21 Analytics

💡 Further Tips for Counterparty Due Diligence 📄 We recently published the blog “4 Tips for VASPs When Performing Counterparty Due Diligence,” which provided a starting point for VASPs conducting due diligence on their counterparties. ⬇️ Below, we provide further tips; check it out and learn why your team should be focused on counterparty due diligence. 🤝 Are you looking for more tips or guidance? Contact our team; we will gladly help you out.

DORA’s Timeline 📋 The Digital Operational Resilience Act (DORA) is effective from 17 January 2025.  But what has happened since its first draft till then? ✅ 2020:  - The EU Commission introduced the draft version of DORA on 24 September 2020 as part of its Digital Finance Package (DFP). ✅ 2021 / 2022:  - An agreement was reached.  - After the European Parliament and Council published their proposals for DORA, co-legislators engaged in discussions throughout the first half of 2022.  - The European Parliament approved the act on 10 November 2022, and the European Council adopted it on 28 November 2022. ✅ 2023:  - DORA entered into force on 𝟭𝟲 𝗝𝗮𝗻𝘂𝗮𝗿𝘆 𝟮𝟬𝟮𝟯 to complement the existing NIS and GDPR legislation. - 24 months were given to financial entities to comply with DORA’s requirements. (Financial entities have until 17 January 2025 to comply) ✅ 2024:  - Regulatory Technical Standard (RTS) & Implementation Technical Standard (ITS). - The European Supervisory Authorities (ESAs) establish and issue various regulatory and implementing technical standards with detailed specifications and guidance for meeting DORA’s requirements.  - ESAs include the EBA, EIOPA, and ESMA, which are responsible for developing technical standards for financial institutions to follow.  ✅ 2025: - Enforcement. - DORA will be effective on 𝟭𝟳 𝗝𝗮𝗻𝘂𝗮𝗿𝘆 𝟮𝟬𝟮𝟱. ⬇️ Learn more about DORA; see the comments section for more information. 

What Is the Digital Operational Resilience Act (DORA)? ✅ On 24 September 2020 DORA was drafted, it came into force on 16 January 2023 and will be effective on 17 January 2025. 💡 In the blog below, we discuss:  - What DORA’s objectives are  - What falls under DORA’s scope and what doesn’t  - DORA’s timeline - The 5 pillars of DORA ❓ Do you have a question that wasn’t covered in the text? Let us know. 

What the FATF Did Not Cover: Self-hosted Wallet Verification 📋 The FATF’s latest Targeted Update provides guiding questions for VASPs when choosing a Travel Rule solution. ❓ However, the questions did not provide guidance for choosing a solution that offers self-hosted wallet verification methods. 🌍 Many regions that have adopted the Travel Rule include transactions between self-hosted wallets and VASPs within its scope.  Moreover, most of these regions require proof of ownership of self-hosted wallet addresses. ⚙️ Therefore, Travel Rule solutions must enable VASPs to verify self-hosted wallet ownership. ⬇️ To aid VASPs, 21 Analytics compiled a list of guiding questions; see the list below. 💡 If you are looking for a Travel Rule solution that supports transactions to self-hosted wallets in every way possible – reach out to us. 

Part 2: FATF Guiding Questions for Choosing Travel Rule Solutions 🔹 Below, we list the FATF’s guiding questions for 𝗖𝗼𝘂𝗻𝘁𝗲𝗿𝗽𝗮𝗿𝘁𝘆 𝗩𝗔𝗦𝗣 𝗜𝗱𝗲𝗻𝘁𝗶𝗳𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗮𝗻𝗱 𝗗𝘂𝗲 𝗗𝗶𝗹𝗶𝗴𝗲𝗻𝗰𝗲, followed by 𝗤𝘂𝗲𝘀𝘁𝗶𝗼𝗻𝘀 𝗼𝗻 𝗜𝗻𝘁𝗲𝗿𝗼𝗽𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝘆 𝘄𝗶𝘁𝗵 𝗢𝘁𝗵𝗲𝗿 𝗧𝗿𝗮𝘃𝗲𝗹 𝗥𝘂𝗹𝗲 𝗖𝗼𝗺𝗽𝗹𝗶𝗮𝗻𝗰𝗲 𝗧𝗼𝗼𝗹𝘀 𝗮𝗻𝗱 “𝗜𝗻-𝗵𝗼𝘂𝘀𝗲” 𝗧𝗼𝗼𝗹𝘀. 📋 𝗖𝗼𝘂𝗻𝘁𝗲𝗿𝗽𝗮𝗿𝘁𝘆 𝗩𝗔𝗦𝗣 𝗜𝗱𝗲𝗻𝘁𝗶𝗳𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗮𝗻𝗱 𝗗𝘂𝗲 𝗗𝗶𝗹𝗶𝗴𝗲𝗻𝗰𝗲 requires that - VASPs have a secure communication channel to  - Seek information on their counterparty for due diligence and  - Request information on transactions to check their risk status. 📋 𝗤𝘂𝗲𝘀𝘁𝗶𝗼𝗻𝘀 𝗼𝗻 𝗜𝗻𝘁𝗲𝗿𝗼𝗽𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝘆 𝘄𝗶𝘁𝗵 𝗢𝘁𝗵𝗲𝗿 𝗧𝗿𝗮𝘃𝗲𝗹 𝗥𝘂𝗹𝗲 𝗖𝗼𝗺𝗽𝗹𝗶𝗮𝗻𝗰𝗲 𝗧𝗼𝗼𝗹𝘀 𝗮𝗻𝗱 “𝗜𝗻-𝗵𝗼𝘂𝘀𝗲” 𝗧𝗼𝗼𝗹𝘀 has a deeper focus on interoperability than 2023 and requires the tool to  - Transmit and receive Travel Rule data from external counterparty VASPs,  - Meet a VASP’s need to transfer internationally,  - Ideally have no limitations on data that can be sent and received. 🚀 And, once again, 21 Travel Rule ticks all the FATF’s boxes. ⚙️ 21 Travel Rule uses built-in blockchain tools, like Chainalysis. ⚙️ All incoming transactions from trusted VASPs are accompanied by Travel Rule information to assess the associated risks. ⚙️ 21 Travel Rule has zero limits: there are no monthly transaction limits, no transaction amount limits, and no limits to jurisdictions.  ⚙️ If a counterparty is not yet Travel Rule ready, 21 Sunrise offers fallback options. 💡 Following Monday, we’ll publish a list of our own to guide VASPs in selecting a Travel Rule solution that supports self-hosted wallets.  The list includes emphasis on self-hosted wallet verification methods and added extras. ❓ Curious to find out more if 21 Travel Rule fits your business? Reach out to us. ☑️ For every question and recommendation from the FATF, 21 Travel Rule has a solution.

Does Your Travel Rule Solution Meet the FATF’s Guiding Questions?  📋 As part of their most recent Targeted Update, the FATF included guidelines to assist VASPs in choosing their Travel Rule solution. 🔹 A similar list was included in 2023. However, the recent 2024 section on 𝗧𝗶𝗺𝗶𝗻𝗴 𝗮𝗻𝗱 𝗦𝗰𝗼𝗽𝗲 𝗼𝗳 𝗧𝗿𝗮𝘃𝗲𝗹 𝗥𝘂𝗹𝗲 𝗗𝗮𝘁𝗮 𝗦𝘂𝗯𝗺𝗶𝘀𝘀𝗶𝗼𝗻 adds 2 extra important points: If the tool complies with global industry standards, like ISO 20022 and  If the tool provides an option for a VASP not to send Travel Rule data (e.g., transactions with sanctioned jurisdictions or high-risk areas). 🚀 21 Travel Rule ticks all the FATF’s Timing and Scope of Travel Rule Data Submission boxes. ⚙️ It enables VASPs to submit Travel Rule (TR) data for any transaction value and handle unlimited transactions from multiple locations. ⚙️ Leveraging ISO 24165, the solution supports over 2400 tokens. ⚙️ IVMS 101 formats TR data in a standard manner and is a building block of TRP— the open-source Travel Rule Protocol. ⚙️ The Travel Address lets VASPs know where crypto assets will be sent and ensures the counterparty is not sanctioned before sharing additional information. ⚙️ It also allows accepting or rejecting transactions before any on-chain activity, enhancing security. ⚙️ Lastly, no data is shared with unvetted VASPs. This vetting process guarantees that PII is shared only with trusted entities that have been approved by you. ❓ Curious to find out more if 21 Travel Rule fits your business? Reach out to us. 💡 For every question and recommendation from the FATF, 21 Travel Rule has a solution. 👀 Keep an eye out for our follow-up posts, which will discuss the remaining guiding questions.

💡 July’s EBA and FATF Updates Summarised with Additional Content 💡 Sign Up for 21 Analytics’ Newsletter and gain access to the above summaries and more valuable content like: 🔹 MiCA’s Grandfathering Period  ⚙️ FATF’s Guiding Questions When Choosing a Travel Rule Solution  📋 Regulatory Frameworks that Include Self-hosted Wallets Join us and simplify your crypto compliance journey. 🖊️ Click the link below to sign up.   https://lnkd.in/d7cDrYfJ

Does Your Travel Rule Solution Have It All? 💡 Through research, the FATF found that many VASPs needed help choosing a solution. 📋 As part of their most recent Targeted Update, the FATF included guidelines to assist VASPs in choosing Travel Rule solutions and providers. 🔹 The list can be broken down into 3 main categories, namely: - Timing and scope of Travel Rule data submission,  - Counterparty VASP identification and due diligence, - Questions on interoperability with other Travel Rule compliance tools and “in-house” tools. ⚙️ Does your Travel Rule solution meet the FATF’s guiding questions and considerations? Find out below.

Why 21 Travel Rule Is Safer for Your Customer's PII ❗ The EBA recently highlighted in its risk assessment report that European banks face their most significant operational risks in cyber and data security. ⚠️ However, the EBA’s remarks are not the only factor VASPs must consider when considering an on-prem option.  The recent CrowdStrike debacle—and similar events—further underscore the importance of such a solution. 🔒 Banks, mining companies, and VASPs who take data security seriously opt for an on-prem Travel Rule solution like 21 Travel Rule. 💡 Are you concerned about your customers' data privacy? Then, find out why 21 Travel Rule is the ideal solution for your company. 

Software-as-a-Service (Saas) Solutions: A Double-edged Sword ⚠️ The recent colossal CrowdStrike outage exposed the risks business operations face with their IT infrastructure. ❗ The global IT failure caused chaos; grounding flights, locking users out of banking apps and healthcare services. 🔹 Despite their claimed cost-efficiency and scalability, SaaS solutions come with significant risks. 📈 Since 2023, 45% of businesses using SaaS options have faced data breaches. Why do companies continue to trust these vulnerable systems? 🍯 Top companies like Trello, Microsoft, and Google have all suffered breaches. The inherent risks in SaaS solutions make them prime targets for cyberattacks. 🔐 For VASPs handling sensitive data, it's time to rethink SaaS.  On-premises solutions, like 21 Travel Rule, offer enhanced security, privacy, and control over data. ⬇️ Find out more below.