Travel Rule (Crypto)

The Travel Rule is the common name for FATF Recommendation 16, which requires financial institutions — and, since 2019, virtual asset service providers — to collect and transmit information about the originator and beneficiary of fund transfers above a threshold amount. The name derives from the US bank secrecy rule requiring customer information to “travel” with wire transfers; its extension to crypto is among the most consequential and technically complex AML requirements for the crypto industry.

Origins and Extension to Crypto

Recommendation 16 was originally designed for the traditional financial system, requiring banks to collect and forward the name, account number, and address of both the sending and receiving party in cross-border wire transfers. The FATF’s 2019 revision of Recommendation 15, which introduced the VASP definition, simultaneously extended Recommendation 16 to crypto: VASPs must obtain and hold required information about the originator and beneficiary of virtual asset transfers, and must transmit that information to counterparty VASPs in the transfer chain. The rationale is the same as for banks: if financial crime investigators can trace a suspicious transaction back through the chain of institutions, they can identify the originating party and hold intermediaries accountable for transmitting flagged funds.

What the Rule Requires

When a VASP sends a crypto transfer on behalf of a customer, it must collect: the originator’s name, account number (the sending crypto address), and, depending on the amount and jurisdiction, physical address, national identity number, or date and place of birth. It must transmit this information to the counterparty VASP receiving the transfer, not later than the moment of the transfer itself. The receiving VASP must obtain and hold the beneficiary information. Both VASPs must screen the information against sanctions lists and take risk-based measures if matches are identified.

Thresholds

Thresholds vary by jurisdiction. The EU’s Transfer of Funds Regulation (TFR, in force since December 2024) sets a threshold of €0 for transfers between VASPs — all transfers require Travel Rule compliance, regardless of amount — and €1,000 for transfers to unhosted wallets. The US threshold under FinCEN rules is $3,000 for cross-border transfers and $250 for international transfers, though FinCEN has proposed aligning crypto Travel Rule rules more closely with bank wire transfer rules. Japan and Singapore set thresholds at approximately USD equivalent of $1,000-$3,000.

The Sunrise Problem

The practical implementation of the Travel Rule has been complicated by what the industry calls the “sunrise problem”: the Travel Rule is only fully effective when all VASPs in a transfer chain comply with it simultaneously. A compliant VASP sending to a counterparty VASP in a jurisdiction that has not yet implemented the Travel Rule cannot transmit or receive Travel Rule data, because the counterparty has no infrastructure to receive it. This creates a dilemma: either refuse to transact with non-compliant VASPs (cutting off connectivity) or proceed without Travel Rule data (non-compliant). Most compliant jurisdictions have adopted risk-based transitional approaches, but the sunrise problem remains a practical barrier to full implementation.

Compliance Rate

FATF’s 2025 assessment found that approximately 73% of FATF member jurisdictions had adequately implemented the Travel Rule for crypto transfers, leaving approximately 27% non-compliant or partially compliant. This non-compliance gap creates exploitable channels for fund flows that circumvent AML monitoring.

Unhosted Wallet Controversy

The most contested aspect of Travel Rule implementation is the treatment of transfers to and from unhosted (self-hosted) wallets — crypto addresses not associated with a VASP, held directly by individuals. The EU’s TFR requires VASPs to collect information about their own customer when transfers are made to or from unhosted wallets, and to apply enhanced due diligence for unhosted wallet transfers above €1,000. Critics argue that applying Travel Rule obligations to unhosted wallet transfers is technically impractical (there is no counterparty VASP to transmit to) and threatens financial privacy for legitimate holders. The debate reflects the fundamental tension in crypto AML policy between effective financial crime monitoring and the legitimate privacy interests of individuals transacting with self-held assets.

Compliance Infrastructure

Several commercial providers have built Travel Rule data transmission infrastructure. Notabene, Sygna, and 21Analytics each offer VASP-to-VASP data transmission protocols that allow compliant VASPs to exchange originator and beneficiary data securely. These services maintain VASP directories, handle encryption and transmission, and provide documentation for audit purposes. Interoperability between different Travel Rule protocol providers has been a technical challenge, partially addressed through the TRISA (Travel Rule Information Sharing Architecture) open protocol.