Understanding the Crypto Travel Rule for Compliance

Introduction

The Crypto Travel Rule requires crypto firms and virtual asset service providers (VASPs) to transmit sender and receiver information alongside every qualifying transaction — and enforcement is already active across the US, UK, EU, and Canada. Non-compliance carries real consequences: fines, remediation orders, and license revocation.

Many crypto firms struggle here, not because they don't take compliance seriously, but because the rule looks different depending on where you operate. A $3,000 threshold in the US, zero threshold in the EU, a risk-based approach in the UK — the divergence creates real operational complexity.

This guide breaks down what the Travel Rule is, who it applies to, what data must travel with each transaction, how requirements differ across key jurisdictions, and why implementation remains one of the harder compliance problems in crypto today.

TL;DR

  • Rooted in FATF Recommendation 16, the Crypto Travel Rule requires VASPs to collect, verify, and transmit originator and beneficiary data on qualifying virtual asset transfers.
  • Originally a wire transfer rule under the US Bank Secrecy Act (1996), FATF extended it to virtual assets in June 2019.
  • Thresholds vary widely: $3,000 in the US, €0 (no threshold) in the EU, CAD $1,000 in Canada, and no fixed threshold in the UK.
  • June 2025 FATF updates broadened Travel Rule scope and added new mandatory data fields for covered transfers.
  • Non-compliance carries real consequences: sanctions, license revocation, and exclusion from regulated markets.

What Is the Crypto Travel Rule?

The Crypto Travel Rule is an AML standard requiring VASPs and financial institutions to collect, verify, and share originator and beneficiary information when processing virtual asset transfers above designated thresholds. The goal is a traceable, auditable record that prevents illicit funds from moving undetected through the crypto financial system.

Regulatory Foundation

The rule didn't originate in crypto. FinCEN's funds "Travel" rule became effective May 28, 1996 under the Bank Secrecy Act, requiring wire transfer information to "travel" with each payment. FATF extended this model to virtual assets on June 21, 2019, through its Interpretive Note to Recommendation 15, requiring VASPs to meet the same information-sharing standards as traditional financial institutions.

The implementing instruments vary by jurisdiction but all derive from the same core obligation:

  • US: 31 CFR 1010.410(f) and FinCEN guidance FIN-2019-G001
  • EU: Regulation (EU) 2023/1113 (Transfer of Funds Regulation)
  • UK: Money Laundering and Terrorist Financing (Amendment) (No. 2) Regulations 2022, amending the 2017 MLRs

That foundational framework held largely intact for six years. The 2025 FATF revision changes it in ways compliance teams cannot afford to miss.

The June 2025 FATF Update

FATF's June 2025 revision to Recommendation 16 marks the first time FATF has explicitly tied payment transparency obligations to fraud prevention — a notable expansion beyond the original AML/CFT mandate. Key changes include:

  • Expanded objectives beyond AML/CFT to explicitly cover fraud prevention and proliferation financing disruption
  • New mandatory data fields, including date of birth for individuals in above-threshold transfers
  • Explicit beneficiary address (country and town/city) now required
  • Alignment with ISO 20022 structured messaging standards
  • Introduction of alignment checks — including pre-validation mechanisms like Confirmation of Payee — for cross-border transfers

June 2025 FATF Recommendation 16 update key changes summary infographic

National adoption timelines differ: the EU and UK have published implementation roadmaps, while US FinCEN guidance on the 2025 changes remains pending. Compliance teams should confirm their jurisdiction's effective date before updating controls.

What Information Must Accompany a Crypto Transfer?

FATF sets a two-tier structure around a $1,000/€1,000 de minimis threshold, though countries can — and do — adopt lower thresholds or remove them entirely.

Below-Threshold Requirements

Even for transfers below the threshold, VASPs must transmit:

  • Originator name and account number (or unique transaction reference)
  • Beneficiary name and account number (or unique transaction reference)

Above-Threshold Requirements

At or above the threshold, requirements expand to cover full identity verification for both parties.

Originator information:

  • Full name
  • Account number or unique transaction reference
  • Full physical address
  • Date of birth (individuals) — made mandatory under the 2025 FATF update
  • For legal entities: Business Identifier Code (BIC), Legal Entity Identifier (LEI), or unique official identifier

Beneficiary information:

  • Full name
  • Account number or unique transaction reference
  • Country and town/city — now explicitly required following the 2025 update
  • For legal entities: BIC, LEI, or unique official identifier

Messaging Standard and Recordkeeping

IVMS101 — developed by the Joint Working Group on interVASP Messaging Standards — is the industry-standard data format for transmitting this information between VASPs. It is supported by virtually all Travel Rule messaging protocols and solutions currently in use.

Recordkeeping obligations are equally non-negotiable:

  • Retain all Travel Rule data for a minimum of five years
  • Retrieve records by originator/beneficiary name and account number upon regulatory request
  • The EU's TFR explicitly codifies both requirements; FATF guidance sets them as the global baseline

Travel Rule Requirements Across Key Jurisdictions

FATF sets the global standard, but implementation is jurisdiction-specific. Firms operating across borders must assess each local regime independently.

Jurisdiction Key Instrument Effective Date Threshold Unhosted Wallet Treatment
United States BSA/FinCEN, 31 CFR 1010.410(f) May 28, 1996 (CVC: May 2019) $3,000 VASP collects data from customer; no transmission to wallet
United Kingdom MLR 2017 Part 7A (SI 2022/860) September 1, 2023 No fixed threshold (risk-based) Reg. 64G: VASP considers whether to request customer information
European Union Regulation (EU) 2023/1113 December 30, 2024 €0 (no threshold) VASP collects and retains info; verification required above €1,000
Canada PCMLTFR / FINTRAC guidance June 1, 2021 CAD $1,000 No specific self-hosted wallet verification requirement confirmed

Crypto Travel Rule jurisdiction comparison chart US UK EU Canada thresholds

United States

The current threshold is $3,000 under 31 CFR 1010.410(f). FinCEN's May 2019 guidance (FIN-2019-G001) confirmed this applies to convertible virtual currency (CVC) transactions for money transmitters.

A pending proposal would tighten this further:

  • Proposed cross-border threshold: $250 for transfers that begin or end outside the US
  • Status: Proposed jointly by FinCEN and the Federal Reserve in October 2020; not finalized as of mid-2025

United Kingdom

The UK's Travel Rule came into force on September 1, 2023 via amendments to the 2017 MLRs. There is no fixed monetary threshold — the FCA requires firms to take "all reasonable steps" to comply using a risk-based approach. Regulation 64G specifically addresses unhosted wallet transfers, requiring the firm to consider whether to request originator and beneficiary information from its customer. For inbound transfers from non-Travel Rule jurisdictions, a risk-based assessment is required before releasing assets.

European Union

The EU's framework is the most demanding. Regulation (EU) 2023/1113 applies from December 30, 2024 and removes the de minimis threshold entirely: every crypto-asset transfer, regardless of amount, requires full Travel Rule compliance. For transfers involving self-hosted wallets above €1,000, CASPs must take adequate measures to assess whether the address is owned or controlled by their client.

The EBA published supporting Travel Rule Guidelines in July 2024, specifying how CASPs should detect and handle transfers with missing or incomplete information.

Canada

Canada's Travel Rule has been in force since June 2021 under FINTRAC guidance, applying to virtual currency transfers of CAD $1,000 or more. FINTRAC requires VASPs to collect and transmit a defined set of originator and beneficiary fields — including name, address, and account number — but has not issued specific verification requirements for self-hosted wallet transfers to date.

Key Implementation Challenges for Crypto Firms

The Sunrise Problem

FATF's 2023 targeted update found that 75% of jurisdictions were only partially compliant or non-compliant with virtual asset Travel Rule requirements. This uneven adoption creates a practical problem: a regulated VASP in the EU or UK may receive transfers from counterparties in jurisdictions with no equivalent live rules.

The result isn't a pass on compliance — it's an obligation to conduct risk-based assessments before releasing assets, document the decision, and define escalation procedures for non-Travel Rule counterparties. Policies need to address counterparty rejection, suspension, and data-retention outcomes explicitly.

Counterparty Identification

Unlike traditional banking's closed SWIFT network, crypto VASPs must first determine whether a destination wallet belongs to another regulated VASP or is an unhosted wallet — a step with no direct equivalent in traditional finance.

Industry solutions exist — open-source protocols like TRISA and TRP have achieved interoperability milestones, and IVMS101 provides a common messaging language — but gaps between protocols remain a live compliance risk. There is no single mandated global protocol, which means VASPs must often support multiple solutions depending on their counterparty network.

Key steps in the counterparty identification workflow:

  1. Determine wallet type (VASP-hosted vs. self-custodial)
  2. Identify the counterparty VASP, if applicable
  3. Confirm whether that VASP operates in a Travel Rule-implementing jurisdiction
  4. Apply the stricter of the sending or receiving jurisdiction's requirements
  5. Document the assessment and outcome for audit purposes

5-step crypto Travel Rule counterparty identification workflow process flow diagram

Building the Compliance Stack Without a Full-Time Team

For growing crypto firms, the full Travel Rule compliance stack — counterparty due diligence, data-sharing infrastructure, sanctions screening, missing-data handling, and audit documentation — requires expertise across multiple regulatory frameworks simultaneously. A threshold question in the EU doesn't answer anything about the UK's risk-based approach or the US's pending $250 proposal.

That multi-jurisdictional complexity is why fractional compliance leadership has gained traction as a practical alternative to a full-time hire. Firms across the US, UK, Canada, and EU are working with fractional BSA Officers, MLROs, and CAMLOs to access director-level oversight without the cost and long-term commitment of a permanent executive.

Fraxtional fills these roles for crypto firms and VASPs through embedded, named-title engagements — fractional BSA Officer, MLRO, and CAMLO positions built for teams that need director-level compliance without a director-level headcount. Clients include crypto wallets, crypto lending platforms, and digital asset businesses that needed AML programs built or remediated quickly.

Fraxtional fractional compliance officer team working with crypto VASP clients

One crypto wallet co-founder noted that Fraxtional "fixed it within days and helped us avoid a delay in onboarding" after their AML policy failed a sponsor bank review. The team holds Certified Bitcoin Professional, Certified Ethereum Professional, and ACAMS credentials — qualifications that matter when the work spans both blockchain mechanics and multi-jurisdictional AML obligations.

Frequently Asked Questions

What is the Travel Rule?

The Travel Rule is a financial regulation requiring financial institutions and VASPs to collect, verify, and share originator and beneficiary information when processing transfers above designated thresholds. It's rooted in FATF Recommendation 16 and aimed at preventing money laundering and illicit finance by creating an auditable information trail alongside each qualifying payment.

What is the Travel Rule in the UK?

The UK's Travel Rule came into force on September 1, 2023 under amendments to the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017. There is no fixed transaction threshold — VASPs must take "all reasonable steps" to comply using a risk-based approach, with specific provisions for unhosted wallet transfers under Regulation 64G.

What is the new Travel Rule?

The June 2025 FATF update to Recommendation 16 expanded scope to cover fraud prevention and proliferation financing. Key changes include mandatory date of birth for individuals, required beneficiary address fields, and alignment with ISO 20022 messaging standards. Monitor national implementation timelines before updating your controls.

Who does the Crypto Travel Rule apply to?

The Travel Rule applies to VASPs (entities that exchange, transfer, or safekeep virtual assets) and to traditional financial institutions offering virtual asset services. Obligations apply only where implementing legislation is in force, so firms must confirm their regulatory status in each market they operate.

What is the Travel Rule threshold for crypto?

Thresholds vary significantly by jurisdiction: the EU applies no threshold (all transactions in scope), the US applies $3,000, Canada applies CAD $1,000, and the UK has no fixed threshold but uses a risk-based approach. FATF recommends $1,000/€1,000 as the standard, but national implementation diverges widely from that baseline.

What happens if a VASP doesn't comply with the Travel Rule?

Non-compliance can result in regulatory sanctions, significant fines, and suspension or revocation of operating licenses. Reputational damage compounds the regulatory risk. Regulators in the US, UK, EU, and Canada have all signaled active enforcement expectations — "we're working on it" is not an acceptable response when an examiner asks.