Shyft DISCOVER - The Discovery Layer for VASPs

Introduction

Shyft DISCOVER is a universal, protocol agnostic infrastructure that enables VASPs to determine who controls a hosted wallet address without impacting the end-user experience. It achieves this through a decentralized, out-of-band network, the Shyft Network.

Whenever an end-user of a VASP submits a withdrawal request, the (originator) VASP posts an attestation to the blockchain-based Shyft Network which is then visible to all VASPs on the network. VASPs listen to attestations to determine if they control any of the addresses posted and, if so, lookup information on the originator VASP in Shyft DISCOVER and decide whether to respond. VASP information includes entity details, regulatory status, protocol endpoints and travel rule thresholds. VASPs respond to an attestation via a travel rule data-transmission protocol that both VASPs support. No personally identifiable information (PII) is posted to the Shyft Network.

Where a VASP has multiple entities in a group (for example, one in each jurisdiction where a license is held), each entity can respond independently, allowing for jurisdictional risk management of both AML/CFT risk as well as data privacy risks. Accuracy of the information is guaranteed by having each VASP share a proof-of-address-control (PoAC) proof to demonstrate they are the beneficiary or originator VASP.

Shyft DISCOVER works with all travel rule data-transmission protocols and is also network and token agnostic (including tokens supported on multiple networks, such as USDT on AVAX, ETH or SOL). It is an alternative to LNURLs, PayStrings, and VASP codes that, in effect, bypass the discovery problem by putting the onus on end-users to provide identifying information. This latter approach has already resulted in massively increased operational overhead with failed payments, screening of incorrect or incomplete information, personally identifiable information sent to the wrong jurisdiction / VASP, and a complete cultural change globally on how users send transactions.

This article describes how Shyft DISCOVER can work with the TRP protocol. Shyft believes that creation of Shyft DISCOVER, a universal VASP discovery infrastructure, will not only remove substantial friction in the end-user experience across all protocols and reduce the number of support tickets that a VASP has to deal with, but lead to a more rapid uptake of the TRP protocol. Shyft DISCOVER acts as an infrastructure layer, regardless of protocol.

Shyft DISCOVER - An Overview

Shyft DISCOVER comprises data posted on-chain, on the Shyft Network. This includes VASP profile data and attestations. VASP profile includes the following (not exhaustive and subject to change):

  • VASP Legal Entity Name

  • Incorporation Date

  • VASP Operating Name

  • Web domain

  • TRISA endpoint

  • TRP endpoint

  • Sygna Bridge endpoint

  • VerifyVASP endpoint

  • Veriscope endpoint

  • Compliance Contact

  • Technical Contact

  • Support Contact

  • Law Enforcement Contact

  • VASP Home Jurisdiction

  • Regulated, Licensed, or Under Exemption in the home jurisdiction

  • Regulatory or Licensing Body in the home jurisdiction

  • Public License or Registration URL on Regulator’s Website, if applicable

  • Travel Rule Transaction Threshold Amount

  • Travel Rule Transaction Threshold Currency

The cost of using Shyft DISCOVER is equal to the aggregate gas cost of posting transactions to the Shyft Network. As of Sep-2022, the cost of a single attestation is <<US$0.01.

End-user Experience

With Shyft DISCOVER, there is no need for end-users to obtain and provide beneficiary and beneficiary VASP identifying information to an originator VASP. Instead, an originator (sender) submits a withdrawal request to a hosted wallet as usual and the attestation mechanism described above takes care of the rest (i.e. attest, listen, match, and respond.)

Beneficiary Information

With Shyft DISCOVER, the beneficiary VASP (bVASP) initiates data-transmission with the oVASP by responding to an attestation on the Shyft network. This is the reverse of most protocol/solution default flows yet yields one significant benefit: beneficiary information can be obtained from the bVASP as opposed to from the originator. This has been validated as an acceptable approach with regulators as it leads to greater efficiencies and effectiveness. It also removes substantial data privacy and security risks. As a result:

  1. There’s no requirement for the originator to obtain beneficiary information, before submitting a withdrawal request

  2. There’s no requirement for the originator to provide beneficiary information when submitting a withdrawal request

  3. The oVASP can screen the beneficiary information with confidence on accuracy

Any travel rule data transmission protocol can be used to respond to an attestation. An attestation just serves as the starting point for peer-to-peer communication between VASPs, and obviously solves for counterparty discovery or who owns a hosted wallet address.

FATF Guidance with respect to Beneficiary Information

FATF guidance[1] with respect to beneficiary information is articulated in the image below.

2021 10 28 fatf guidance

To meet the guidance, it is recommended that oVASPs present an obfuscated view of beneficiary information to originators as soon as it has been received from the bVASP. Originators can then confirm or indicate it’s incorrect.

E.g.: Sample message that an oVASP (“Ordering VASP” in FATF terminology) could show to an originator when beneficiary information has been received:

You are about to send 123.45 ETH to 0x18......3732 held at VASP ABC registered in Singapore, recipient name: Ri--- Bl---. Please confirm.

Once confirmed, the oVASP can then submit the information back to the bVASP who can then repeat the process with the beneficiary.. This flow serves to ensure consent-based transfers regards data privacy (e.g. GDPR compliance), minimizes the exposure of personally identifiable information between VASPs and not the transacting parties, and can also deter fraud and scams which are high on the FATF priorities for the next two years.

Hosted versus Unhosted Wallets

Shyft DISCOVER is a solution for hosted wallet addresses and requires operating entities (VASPs who control hosted wallets) to respond to attestations on addresses under their control. Shyft DISCOVER is currently working on a solution for unhosted wallet addresses and for determining if an address is hosted or unhosted.

For the latter, there are a couple of different approaches, e.g.:

  • Check the address with a blockchain analytics provider

  • Ask the user if s/he intends to withdraw to a hosted or unhosted wallet

Once it is determined that a wallet address is hosted, the Shyft DISCOVER and TRP flow can be followed.

Appendix

shyft discovery layer