BitMEX Introduces Data Storage Framework for FATF’s Travel Rule


Crypto exchanges BitMEX has published a policy for optimally storing additional batches of transaction provenance data. These requirements need to be exchanged under new anti-money laundering (AML) rules.

To keep up with the rest of the financial system, Virtual Asset Service Providers (VASPs) have been asked to obtain, store, and share information about the originators and beneficiaries of transactions, known colloquially as the “travel rule”. The Financial Action Task Force (FATF), a global watchdog fighting money laundering, expects the crypto industry to implement the new rule by June 2021.

The response from the crypto industry has been enthusiastic, including a commonly agreed standard for the format of the data payload that VASPs must share (known as the InterVASP messaging standard, or IVMS101), as well as a range of technical solutions that focus on how best to implement The rule that is currently being created by crypto firms, banks and consortia.

According to Malcolm Wright, chief compliance officer at 100x Group, the owner of BitMEX, there has been less attention to how to store all of this additional customer data.

“Solution providers have focused on moving the data to make sure it is instant and secure,” Wright said in an interview. “But what if the data actually arrives at its destination? How can you ensure that it is kept securely and appropriately according to the correct standards? ”

Wright, who led the development of the data retention principles (and was instrumental in working with Sian Jones of XReg Consulting to create the IVMS101 standard) decided to use BitMEX’s seasoned security experts to “start a conversation” Data storage via an open source project in which industry and regulators can participate.

“That species completes the puzzle,” Wright said. “You have the IVMS standard for the format of the data. You have the log providers transferring the data. And then you have some principles for storing the data. ”

Seychelles-based BitMEX was brought into the spotlight last year following an enforcement action by US authorities over weak compliance procedures at the company that issued arrest warrants for some senior executives and co-founders.

The 100x Group, owner of BitMEX, hired Wright, formerly Chief Compliance Officer at Diginex, in October 2020. Since then, the company’s AML / KYC processes have been revamped, starting with the removal of all historical non-KYC accounts on the platform.

BitMEX’s travel rules data retention principles focus on things like access management, encryption standards, and separating travel rule data from other operational customer data.

Like the IVMS101 messaging standard, Wright believes this security benchmark will keep the wheels running in the implementation of the FATF mandate. This can lead to VASPs supporting each other if they are on the side of certain technical solutions.

“When BitMEX exchanges data with another VASP, we can say: ‘Are you working with such a minimum rate? “This also helps build the confidence of the VASPs that they can work together,” Wright said.