Privacy-Preserving Claims Exchange Networks for Virtual Asset Service Providers
This addresses the challenge for VASPs in balancing regulatory compliance with data privacy, though it appears incremental as it builds on existing concepts like claims and trust networks.
The paper tackles the problem of Virtual Asset Service Providers (VASPs) needing to comply with regulatory requirements like the FATF Travel Rule while respecting privacy laws such as GDPR and CCPA, by proposing a privacy-preserving claims issuance model and a consortium trust network for exchanging signed claims about subjects and their public-key information.
In order for VASPs to fulfill the regulatory requirements from the FATF and the Travel Rule, VASPs need access to truthful information regarding originators, beneficiaries and other VASPs involved in a virtual asset transfer instance. Additionally, in seeking data regarding subjects (individuals or organizations) VASPs are faced with privacy regulations such as the GDPR and CCPA. In this paper we a propose privacy-preserving claims issuance model that carries indicators of the provenance of the data and the algorithms used to derive the claim or assertion. This allows VASPs to obtain originator and beneficiary information without necessarily having access to the private data about these entities. Secondly we propose the use of a consortium trust network arrangement for VASPs to exchange signed claims about subjects and their public-key information or certificate.