Bitcoin, that kind of thing
back then. In 2015, I had finished. I'd sold a couple of security companies and fintech companies
and I was presenting on Bitcoin and Bitcoin security. And effectively, I had a customer come up and
say, hey, we would like you to build this. We said, well, okay, yep, great. So we got into it in
2015 with an initial customer. It was a government customer who wanted to help find criminals
effectively. But from there, we've really grown the company and the technology to help
cryptocurrency exchanges with compliance, working with regulators on compliance, and more recently
working with financial institutions so that they can help validate cryptocurrency companies
and help expand the banking relationships between crypto companies and the banks. Because it's clear
these are merging, and they're both, I think, very symbiotic worlds that are going to help drive
crypto forward in a big way.
And Sean, what about you?
Can you explain what you do and also your backgrounds and how you came to working crypto?
Well, I've always thought of myself as the Methuselah of Bitcoin, but I've just realized, Dave,
you beat me by two years.
So my career is 48, 49 years in IT, in fact, going back to the era of Steam computing, probably.
and I have been largely involved in security and information security through my career until I've finished my corporate career.
I guess around 2012-13, I started to get interested in this new use case for crypto, pretty much a bit like Dave.
I guess started getting involved in meetups.
This was where I was living at the time in the United Kingdom.
And suddenly before I knew it, because of my more recent, then recent experience in the regulated space, folks were asking me for advice, sort of one foot in the old regulated world, understanding that and a lot of startups who wanted to understand how they might be impacted going forward.
But from there, I got involved in public policy work in the UK in Whitehall, Westminster, and then in the European Parliament in Brussels.
And from there, I was tempted away from being a poacher to becoming a gamekeeper.
I was asked by the government of Gibraltar to architect the what has then become the regulatory framework that I architect.
came into force in the beginning of 2018.
So the idea was to do it just for virtual currencies.
But during the period of architecting,
we opened that up to cover a broader range blockchain.
So it became a DLT provider license.
And I guess today you would find analogies
between the way we defined it then,
a DLT provider and what is now known as a VASP
in this current fat of regulation.
world. And so that came into force. Other countries then started to follow suit. And in
2018, in August 18, sorry, August 19, my tenure as a public servant came to an end. I started to
approach retirement. With that, I picked up the mantle of being a poacher once more and
came back into the private sector. And X-Reg is now working with government.
with public authorities such as regulators and financial intelligence units in the public sector,
but also working with VASP in the private sector and really working around regulatory policy
and the whole area of operationalising regulation.
And we're a team of six all former regulators now, all former poachers who are now a merry band
of poachers, let's put it down.
So at the beginning of this episode, I did talk about how the subject for today's episode will be the travel rule.
And I think this is one of those topics that is bringing into focus one of the main fears that the cryptocurrency industry or really community, maybe more, have about how the space will develop, which is regulation.
And this is kind of an on-the-ground implementation of a new regulation that I think will vastly change how people transact in cryptocurrency or at least what happens on the back end when they do.
And probably also, frankly, will drive changes in behavior or at least drive some of the evolution and also the technology that is used to perform cryptocurrency transactions.
So just to give people the lay of the land here, because we're going to be using a lot of terms that some people will never have heard yet, including such as the travel rule, as I mentioned.
But let's maybe just give the high level overview and define some terms.
So you mentioned the FATF FATF Financial Action Task Force.
We talked about the travel rule.
You also, Sean, did bring up the term already, virtual asset service provider or VASP.
So can, why don't we just define these terms so people know what they are going forward and then we'll dive into more detail?
Let's first of all look at the financial action task.
FATOF is an intergovernmental body that has its origins more than 30 years ago.
It was set up by what was then the G7 or G8, now the G20.
And it was set up specifically at the behest of a few major nations that saw a problem with drug trafficking
and felt that if they could address the source of funds, the flow of funds, I should say,
the movement of funds, they could somehow beneficially impact this seemingly intractable problem
of drug traffic.
And that's the origins of this thing.
So it was set up as a body, as an international standards body, to set the rules for
anti-money laundering.
Those were its origins.
And those rules have been updated a few times.
and the remit of the organization has been expanded.
So now that after 9-11, that was expanded to include countering terrorist financing
and more recently countering the financing of the proliferation of weapons of mass destruction,
a very catchy sort of title, but a very clear objective there.
And of course, now it has an impact on,
money laundering that's associated with not just drug trafficking and terrorist financing and
so forth, but it also has an impact on those who are involved in human trafficking, on those
who are involved in trafficking of animals and so on. So the remit has has widened over time.
It should perhaps be seen as an organisation that although it's got a title of its,
own, it has its own secretariat. It's really made up of its members. And those members are
countries. And that's the 39 major countries of the world, 37 countries and two
groupings of countries such as the European Commission. And it's involved in setting the rules,
not just for those 39 members, but the anti-money laundering rules for some 205 countries
around the world. This is through a kind of extended network of organizations. So in effect,
pretty much every country in the world is required to follow those standards. Those standards,
they may be called the fat of recommendations, but as I have called it before, they're really
recommendations with consequences. So countries have to follow them. And you could think of it as a
kind of quasi-treaty organization setting those rules. And it sets those rules for banks, for
financial institutions, for other kinds of industries such as casinos or lawyers or accounting
firms, real estate firms and so forth. But it also now has clarified, it did so in October
2018, clarified that its rules, its standards also applied to virtual assets and virtual asset
service providers. And earlier when you said there are consequences for countries that don't
enforce it, is it primarily financial or economic consequences that they face?
I mean, it used to run a system of country blacklists. In other words, those countries that
didn't comply with the standards. And that would make it difficult, for example, for banks in those
countries to do business with banks in those countries that did comply with the standards.
It enforces, if you like, its standards by a process of peer review.
The countries periodically go and assess each other to really two things.
Firstly, whether they've got the technical means, in other words, whether they follow the letter
of the recommendations, that they've got the laws in place and the powers and so forth to
to enforce. And also how effective they are. In other words, you may have the laws, but do
actually make that stuff happen. And it carries out those assessments currently in a sort of 10-year cycle.
And you can pretty much assume that every country is assessed once every 10 years on its,
how it complies and how effective it is at complying with those rules.
Okay. And so now let's talk to, let's talk about the travel rule, because
This is what's going to, I think, set in motion quite a bit of change across the industry.
So what is the travel rule?
Well, let's understand one thing.
First of all, the travel rule is just one part of one of 40 recommendations.
So it's by no means the only thing that is affecting VASPs.
Just to be clear about it, what it is a VASP.
That's a pretty broad definition that's been added.
But in the main, think about exchanges, think about custodians, custodial wallet providers, for example.
But it does cover a range of other activities. Essentially, anyone who is intermediating in the virtual asset ecosystem.
And virtual assets really go beyond just cryptocurrencies.
Again, it's another wide, one of those wide definitions.
And would it apply to staking providers?
because I believe staking is going to become a much bigger part of the industry in the coming years?
The short answer that that is maybe.
They're not defined specifically, but depending on their role and their function,
it may well have that.
They may well be considered a service providing.
And then what either types of companies or transactions would not be covered by the travel
rule?
Like, I know with tax purposes,
there was a question at a certain time about whether or not crypto-to-crypto-transactions would be taxed
in the same way that crypto-to-fiat?
Is there any distinction for things like that?
Or, like, you know, what falls within the purview and what falls outside?
So there's no distinction between, be it crypto-crypto-feet on the one hand and crypto-crypto on the
other.
All kinds of those intermediated functions are activities that come into scope of
a fat of broad set of recommendations.
So pretty much all the 40 recommendations now apply to VASP.
And that includes things like having to be licensed or registered,
not only in one's home jurisdiction, but also in potentially,
in jurisdictions in which one operates.
That's, I think, something that's not yet fully appreciated across the industry
because different countries will apply this differently.
Think of the fat of rules, the fat of recommendations as a baseline.
So countries will, and already are starting to put their own gold plating to those baseline rules.
But looking just at your question around the travel rule, the travel rule is not unique to crypto.
It's not unique to virtual assets and buss.
This is the same rule that is applied to banking and financial institutions where, if you imagine, transferring money across borders,
your bank in one country is required to gather some information, hold that information,
but also to transfer for that information, if you like, or certain information,
certain mandated information, to travel with the transaction to the institution of the receiving end,
the beneficiary end.
And essentially, that is, that base rule has simply been widened out to include transactions between,
VASPs. And what is the information that has to be provided?
Well, there's certain required information, such as identifying the originator of the transaction,
and that has to be verified information. So that's essentially KYC'd information from the
originating VASP, the sending VASP, if you like, about its client, its customer. And also,
So details, and that's including things like name, potentially their national identifier,
maybe a passport number, for example, maybe their address, and not necessarily all of those things,
but enough to identify who that person might be.
And that has to be verified in relation to the sender, the originator, and also information about
who the intended beneficiary is, although that doesn't have to be very much.
verified by the originating VASP.
And that information has to travel.
Now, in the traditional world of bank transfers,
messages are sent between banking institutions,
and so it's very easy for that additional information
that's required to travel with the instruction to make a payment.
But in crypto, of course, it doesn't work like that.
The transfer of value happens typically on a blockchain,
and, well, hey, there's nowhere that you can just append that information, nor I suggest,
would it be wise to do so?
So that's presented immediately some very significant challenges for the industry.
Those are challenges which maybe we'll talk about later on, but the industry has certainly
come together to start to resolve.
And in short order of time, it hasn't been given a lot of time to do this.
Yeah.
And what is the deadline?
Dave, do you know?
Well, there's no specific deadlines.
So every country sets its own regulations.
So it's going to be country by country based on their timelines and how they interpret the regulatory guidance from the FATIF.
So for example, the United States says that since 2015 or thereabouts, every cryptocurrency company should have been in compliance already.
So they would say that they have you've been given.
a grace period of four to five years where we haven't come after you. It was mentioned in the
ripple issue back in several years ago, but it wasn't the main focus of that investigation and
order, but it was mentioned at the end. But if you talk to Finson in the United States,
they would say that every cryptocurrency in the United States has been under this regulation
for at least five years. In Switzerland, it's already in place, although it goes far,
further than the requirements in the United States to include personal transfers in and out of
exchanges and VASPs.
Singapore is starting enforcement actions as well.
So they say, well, look, it takes effect now, and you have to do it.
So there's no specific global time frame.
It's really when countries start to adopt it, integrated into their regulations.
another example is the United Kingdom.
They intend to do it, but it is not regulated at this time with the FCA.
And just to understand a little bit more about which transactions will be covered by this rule,
let's say I'm a customer at one exchange like Gemini.
I send money to my friend and they want it sent to their Cracken account.
And also, FYI Disclosure Cracken was a sponsor of my show.
then the exchanges will send the info.
But if I, let's say that I'm a customer, Gemini, but I send it to my friend's self-custodial
wallet, then no information gets sent.
And if so, how does Gemini know who the recipient, how does Gemini know that one of them is going
to, you know, this other custodial wallet and that, or in the case of the other transaction,
that that's not a custodial wallet?
Yeah.
So this is one of the large technical problems that need to be solved.
So how do I know across all virtual currencies, hundreds and hundreds and hundreds of virtual currencies and chains, how do I know whether it's a personal wallet or a custodial wallet? So that's the first one. Do I know I have to send it or not? And same on the inbound. So when I get the transaction, do I know that it came from a personal wallet or do I have to wait for this information to arrive to me from some other
VASP or exchange, what have you, to come in. So that is one of the challenges. Another challenge
is, and then, you know, there's a lot of technical detail around it. So how do you do it without
creating a global list of every address that belongs to every exchange? So preserving privacy
is a big issue that we've been working on. We believe privacy is of a dramatic importance.
You know, this simple idea as well, we'll just create a database or a blockchain of everybody.
This is not in, for various reasons, a good idea. And then you have other.
problems around how do I know who's a VASP and how do I know who isn't and what country
are they in and how do I stop ones from spoofing each other so that I can reap all of the
data pretend to be a VASP who hasn't signed up yet, get all the customer data from other
people. So there's quite a number of security and privacy issues that have to be dealt
with. And of course it has to be cross-chain. It has to be global. And so these are the technical
challenges that combined with the regulatory that, you know, we've been working on as an industry.
Okay. So I just want to make sure the audience has caught on essentially anytime there's a
transaction between two custodians, meaning two exchanges or two wallets that are both custodial
wallets, then this information will be sent. And if, you know, either for the sender or the recipient
that it's someone transacting using their own private keys, managing their own keys,
then the information will not be sent.
But then I also want to make sure.
So it sounds like depending on the jurisdiction that the types of information being sent will differ.
And it sounds like, you know, your identity is a key piece of it.
And who you're transacting with is also a key piece.
But then in terms of other things like when you said in Switzerland that they also include
your transaction history a little bit or something?
They don't include transaction history, but they're extending it to self-custodial wallets
where you have to make declarations about who you are.
So they've taken it beyond asp to vasp.
They're stretching the boundary to look at, you know, extending it to more self-custodial
wallets, which is, you know, challenging and obviously not a great, not a great thing, in my opinion.
And actually seemingly out of character for the Switzerland from 11 or 12 years ago, yes.
All right.
So, okay, but in terms of the basics, it's who you are, who you're transacting with.
And I'm presuming the amount of the transaction, the date, stuff like that.
Correct.
And a transaction ID so that you can correlate it to the blockchain transaction.
Right.
One sort of addition to that, I think it goes beyond just custodial wallets, although that is the easiest way to think about it.
If you've got some sort of intermediary function at the other end or one or other end, then you're effectively caught if there is an intermediary at both ends.
So there's got to be a VASP, raw definition of VASP. Think about every kind of financial intermediary in the traditional world.
And you kind of got the analogy there.
So it probably is more than just exchange.
Well, it is more than just exchanges and custodial wallet providers.
And there has to be a VASP at either end.
That's the baseline requirement.
So if it's VASP to user individual or user to VASP or it's peer-to-peer, user-to-user,
then that's outside the scope.
But if there's an intermediary, it's caught.
Is there any minimum transaction thresholds, or is this for any transaction, even it's for a dollar or something?
Well, potentially it could be for even if it's a dollar.
The rules are that information has to be captured about customers.
So essentially, a customer has to be KYC to some degree.
There are degrees of how much KYC is done depending on value and risk and a whole set of
of factors. But that has to be done at the start of what's known as a business relationship.
Essentially, if you open account, you sign up with someone, that could constitute the start of
a business relationship. And if you've started that business relationship, you've got to be KYC.
You may never perform a transaction subsequently. Clearly, of course, if you don't perform a
transaction, no information has to be transferred. There are provisions.
which say, well, if it's a one-off, what's known as an occasional transaction,
if it's a one-off, you haven't signed up, you're just performing a single transaction,
then there is a threshold, which, interestingly, for crypto, is set by FAT of lower than it is for most other sectors.
But essentially, anything that's below $1,000 or $1,000 or a thousand euros,
as a one-off transaction where there's no sort of pre-sign up,
no commencement of a business relationship,
then it would fall outside.
But it's up to countries.
They can stipulate lower values or even a zero value.
So it's quite feasible at a particular country.
And there clearly are some who are going beyond the baseline
and saying, you know, we want it for everything.
And then there's also countries like the United States who go above
and say it's $3,000 U.S. dollars, it's not a thousand euros, where they're setting their limit
higher, saying, you know, if it's under $3,000, then you don't have to do this.
Okay.
Well, that's a little bit more generous or comforting probably to a lot of people in the
crypto community.
So in a moment, we're going to talk about how all this information will be sent, because, as Dave
did allude to it, brings up a lot of questions around security and private.
privacy, but first a quick word from the sponsors who make this show possible.
Looking for a place to connect with thought leaders, innovators, and blockchain enthusiasts of every level.
Welcome to T-CORUM, a weekly virtual series about all things TASOS.
Each week will feature presentations about the latest advancements, from baking and staking and developer tooling to DFI projects and community content that will help the ecosystem grow together.
This year, T-Corum will be opening up its podium to you.
If you're interested in presenting, submit your ideas, and the Tazos community will vote on who they'd like to hear from next.
Sign up and learn more about the virtual series at T-Corum.com.
How much in fees are you paying for your crypto purchases?
Crypto.com is waiving the 3.5% credit card fee for all crypto purchases, which means you can buy crypto with a 0% fee.
Apart from your crypto purchases, you can also get a great deal on food and grocery shopping, too.
Get up to 10% back on Uber Eats, McDonald's, Domino's Pizza, Walmart, and many more when you pay with your MCO visa card.
No card? On the crypto.com app, buy gift cards, and get up to 20% back from merchants like Whole Foods, Safeway, Burger King, Papa Johns, and Domino's.
Download the crypto.com app today and enjoy these offers till the end of September.
The ScoreBet app here with trusted stats and real-time sports news.
Yeah, hey, who should I take in the Boston game?
Statistically speaking.
Nah, no more statistically speaking.
I want hot takes.
I want knee-jerk reactions.
That's not really what I do.
Is that because you don't have any knees?
The score bet.
Trusted sports content, seamless sports betting.
Download today.
19 plus Ontario only.
If you have questions or concerns about your gambling
or the gambling of someone close to you,
please go to conixonterio.ca.
With Amex Platinum,
$400 in annual credits for travel and dining
means you not only satisfy your travel bug, but your taste buds too.
That's the powerful backing of Amex.
Conditions apply.
Back to my conversation with Dave Jevons and Sean Jones.
So as we discussed earlier, there's a lot of sensitive information being sent,
and it's a lot of valuable information.
So I'm curious to know, and as we talked about,
this is basically replicating what the banking system already does.
So what do banks use?
And is that a system that crypto companies could use or, you know, what options are they looking at?
So banks today, typically for international funds transfer, use the SWIFT system.
So that means effectively any kind of instruction, whether it's payment instructions, but also stock clearing on an international basis, go through SWIFT.
There are over 4,000 banks directly connected to it, but there are also corporations as well.
So you can join Swift as a private corporation.
They have a whole set of messaging standards.
In fact, you can even move check images and things if people are still using checks.
So they have all these messaging standards.
And I feel like this approach is really trying to mimic that, although I think nobody in the crypto industry wants a centralized solution.
Could you use Swift?
I suppose so, but it will incur a lot of cost.
Because every message is not free.
It's expensive.
You still have to have directories, how to look people up.
Does this address belong to this exchange or to a privately custodied wallet?
So all of that stuff would still be an issue.
I'm not sure everyone wants all of, you know, every crypto transaction to be routed
through either Manassas, which is near Dallas Airport in the United States or through LaHulp in Belgium,
because that's where every message goes through.
if you're on the SWIF system, we think that a much more of a peer-to-peer type of model,
which will help contain privacy, contain breaches, make it more attack resilient as a better model.
And so what are some of the different standards right now when I was doing research for this?
I came across so many.
Safer Trace has your open source solution, Trisa.
Coinbase is about to come out with a white paper for a peer-to-peer joint bulletin board
maintained by exchanges, which has participation from some of the other big exchanges like Gemini, BitTRAx, and Krakken.
And I also saw BitCo has an API travel rule solution, Notabene, just launched to provide such a thing.
Cool BitX also did so.
ING is proposing something.
Then there's these other kind of like open standards that,
I found intervasp and open vass.
Why don't we actually, why don't we just do this?
Dave, do you want to just tell us about Teresa and then we can talk a little bit about some
these other exchanges or these other solutions?
Yeah.
So I think that in my view, there's about four different, what I would call open efforts that are
going on.
So there's intervast, which Sean can speak to quite a bit because she was on the leadership
team of that, which is developing messaging.
formats. So what do the messages actually look like that contain the information? And I think pretty much,
I would say, most people in the industry have standardized around that as a standard for the message
contents. Then you have the overall message flow, which is how do you discover, is it a private
wallet? Is it a custodial wallet? Where are they? How do I communicate with them? And there's,
in my view, there's pretty much two and maybe two and a half open efforts there.
One is the Trissa, which is the travel rule information sharing architecture.
It's, I mean, we've contributed to it, but there's, you know, every time we have a call,
there's 36 companies every week working on it.
So there's, it's not a cypress trace product or anything.
It's an open initiative that, you know, we're helping with.
The other one is Open VASP, which has been led primarily by Bitcoin Suisse.
So that is, again, looking at an open methodology for exchanging this information, for doing
peer discovery, and having a directory.
And we work very closely.
So the Trissa Working Group, the Open Bass Working Group worked together, and we're working on
interoperability of the messaging standards and the directory and how those would integrate.
I would say a third one is BIP 75.
So that is being promoted by a private company called NetKee, but it's a third.
It is an open standard definition that's been around for some period of time.
And when you say 75, you mean a Bitcoin improvement proposal?
Correct.
Oh, yes.
Yes.
So that's been around for several years now.
Was not designed to solve this problem, but has been, the people have been working on it,
Justin and others at NetKee have been working on it to move it into this direction and to build that.
Those to me are what I would consider, what I know of, the open efforts where you have multiple
companies. And then there's the Coinbase one, which is really U.S.-centric, U.S.-centric exchanges,
does not deal with the global problem of discovery, was initially a peer-to-peer mechanism,
but to try to get some prototype out, they've gone to a private bulletin board system to publish
addresses. So I don't think it's a scalable global solution. And they would never say it is. They're saying,
And we want a proof of concept to show U.S. regulators that we're doing something that we can solve this problem in the United States.
You know, it's not designed at this point as a global solution.
That may change, but that's not where it is right now.
Everything else you mentioned, as far as I understand, are private companies who have built proprietary solutions that are closed.
many country-specific like Coolbit X's really large it, largely aimed at the Asian market.
And they'll tell you, they want to be the swift of the space.
They make no bones about it.
They want to run every message through them.
Shift has another model, which is pretty cool.
And they're working on interoperability with some of these open standards.
But again, run by a private company.
And many of these other ones that you mentioned are private company-specific things.
So what I think the takeaway is.
is several really open efforts around standards, interoperability, and then private companies
offering things in their own country. And therefore, there will not be one solution. There will have to be
interoperability. It's going to be a free market, which is great because anyone who wants to build
solutions can. But it does mean that for the foreseeable future, there are going to be five,
10, 15, who knows, solutions out there, which means interoperability is going to be critical.
This thing is not going to start next year and suddenly be solved.
We have other issues which we call the sunrise problem.
We'll talk about that later, if you wish.
Well, yeah, why don't we just start with the first one about how there isn't going to be one single solution
and how actually some of these basically are more decentralized.
Some of them seem more kind of crypto and then some of them seem more, you know, traditional kind of VC startupy.
Just from a logistical standpoint, it seems like it would be pretty burdensome on countries if there were, you know, five or several different solutions that they had to use, right?
Because, well, you tell me.
So let's say that, you know, I'm Coinbase and I'm sending to, or that one of my customers wants to send to their friend who uses Cracken.
then Cracken maybe uses, let's say, a different travel role solution provider than Coinbase.
So then how does that information get shared?
Do they just have to both adopt the other's solution to or what?
The reality is that VASP, I mean, it's not, I think, so much troublesome for countries.
It's probably not troublesome at all for countries.
They're agnostic on the question.
It's troublesome for VASPs because, you know,
I think Dave is right.
At the moment, I've certainly counted in excess of 15 projects out there,
the different broad categories that Dave has outlined.
And some of them will make it to market.
Some of them will not make it to market.
But others may emerge.
And in fact, we've seen even over the last year,
folks who weren't in the running at the beginning, if you like,
as this issue emerged, have joined the fray.
And you've mentioned a couple of mainstream.
financial institutions that are involved in their solutions.
Pretty much, though, across the board, there is no obvious single solution out there.
I would echo Dave's comment.
I don't think this would be a good thing necessarily, but having 15 is also not good
because the costs of trying to connect up to 15 different solutions and the complexity
involved in that and indeed the discovery exercise.
And you've got the challenge of figuring out whether you're going to be involved in
a transfer of value with a wallet at the other end that has a VASP associated with it.
Then you've got the problem of discovering who that VASP is.
And now you've got the problem of also discovering which networks or which solutions
they're employing.
This is a whole cascade of issues.
Certainly when we started the InterVASP project, this was its proper title was the InterVASM messaging standards,
and this was partly to short-circuit some of the challenge associated with having many different systems.
So we said, well, you know, the way the data will get from one VASP to another will be solved by different solutions.
One or a few may emerge as the leading solutions, and then maybe in the open space,
they may be in the very closed networks that some VASPs are building between one another,
or they may be in the proprietary space, or combination.
Any of which way you cut it, at the end of the day, it's the same amount of data,
the same pieces of information that have to move from one VASP to another,
and it would save an awful lot of time if that data payload were defined in a standard way,
that a VASP at the sending end would know that regardless of where in the world that value is being transferred to,
the information that goes with it can be understood, understood as was intended.
And the receiving VASP can get this information and understand, oh, this bit's the name, this bit's the city where they live.
Oh, this is a passport number.
This is a date of birth, just to be able to understand that.
forgetting for a moment that not the whole world speaks the same language, yet alone uses the
same character set. So there are a lot of things that a technical standard, which is what the
InterVAS messaging standard 101, IVMS 101 was about, was really to short circuit that and make it
possible for the payload data, whatever, however that is transferred, to be understood as intended.
You're saying InterVASP will make it so that it doesn't matter if Gemini and Cracken are using
different kind of front-end solutions because the information in them will be standardized.
Absolutely, you're right. It's not a solution at all. It is simply a technical standard.
You know, it's a document that's published that says this is how the name is set out.
This is how to deal with a scenario where the original name is in Korean, but you have to
communicate this to someone who's in Switzerland, for example. This is what a data,
birth looks like. In other words, is it the year first, the month, second, and the date third,
or how is that constructive? So that everyone involved in that information sharing exercise
can at least understand the data. They can send it knowing that it can be understood and it can
be received knowing that it's coming to you in a way that was intended. Okay. So actually,
maybe it won't be as burdensome if different custodians are using different software. But another
major concern I imagine a lot of people in the crypto community will have is how this will be
secured, especially if there does end up being redundancy where, for whatever reason, you know,
we find that even for one transaction, you have two different solution providers having to send
the information for various reasons. I mean, it just creates more places where people,
information can be compromised. And, you know, the other scenario is also not super comforting
where perhaps maybe there will be one solution that tends to be the dominant one and sees almost all
the transaction flow in it. Anybody who gains access to that will have access to extremely
valuable information. So how is security being handled for these different systems? So we've put a lot of
thought into security around systems architecture on the Trissa project. So Cipher Trace has contributed
to it, but MIT, a whole bunch of exchanges and others have really thought about it quite a bit.
And definitely a centralized exchange or centralized data exchange model, we believe is very
dangerous. It's counter to crypto. Not only, as you point out, Laura, is it something that,
you know, if somebody were able to get into it and the information were not end-to-end encrypted
and the middleman could look at it, absolutely could be a privacy disaster.
But also it's also availability.
So if let's say the world went to a centralized system, even if it was end-to-end encrypted
and they couldn't intercept the messages, it's a potential DDoS attack for a nation state or anyone
else who wants to take crypto offline.
So if you have one centralized service that if you want to transfer between VASPs, well, if you
want to take crypto out, just kill that thing for a long period of time and no one can send money
between VASPs anymore.
So there's a lot of- Or they'll just do it without complying with the FATF rules.
But anyway.
Well, sure.
Absolutely.
So that's a thing.
So we believe that it needs to be peer-to-peer exchange of the information.
So that create, what that does is it creates resilience because there's no central place to take
it out.
It means that you're only exchanging the information with the person that you have, the VASPS,
the counterparty that you have to send it to.
Now then, the other benefits of this is if you have a directory service that you can look up
these VASPs around the world and then understand what their information protection, at least
requirements are or profiles or what have you, then you can start to make decisions about
do I feel comfortable sending my customers information to this VASP?
And some, you know, companies won't.
And so one of the things that we've been working on on the Trissa project, as well as with OpenBASP, is a direct and a GDF, the Global Digital Foundation, Digital Commerce Foundation is we've been working on, one, a questionnaire and a verification process for who is a VASP. Where are they? What is their jurisdiction? What protocols do they support? So as we've talked about, you're going to have to support multiple for some period of time, if not forever.
And what are the endpoints of it?
What is the security of it?
What are the certificates, digital certificates around it?
But also, what is your basic information security policy?
So not how you do it, but information about how do you protect the customer's data.
And then I think that helps VASPs as we move into this world to determine, I feel comfortable sending my data to this company that's going to hopefully protect it or not.
I don't feel comfortable.
Therefore, we're not going to allow.
direct vasp for basque transfers to X, Y, Z company in some country that has no data protection.
And one other thing I wanted to ask about was here we've been talking about cryptocurrencies this
whole time, but the FATOF did release a long report all about what they kept calling,
so-called staple coins throughout the report.
They never just called it stable coins.
Even in the title, they called it so-called stable coins.
But anyway.
You know what I call it a so-called report.
I don't know why they didn't just go with the term.
But anyway, so, you know, I didn't fully really understand in the report how this would affect,
because, I mean, they did make the distinction between centralized and decentralized stablecoins.
But even with decentralized table coins, they were saying, well, there generally is a team that you can identify that launch the coin.
But even for like a centralized stable coin, it wasn't totally clear to me what exactly those creators of those stable coins would need to track.
Is it that every time somebody creates a tether that the parent company, which I think is IFINX or it's somehow related a bit, I'm just blanking on the company, that they would need to track who that is and then do they need to track where they send their tethers initially or, you know, how does that all work?
And then as far as I can tell, I believe also these rules could even imply to central bank digital currencies or do those get a pass because they represent fiat or, you know, how does all this apply outside of cryptocurrencies?
So taking the last point first, central bank digital currencies are outside of scope.
They're expressly excluded from the definition of a virtual asset, pretty much everything else that you've mentioned, whether they're considered to be.
be stable coins of limited scope or whether they're so-called global stable coins of global scope
is really beside the point.
They do fall within scope.
And I think if you look at the direction of travel, you can assume that if you're someone
who makes a buck on the back of some transaction, you're going to be the one somehow
along the line that is going to be brought in to, into scope.
So something that's truly decentralized where nobody's making any money, nobody's gaining from the process other than the users, the sender and the recipient.
I think you're going to assume that that definition over time is going to suck in more and more people.
We're also going to get more and more imaginative about how they decentralize stuff.
If you're looking to make some money out of decentralized stuff, you're going to be sucked back in.
And there's an inevitability to that, I think.
But what about centralized stablecoins?
You know, what do those creators have to do in terms of tracking information or sending information on?
Well, of course, if it's within their ecosystem, they may be the vast but both ends.
So, of course, they've got the information on both customers, if one world, both holders, both stablecoin holders.
If, however, it's moving between VASPs or between the issuer and a VASP, the issuer is
certainly going to be considered a VASP of some sort.
So you've got a VASP transfer, and you're caught by the same requirements to capture
certain information, to verify that information, or it's to do the KYC, the due diligence
stuff.
and where there's another VASP at the other end,
you're going to have to send the required information.
That is the information about your verified customer as the sender
and the intended recipient.
And it's then up for the VASP at the other end to do due diligence on his customer.
But only at the creation redemption points, right?
It wouldn't be like every tether is being tracked, you know,
as it changes hands until it gets redeemed or nothing like that.
If it changes hands between,
between one VASP and another,
then that information moves, that travels,
if we're looking at the travel rule implication,
and if that chain is broken,
in other words, there's not a VASP at one end or the other,
then subject to certain national variations,
which I think Dave's already mentioned, Switzerland,
which is a very clear variation on the baseline.
But in broad terms, if it breaks
the chain because there's not a bass but both ends, then you may only need to keep information
about your customer and you don't have to send any of that information to any. But what I'm saying
is Tether itself, the company does not have to do it for every step. They only do it at the
creation and redemption points. Yeah, that's my understanding. Now, the effectively, you know,
the recommendation doesn't go into great detail. It basically says all that stuff we wrote about
applies here. It's really pretty simply what it says. Okay. So it turns out to some extent around the
nuances of it. I think, you know, right now it's not dealing with creation of cryptocurrency. It's not
dealing with mining of crypto. It's not dealing with issuance. It's really about when there's an
end user customer moving that information back and forth. Now, so for example, if you think about
like stablecoins as a settlement mechanism between VASPs, maybe, maybe not. So,
you probably don't, you know, it's not really a per customer thing. It's a settlement,
end of day type of settlement mechanism. You probably don't have to, you probably just say,
I'm VASP, I'm the customer, I'm the VASP, and you're the recipient, you're the VASP,
and you probably don't have to bundle 500 people's stuff into it, as far as we know. But I think
it's open for interpretation at this point in time. I take a slightly different view on that.
I think that the settlement, if you think about the traditional financial services world, does
the communication of the payment instruction, you know, Bank A telling Bank B, make these funds
available to someone. That's quite separate from the settlement between the banks. But if you're
talking about the, so the information that has to flow in the traditional world goes with that
payment instruction. And I think every movement of value between two parties where there's a
VASPA involved at either end, that information about sender and receiver has to, I
has to move, regardless of whether there's some kind of net settlement mechanism.
But the placing of liquidity, say, between VASPs that isn't about an underlying transaction,
that probably won't attract.
There's no information to transfer with it.
So I think you can always look to the banking sector to look for the analogies because,
actually, that's all they've done is take the existing rules and say they also apply to
to virtual assets, to crypto, and hey, industry, you work it out, and countries, you work out
how you regulate your VASPs to make sure they comply with your rules.
One other thing I wanted to ask about was how you thought that this rule would affect
privacy coins, particularly on exchanges.
I mean, obviously, if a privacy coin is on an exchange, well, yeah, I don't know how this applies
to something like Monaro, but, you know, with Zcash, there's a public.
and there's a shielded transaction.
But I did see that the Korean arm of OKX delisted its privacy coins,
most likely due to Fed-F rules next last fall.
So in general, I wondered if you had any prognostication on what this would mean for privacy coins.
Yeah, I mean, it applies.
You know, I work with Zcash, I would say, every week with the electric coin company,
you know, is one of the, you know, major players in the Zcatch space.
You know, they would argue that Zcash natively supports the travel rule because you can, you know, attach information with a view key that could actually literally move with the transaction.
But, I mean, this would apply to every privacy coin as well.
Remember, we're talking about an out-of-band transactional information exchange before you do the actual blockchain transaction.
So to be compliant, whether it's Monaro, Zcash, dash, or anything else that yet,
to be invented, if it's, you have to be able to identify, is it to a VASP or a private wallet?
And if it's to a VASP, you have to send that information and correlate it with a transaction
so that it can be correlated at the receiving end.
And the extension of that is that if you can't do that, then you can't affect that transfer
of value.
If you're a VASP and you're unable to meet that criteria, whatever the circumstances,
but obviously there are very specific challenges in being able to do that with SHUFAPE.
or with those enhanced privacy coins that simply don't, that shield effectively all movement,
then you simply can't support that transfer because you can't comply with the law in your
country.
You can certainly provide trading facilities.
So, for example, you buy, as an exchange, you buy Manero from a known vendor or a minor.
you can certainly support trading on your platform, the ability for people to buy and sell and
make money, et cetera. It's the transfer in and out by private individuals that would be,
would fall under this regulation.
So, you know, one thing that I'm sure you guys have been watching in recent months that I feel
is really developing between the crypto community or at least a certain segment within
the crypto community and analytics companies.
is a certain kind of antagonism
because of the general cypherpunk philosophy
and of this new world that we're entering
where cryptocurrency is going from the fringes
to becoming adopted by the mainstream.
And here we're just talking about
basically applying some pretty basic tenets
of the banking system to cryptocurrencies.
And so I was wondering,
especially Dave, I think for you,
you were talking about how you have these roots in the safer punk world. And I wondered how you
square this work that your company is doing with the cypher punk philosophy. And if you have any
opinion on that relationship that I talked about between the community and this new world that we're
entering. I don't think anyone wanted in our opinion, at least in my opinion, in the crypto side,
nobody wanted this move. I think there's way better ways to deal with this, in my view, which are
much more crypto-centric, which aren't, you know, folks who spent 35 years regulating banks.
But that's the world that we're in. I think there's far better ways to solve this problem,
to be honest, and maintain way better privacy and not spew people's information all around the
world to VASPs that you don't know about. But this is the world we live in. So, I,
I have two choices.
I can either say, I'm going to do nothing and let the regulators do whatever and not be technically informed.
Or I can step in as a technical person who understands the privacy constraints and be involved and create the bridge between the community and hopefully influence them to think about privacy, influence them to think about the implications and also the unintended.
consequences of what they're proposing.
Because let's face it, there's a lot of unintended consequences that are going to come out
of this that are not what they intended.
So it's either stand back and let a train wreck happen or at least try to like help some way
to represent the community to bring it in to help influence it, to bring the privacy
community to bring the, you know, the privacy coin community into it to work with them.
That was my choice.
So what are some of those unintended consequences that you believe could happen?
Well, I mean, the first one is you're spraying people's information all around the world.
You've now made it highly valuable to break into smaller companies because you're going to be able to identify people around the world.
So I think it's a big privacy problem.
You've just basically taken protecting people's data and made it, let's say, a thousand times more difficult because you're going to have a thousand vass.
out there that are going to have other people's data that aren't their customers.
That's a big one.
I think the second one is going to be, well, then everyone will just move everything to private
wallets.
Why would you do VASP's transactions?
Your transaction feed will be doubled or more, but, you know, move everything to a private
wallet and then send it on, and then none of this makes any sense anyway.
So there's a lot of different implications out there.
I mean, we also are going to have the sunrise problem, which is that this regulation is
going to implement it country by country. It's going to take years to get implemented. Different
countries will implement it differently. So what does that mean if there's enforcement in one
country? Let's say Singapore or the United States decides to enforce strictly and like actually
start binding people. Does that mean that if France hasn't implemented it, you can't send money
there? So does that create a restriction in the market? You know no longer have global liquidity.
So none of these in my view are positive. So these are all unintended.
consequences. There's others too. But yeah, there's a lot that needs to be thought through. And this is
why I chose to get involved and Cypher trace chose to get involved because it's either stand away and
let it let people who don't know anything about it, like define it or at least help be an industry
representative in the room, literally and figuratively in the room with these people to try to show them.
Here's the problems. Here's alternate solutions. And here's the problems that you're going to see and
face. And, you know, we were asked to list it. We worked with 50 different VASPs and others.
You know, we worked closely with Coinbase and others just to and other VASPs as well around the
world to try to get their issues with it and represent that out so that hopefully we can
influence policy in a positive way that doesn't, you know, destroy the fundamental value
of crypto. And speaking more about the unintended consequences, it did occur to me that this
maybe would spur more developments in privacy technology or more usage of privacy technology,
such as mixers, or it might drive certain groups of people who transacting cryptocurrency
to simply cash out in less compliant jurisdictions.
Or, and broadly, probably, there's just going to be a lot more people.
Absolutely, without a doubt.
There will be regulatory arbitrage, both among users and companies.
companies who want to move to less regulated jurisdictions, absolutely. And they should. But that's
just a point to happen. It's just, you know, it's a balloon. You squeeze it in one place and it'll
grow in another. You can't stop. You can't stop crypto. What? And you shouldn't.
Yeah. It should be available. It should be available to everyone. You know, we just unfortunately
have this, you know, this world of financial controls that are out there that are only going to get
more stringent, they're applying to crypto, I would rather them take a view which is more
enlightened, which is there's ways to solve this problem that aren't throwing people's customer
data all around the world, that aren't assigning account numbers, that aren't changing the way
that we do crypto, that, you know, I'd rather see that emerge, but that's not going to happen
unless people like us are involved in that discussion. Because otherwise, they're just going to
slap all the banking regs on and that's what we're going to have.
Is this thing going to look like a glorified, you know, wire transfer system?
Yeah.
And one other thing I imagine is that this will probably prompt a lot more people to manage their own keys.
So there's kinds of, I don't know, there's probably both good and bad to that.
But I did want to ask a little bit more about the sunset thing because or just in general,
like, you know, what do you think the next few years as this gets implemented, what will that look like?
And are there any other major milestones that are on the horizon that people should be on the lookout for?
I think you've got to look at this deadline question that you asked a wee while ago.
That, Dave is quite right. There was no sort of deadline. The deadline was back in October 2018 when the recommendations were changed.
and countries became obliged to do something about it.
Okay, took till summer of 19 before there was the guidance for countries that might explain what that could look like.
But as has already been said, those guidelines are pretty high level.
And so countries, well, you've got advanced countries who have folks who understand this stuff.
The U.S. has a regime that already supports this, and the U.S.
that Fincennes says these rules have applied forever, and certainly since they clarified the
position five years ago now, something like that. But other countries that have absolutely nothing
in place. And so the sunrise problem emerges because in reality, you've got 200 deadlines as
each country brings in its own laws and sets its own deadlines that VASPs now have to comply.
Well, there are countries probably about 35 countries that have now done so.
something to bring the recommendations, the global recommendations into their national legislation.
But quite a few of those have either not brought in anything yet for the travel rule because
they know there are no solutions out there, so they can't, or they have brought them in,
but have simply said, look, we're not going to enforce them or we're giving some regulatory
forbearance until a solution is available and keep the pressure on the industry to actually
solve all these many different challenges so that you end up with an end-to-end a perfect solution.
But you're still going to have countries bringing them in one this month, one next month,
three the month after, and so on and so on.
And if you look at how the travel war was brought into the banking sector, that was exactly
the same problem.
It applied in some countries very quickly.
The majority of countries took another two or three years to bring in the legislation
and then start to bring in the regulations to support it.
And then you had the stragglers who took up to, what, I think, seven, eight, nine years before they had all complied.
And this is not going to be any different than that.
Meanwhile, you've got VASP all over the world who have this asymmetry in regulation.
Not only the requirement to be licensed or registered in their own jurisdictions, the possibility that they may have to be licensed or registered in some other jurisdictions,
because those countries then say, oh, well, if you've got a customer in our country,
even though you're not based here, you still also have to be regulated in our country.
And then you've got the mismatch over the travel rules.
Some countries will have the legislation in place, the rules in place.
Other countries may not.
So, you know, takes two VASPs to tango and yet one VASP is subject to rules,
and the other one hasn't got any rules yet to apply.
This is going to be an ongoing story and itself a challenge, a challenge of uncertainty,
a challenge of asymmetry in enforcement.
And to be honest, many of the solutions that are out there today are only part of them.
I think Dave has very eloquently made the point that some of the solutions are geographic,
those for the U.S. and North America on the one hand, those in Asia on the other hand,
different solutions that's certainly not yet global in nature and not comprehensive in nature,
not into end.
And meanwhile, amidst all that confusion, you've got data that's being thrown around in an unregulated way.
And that also is a huge challenge.
I couldn't agree with Dave more.
The privacy issues are massive.
They are the same privacy issues that happen with banks.
You know, your bank will send your information to a,
I don't know, a bank in Brunei or in North Korea or, well, probably not North Korea,
but certainly in some other part of the world.
And your information about the fact you sent this money to someone is held by that bank.
You don't know who that bank is.
You don't necessarily know what's going to be done with that information.
But it's certainly a much bigger problem when you think that this is going to apply to an unlimited range of virtual assets.
So in the payments world, there are 200 and some currencies thereabouts.
You've got thousands of virtual assets today.
We could be talking in 10 years' time.
There's a part of me that kind of hopes it'll happen,
but you could be talking about 100,000 different kinds of virtual assets,
especially when you start to think about this applying,
not just to cryptocurrencies, but to a whole raft of digitized assets of one form
another, they would still qualify as virtual assets. And you've got VASPs who are not yet regulated
in the way the banking sector is regulated globally to global standards. And then you've got a raft of
different privacy requirements. EU, obviously, with its GDPR, but you're seeing other jurisdictions
now with their own flavors of privacy rules, and they have to be mapped onto all of the same stuff.
it's going to keep me occupied right the way up to and probably beyond my retirement.
All right.
And Dave, did you want to add anything?
I mean, I think it's important for industry to get involved.
So more exchanges, more companies that are either doing analytics or anybody who's doing currency swap services, this is going to affect all of those companies.
and we'd like to see more engagement, more education.
You wouldn't believe the number of exchanges that I talked to on a weekly basis
who've never heard of it.
Oh, boy.
It's, oh, yeah.
No, it's coming.
And this can be the goal, end goal can be served without breaking crypto and without, you know,
spreading people's information all over the world.
And I think the sunrise problem is a big one.
I think we're going to see five years of turmoil around this.
thing. The good news is I think many countries recognize there aren't good solutions. We've
educated them that the sunrise problem exists. It's now in the vernacular. They talk about it
every time there's a meeting. So that's good. They understand this isn't easy. It's not trivial.
And I think there will be forbearance on hopefully on enforcement and let the industry come up with
better ideas, better solutions. Yeah, I think to its credit, this industry has mobilized
fast and super well. Yes, I agree that there are a lot of folks who still don't really
understand what the requirements are going to be. Even if they've heard of it, they don't
understand all of the implications. And that itself is a challenge. But if you look across
industry, you've seen it get together very fast on the various projects that we've talked about
in this program and also on technical standards such as the intervast standards.
To get an international standard on messaging in the traditional world might take three years.
It was done in 18, 19 weeks.
And this industry has stepped up to the challenge, but let's be absolutely clear.
Dave, it's 101% right on this one.
This is going to go on for years and it's going to be in a state of flux.
And how it settles in five to ten years' time will not necessarily be how it looks like.
today. Yeah. If there's anything I've learned covering crypto, it's that this industry moves very
fast. So we will have to see how this all plays out. It does sound like it will be a little bit messy,
but hopefully it will actually maybe not be as scary and a transforming of the industry as people
expect or hope. Okay. So where can people learn more about each of you and your companies and also
about the travel rule?
Well, the information about the fat of recommendations in their entirety, which include,
which of course include the travel rule, can be found on the fat of website.
You can Google that fat of virtual assets, guidance.
It'll come up in the top couple of search results.
In terms of the technical standard, the Intervas messaging standard, IBMS 101 that we
talked about, it's free to download.
Any VASP anywhere in the world, anyone with an interest can download it from intervasp.org.
And anyone who wants to find out more from those of us who are in the industry helping folks,
well, you can see the name there, XREG.
XREG dot consulting.
And you can reach us that way.
Dave.
Yeah.
So, I mean, I think everybody who's listening probably knows I'm at
cipher trace, so you can catch me over there. But on the open standard side of things, the working
group, the governance model, look at trissa.io's. So that's TRISA, so travel rule information sharing
alliance. Dotio. And you can find GitHub over there to get open source. You can find various
articles and white papers about security models, threat models, how these things work. And then also I would
recommend intervasp, sorry, open vasp, intervasp, as Sean said, but also open VASP.
So look up open VASP and look up their standards as well. And also the BIP 75 are all open standards as well.
Great. Well, thank you both so much for coming on unchanged.
Thank you so much for joining us today to learn more about Dave and Sean and Cypertrace and XREG, as well as the travel rule.
be sure to check out the show notes for this episode. Don't forget, you can now watch video recordings of the shows on the Unchained YouTube channel. Go to YouTube.com slash C slash Unchained podcast and subscribe today. Unchained is produced by me, Laura Shin, with help from Anthony Yoon, Daniel Nuss, and the team at CLK transcription. Thanks for listening.