This FAQ is designed for compliance, legal, and product teams. Technical documentation is available at trisa.dev.
The Basics
1. What Is Envoy?
Envoy is a secure messaging service for Travel Rule compliance. It functions like a dedicated “telephone line” for encrypted Travel Rule data exchanges, supporting both the TRISA (Travel Rule Information Sharing Architecture) and TRP (Travel Rule Protocol) standards.
- Simplicity: One unified interface for multiple protocols
- Security: Protect your customer’s PII
- Flexibility: “Sunrise” messaging feature allows communication with out-of-network VASPs
- Cost-Effective: Available as open source (self-hosted) or fully managed hosting
2. What Is the Travel Rule?
The Travel Rule is a Financial Action Task Force (FATF) requirement that obligates Virtual Asset Service Providers (VASPs) to share specific customer information (personally identifiable information, or PII) for cross-border digital asset transfers to combat money laundering and terrorist financing.
3. Why TRISA & TRP?
TRISA and TRP are open-source, peer-to-peer protocols that standardize how VASPs securely exchange Travel Rule information:
- TRISA: Uses a certificate authority and public-key encryption to validate VASPs.
- TRP (Travel Rule Protocol) : Utilizes unique travel addresses for decentralized exchange.
Both protocols interoperate through a “bridge,” ensuring global reach and compatibility.
4. Can Envoy Handle VASPs Not Using TRISA or TRP?
Yes. Envoy’s “sunrise” feature can initiate a secure Travel Rule exchange via email. This bridges the gap for counterparties that are not yet equipped for TRISA or TRP or are in a jurisdiction without Travel Rule requirements.
5. Who operates Envoy?
Envoy is part of TRISA, which is open source so VASPs can self-host their own Envoy service and contribute to its open source development. Rotational Labs is a TRISA Service Provider (TSP) and core contributor to the TRISA open-source codebase. Rotational builds, hosts, and maintains Envoy for VASPs seeking a hosted solution.
6. What Is TRISA’s Global Directory Service (GDS)?
A trusted network of VASPs, backed by the TRISA Verified Certificate Authority (TVCA). Members must register with TRISA GDS to use Envoy. Upon verification, the GDS issues X.509 identity certificates that allow end-to-end encryption and prevents mis-delivery (only the intended recipient can read the data).
7. Who Should Use Envoy?
- Cryptocurrency exchanges, wallet providers, money service businesses, payment service providers, and other VASPs moving digital assets cross-border.
- Compliance teams that need robust Travel Rule solutions with minimal technical overhead.
Data Security & Privacy
7. How Does Envoy Keep Data Secure?
Envoy uses proven technology and “secure envelopes,” which are multi-layer encrypted messages containing Travel Rule data. Security is enhanced by:
- End-to-End Encryption
- Public Key Infrastructure (PKI)
- Hash-Based Message Authentication Code (HMAC) Validation for authenticity and tamper evidence
- Trusted Counterparty Verification through TRISA’s certificate authority
8. What Data Gets Exchanged?
A secure envelope includes identity and transaction information using the IVMS101 standard:
- Originator PII (e.g., name, account number, date of birth, physical address)
- Beneficiary PII (e.g., name, account number)
- Transaction Details (asset type, amount, network, etc.)
9. How Many Secure Envelopes Are in a Typical Transaction?
A typical transfer requires 6 envelopes. One message creates 2 secure envelopes, one for the originator and one for the beneficiary, to mathematically prove both counterparties received the same data at the same time with no tampering. In a typical transfer:
- Originator VASP’s initial message to Beneficiary VASP = 2 secure envelopes that contain originator’s PII
- Beneficiary VASP’s response = 2 secure envelopes that contain beneficiary’s PII and originator’s PII
- Originator VASP’s receipt confirmation, including hash ID = 2 secure envelopes
If the beneficiary VASP cannot accept the originator VASP’s initial message (e.g. missing information), the beneficiary VASP may request a “repair”, which creates an additional secure envelope.
10. How Can I Verify Message Integrity?
Envoy automatically checks each envelope’s HMAC to confirm it has not been altered. If an HMAC is invalid, the system rejects the transaction to prevent tampering.
11. Is any data written to the blockchain?
No, you don’t want customer PII on the blockchain. All data is encrypted in secure envelopes. You store your secure envelopes in a database – imagine a file cabinet of locked envelopes. In the event of an audit or legal enforcement action, you unlock and show the regulator the last secure envelope related to the transaction.
12. If no data is written to the blockchain, how is travel rule data associated with an on-chain transaction?
When the originator VASP completes the on-chain transfer, it provides the blockchain-generated transaction hash or hash ID in the final message, which is the proof that the transaction really was sent to the network and not just planned or scheduled.
It’s important because:
- Proof of Transfer – The hash is your on-chain receipt that the funds actually moved to the recipient address.
- Reconciliation – Both parties can reference the same transaction ID to verify that the transfer matches the Travel Rule details they exchanged (e.g., amounts, addresses).
- Compliance & Record-Keeping – Regulators often require you to record and be able to produce evidence of the on-chain transaction. Tracking the hash in Envoy ensures an auditable compliance trail.
Implementation & Hosting
13. How Long Does It Take to Deploy Envoy?
- Open Source (Self-Hosted): Download and configure the code, register with TRISA’s Global Directory Service (GDS), integrate with your backend, then test and deploy. This may take 4–8 weeks of development sprints.
- Hosted Service: Rotational will set up and manage Envoy for you. Existing TRISA members can be onboarded almost immediately. Non-members typically complete TRISA registration in about one business day.
14. What Are My Responsibilities for Each Hosting Option?
- Self-Hosted: You maintain your node, manage encryption keys, integrate secure storage, and handle compliance reporting.
- Hosted by Rotational: Rotational handles deployment, secure key management, storage, support, and maintenance.
DeFi & Self-Hosted Wallets
15. Does Envoy Work with DeFi or Self-Hosted Wallets?
Envoy focuses on VASP-to-VASP data transfers. For self-hosted wallets, VASPs generally require proof-of-ownership (e.g., verifying a small test transfer). Envoy does not provide KYC services directly but can integrate with partners like iComply, Ospree, and Chainalysis.
Travel Addresses
16. What Is a Travel Address?
A unique identifier under TRP serving as the “IBAN” of crypto transactions. It includes VASP and account/wallet details. An example Travel Address:
taMgkZxSMgvtkp2PFR861UnJTDdM3wR5TwBb49iN6JSkZ3gpqgbGy1rZ9jRD2GQpYVgyw5QGi48XSVH6ufyT4HTGGKHLwmDPZAJoKJmtg4k7iFFPVo
Travel addresses often change based on transaction type, requiring originators to collect the address from beneficiaries each time.
Travel addresses function similarly to URLs. While part of the address, such as the host component, remains consistent for a given VASP, other details like account or wallet information may vary. Consequently, the travel address for the same counterparty may change depending on the transaction specifics. Compliance teams should be aware of this variability and plan accordingly.
Practically speaking, the only way to obtain the travel address is for the originator to collect the travel address from the beneficiary as part of the transaction initiation process. This is because TRP emphasizes decentralization, requiring users to obtain the travel address directly from the beneficiary. Unlike centralized systems, TRP does not provide a central directory of travel addresses. If the counterparty is not listed in the TRISA directory but uses the TRP protocol, you can utilize the “prepare transaction” endpoint to send messages using the counterparty’s travel address.
17. Does Envoy generate travel addresses for pre-screening?
Yes, your node will generate travel addresses. The travel address is a URL used globally across TRISA and TRP networks. The travel address utility in Envoy can decode these addresses to identify counterparties.
Sunrise Messaging
18. What Is Sunrise Messaging?
Sunrise Messaging allows Envoy users to send Travel Rule data to any counterparty, even those not using TRISA or TRP. Messages are encrypted and sent via email to expand interoperability and coverage.
User Experience & Practical Considerations
19. How Do I Handle Non-Responsive VASPs?
Compliance officers typically batch-review transactions once or twice a week. If a TRISA-certified VASP repeatedly fails to respond, TRISA can take corrective action. You can also rely on email or direct outreach.
20. Is There a Wait Time for Transfer Acceptance?
This depends on each VASP’s policies:
- Auto-Accept: Instant for trusted repeat counterparties.
- Manual Approval: May introduce a self-imposed delay, depending on internal compliance procedures.
21. How About Protocol Differences in the Dashboard?
Envoy tracks transactions from both TRISA and TRP nodes; the current interface does not label them distinctly, though API data can reveal the protocol source.
22. How Do I Prove Compliance to Regulators?
Envoy keeps an off-chain record of all secure envelopes. In case of a regulatory inquiry, present the final secure envelope, which is cryptographically signed and identical for both counterparties.
23. Are Travel Rule Checks Stored On-Chain?
No. TRISA/Envoy stores these checks off-chain for privacy. On-chain storage could expose sensitive information.
24. Can Envoy Automate or Streamline Repeat Transactions?
Yes. Envoy is developing auto-accept and auto-reject features, as well as whitelisting/blacklisting policies for repeat counterparties or known wallets.
25. Does Envoy Support Webhook Notifications?
Yes. When a new request arrives, Envoy can call your internal API so your compliance team immediately knows to approve or reject transactions.