TOFR Compliance Tools – How CASPs Can Achieve ML/TF Compliance

Solutions proposal by the INATBA Finance Working Group


The Financial Action Task Force (FATF) is an inter-governmental body that has acted as the global money laundering and terrorist financing (ML/TF) watchdog for over 30 years. FATF, which features over 200 jurisdiction and policy making organizations, sets international standards that aim to prevent these illegal activities, and aims to generate the necessary political will to bring about national legislative and regulatory reforms in these areas. In short, FATF recommendations inform policy makers on the acceptable approach to curbing money laundering and terrorist financing, who then produce the legislation needed to put these recommendations into practice. 

Over the course of the past half decade, the FATF has monitored the crypto-asset (CA) industry closely. Their 2018 recommendations set the stage for all know-your-customers (KYC) requirements currently imposed onto Crypto-Asset Service Providers (CASPs) around the globe, while their updated 2021 recommendations motivated the EU’s current AML Package; a comprehensive series of AML policy requirements that shall affect the entire European financial industry, including crypto and blockchain-based finance. 

For crypto-assets, chief among these policies is the impending regulation on information accompanying transfers of funds and certain crypto-assets, more commonly known as the Travel Rule, or TOFR. The TOFR is currently at the final stage of policy discussions, known as the Trilogues, and is set to impose requirements to CASPs that follow FATF Recommendation 16 – ensuring that CASPs obtain and hold required and accurate originator and beneficiary information for all crypto-asset transactions originating by said CASP. 

INATBA understands the desire of policy makers to curb ML/TF activities, and welcomes all thoroughly thought and comprehensive requirements on European CASPs that achieve these goals. However, two specific amendment suggestions found within the document are overly onerous and risk substantially threatening the European crypto-asset industry without effectively limiting ML/TF risks. These amendments are: 

  1. The Parliament and Council’s proposal to remove the threshold found on Article 15(2) of the original TOFR draft. 
  2. The Parliament’s amendment 5b on Article 14 which requires the verification of all collected information requested by the originator and beneficiary of a CA transaction. 

INATBA members’ position on these two requirements is further supported by the ML/TF requirements proposed by the UK’s HMT which feature a more measured approach based on individual CA transaction risk. In short, their position states that the higher the risk of a transaction, the more information should be collected and verified by the involved CASPs. The existence of a less onerous and thoroughly thought through ML/TF positions in a competing jurisdiction so close to Europe will provide EU-based CASPs with an alternative that many won’t be able to deny.  

INATBA members believe that the goals outlined by both the EU’s AML Package and FATF’s recommendations can be achieved through the use of existing alternatives developed and adopted by the CA industry. This short document aims to introduce these solutions and explain how they can be used by CASPs and National Competent Authorities (NCAs) tasked with monitoring AML/CTF compliance in their jurisdictions. 

For an in-depth overview of INATBA’s TOFR position, please find both the member’s original position here and an amendment-focused follow-up here. INATBA welcomes member and industry participant insights, and welcomes all readers to review our work on For any requests or insights, please contact


Existing Crypto-Native Compliance Tools

InterVASP Messaging Standard:

Following FATF’s initial recommendations in 2018, a Joint Working Group comprising over 130 technical experts from around the world, developed the InterVASP Messaging Standard IVMS 101, a universal common language for communication of required originator and beneficiary information between VASPs.

The InterVASP Messaging Standard can be implemented as the data selection of choice for all information collected by CASPs when originating crypto asset transfers. NCAs can adapt this standard for a ready-made solution that is crypto native by design.


Coinbase’s TRUST (Travel Rule Universal Solution Technology):

TRUST, a leading group of US-based crypto exchanges, came together to create a solution in achieving AML/CTF compliance, while continuing to protect the security and privacy of their customers’ personal information.

TRUST includes certain provisions that allow compliance while protecting key and sensitive consumer information. These include: 

  1. No central store of personal data, and no data exchange without end-to-end encryption.
  2. Providing proof of address for all users who are exchanging transactions between incorporated CASPs.
  3. Meeting the compliance standards before joining TRUST.



VASPnet, an XReg company, is a single source of VASP-related regulatory information and intelligence. The first VASPnet product is VASPdata, an assured source of authoritative regulatory data on all service providers authorised to conduct virtual asset activities. 

VASPdata’s real-time regulatory data platform provides a seamless search and discovery experience that leverages direct connections to regulators around the world, offering clean, complete, and useful data over simple APIs. 

VASPdata undertakes the heavy lifting for each firm that requires regulatory reference data. This arms firms with the data needed to meet their regulatory obligations while minimizing manual overhead and operational risk.


Know-your-Transaction (KYT):

Know-your-Transaction is an in-depth analytics technique that allows for the examination of crypto-asset transactions on an individual, per transaction basis. With the use of blockchain analytics, CASPs can obtain visibility of source of funds and destination of funds used in the transaction beyond the originator and beneficiary. 

Tracing the assets flow across multiple previous CA transfers from the originator and beneficiary under current review facilitates a comprehensive understanding of the history of the funds used, offering visibility over what addresses the funds were moved through dating back to as early as to their creation on the blockchain, even if the owner of the assets is not known. Proper KYT implementation will allow obligated CASPs to flag any and all transactions with fraudulent or suspicious activities, including money laundering and terrorist financing.


Cross Infrastructure Analytics:

In addition to KYT and simple blockchain reviews, a number of analytics firms allow for a much more in-depth analysis of crypto-asset transactions, especially for public blockchains. Through the analysis of blockchain data, the cross-referencing of KYC information collected by obligated entities and the clustering of data, allow for a much clearer understanding of criminal, fraudulent and non-compliant activity through crypto-asset transfers and hence allowing the industry to create typologies of potentially high risk activity patterns. 

The combination of all the above data points with, for example, the IP addresses of CASP users, which can be accessed by authorities upon request, has been an already used method of tracking money laundering by NCAs in Scandinavia. Through the above, the vast majority of suspicious transactions can be monitored without placing the onerous requirements found within the TOFR amendments proposed by the Council and the European Parliament.


NFT IDs or Soulbound NFTs:

Non-Fungible Tokens (NFTs) are a type of crypto-asset that is, by its design, indivisible, unique and non-interchangeable with itself or other crypto-assets. NFTs have had a myriad of use-cases in the past, from representing scarce digital content to virtual land. This is because their properties allow for the seamless verification of ownership, which, in turn, has been used to provide unique access to digital and physical events, digital content and more.   

These unique digital characteristics allow for NFTs to also be used as identification within these platforms. Since the history of all crypto-assets can be traced by anyone, CASPs, once they issue such NFT, can see which blockchain addresses have interacted with their customer. If a customer decides to use his NFT ID fraudulently, or give it away to someone else, the transaction and liability can be traced back to the original NFT holder. A trail of information and transactions can be then used by NCAs to ensure that compliance is met. 

However, a new concept called Soulbound NFTs has recently emerged as an even better alternative for identification for web3 projects. Soulbound tokens take everything that NFTs do and add the inability to trade these items. These tokens, therefore, are tied to one’s unique “soul”. Through Soulbound ID NFTs, identification for decentralized web3 projects and obligated CASPs can be achieved seamlessly.


Concluding Remarks: 

INATBA and the Finance WG members produced this short list of use-cases to indicate an alternative way for achieving compliance – a method based on the core characteristics of the technology and the industry. Blockchain’s value is based on a number of attributes, chief among them being the transparency it provides. 

INATBA members believe that this document will provide an alternative point of view to policy makers that are working on the ML/TF requirement that shall be imposed on the industry in the years to come. A combination of the above use cases and legislation might be the most effective way to limit ML/TF transactional risk without imposing onerous and extended requirements.