Out of Network Travel Rule
GTR Out-of-Network Solution enables VASP to meet regulatory requirements for sharing PII in cryptocurrency transactions, even when counterparty VASPs is outside the GTR Network.
Background
Under the Travel Rule, VASPs are required to exchange PII between the originator and beneficiary institutions for certain virtual asset transfers. However, this becomes challenging when your counterparty VASP has not yet integrated with the GTR Network.
In such cases, standard API-based Travel Rule messaging is unavailable, creating a compliance gap for regulated VASPs.
Solution Overview
To bridge this gap, GTR provides a secure, email-based mechanism that allows your organization to fulfill Travel Rule obligations with non-GTR counterparties.
This solution ensures regulatory compliance and protects sensitive PII using encrypted communication channels, without requiring any additional system integration from the counterparty VASP.
Key Benefits:
- Regulatory Compliance: Meet regulatory requirements of PII sharing with non-GTR VASPs.
- Secured PII Transmission: End-to-end encryption ensures the secureness of the PII content transmission.
To integrate with GTR Out-of-Network Solution, please visit Out-of-Network Integration Overview.
To see how to properly configure your Out-of-Network messaging behavior, please go to Out-of-Network Messages.
Out-of-Network Email Types
GTR offers two email options to facilitate PII sharing with Out-of-Network counterparties.
Both options are compliant with Travel Rule requirements and can be selected based on your organization’s communication policies and operational preferences.
A. Notification Email with Transaction Summary
This notification email is sent by GTR on behalf of your VASP to notify your counterparties of pending compliance requirements.
Email contents include:
- Transaction Summary: Network, transaction date, transaction ID, and wallet address.
- Your Contact Email: The designated compliance contact of your VASP.
Purpose:
This serves as an initial notification only. Upon receipt, your counterparties can contact your VASP directly to coordinate PII sharing through your preferred ways. All subsequent PII exchange occurs directly between your and your counterpart offline.
B. PII Retrieval Email with Secure Access Link
This option enables direct and self-service access to encrypted PII through a secure link managed by GTR.
Email contents include:
- Transaction Summary: Network, transaction date, transaction ID, and wallet address.
- Your Contact Email: The designated compliance contact of your VASP.
- Secure PII Retrieval Link: A one-click link allowing the counterparty compliance officer to access and download the PII file.
Purpose:
This provides immediate, self-service access to encrypted PII data, enabling your counterparties to independently complete Travel Rule requirements without manual effort from your side. This automated approach can reduce compliance processing time without compromising data exchange secureness.
Pre-transaction situation (Originator VASP’s point of view)
The Out-of-Network process is automatically initiated when the beneficiary VASP is not connected to the GTR Network.
Once initiated, GTR distributes an Out-of-Network email to the counterparty VASP to notify them of the pending Travel Rule requirement.
Retrieve PII Flow
- The compliance officer from the Out-of-Network VASP clicks the PII Retrieval Link in the email, initiating a PII Retrieval Request.
- The request is forwarded by GTR to the originating (Travel Rule–initiating) VASP, a GTR member, to process and return the encrypted PII.
- Once verified, the PII will be decrypted and made available for download as an Excel file for record-keeping purposes.
Secure Measures of the PII Retrieval Flow
- Limited Access Attempts: The PII Retrieval Link can be accessed a maximum of 4 times and will automatically expire after 4 days.
- End-to-End Encryption: A temporary public/private key pair is generated for each session to ensure data confidentiality and integrity throughout the transmission.
Email Distribution not guaranteed
While GTR strives to maintain reliable communication, 100% successful delivery of Out-of-Network emails cannot be guaranteed due to the following factors:
- Email system delivery failure or spam filtering by the recipient’s mail provider.
- Your counterparty's compliance email address is not present in GTR.
GTR continuously monitors outbound email delivery and retries where possible, but VASPs are encouraged to verify delivery with their counterparties when necessary.