Travel Rule

Travel Rule feature (available as Beta) is part of Circle's Compliance Engine, designed to help Virtual Asset Service Providers (VASPs) adhere to Travel Rule regulations across various jurisdictions. The feature is built to address the complexities of compliance while facilitating safe and secure cross-border transactions involving digital assets. Circle’s Travel Rule feature complements the Transaction Screening feature to provide a full Compliance Engine offering.

The Travel Rule is a regulation that mandates the sharing of specific personal identifiable information (PII) between VASPs when transferring digital assets. This regulation applies to both the originator VASP and the beneficiary VASP in any onchain transaction. The goal is to prevent illegal activities like money laundering and terrorism financing by ensuring greater transparency in digital asset transfers.

VASPs must exchange information such as the name, address, and account details for the originator and the beneficiary of the transaction, ensuring regulatory compliance at every step of the transaction.

Compliance Engine’s Travel Rule feature offers various benefits to simplify and automate compliance:

• Custom Rules: Evaluate all transactions against the rules you define on counterparties and their jurisdictions.
• Prechecks: Conduct real-time checks to determine Travel Rule applicability, wallet type (hosted vs self-hosted), and jurisdictional data requirements.
• Automated Data Validation: Programmatically validate the required PII fields and their data format.
• Secure PII Transfer: Safeguard PII during transmission between VASPs with encrypted storage and transmission.
• Verify Self-hosted Wallets: Mitigate risk by verifying self-hosted wallets through ownership proof mechanisms.
• Detailed Logs and API Integration: Developers can access detailed logs and results of Travel Rule checks, enabling easier auditing and review. The system also offers a robust set of API endpoints for integrating Travel Rule functionality into existing workflows.

The Compliance Engine’s Travel Rule API provides essential endpoints to streamline compliance for VASPs in a secure way. The API also ensures that customer PII is always encrypted on transit.

• Eligibility for sending PII: Provides travel rule applicability by identifying wallet type and counterparty VASP, if applicable, evaluating the transaction against the customer’s own configured rules and regulations, and providing a Travel Rule recommendation on whether to proceed with the transaction.
• Send PII for transaction: Transfers PII securely to the beneficiary VASP by validating the payload, running evaluation against the configured rules, and if no flags raised, sending the PII to the VASP.
• Receive PII for transaction: Retrieves inbound transaction PII for compliance validation.
• Eligibility for receiving PII: Confirms inbound PII compliance with policy and jurisdiction standards.
• Upload proof of wallet ownership: Provides ownership proof ID for self-hosted wallet.
• Update Travel Rule message: Updates transaction status (accepted or declined) based on compliance.
• Get Travel Rule messages: Retrieves all Travel Rule messages by given VASP and transaction type, either inbound or outbound.

These API endpoints automate Travel Rule processes, ensuring secure PII handling and regulatory compliance.

The following workflow explains how to configure your rules and integrate the API endpoints for outbound or inbound transactions using hosted or self-hosted wallets:

Configure your rules to match your own risk and compliance requirements:

1. Check the Compliance Engine whitepaper (Part 3) for some helpful questions to consider when establishing your requirements.
2. Reach out to [email protected] to set up rules. Provide the list of counterparty VASPs and list of jurisdictions you want to prevent transfers with.
3. Once the Circle team configures the rules, use the Circle Console to navigate to the Compliance Engine > Settings section and view the configured rules.
4. In a future release you will be able to configure and manage your rules directly from the Circle Console.

First, perform pre-transaction checks through the Eligibility for sending PII API endpoint. This will determine which of the flows below is applicable for the transaction in question.

For hosted address:

1. Depending on your jurisdiction requirements, gather required originator PII from KYC files and beneficiary PII from your customer.
2. Send the originator and beneficiary PII to the Send PII for transaction API endpoint.
3. This API call will validate the payload, run evaluation against the configured rules, and if everything checks out, send the PII to the beneficiary VASP.
4. Once the beneficiary VASP has processed and validated the PII, they can transmit a notification on their decision. This notification can be utilized if further data needs to be shared with the beneficiary due to their regulatory requirements. These notifications can be received by configuring webhooks using the Create a notification subscription API endpoint.
5. If all conditions are met, the transaction is approved and processed.
6. Once the blockchain transaction has been initiated, you can attach the transaction hash (txHash) to the Travel Rule message using the Update Travel Rule message API endpoint.

For self-hosted address:

1. Prompt users to sign a predefined message through their self-hosted wallet provider, and submit the signature hash in your UI.
2. Submit the predefined message, signature hash and signature type to the Upload proof of wallet ownership API endpoint.
3. This API call will verify the signature proof submitted by your customer and provide the ownership proof ID in the response.

Perform transaction checks through the Eligibility for receiving PII API endpoint with the transaction ID. This will help you determine which of the flows below is most applicable for the transaction in question.

For hosted address:

1. Whenever you are receiving an inbound transaction from a hosted address you should expect to receive Travel Rule data. Originating VASPs may have varying approaches for when they send the Travel Rule data (some may send prior to transaction, some may send in parallel to transactions and others may send post broadcast).
2. Whenever Travel Rule data for an inbound transaction is received, you would receive a webhook notification with details about the transaction, such as token and transaction amount, along with a Travel Rule ID.
3. Call the Receive PII for transaction API endpoint with the Travel Rule ID and receive the Travel Rule message of the inbound transaction.
4. Call the Eligibility for receiving PII API endpoint with the Travel Rule ID to run checks against configured policies for an inbound transaction.
5. Based on the recommendation from the above endpoint, you could accept or decline the Travel Rule message using the Update Travel Rule message API endpoint.
6. In cases where the transaction triggers a rule, the compliance team may perform a manual post-transaction review of the transaction, and either approve or deny the transaction based on the results.

For self-hosted address:

1. Call the Eligibility for receiving PII API endpoint with the transaction ID to run checks against configured policies for an inbound transaction. Note: there will not be any webhook notification for inbound transactions from self-hosted addresses.
2. If the API response indicates that this transaction is from a self-hosted wallet (reason: NON_CUSTODIAL_WALLET), then prompt your users to sign a predefined message through their self-hosted wallet provider, and submit the signature hash in your UI.
3. Submit the predefined message, signature hash and signature type to the Upload proof of wallet ownership API endpoint.
4. This API call will verify the signature proof submitted by your customer and provide a ownership proof ID in the API response.

Lastly, in the Console > Transactions detail page, your Compliance team can review the Travel Rule applicability and Travel Rule PII that has been shared for this transaction. They can also see the wallet type, counterparty VASP, and their jurisdiction.

Compliance Engine’s Travel Rule feature offers a streamlined, secure, and compliant solution for VASPs looking to meet regulatory requirements in cross-border transactions. With automated rules, comprehensive PII validation, and seamless network integration, Circle's Travel Rule feature helps simplify compliance while ensuring secure and efficient digital asset transfers.

For integration and implementation, please refer to the detailed API guides and developer resources available in the Circle Developer Portal.