Travel Rule requires originating Virtual Assets Service Providers (VASPs) to obtain the required and accurate Originator information and required Beneficiary information, and share it with counterparty VASPs (Beneficiary VASP) during or before the transaction.

Sumsub can exchange the required data about the Beneficiary and Originator via the most secure protocols in the market.

To learn more about adding Travel Rule to your flow, refer to this article.

Sumsub can also contact the counterparty VASP not bound to any legal arrangements with Sumsub and not using any of the supported protocols via email as described below.

The protocol to be used is selected depending on the following parameters:

• Originator/Beneficiary wallet URL (for example, if the wallet has the LNURL, only the TRP protocol can be applied).
• Counterparty VASP type.

Sample protocol selection scenarios

👍

Tip

The protocol used to exchange transaction data is displayed in the transaction card.

TRP protocol

TRP is a lean open-sourced protocol developed by Standard Chartered, ING, BitGo, and others to ensure quick and easy data transfer in accordance with the Travel Rule requirements.

How TRP works

The Travel Rule Protocol (TRP) uses RESTful API to send and receive data between Virtual Assets Service Providers (VASPs) and other regulated entities.

The data is HTTPS-encrypted, so it is only available to Sumsub and the originator/beneficiary VASP.

Information exchange via TRP

The information exchange can be carried out in several ways. For incoming transactions there are two options:

• Option #1. When the incoming data exchange transaction is created, the LNURL (address that can be used by the counterparty VASP to contact Sumsub and send the data) is generated. The Beneficiary VASP (Sumsub Client) can pass this LNURL to its Client (Beneficiary) to provide to the Originator information and send the data in accordance with the Travel Rule requirements.
• Option #2. In case the VA transaction has already been completed, the Client sends Sumsub the Originator wallet address, transaction number, and all the necessary information. Sumsub will try to find the Originating VASP and contact it.

For outgoing transactions, Sumsub receives a LNURL from the Client (Originating VASP), obtained from its customer (Originator). Originators can also receive the LNURLs generated by the Beneficiary VASPs from their counterparties (Beneficiaries). Then Sumsub performs all necessary checks, such as sanctions screening, crypto transactions check (if applicable), etc. After the inquiry is approved or rejected, the respective callback is sent to the client.

Sumsub protocol

Sumsub has launched its own Travel Rule protocol that lets us quickly process data and confirm data exchange in case both VASPs are our clients.

How Sumsub protocol works

The Sumsub protocol utilizes API and the data exchange mechanism similar to the TRP protocol. The only difference is that we use our own callbacks to deliver data.

Information exchange via Sumsub protocol

The information exchange is carried out in the following manner (for incoming transactions):

1. The client initiates a transaction and sends a POST /kyt/txns/-/data request.
2. Sumsub checks all the required fields and performs basic AML checks on the counterparty.
3. If the screening is passed, the client receives the applicantKytOnHold webhook.
4. Additional information is obtained by sending the GET /kyt/txn/id/one request.
5. Sumsub responds with full information about the transaction.
6. When the Travel Rule data exchange is completed, Sumsub sends the applicantKytTxnApproved or applicantKytTxnDeclined webhook to the client.
7. If the transaction is approved, the Travel Rule transaction is finalized and a financial transaction is expected.

In case of outgoing transactions, the data exchange process remains the same as specified above, except for points 3 and 4.

Email notification tool

The email solution was developed by Sumsub to ensure that all VASPs are covered regardless of their location and Travel Rule solutions in place.

If we find out that the beneficiary VASP is not in our directory of those who have implemented the Travel Rule or uses a data exchange protocol not supported by Sumsub, we contact it via email.

How email notification tool works

When Sumsub Client (Originating VASP) creates a Travel Rule data exchange transaction, and Sumsub finds out that it has no connection with the identified counterparty VASP (i.e. the VASP uses a data exchange protocol not supported by Sumsub, or there is no information whether the VASP is implemented Travel Rule or not), we switch to email notification.

The email contains a request to confirm the counterparty's readiness to pass our Due Diligence process and a request to confirm readiness of the transaction exchange and the obfuscated transaction number.

❗️

Warning

For security reasons, no sensitive information is sent via this channel.

Dear Sirs,

We are Sumsub, a group of companies which provides a remote identity verification solution and Travel Rule solution for AML-regulated companies. More information about our company can be found on the website: https://sumsub.com.

We are hereby informing you that our Client (hereinafter referred to as the Client) has a request to execute a virtual assets (VA) transaction to your customer < transaction ID >.

The Client is obliged to comply with the Travel Rule requirements in relation to the VA transactions under its AML/CFT law.

Unfortunately, we were unable to identify your VASP and find any protocols supported for the execution of Travel Rule requirements.

Therefore, our Client instructed us to contact you and clarify the following:

1. Have you implemented the Travel Rule requirements?
2. If so, what protocols for data transfer do you use?

If you are ready to initiate a data transfer within the Travel Rule, please, contact us to establish a two-way protocol or receive an access to a free account for execution of the transferring data through it.

Please note that before execution of the transaction, we have to ask you to pass a Due Diligence process via our System to identify and verify you and ensure that you can adequately protect sensitive information received within the Travel Rule Transaction, as required by FAT. Due diligence process you can pass via our System < link >.

Please let us know if you are not obliged to comply with the Travel Rule requirements.

In any case, we would be very grateful if you contacted us and informed us about your decision until < date >.

Upon receiving the request, the counterparty can initiate the Travel Rule data transfer and pass Due Diligence process via any of the supported protocols. If the counterparty VASP has no connected protocols or solutions, it can receive the data/confirm transaction via the free Account provided by Sumsub.

In case the Sumsub Client is a Beneficiary VASP which received a VA transaction without required data, and during the identification process Sumsub finds out that it has no connection with identified counterparty VASP (i.e. the VASP uses a data exchange protocol not supported by Sumsub, or there is no information whether the VASP is implemented Travel Rule or not), the email notification tool can also be used.

Sumsub can send the email to the Originating VASP with the request to confirm readiness to pass our identification process by completing the VASP Identification Questionnaire and confirm readiness of the data exchange.

After the request has been sent, the counterparty VASP can initiate the Travel Rule data transfer and pass identification process, if this VASP has Travel Rule implemented and supported protocols. If the counterparty VASP has no connected protocols or solutions, it can transfer the data via the free Account provided by Sumsub.

The email request is displayed in the Sumsub Dashboard to confirm the attempts to establish a connection to fulfil the obligation under the Travel Rule.