Nested VASPs

What is nested VASPs

Multi-entity support or nested VASPs is crucial for Travel Rule compliance, as many Originating and Beneficiary VASPs have entities in multiple locations. When end customers want to send funds to these, it might be difficult for them to identify the exact subsidiary that should receive the transaction.

For example, when Alice sends a transaction to Bob's BitNice account, she likely doesn't know if his account is with BitNice Singapore or BitNice Malaysia.

How does it work

Notabene supports subsidiary VASP profiles that can be connected to a parent VASP:

  • Each subsidiary will have its own profile
  • All subsidiaries of a VASP are connected to a parent VASP
  • Originator VASP and customer only see (and only need to identify) the parent VASP
  • The parent VASP forwards Travel Rule data transfers to the right subsidiaries

With this nesting enabled, the Originator Customer (Alice) will only have to identify the Parent Beneficiary VASP (BitNice), where the Travel Rule data transfer will be directed. BitNice will then route the transaction to the correct subsidiary.

How to nest

Currently, it is not possible to do this yourself and needs to be done by Notabene. Please send an email to [email protected] or contact your Notabene solution engineer.


  • As described here, you can use only the gatewayVASP credentials to control all of the VASPs;
  • the customerToken has to be specific for each subsidiary VASP

Withdrawals - outgoing TR transfers


Do not send travel rule messages from the parent VASP

The parent VASP is only there to receive and redirect messages to the correct subsidiary.

When validating or creating withdrawals or outgoing TR transfers in a multi-entity setup, the originatorVASPdid will have to be one of the nested entities, as it will be relevant to consider the originator VASP jurisdictional requirements.

Deposits - incoming TR transfers

If your VASPs are nested, the first time you receive a TR transfer for a given address, it will most likely hit directly your gatewayVASP, to process it you will have to redirect it to the correct subsidiary VASP. Redirection happens based on the beneficiary blockchain address.

There are two ways to redirect from a gateway to a subsidiary:

  1. populate the address books of the subsidiaries and Notabene will take care of redirecting to the correct one;
  2. set up a webhook on the gatewayVASP and explicitly redirect to the correct subsidiary;

1 Notabene handles the redirection

In this scenario, as a beneficiaryVASP, you will register all the addresses that you currently have and the one that you will create in the correct subsidiary VASP address book using bulk csv upload and the register address API.

2 Set up a webhook and redirect to the correct subsidiary

Here you will set up a address webhook or a notification webhookusing the gateway VASP. When your gatewayVASP will receive a deposit, we will send a message to your system and you can use the beneficiary address that we send to perform an internal lookup and redirect the transaction to the correct subsidiary.

Check the example below:

BitNice has received a travel rule message from VASPA, which looks like this:

  "id": "f3473feb-a283-4525-b414-ece7774230ce",
  "status": "SENT",
  "transactionType": "TRAVELRULE",
  "transactionAsset": "BTC",
  "transactionAmount": "336209107",
  "chargedQuantity": 109.62,
  "amountInLocalCurrency": null,
  "originatorDid": "did:ethr:0xbacbd49275e6c5e818bf735a112e4ed7a6c9882e",
  "beneficiaryDid": "did:ethr:0x5385b966b7cbc19cfce40703cb20c895b1c32827",
  "isTest": null,
  "originatorVASPdid": "did:ethr:0x049fc13a4f1e79d4d03f082ca96758179a91da29",
  "beneficiaryVASPdid": "did:ethr:0xd4bd902ec78578f33a20ff601504d2ab324cfab9",
  "transactionBlockchainInfo": {
    "txHash": "",
    "origin": "3qR7cZYmhJvKc75P6UEqPVseQF8z",
    "destination": "1CX6qbQd9yucgckJyCY9Mv86R"
  "ivms101": {
    "originator": {
      "originatorPersons": [

They lookup the destination address (1CX6qbQd9yucgckJyCY9Mv86R) and sees that this belongs to BitNice UK (did:ethr:0x54768b1da0c6f1bd0fda15dc6c55cbba40f85744), so they redirect it to there using the API: