Navigating the Travel Rule 'Sunrise Issue': Solutions for VASPs

Understanding the ChallengeThe 'Sunrise Issue' refers to the period where some Virtual Asset Service Providers (VASPs) are Travel Rule compliant, while others, or unhosted wallets, are not, creating significant operational and compliance hurdles.

Key SolutionsImplementing robust identity verification, leveraging blockchain analytics, and adopting a risk-based approach are crucial for navigating the complexities of the Travel Rule's phased global rollout.

Technological EdgeUtilizing advanced identity platforms that offer comprehensive KYC/AML, biometric verification, and workflow orchestration can streamline compliance processes and reduce operational costs.

Strategic PartnershipsCollaborating with compliant VASPs and industry bodies can help establish common standards and protocols, fostering a more secure and interoperable virtual asset ecosystem.

Understanding the Travel Rule and the 'Sunrise Issue'

The Financial Action Task Force (FATF) Travel Rule mandates that Virtual Asset Service Providers (VASPs) share sender and receiver information for transactions exceeding a certain threshold. This regulation aims to combat money laundering and terrorist financing in the burgeoning virtual asset space. However, its implementation has not been uniform across jurisdictions or among all VASPs, leading to what is widely known as the 'Sunrise Issue'.

The 'Sunrise Issue' describes a complex transitional period where some VASPs have adopted and implemented Travel Rule solutions, while others have not, or are in different stages of implementation. This creates a significant challenge for compliant VASPs that need to interact with non-compliant entities or unhosted wallets. Imagine a scenario where a compliant VASP in Europe needs to send virtual assets to a customer whose VASP in another region has not yet implemented the Travel Rule, or directly to an unhosted wallet. How can the compliant VASP fulfill its obligations to collect and transmit required information?

This issue isn't just theoretical; it's a daily operational reality. Compliant VASPs face the dilemma of either refusing transactions, potentially alienating customers, or proceeding with transactions and risking regulatory penalties. The lack of a universally adopted, interoperable solution creates friction, increases compliance costs, and can hinder the growth of legitimate virtual asset services. Addressing the 'Sunrise Issue' requires a multi-faceted approach, combining regulatory clarity, technological innovation, and industry collaboration.

Strategies for Interacting with Non-Compliant VASPs

When a compliant VASP needs to transact with a non-compliant VASP, a strict risk-based approach is paramount. The goal is to mitigate compliance risks without entirely halting legitimate business. Here are several strategies:

1. Progressive Information Collection: Where possible, the originating VASP can attempt to collect the necessary beneficiary information directly from their customer, even if the receiving VASP isn't Travel Rule ready. This might involve a pop-up or additional verification step during the transaction process. While not a perfect solution, it demonstrates a good-faith effort to comply.
2. Threshold Management: For transactions involving non-compliant VASPs, a compliant VASP might choose to implement stricter internal thresholds, only allowing transactions below the FATF's recommended de minimis threshold of $1,000 USD (or local equivalent) without full Travel Rule data. Any transaction above this would be blocked or subject to enhanced due diligence.
3. Enhanced Due Diligence and Sanctions Screening: Before any transaction with a non-compliant VASP, robust AML screening of the beneficiary's name (if obtainable) and the receiving VASP itself against sanctions lists (e.g., OFAC, UN, EU) is critical. This helps identify and prevent transactions with sanctioned entities, regardless of Travel Rule compliance status.
4. Communication and Documentation: Maintain clear records of all attempts to comply with the Travel Rule, including communications with the non-compliant VASP (if any) and the rationale for proceeding or rejecting a transaction. Regulators often value demonstrable effort and robust internal policies.
5. Phased Rollout and Industry Guidance: Advocate for and follow guidance from regulatory bodies on how to handle the 'Sunrise Issue'. Some jurisdictions have provided temporary exemptions or specific instructions for managing this period. For example, some might allow a VASP to proceed if they have a clear plan for future compliance and can demonstrate risk mitigation measures.

Practical Example: A user wants to send 5,000 USDC from a Didit-compliant VASP to a VASP in an emerging market that hasn't implemented the Travel Rule. The Didit-compliant VASP's system detects the non-compliant status. Instead of blocking, it prompts the user for the beneficiary's full name and address. This information is then cross-referenced against sanctions lists and internal risk scores. If all checks pass, the transaction proceeds, but with an internal flag for monitoring, and a detailed audit trail is created for regulatory reporting.

Addressing Unhosted Wallets and Self-Custody

The challenge intensifies when transactions involve unhosted (self-custodied) wallets, as there's no VASP on the receiving end to provide beneficiary information. This is a crucial aspect of the 'Sunrise Issue' for many regulators. Solutions here revolve around proving ownership and intent:

1. Proof of Funds/Ownership: For outgoing transactions to an unhosted wallet, the originating VASP may require the customer to cryptographically prove ownership of the receiving unhosted wallet. This can be done through a signed message from the wallet or a small test transaction back to a VASP-controlled address.
2. Beneficiary Information Collection: The VASP can still collect beneficiary information directly from its own customer, who is sending funds to their unhosted wallet. This includes the customer's name, address, and the purpose of the transaction. This data is then recorded and stored as part of the VASP's AML obligations.
3. Blockchain Analytics: Employing blockchain analytics tools can help assess the risk profile of the unhosted wallet. These tools can identify if the wallet has been associated with illicit activities, darknet markets, or sanctioned entities. High-risk wallets would trigger enhanced due diligence or transaction blockage.
4. Transactional Limits: Implement strict limits on the amounts that can be sent to unhosted wallets, especially for new users or those with lower risk profiles. This can be a tiered system, where higher limits require more extensive verification or proof of ownership.
5. Risk-Based Assessment: A VASP should develop an internal policy for assessing the risk associated with unhosted wallet transactions. Factors like transaction amount, frequency, geographic location, and the sender's own risk profile should inform the decision to approve, flag, or reject.

Practical Example: A customer wants to withdraw 10,000 ETH to their personal Ledger hardware wallet from a Didit-compliant VASP. The VASP's system recognizes this as an unhosted wallet transaction. It prompts the user to sign a message with their Ledger wallet confirming ownership of the receiving address. Simultaneously, blockchain analytics are run on the Ledger address to check for any prior suspicious activity. If ownership is confirmed and no red flags are raised by analytics, the transaction proceeds. If the address is linked to a known illicit entity, the transaction is immediately blocked.

Leveraging Technology for Compliance and Efficiency

The complexity of the 'Sunrise Issue' underscores the need for sophisticated, integrated technology solutions. Fragmented systems only exacerbate the problem. An all-in-one identity platform like Didit can be a game-changer:

• Unified Identity Platform: Didit combines identity verification, biometrics, fraud detection, authentication, and compliance tools into a single system. This eliminates the need to stitch together multiple vendors, providing a consistent and robust framework for handling diverse compliance scenarios.
• Workflow Orchestration: Didit's visual workflow builder allows VASPs to design custom identity flows. For the 'Sunrise Issue', this means configuring workflows that adapt based on the counterparty's compliance status. For instance, if the receiving VASP is known to be non-compliant, the workflow can automatically trigger additional steps like enhanced information collection or a specific risk assessment module.
• Advanced Verification Modules: Leveraging modules like ID Document Verification (supporting 14,000+ document types), Passive Liveness Detection, and Face Match 1:1 ensures that the VASP can accurately verify their own customers. This foundational layer of trust is critical when dealing with external uncertainties.
• AML Screening and Ongoing Monitoring: Real-time AML screening against 1,300+ global watchlists, coupled with ongoing monitoring, is essential. This allows VASPs to continuously assess the risk of counterparties and their own customers, identifying changes in risk profiles that might arise from interactions with non-compliant entities.
• Fraud Signals & IP Analysis: Didit's fraud detection capabilities, including IP analysis and device intelligence, provide an additional layer of security. This helps in identifying suspicious activities that might be indicative of attempts to circumvent Travel Rule requirements or engage in illicit finance.

By integrating such a platform, VASPs can automate much of the compliance burden, reduce manual reviews, accelerate onboarding, and significantly cut down identity-related costs, all while enhancing their ability to navigate the 'Sunrise Issue' effectively.

How Didit Helps

Didit provides a comprehensive solution for VASPs grappling with the Travel Rule's 'Sunrise Issue'. Our platform offers:

• Robust Identity Verification: Verify customer identities globally with high accuracy and speed, ensuring a strong foundation for all transactions.
• Flexible Workflow Orchestration: Create dynamic compliance workflows that adapt to the compliance status of counterparty VASPs or the presence of unhosted wallets, triggering additional checks as needed.
• Integrated AML and Fraud Detection: Screen against global watchlists and detect suspicious activity in real-time, essential for mitigating risks associated with non-compliant entities.
• Auditability and Reporting: Maintain detailed audit trails of all verification and compliance decisions, facilitating regulatory reporting and demonstrating due diligence.
• Cost Efficiency: Our pay-per-success model and competitive pricing mean you only pay for successful verifications, offering significant cost savings compared to traditional solutions.

Ready to Get Started?

Navigating the Travel Rule's 'Sunrise Issue' requires a proactive and technologically advanced approach. Don't let compliance complexities hinder your growth. Explore how Didit can empower your VASP to achieve seamless, secure, and compliant operations.

Visit our pricing page to see how affordable compliance can be, or try our ROI calculator to understand your potential savings. For a deeper dive, schedule a product demo or check out our technical documentation.