As of September 2025, regulators in the U.S., EU, UK, and APAC enforce versions of the Travel Rule, requiring VASPs to attach basic sender and recipient data to qualifying transfers. Understanding these requirements is essential to keep licenses, earn institutional trust, and avoid penalties.
What Is the Travel Rule?
The Travel Rule is an anti-money laundering standard that obliges financial institutions and regulated crypto providers — exchanges, custodial wallet providers, and other VASPs — to send, receive, and retain basic originator (sender) and beneficiary (recipient) details alongside qualifying transfers. This data is exchanged off-chain between providers to enable sanctions screening, recordkeeping, and, where required, identity verification.
In 2019, the Financial Action Task Force (FATF), the international body that sets anti-money laundering standards, extended the Travel Rule to cover crypto transactions. This update introduced the Crypto Travel Rule (FATF Recommendation 16), which applies to exchanges, wallets, and other businesses that handle digital assets.
These businesses have strong compliance obligations to prevent penalties or loss of license. Regular crypto users must share their identifying information with exchanges and other service providers.
Why Crypto Needed a Travel Rule
The Travel Rule brings the same safeguards from traditional finance into the crypto world. It’s built on a simple but powerful idea from FATF: same risk, same rules. This means activities with similar risks must follow the same standards, no matter what technology they use.
Crypto’s pseudonymity can make it attractive for illicit activities like money laundering, terrorist financing, sanctions breaches, and other financial crimes. The Travel Rule tackles this by ensuring personal data “travels” with every transaction.
Beyond fighting financial crime, the Travel Rule also strengthens trust across the industry. Greater transparency makes crypto more acceptable to financial institutions and regulators by effectively:
- Increasing traceability of flows.
- Helping law enforcement track illicit funds.
- Reducing the anonymity associated with crypto transfers.
Who Is Covered by the Crypto Travel Rule?
The Crypto Travel Rule applies to all financial institutions and crypto service providers involved in transfers, exchange, or management of virtual assets, or financial services related to an issuer’s offer or sale of a virtual asset.
Covered entities include crypto exchanges, custodial wallet providers, OTC trading desks, crypto payment processors, and regulated financial institutions that handle digital assets.
Different laws use different labels (e.g., VASPs, CASPs, MSBs), but the obligations are similar: if you accept and transmit customer value, you’re in scope.
While the Travel Rule does not cover individuals using self-hosted wallets, regulators are exploring ways to extend rules to DeFi protocols and peer-to-peer services.
The Travel Rule applies to businesses in three key situations:
- Transfers to unhosted wallets: Businesses must collect the required information for compliance, though they don't need to send it directly to the individual's wallet.
- Traditional wire transfers: The rule covers all standard wire transfers involving virtual assets.
- Transfers between regulated entities: This includes virtual asset transfers between VASPs or between a VASP and a financial institution.
FATF Travel Rule Requirements
The FATF is an international body that sets global standards to combat money laundering and terrorist financing. The FATF Recommendations provide a full framework to help countries fight financial crimes, promote financial transparency, identify emerging criminal financial trends, and evaluate how well member countries implement these standards through regular reviews.
When a qualified transfer, exchange, or issuance of virtual assets takes place, various obligations are triggered for the respective businesses providing services to the sender and beneficiary.
Thresholds and Data Fields
The FATF recommends a standard threshold of USD/EUR 1,000. Transactions below the Travel Rule threshold have fewer requirements than those above it. Smaller transactions that appear linked may also fall within scope.
In addition, the originating entity and receiving entity are expected to monitor transactions and report any red flags to the appropriate authorities.
BSA Travel Rule Requirements
The Financial Crimes Enforcement Network (FinCEN) administers the Bank Secrecy Act (BSA) for financial institutions (including money services businesses, or MSBs) and enforces the Travel Rule at 31 CFR 1010.410(f). The Travel Rule (originally adopted for wire transfers in the 1990s) requires specific originator/beneficiary information to accompany certain transmittals of funds.
In 2013, FinCEN explained that persons who administer or exchange virtual currency are MSBs (money transmitters) under the BSA.
A money transmitter is a person that accepts and transmits currency, funds, or other value that substitutes for currency — a phrase that covers convertible virtual currency (CVC) (e.g., bitcoin, ether, stablecoins).
In 2019, FinCEN issued consolidated guidance clarifying how existing rules apply to P2P exchangers, hosted vs. unhosted wallets, CVC kiosks, and certain DApps when they accept and transmit value.
The rule does not apply to digital assets issued as legal tender, such as a Central Bank Digital Currency (CBDC).
Note: CBDC is not CVC, but the Travel Rule applies to all transmittals of funds (banks and non-banks), regardless of technology.
How the U.S. Applies the Travel Rule to Crypto
MSBs (including administrators/exchangers of CVC) must comply with the BSA when they accept and transmit value. This includes hosted wallet providers, P2P exchangers operating as a business, and CVC kiosks. Unhosted wallet software providers that do not accept or transmit value are not MSBs. Payment processors can be exempt if they meet the processor-exemption criteria.
Administrators and exchangers of convertible virtual currencies (CVCs) qualify as money transmitters if they accept, transmit, buy, or sell CVCs. In 2019, FinCEN expanded the rule to include certain activities carried out by peer-to-peer exchanges or decentralized applications, regardless of their structure.
MSBs must maintain a risk-based AML program that is in writing and, at minimum: (1) has policies, procedures, and internal controls (including customer identification where applicable); (2) designates a compliance officer; (3) provides ongoing training; and (4) undergoes independent review.
Recordkeeping & “Travel” information
For transmittals of funds of $3,000 or more, MSBs (and other covered institutions) must retain specific records and ensure required information travels to the next financial institution. A 2020 proposal to lower the cross-border threshold to $250 has not been finalized.
What must be included in the transmittal order (≥$3,000):
Originator (transmittor) name and, if ordered from an account, account number; address; amount; execution date; identity of the recipient’s financial institution; as available, the recipient’s name and address and account (or other specific identifier); plus the name and address or numerical identifier of the originator’s financial institution.
For non-established customers, additional identity-verification/recordkeeping applies. (A wallet address typically serves as the “account number or other specific identifier” in a CVC context.)
For transfers below $3,000:
The Travel Rule/Recordkeeping Rule at 31 CFR 1010.410(e)–(f) do not apply; however, MSBs still must follow their risk-based AML program and other BSA reporting/recordkeeping duties (e.g., SARs).
The transaction amount and execution date must always be recorded. The sender’s physical address is required; the receiver’s physical address may be optional if unavailable.
Activity examples (quick reference):
Hosted wallet provider: MSB → register, AML program, SAR/CTR, recordkeeping/Travel Rule when triggered.
Unhosted wallet software: Not an MSB if it never accepts/transmits value.
Payment processor: Often exempt if meeting FinCEN’s processor-exemption conditions.
CVC kiosk (ATM) operator: MSB obligations apply.
P2P exchanger (for profit): MSB.
Issuer/administrator of a token: May be an MSB when issuing/redeeming a CVC; securities issuance implicates separate SEC rules.
Non-custodial trading front-end / DApp: Likely not an MSB if it only provides software/communications and does not accept/transmit value; facts & circumstances control.
Travel Rule Compliance Checklist for U.S. Operators
To align with the U.S. BSA and the Travel Rule:
- Determine if you are an MSB (money transmitter).Use the definition at 31 CFR 1010.100(ff) (accepting/transmitting currency, funds, or other value that substitutes for currency, incl. CVC).
- Register with FinCEN and keep it current.File the MSB registration (Form per 31 CFR 1022.380) and renew every two calendar years; maintain and update the agent list.
- Build a written, risk-based AML program (four pillars).
- Policies, procedures, and internal controls.
- Designated BSA/AML compliance officer.
- Ongoing training for relevant staff.
- Independent review of the program at a risk-commensurate frequency.
- Implement Travel Rule + recordkeeping controls (≥ $3,000).Ensure required information travels and is retained for transmittals of funds of $3,000 or more
- File required reports.
- SARs for suspicious activity.
- CTRs for transactions in currency > $10,000.
- Screen for sanctions.Establish OFAC screening and blocking/reject procedures (separate from the BSA but required for all U.S. persons).
- Document governance.Have senior management oversee the program; keep policies, reviews, and corrective actions on file.
- Mind state licensing.Obtain/maintain state money-transmitter licenses where required (separate from federal MSB registration).
Global Regulatory Adoption of the Crypto Travel Rule
The Crypto Travel Rule appears in different forms under U.S., EU, UK, Singapore, Japan, and South Korean regulations, but the core requirement is the same: VASPs must collect and share sender and recipient information to improve transparency and reduce financial crime.
EU Travel Rule
The EU regulates crypto-assets through two complementary instruments: MiCA, which harmonizes licensing, conduct and market rules for CASPs, and the Transfer of Funds Regulation (TFR), which implements FATF Recommendation 16 for transfers of funds and certain crypto-assets. In July 2024, the EBA issued final Travel Rule Guidelines to clarify how required originator/beneficiary information must accompany crypto-asset transfers; these guidelines apply from December 30, 2024.
Under the TFR, when a CASP is involved in a transfer (as originator CASP, intermediary CASP, or beneficiary CASP), the required information must accompany all CASP↔CASP transfers (no minimum threshold).
For transfers to or from self-hosted addresses, CASPs must collect originator/beneficiary information and, for transfers over €1,000, assess whether the customer owns or controls the self-hosted wallet before making assets available.
AMLA, the new EU Anti-Money Laundering Authority, coordinates national supervisors to ensure consistent AML/CFT application and is ramping up towards targeted direct supervision of selected high-risk obliged entities. It began initial operations on July 1, 2025.
As more jurisdictions adopt similar frameworks, the EU’s approach is increasingly viewed as a global blueprint. However, the EU Travel Rule does not cover peer-to-peer transfers between self-hosted wallets unless a CASP is involved.
