Response to consultation on Guidelines on preventing the abuse of funds and certain crypto-assets transfers for ML/TF (Travel rule Guidelines)
Question 1. Do you agree with the proposed provisions? If you do not agree, please explain how you think these provisions should be amended, and set out why they should be amended. Please provide evidence of the impact these provisions would have if they were maintained as drafted'?
Provenant, Inc is in the business of guaranteeing authentic communication, including in financial contexts. We have employees in Europe, Asia, and North America. We have substantial expertise in cybersecurity, telecom, SSI, and CBDC. We are also a Qualified vLEI Issuer, which creates cryptographic evidence by which legal entities can prove their control over an LEI.
We believe that the proposed revisions to the Travel Rule Guidelines are appropriate. EBA's rationale makes sense, and the updated wording is excellent. We'd like to comment specifically about the following points.
4.2 22 a and b -- names of natural and legal persons
If the identifier used to identify a legal entity in the transaction is an LEI, there is a strong collateral benefit with respect to names: not only are full names guaranteed to be known, but the names are guaranteed to have been verified against public records using stringent, published, versioned, open vetting standards. If the LEI is communicated in its provable form -- as a vLEI -- then this benefit becomes even stronger. The first reason this is true is because the organization presenting a vLEI has demonstrated the ability to prove control of the LEI, not just to assert that it belongs to them. The second reason this is true is because in the vLEI model, employees of the organization also receive a credential that proves their full legal name and their job title at the legal entity. That legal name is associated with identity assurance that meets the NIST Identity Assurance Level 2 standard, and the job title is often proved in public records, too. This means it is not just possible to know that a legal entity with name X is participating, but also that employee Y with name Z is participating -- and to prove all of this cryptographically, with evidence that cannot be forged or short-circuited.
4.3 24 and 25 -- addresses
A similar benefit applies with respect to addresses. LEIs are associated with known correct mailing addresses for legal entities. Individuals who present vLEIs have had to present government-issued credentials such as a passport, which includes an address that the government already vetted.
4.4 28 -- use of LEI
All of the requirements listed for an identifier are wise and practical. We suggest another, which is that the identifier have a provable binding to the party that asserts its ownership. A CASP could theoretically prove this by requiring the transacting party to cryptographically sign or otherwise interact with the blockchain, if the underlying system has already proved the legal identity of the account holder on the blockchain. A holder of a vLEI could prove this by simply signing a presentation of their credential.
Without this binding, assertion that an identifier belongs to a participant is based on unknown and possibly weak factors. With this binding, a large number of potential fraud vectors are eliminated.