skip to Main Content

CipherTrace Unveils Trustworthy Open Source Solution for FATF Travel Rule Compliance

Travel Rule Information Sharing Architecture (TRISA) Enables Confidential Transmission of Cryptocurrency Transaction Data

Malta—September 10, 2019—CipherTrace, a leader in blockchain security, introduces an open source Travel Rule Information Sharing Architecture (TRISA). This secure and trustworthy framework enables cryptocurrency exchanges to comply with new funds Travel Rule requirements. Virtual Asset Service Providers (VASPs) can immediately begin deploying TRISA to reliably share payment details while maintaining the confidentiality of bitcoin transaction data—ranging from customers’ personally identifiable information to their trading patterns. The TRISA whitepaper and open source software is available today.

TRISA addresses the urgent need for VASPs to comply with the “Travel Rule” that was finalized by the FATF—the global anti-money laundering watchdog—in late June. The new rule compels VASPs in all G20 countries to share and store private sender (originator) and receiver (beneficiary) information related to every cryptocurrency transaction over USD/EUR $1,000.

A number of voices in the virtual asset community have criticized the FATF requirement, claiming it would cripple cryptocurrency exchanges and violate user privacy. However, TRISA enables immediate Travel Rule compliance with minimal impact on transaction flows, all without the need to fork existing blockchains. It was designed to scale to the volumes required by exchanges while furnishing 7×24 reliability, making the architecture reliable under peak demands and resistant to denial-of-service attacks (DoS).

Already, major exchanges and wallets, such as Binance, are considering the solution as a viable option for compliance.

Based on Proven Internet Commerce, Banking, and Secure Communications Technologies

CipherTrace has designed and delivered a solution built upon security and cryptography technologies that have been proven for years to secure banking, ecommerce, and government communications. TRISA applies trusted Public Key Infrastructure (PKI) to mutually authenticate VASPs and securely transmit sensitive transaction data

VASPs currently face difficulty in determining whether a transfer is coming or going to an obliged entity or not. TRISA’s security design minimizes the risks of VASPs sending PII (Personally Identifiable Information) to the incorrect entity with the VASP Address Confirmation Protocol. Digital signatures provide digital proof of delivery and have been accepted globally for nonrepudiation.

The solution is a reference implementation that is scalable for exchanges and wallet providers. It is provided free of charge as open source software. VASP authentication, revocation and security services are offered by CipherTrace, but can also be provided by other companies, government agencies or consortia due to the open source nature of TRISA and its governance model, which is vendor agnostic.

TRISA is not only practical as a much-needed near-term solution but also aligns with the FATF’s recommendation to use existing trusted technologies. TRISA not only lends itself to open source and governance models but also comprises a solution that will enable the cryptocurrency industry to achieve regulatory compliance quickly and with minimal cost. Plus, it will enable scalable solutions and an open global marketplace.

BSA Travel Rule Now Applies to Convertible Virtual Currencies

Further complicating “Travel Rule” compliance for VASPs, in May 2019, the US Treasury’s Financial Crimes Enforcement Network (FinCEN) issued an advisory that it will now categorize certain business models involving money transmission denominated in value that substitutes for currency—specifically, convertible virtual currencies (CVCs)—as money service business (MSBs). This designation means they should now comply with the long-standing Bank Secrecy Act (BSA) transmittal of funds “Travel” rule 31 CFR 103.33(g).

“CipherTrace developed TRISA to help the virtual asset community meet the daunting task of complying with the Travel Rule, and many are very interested in testing it, said CipherTrace CEO, Dave Jevans. “By applying the team’s deep security expertise to this challenge we help avoid major technical and process pitfalls. For example, rather than trying to modify blockchains, we are proposing a reference architecture that creates a separate out-of-band security mechanism to augment existing blockchains and cryptocurrencies for compliance purposes.”

The primary technology partner collaborating with CipherTrace to release TRISA is Shyft Network, a blockchain designed to embed trust and validation into data across open and permissioned networks alike. Shyft Network has developed an architectural solution that is ready to deploy as core infrastructure in the TRISA framework, which includes cross-platform user interoperable authentication and sign-on, top-level coalition formation and management, and privacy-preserving identity credential attestation to enable encrypted communication and compliance.

As partners, CipherTrace and Shyft Network have built a solution to serve the needs of the many networks, exchanges, and users in the digital asset ecosystem. “We’re proud supporters of the TRISA initiative and excited to be working with CipherTrace as a partner due to our shared focus on privacy preservation, security, and decentralized community governance,” said Chris Forrester, Shyft Network Co-founder and CTO.

 A solution based on proven cryptographic controls — and available now

As an open source solution for Travel Rule compliance, TRISA complies with FinCEN and FATF regulations and guidelines. To learn more about the architecture laid out by the Travel Rule Information Sharing Architecture, or to join the governance body:

 About Shyft
Shyft is building the world’s first modern, secure, multi-stakeholder Blockchain-based digital identity ecosystem that enables KYC/AML attested data transfers. Combining privacy of data with efficiency of attestation, Shyft technology will radically streamline and simplify data collection, reduce cost and minimize the cybersecurity risks inherent in traditional compliance systems. In addition, Shyft is working to make the global economy accessible for all by creating credible reputations for the 3.5 billion consumers who are lacking “identities” by today’s standards. Through participation in the Shyft ecosystem, Shyft is building a more financially-inclusive future for everyone.
For more information on Shyft, please visit

About CipherTrace

CipherTrace is the leader in blockchain security. CipherTrace anti-money laundering, blockchain analytics, and crypto threat intel solutions are powered by advanced cryptocurrency intelligence. Financial investigators and auditors use CipherTrace blockchain analytics to trace virtual asset transactions. Leading exchanges, virtual currency businesses, banks, and regulators themselves use CipherTrace to comply with regulation and to monitor compliance. Its quarterly CipherTrace Cryptocurrency Anti-Money Laundering Report has become an authoritative industry data source. CipherTrace was founded in 2015 by experienced Silicon Valley entrepreneurs with deep expertise in cybersecurity, eCrime, payments, banking, encryption, and virtual currencies. The U.S. Department of Homeland Security Science and Technology (S&T) and DARPA initially funded CipherTrace, and it is backed by leading Silicon Valley venture capital investors. Visit for more information or follow the company on Twitter: @CipherTrace and LinkedIn: /company/CipherTrace



Back To Top