The Travel Rule for VASPs: Compliance Implementation in 2025

The Travel Rule: Origins and Application to Crypto

The Travel Rule originates from FATF Recommendation 16, which requires financial institutions to include originator and beneficiary information with wire transfers. In June 2019, FATF extended this requirement to virtual asset service providers through its Updated Guidance on a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers.

The principle is straightforward: when a VASP sends a crypto-asset transfer on behalf of a customer, it must transmit identifying information about the originator and the beneficiary to the receiving VASP (or obtain it from the sending VASP when receiving). This enables law enforcement to trace the flow of virtual assets in the same way they can trace traditional wire transfers.

By 2025, the Travel Rule has been implemented into law across most major jurisdictions, though the specific thresholds, data requirements, and technology approaches vary significantly.

What Information Must Be Transmitted

Under FATF Recommendation 16 as applied to VASPs, the following information must accompany qualifying transfers:

Originator information:

• Full name
• Account number or unique transaction reference
• Physical address, national identity number, customer identification number, or date and place of birth

Beneficiary information:

• Full name
• Account number or unique transaction reference used for the transfer

For transfers below the applicable threshold, reduced information requirements may apply, but the originator VASP must still retain the full information internally.

Jurisdictional Implementation

European Union (Transfer of Funds Regulation)

The EU has implemented the Travel Rule through the recast Transfer of Funds Regulation (TFR), Regulation (EU) 2023/1113, which applies to crypto-asset transfers alongside MiCA. Key features:

• Threshold: No minimum threshold — the TFR applies to all crypto-asset transfers regardless of amount, making it stricter than the FATF standard
• Self-hosted wallets: Transfers to or from self-hosted (unhosted) wallets exceeding €1,000 require the CASP to verify the identity of the wallet holder
• Application date: The TFR applied from 30 December 2024, concurrent with MiCA
• Enforcement: National competent authorities in each EU member state

United States

FinCEN's existing Funds Transfer Rule (31 CFR 1010.410) and Funds Travel Rule (31 CFR 1020.410) apply to money transmitters, including those transmitting virtual currency:

• Threshold: $3,000 for the recordkeeping and travel rule requirements
• Proposed rulemaking: FinCEN proposed in 2020 to lower the threshold to $250 for international transfers and to extend requirements to transactions involving unhosted wallets, but the rule has not been finalised
• Current practice: Most US-licensed VASPs apply Travel Rule compliance at the $3,000 threshold

United Kingdom

The UK implemented the Travel Rule through amendments to the Money Laundering Regulations 2017, effective 1 September 2023:

• Threshold: £1,000 for the Travel Rule to apply in full; below this threshold, limited originator information is required
• Scope: Applies to all FCA-registered cryptoasset businesses
• Self-hosted wallets: Transfers to or from unhosted wallets require the UK VASP to collect (but not necessarily transmit) originator/beneficiary information

Singapore

The Monetary Authority of Singapore (MAS) implemented the Travel Rule through the Payment Services (Amendment) Act 2021 and associated regulations:

• Threshold: SGD 1,500
• Scope: Applies to all licensed Digital Payment Token service providers
• Implementation: Required from 28 April 2024

Dubai (VARA)

The Virtual Assets Regulatory Authority requires Travel Rule compliance for all licensed VASPs:

• Threshold: AED 3,500 (approximately $1,000)
• Implementation: Required since VARA's licensing framework became operational

Technology Solutions

The Travel Rule requires VASPs to exchange information with counterparty VASPs — often across jurisdictions, using different systems and protocols. Several technology solutions have emerged:

TRISA (Travel Rule Information Sharing Architecture)

An open-source protocol developed by the TRISA Working Group. TRISA uses a decentralised directory service and encrypted peer-to-peer messaging to enable Travel Rule compliance:

• Architecture: Directory-based, with VASPs registering in a Global Directory Service
• Protocol: gRPC-based encrypted messaging
• Governance: Open-source, community-governed
• Adoption: Growing adoption among US and international VASPs

Notabene

A commercial Travel Rule compliance platform providing:

• Multi-protocol support: Integrates with TRISA, OpenVASP, and proprietary protocols
• Counterparty identification: VASP discovery service to identify the receiving VASP for a given blockchain address
• Compliance workflow: Automated data collection, validation, and transmission
• Analytics: Dashboard for Travel Rule compliance monitoring

Sygna Bridge

Developed by CoolBitX, Sygna Bridge is a Travel Rule compliance solution widely adopted in Asia-Pacific markets:

• Focus: Strong presence in Singapore, Hong Kong, and other Asian jurisdictions
• Integration: API-based integration with VASP systems
• Interoperability: Connects with other Travel Rule protocols through bridging technology

Veriscope (Shyft Network)

A Travel Rule solution built on the Shyft Network blockchain:

• Architecture: Blockchain-based attestation and discovery
• VASP verification: On-chain VASP registry for counterparty verification
• Data sharing: Off-chain encrypted data transmission with on-chain attestation

Implementation Challenges

The Sunrise Problem

Not all jurisdictions have implemented the Travel Rule simultaneously, creating a "sunrise problem" where VASPs in compliant jurisdictions must transact with VASPs in non-compliant jurisdictions. The approach varies:

• EU TFR: Requires CASPs to assess the risk of transfers to jurisdictions without Travel Rule implementation and apply enhanced due diligence
• UK: Permits transfers where the receiving VASP is in a jurisdiction without Travel Rule requirements, but requires the sending VASP to retain the relevant information
• FATF guidance: Recommends a risk-based approach rather than blocking all transfers to non-compliant jurisdictions

Self-Hosted Wallet Transfers

Transfers to and from self-hosted (unhosted) wallets present a fundamental challenge: there is no counterparty VASP to receive the Travel Rule information. Approaches include:

• EU TFR: For transfers exceeding €1,000 to/from unhosted wallets, the CASP must verify that the wallet is owned or controlled by the customer
• Blockchain analytics: VASPs use chain analysis tools to assess the risk profile of unhosted wallet addresses
• Customer declarations: Some VASPs require customers to declare ownership of the destination wallet before processing the transfer

Interoperability

The existence of multiple Travel Rule protocols creates interoperability challenges. A VASP using TRISA may need to communicate with a VASP using Notabene or Sygna Bridge. Solutions include:

• Multi-protocol platforms: Services like Notabene that integrate with multiple protocols
• Protocol bridging: Technical bridges between different Travel Rule networks
• Industry standardisation: IVMS 101 (InterVASP Messaging Standard) provides a common data standard, even if the transport protocols differ

Compliance Implementation Steps

For VASPs implementing Travel Rule compliance, the recommended approach is:

1. Regulatory assessment: Determine which Travel Rule requirements apply based on the VASP's licensing jurisdiction and the jurisdictions of its counterparties
2. Technology selection: Choose a Travel Rule solution (or multiple solutions for broader coverage)
3. Counterparty identification: Implement capability to identify the receiving VASP for outgoing transfers using blockchain analytics and directory services
4. Data collection: Ensure customer onboarding processes collect all required originator information at account opening
5. Workflow integration: Integrate Travel Rule data transmission into the transfer processing workflow
6. Unhosted wallet procedures: Implement procedures for transfers to/from self-hosted wallets, including wallet ownership verification where required
7. Record keeping: Maintain records of all Travel Rule data transmitted and received for the statutory retention period
8. Staff training: Train compliance and operations staff on Travel Rule procedures
9. Testing: Conduct end-to-end testing with counterparty VASPs before going live
10. Monitoring and reporting: Implement ongoing monitoring of Travel Rule compliance rates and reporting to management and regulators

Key Takeaways

• The FATF Travel Rule requires VASPs to transmit originator and beneficiary information with crypto-asset transfers, mirroring the wire transfer rules that apply to traditional financial institutions
• The EU has implemented the strictest version through the Transfer of Funds Regulation, applying to all transfers with no minimum threshold, effective 30 December 2024
• Multiple technology solutions exist (TRISA, Notabene, Sygna Bridge, Veriscope), but interoperability between protocols remains a challenge
• Self-hosted wallet transfers present the greatest implementation difficulty, with the EU requiring wallet ownership verification for transfers exceeding €1,000
• The IVMS 101 messaging standard provides a common data format that helps bridge different Travel Rule protocols
• VASPs should budget €50,000-€150,000 for Travel Rule technology implementation, plus ongoing costs of €20,000-€60,000 per annum
• Non-compliance with the Travel Rule is increasingly a focus of regulatory examinations, and VASPs should prioritise implementation regardless of whether their specific jurisdiction has begun active enforcement