The intersection of compliance and user experience presents a challenge for Virtual Asset Service Providers (VASPs). In Switzerland, VASPs face the requirement of requesting ownership proofs from customers while aiming at keeping a pleasant transaction experience.
In response to the new regulations, innovative solutions are emerging to keep customers engaged while achieving compliance. An overview of the current methods to fully comply when transacting with so-called self-hosted wallets.
Subscribe to our newsletter
The best articles of the week, directly delivered into your mailbox.
The Swiss approach: stricter than most jurisdictions
Switzerland was among the first to clarify the applicable requirements through the Swiss Financial Market Supervisory Authority (FINMA). With the implementation of FINMA's Guidance 02/2019, Swiss VASPs had clarity regarding the identification and verification of self-hosted wallets’ owners. According to this guidance:
- for transfers to/from an external private wallet (i.e. self-hosted, non-custodial, private) belonging to an existing onboarded client, a VASP must verify that the client has the ownership of his/her external private wallets by using “suitable technical means”; or
- for transfers to/from an external private wallet belonging to an external third party (not an existing client), the VASP must (a) verify the identity of the third party, (b) establish the identity of the beneficial owner, and (c) prove the third party’s ownership of the external wallet by using suitable technical means.
To illustrate, consider John, a Swiss VASP account holder, who wants to transfer CHF 100 to his brother Bob, who owns a self-hosted wallet. In this scenario, the VASP must validate Bob's identity and confirm his ownership and control over the wallet. While FINMA does not specify the technical means for proving wallet ownership, Swiss VASPs have implemented various methods with differing levels of reliability and user experience.
Despite the regulatory clarity, implementing the proof of ownership over self-hosted addresses poses significant challenges for VASPs. Compliance teams often find themselves working through several manual verification tasks, leading to operational inefficiencies and increased customer support inquiries. The need for automated solutions becomes paramount; the VASP guarantees auditable registers, while customers have a better, seamless experience. These are the current available methods, as well as their benefits and drawbacks.
Visual Proofs
Visual proofs, such as screenshots or video clips, offer a straightforward method for customers to demonstrate ownership of self-hosted wallets. While customers can easily execute, visual proofs may lack the robustness required for rigorous compliance standards, as they can be easily manipulated. Moreover, following the proof submission, compliance teams undertake a manual review of the proof to whitelist the address and consequently allow the transaction to go forward.
Satoshi Test
The Satoshi Test requires customers to perform a predefined cryptocurrency transaction within a deadline to prove ownership. While effective in verifying wallet control, this method imposes additional burdens on both customers and compliance teams. The customer's transaction flow is heavily disturbed, and the process adds complexity and costs (even more relevant during high fee periods). It is also inefficient from the VASP's point of view, as members of the team must engage in communication with customers and monitor completion within the deadline.
Cryptographically Signed Message
Cryptographically signed messages offer a robust method for verifying ownership of self-hosted wallets, leveraging the inherent features of cryptography. However, the complexity of manual signing processes may pose challenges for customers, requiring additional guidance and support from VASPs to ensure successful completion.
Address Ownership Proof Protocol (AOPP):
AOPP allows customers to prove ownership in seconds, offering a seamless solution that minimises user friction. By integrating directly into the VASP's UI, AOPP enables customers to verify wallet ownership with a single click, eliminating the need for manual intervention and automating the compliance process. To address the challenges, Swiss regtech provider 21 Analytics and consulting firm MME have collaborated on a report that highlights the practical solutions available to VASPs, by leveraging crypto technology and industry best practices.
To read this report co-written by 21 Analytics and MME in full, download the PDF here.
