Beneficiary information needed to start session?

[ajunge]

In section 6.2 Session Request step (d) says

d) Perform a risk-based decision whether a virtual asset transfer can be executed, based on all
relevant information including information about the originator, the beneficiary, the
beneficiary VASP, the virtual asset type and the amount of the requested transfer.

But at this point (the very beginning) the system only have the VAAN of the beneficiary so it cannot make a proper decision (lack of basic info to do a risk analysis on the beneficiary).

Am I missing something?

[Felix0301]

You are correct. So the decision making process (boolean decision based on VAAN) is externalized. It can be abstracted away for the current stage. Soon we will publish a proposal for an Authentication and Authorization layer that can be utilized to determine the decision (which in the end is a decision the individual VASP must be able to control/parameterize).