The Travel Rule Explained: Your Guide to Crypto Compliance

With the most common crypto compliance questions answered on one page, you will be up to date with the Travel Rule in no time.

Why Choose 21 Analytics As a Travel Rule Compliance Solution?

Copy
Link Icon

21 Travel Analytics is a leading developer of on-premises Travel Rule solutions. Apart from meeting the FATF Recommendation 16 requirements, it is most VASPs’ go-to solution due to its privacy-respecting nature and self-hosted wallet support options

Moreover, 21 Travel Rule, 21 Analytics’ Travel Rule solution solves the VASP discovery problem with its Travel Address, can be up and running in less than an hour, supports more than 50 blockchains, 400+ wallets and over 2400 digital tokens ensuring Travel Rule compliance.   

Read about the latest version of 21 Travel Rule

Find out more about 21 Travel Rule

What Is the Travel Rule?

Copy
Link Icon

The Travel Rule (Recommendation 16) was introduced by the FATF, as an effort to thwart money laundering and the financing of terrorism. The Travel Rule applies to wire transfers of funds. It requires the originator and beneficiary financial institution involved in the transaction to collect, store and exchange customer data (securely) before the transaction. 

The main goal of the Travel Rule is to ensure that originator and beneficiary information is easily accessible for the following purposes:

  • Assisting law enforcement in detecting, investigating, and prosecuting terrorists and other criminals, as well as tracing their assets.

  • Supporting financial intelligence units in analysing suspicious or unusual activities.

  • Enabling ordering, intermediary, and beneficiary VASPs and financial institutions to identify and report suspicious transactions, freeze funds, and prevent transactions involving sanctioned individuals or entities.

[Source: FATF Recommendations, Interpretive Note to Recommendation 16]

Various jurisdictions have adopted the Travel Rule and amended it to fit their markets. As the Travel Rule is a recommendation by the FATF, jurisdictions can tailor it accordingly. 

See Travel Rule breakdowns per jurisdiction, regions include Switzerland, the EU, and the UK, among other countries.

When Does the FATF Travel Rule Go into Effect?

Copy
Link Icon

Although the FATF has advised member jurisdictions to implement the Travel Rule into their domestic laws as soon as possible, the Travel Rule remains a recommendation and has been implemented at varying intervals.

Some notable jurisdictions that have implemented the Travel Rule include Switzerland, Singapore, and the UK, with the EU Travel Rule (TFR) going live on 30 December 2024. 

See a global breakdown of the implementation status of the Travel Rule. 

What Customer Data Must Be Exchanged Per the FATF Travel Rule?

Copy
Link Icon

As per the FATF Travel Rule, the following information is to be collected and verified by the originator VASP before transacting,

  • Originator's name,

  • Originator's account number,

  • Originator's physical address OR

  • Originator's national identity number, or customer identification, or date and place of birth.

With the below information collected and verified by the beneficiary VASP before transacting,

  • Beneficiary's name,

  • Beneficiary's account number.

The above data is then to be exchanged and held by the reciprocating VASP for transactions amounting to or exceeding EUR 1000. However, these requirements can vary from jurisdiction to jurisdiction. 

Find out more about different implementations of the Travel Rule

What Is the Minimum Threshold for Collecting, Retaining, and Transmitting Customer Data in a Travel Rule Transaction?

Copy
Link Icon

Travel Rule thresholds vary from jurisdiction to jurisdiction. The FATF recommends a threshold of EUR 1000. However, some jurisdictions like Switzerland, the EU and the UK have a zero threshold.

How Long Should a VASP Retain Travel Rule Data?

Copy
Link Icon

This varies according to jurisdiction. Usually, VASPs need to retain Travel Rule data for a minimum of 5 years. 

The FATF

The FATF’s Recommendation 11, page 15,  states that customer data (obtained through customer due diligence measures) be retained for five years for recordkeeping and transaction monitoring. The point is reiterated under Recommendation 16 (the Travel Rule), page 82.  The FATF Recommendations

The European Union

According to the Final Draft AMLR & 6th AMLD Framework, Chapter VI Data Protection and Record-Retention, Article 56,  the EU requires a period of 5 years. This time frame is reiterated in DIRECTIVE (EU) 2015/849 Chapter V, Article 40 and point (44).

Switzerland

According to Article 958f of the Swiss Code of Obligations, data is to be retained for 10 years. 

Which Jurisdictions Have Implemented the Travel Rule?

Copy
Link Icon

The following jurisdictions have implemented the Travel Rule or a variation thereof. 

  • Austria* 

  • Bahamas 

  • Bahrain

  • Belgium* 

  • Bermuda

  • Bulgaria*

  • Croatia* 

  • Canada 

  • Cayman Islands

  • Czech Republic*

  • Denmark* 

  • Estonia* 

  • Finland*

  • France* 

  • Germany* 

  • Gibraltar 

  • Greece* 

  • Hong Kong SAR 

  • Hungary* 

  • India 

  • Ireland 

  • Italy* 

  • Japan 

  • Latvia*

  • Liechtenstein 

  • Lithuania* 

  • Luxembourg*

  • Malta* 

  • Mauritius

  • The Netherlands*

  • Poland* 

  • Portugal* 

  • Romania*

  • Singapore 

  • Slovakia*

  • Slovenia* 

  • South Korea

  • Spain* 

  • Sweden* 

  • Switzerland 

  • Taiwan 

  • United Arab Emirates (Dubai)

  • United States 

  • United Kingdom

*While not live, jurisdictions that will fall under the Transfer of Funds Regulation (TFR) have been included in this list.

See Global Implementation Status of the FATF’s Travel Rule and refer to Global Travel Rule Regulations: What Are the Requirements? for further information.

Please note this is not a non-exhaustive list and is meant as guidance only.

What Is the Transfer of Funds Regulation (TFR)?

Copy
Link Icon

The Transfer of Funds Regulation (TFR) is the EU's counterpart to the FATF's Travel Rule, and is part of the Anti-Money Laundering Package as well as the MiCA Regulation

The TFR covers the transfer of funds, including banknotes, coins, scriptural money, electronic money, and crypto assets, when at least one of the involved payment service providers or CASPs, is established or registered within the EU. This regulation also applies to intermediary CASPs, which are businesses that handle the transfer of crypto assets on behalf of another CASP or intermediary.

The TFR's scope extends to transfers executed via crypto ATMs and self-hosted wallets when a CASP is involved.

However, the TFR does not apply to:

  • Cash transactions, paper checks, or electronic money tokens used for payments with cards, electronic money, or mobile phones;

  • Tax payments, fines, and similar payments to a public authority within an EU Member State;

  • Payment service providers acting on their own behalf (when both the originator and the beneficiary are CASPs);

  • Peer-to-peer (P2P) transactions without the involvement of a CASP.

Under the TFR, CASPs are required to collect and share customer information during transactions, including:

  • The name of the originator

  • The originator’s distributed ledger address,

  • The originator’s crypto-asset account number (e.g., account at a CASP),

  • The originator’s address (including the country, official personal document number, customer ID number, or alternatively, date and place of birth),

  • The current Legal Entity Identifier (LEI) of the sender, where applicable,

  • The name of the beneficiary,

  • The beneficiary’s distributed ledger address,

  • The beneficiary’s crypto-asset account number, and

  • The current LEI of the beneficiary, where applicable.

Further reading on the TFR 

What Is the Markets in Crypto Assets Regulation (MiCA)?

Copy
Link Icon

As part of its digital finance strategy, the EU Commission introduced a proposal to regulate the markets in crypto assets; enter MiCA. The Markets in Crypto-assets Regulation's (MiCA) objective is to establish a balanced environment for financial institutions and CASPs throughout the EU. MiCA intends to:  

  • Protect consumers, investors, and market integrity, 

  • Ensure financial stability,

  • Provide legal certainty for crypto assets,

  • Support fair competition and innovation.

MiCA differs from the Transfer of Funds Regulation (TFR), which is the European Union's implementation of the Travel Rule as

  • It does not set a minimum threshold for transfers between accounts,

  • It excludes transfers involving self-hosted wallets from its scope,

  • Neither does it address activities related to DeFi and DAOs,

  • It doesn’t include the lending and borrowing of crypto assets,

  • Or cover NFTs. 

MiCA applies to natural and legal persons who issue, offer, and trade crypto assets or provide services related to crypto assets within the EU. 

To read more about MiCA, see the below blog posts 

What Is the Difference Between the TFR and MiCA?

Copy
Link Icon

The difference between the Transfer of Funds Regulation (TFR) and the Markets in Crypto Assets (MiCA) is that MiCA builds the legal framework for crypto, including CASPs, licensing regimes and definitions, while the TFR only brings the Travel Rule into the European Union.  

The TFR covers the transfer of funds, including banknotes, coins, scriptural money, electronic money, and crypto assets, when at least one of the involved payment service providers or CASPs, is established or registered within the EU. This regulation also applies to intermediary CASPs and transfers executed via crypto ATMs and self-hosted wallets when a CASP is involved.

MiCA differs from the TFR as

  • It does not set a minimum threshold for transfers between accounts,

  • It excludes transfers involving self-hosted wallets from its scope,

  • Neither does it address activities related to DeFi and DAOs,

  • It doesn’t include the lending and borrowing of crypto assets,

  • Or cover NFTs.

MiCA applies to natural and legal persons who issue, offer, and trade crypto assets or provide services related to crypto assets within the EU.

Read more about the TFR and MiCA below

Does MiCA Apply to Foreign VASPs?

Copy
Link Icon

Non-European (foreign) VASPs must comply with MiCA's regulations to offer their services within the EU.

This includes obtaining authorisation from relevant EU authorities and adhering to MiCA’s standards, including consumer protection, transparency, operational resilience, and anti-market abuse measures. Moreover, foreign VASPs must establish a legal presence in the EU, such as a registered office.

If foreign VASPs issue “stablecoins”, they must meet MiCA’s requirements for stablecoin issuers, such as maintaining adequate reserves and adhering to caps on non-EU currency-pegged stablecoin.

See Does MiCA Impact Crypto Asset Service Providers (CASPs)? for additional clarification.

Read more about stablecoins in the EU

Do Transactions to Self-hosted Wallets Fall under the FATF Travel Rule Regulation?

Copy
Link Icon

Nearly every jurisdiction that has implemented the Travel Rule includes self-hosted wallets within its scope.

The FATF Recommendation 16 stipulates that VASPs must still identify the owner of the self-hosted wallet if at least one obliged entity is involved in the transaction. Depending on local regulations, collecting this information may be sufficient, while in other cases, VASPs must verify the ownership of the self-hosted wallet. 

The following jurisdictions include self-hosted wallets in their implementation of the Travel Rule: 

  • Switzerland 

  • The EU

  • The UK

  • Germany 

  • Liechtenstein 

  • Hong Kong 

  • Singapore

How Does the Travel Rule Affect Peer-to-Peer (P2P) Transactions?

Copy
Link Icon

The Travel Rule does not apply to peer-to-peer transactions.

The Travel Rule only applies when a VASP (or regulated entity) transacts with another regulated entity or a self-hosted wallet. In other words, for the Travel Rule to apply, the transaction must involve at least one regulated entity. 

Find out more about self-hosted wallet transactions per the Travel Rule.

Which Jurisdictions Include Self-hosted Wallets in Their Regulatory Frameworks?

Copy
Link Icon

Nearly every jurisdiction that has implemented the Travel Rule includes self-hosted wallets within its scope, minus the USA, Bermuda, Canada and South Korea. 

Jurisdictions that Include Self-hosted Wallets in Their Regulatory Frameworks

Please note this is not a non-exhaustive list and is meant as guidance only. 

  • Austria* 

  • Belgium* 

  • Bulgaria*

  • Croatia* 

  • Czech Republic*

  • Denmark* 

  • Estonia* 

  • Finland*

  • France* 

  • Germany* 

  • Greece* 

  • Hong Kong SAR 

  • Hungary* 

  • Italy* 

  • Latvia*

  • Liechtenstein 

  • Lithuania* 

  • Luxembourg*

  • Malta* 

  • The Netherlands*

  • Poland* 

  • Portugal* 

  • Romania*

  • Singapore 

  • Slovakia*

  • Slovenia* 

  • Spain* 

  • Sweden* 

  • Switzerland 

  • United Kingdom

*While not live, jurisdictions that will fall under the Transfer of Funds Regulation (TFR) have been included in this list.

See Regulatory Frameworks that Include Self-hosted Wallets and refer to Global Travel Rule Regulations: What Are the Requirements? for further information. 

How Should VASPs Transact with Self-hosted Wallets?

Copy
Link Icon

The first thing a VASP should do is ascertain if the jurisdiction’s implementation of the Travel Rule covers self-hosted wallets. For example, the USA does not include self-hosted wallets in its Travel Rule scope. Therefore, no data collection is required. 

If self-hosted wallets are included, check the jurisdiction’s Travel Rule data collection prerequisites; some regions require more extensive data points. 

Thereafter, confirm the threshold. For example, in the EU, wallet proofs are only required for amounts over EUR 1000*, whereas Switzerland requires wallet proofs for all self-hosted wallet transactions. If a wallet proof is required, there are four ways to do it

*unless the CASP suspects ML/TF activities or any other associated risk. 

For further clarification on self-hosted wallet requirements per region, see Global Travel Rule Regulations: What Are the Requirements?

How Can VASPs Verify Self-hosted Wallets?

Copy
Link Icon

Depending on the jurisdiction’s implementation of the Travel Rule, self-hosted wallet verification is required. 

There are 4 ways that this can be done, namely through:

It's important to keep in mind that one method does not exclude the other. A VASP can offer its users just one, several, or all methods, depending on their needs or preferences. 

Most Travel Rule regulations, like the UK’s implementation of the Travel Rule, require verification through a Satoshi Test or digital signature, avoiding visual proofs due to their lack of trust. Many VASPs opt for a fully automated solution, like AOPP, as it is secure for both VASPs and their customers and prevents address reuse. 

What Is a VASP?

Copy
Link Icon

The FATF defines a VASP as “any natural or legal person who is not covered elsewhere under the Recommendations, and as a business conducts one or more of the following activities (stated below) or operations for or on behalf of another natural or legal person.

As defined by the FATF, VASP activities include:

  • Exchange between virtual assets (crypto assets) and fiat currencies,

  • Exchange between one or more forms of virtual assets,

  • Transfer of virtual assets,

  • Safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets,

  • Participation in and provision of financial services related to an issuer's offer and/or sale of a virtual asset.

[FATF (2021), Updated Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers, FATF, Paris. Page 109]

Is a VASP a CASP?

A VASP and a are very similar in function except for two differences: the FATF’s definition of a VASP is not as explicit as MiCA’s CASP, nor does it extend to cover crypto advisory services. MiCA defines a CASP as “any person whose occupation or business is the provision of one or more crypto-asset services - as mentioned above - to third parties on a professional basis.”

See Article 3 Definitions and read Is A VASP a CASP? for further information on the topic.

Jurisdiction-dependent, a VASP Can Also Be Known As:

  • Australia: Digital Currency Exchange Provider (DCEP)

  • Canada: Crypto Asset Trading Platform (CTP)

  • Estonia: Virtual Currency Service Provider (VCSP)

  • EU: Crypto asset service provider (CASP)

  • France: Digital Asset Service Provider (DASP)

  • Japan: Crypto Asset Exchange Service Provider (CESP)

  • Liechtenstein: Trusted Technology Service Provider (TT Service Provider)

  • Singapore: Digital Payment Token Providers (DPT Providers)

  • UK: Cryptoasset Business (CB)

  • USA: Money Service Business (MSB)

What Is a CASP?

Copy
Link Icon

As per the Markets in Crypto Assets Regulation (MiCA), CASP activities include: 

  • The custody and administration of crypto assets (virtual assets) on behalf of third parties, 

  • The operation of a trading platform for crypto assets, 

  • The exchange of crypto assets for fiat currency that is legal tender,

  • The exchange of crypto assets for other crypto assets, 

  • The execution of orders for crypto assets on behalf of third parties, 

  • The placing of crypto assets, 

  • The reception and transmission of orders for crypto assets on behalf of third parties, 

  • Providing advice on crypto assets.

In summary, if a business provides any of the below services to citizens in Europe, it is deemed a CASP: 

  • Offering custody and administration of crypto assets on behalf of a third party,

  • Offering a crypto exchange service or running an exchange,

  • Offering crypto advisory services, or information defined as advice on investing in crypto assets. This does not include portfolio management services.

Is a VASP a CASP?

A VASP and a are very similar in function except for two differences: the FATF’s definition of a VASP is not as explicit as MiCA’s CASP, nor does it extend to cover crypto advisory services. MiCA defines a CASP as “any person whose occupation or business is the provision of one or more crypto-asset services - as mentioned above - to third parties on a professional basis.”

See Article 3 Definitions and read Is A VASP a CASP? for further information on the topic.

Jurisdiction-dependent, a VASP Can Also Be Known As:

  • Australia: Digital Currency Exchange Provider (DCEP)

  • Canada: Crypto Asset Trading Platform (CTP)

  • Estonia: Virtual Currency Service Provider (VCSP)

  • EU: Crypto asset service provider (CASP)

  • France: Digital Asset Service Provider (DASP)

  • Japan: Crypto Asset Exchange Service Provider (CESP)

  • Liechtenstein: Trusted Technology Service Provider (TT Service Provider)

  • Singapore: Digital Payment Token Providers (DPT Providers)

  • UK: Cryptoasset Business (CB)

  • USA: Money Service Business (MSB)

What Is a Virtual Asset?

Copy
Link Icon

The FATF defines a virtual asset as a “digital representation of value that can be digitally traded or transferred and can be used for payment or investment purposes”. The FATF generally does not consider non-fungible tokens (NFT) as virtual assets, but this depends on their characteristics. They may fall under the definition if they are used for “payment or investment purposes”.

Examples of virtual assets include specific currencies like bitcoin and Ether, as well as stablecoins, and the MiCA equivalents asset referenced tokens and electronic money tokens.

Don't See Your Question?
Ask Us
Cookies are used to collect information about how you interact with our website and allow us to remember you. We use this information in order to improve and customize your browsing experience and for analytics and metrics about our visitors both on this website and other media. To find out more about the cookies we use, see our Privacy Policy.
Accept