Address Ownership Proof Protocol (AOPP)

In Switzerland and the Netherlands, a Virtual Asset Service Provider (VASP)—any financial intermediary dealing with crypto assets such as Bitcoin—is legally obliged to require proof of ownership of a customer's wallet address before withdrawals and deposits can be made. AOPP is a simple and automated solution for providing proof of ownership of an external wallet's address.

AOPP was initiated by 21 Analytics with the support of Shift Crypto.
deco-blob-2 decoration
graphical divider

Demo

Learn how AOPP works in this short demo video:


 

 

Wallets

The following wallets already have, or will soon have*, built-in support for AOPP.

  • Bitbox
  • Trezor
  • BlueWallet
  • Sparrow Wallet
  • Edge
  • MtPelerin
  • Relai
  • Aktionariat

graphical divider

Regulation

Switzerland

As of August 2019, Swiss VASPs are obliged to require proof of ownership of a wallet address for withdrawals and deposits to the non-custodial wallets of their customers.

FINMA Guidance 02/2019
Payments on the blockchain

"A transfer from or to an external wallet belonging to a third party is only possible if, as for a client relationship, the supervised institution has first verified the identity of the third party, established the identity of the beneficial owner and proven the third party's ownership of the external wallet using suitable technical means."

Swiss Financial Market Supervisory Authority (FINMA) is the Swiss government body responsible for financial regulation.
VQF Regulations
Art. 14, Paragraph 1

"Payment transactions to and from external wallets are only permitted where the wallets are owned by a member's own customer. The customer's authority over the external wallet must be verified using suitable technical measures. Transactions between customers of the same member are permitted."

The Financial Services Standards Association (VQF) is Switzerland's leading self-regulatory organisation (SRO) for VASPs. As an SRO officially recognized by the FINMA, the VQF is obliged to supervise its members with regard to the combating of money laundering and the prevention of the financing of terrorism.

Netherlands

The Dutch Sanctions Act stipulates that VASPs must take measures to ensure they adequately check ownership of a wallet address before withdrawals from or deposits to a customer's non-custodial wallet.

DNB Interpretation 09/2020
Screening counterparties

"The provider must establish that this person or legal entity is actually the recipient or the sender. ... Providers can whitelist external wallets using technological means."

De Nederlandsche Bank (DNB) is the central bank of the Netherlands. It supervises banks, investment institutions, and exchange offices.

Global

The latest draft of the Financial Action Task Force's (FATF) guidance for virtual assets further clarifies how the Travel Rule should be applied when transacting with non-custodial (unhosted) wallets.

FATF Guidance for a Risk-Based Approach to Virtual Assets and VASPs
VA transfer to/from unhosted wallets

"In instances in which a VA transfer involves only one obliged entity on either end of the transfer (e.g., when an ordering VASP or other obliged entity sends VAs on behalf of its customer, the originator, to a beneficiary that is not a customer of a beneficiary institution but rather an individual VA user who receives the VA transfer to an unhosted wallet), countries should still ensure that the obliged entity adheres to the requirements of Recommendation 16 with respect to their customer."

The Financial Action Task Force (FATF) is the global money laundering and terrorist financing watchdog. The inter-governmental body sets international standards that aim to prevent these activities.
divider graphic

Features

icon
Compliant

Full compliance with FINMA guidance, VQF regulations, and DNBs' interpretation.

icon
Excellent User Experience

Proves ownership with digital signatures instead of sending crypto assets or asking for screenshots, thereby enhancing user experience.

icon
Private

Does not require address reuse and so preserves conventional best-practices for privacy.

icon
Easy to Implement in Wallets

Adopting the digital signature standards that Bitcoin uses makes it straightforward to implement for developers.

icon
Decentralized

The wallet communicates directly with the VASP. No intermediary needed.

icon
Increases Security

Reduces risks of Man-in-the-middle attack (MITM) from crypto-malware by avoiding copy/paste of addresses.

Ecosystem

Wallet developers, VASPs and Bitcoiners on their experience with AOPP:

AOPP is supported by leading crypto associations, who represent over 1'000 companies:
  • bas
  • SBF
  • CVA
arrow-up icon