What is the Travel Rule, and How Does it Apply to Crypto?

Adam McLaughlin, Global Head of Financial Crime Strategy & Marketing, AML
What is the Travel Rule, and How Does it Apply to Crypto?

The ‘Travel Rule’ was first introduced by FinCEN in the US’s Bank Secrecy Act (BSA) and came into effect in the US on May 28, 1996. FinCEN’s ‘Travel Rule’ required financial institutions to pass on certain information to the next financial institution during the ‘transmittal of funds,’ which often refers to wire transfers. In 2012, the Financial Action Task Force (FATF) updated their FATF 40 recommendations to include similar ‘Travel Rule’ guidelines for wire transfers, as outlined in Recommendation 16.

The FATF adopted changes in 2018 to expressly clarify that their Recommendations apply to financial activities involving virtual assets. Subsequently, FATF published its initial guidance on applying a Risk-Based Approach (RBA) to virtual assets and virtual asset service providers, which was later updated in October 2021.

Today’s blog will delve deeper into the travel rule and how it applies to day-to-day cryptocurrency transactions.

Background – Who is the Financial Action Task Force, and why are they important?

The Financial Action Task Force (FATF) is an inter-governmental body established in 1989 at the G-7 Summit by leaders of the G-7 member States, the European Commission, and eight other countries. FATF’s objective is to protect financial systems and the broader economy from threats of money laundering and the financing of terrorism and proliferation, thereby strengthening financial sector integrity and contributing to safety and security. The FATF Recommendations are recognized as the global anti-money laundering (AML) and counter-terrorist financing (CTF) standard. Not only does FATF set recommendations, but it also evaluates countries based on their performance.

What is the Travel Rule?

FATF’s ‘Travel Rule’ requires financial institutions to pass along information to one another for certain electronically-facilitated transfers. The info ‘travels’ along with the pertinent transactions from bank to bank until the funds reach their end destination. This rule was developed to inhibit criminals, terrorists, and sanctioned individuals from freely using wire transfers to move their funds and to enable the detection of any illicit electronic transfer use. It also supports the reporting of suspicious activities and enables law enforcement to subpoena transaction details.

Under the FATF guidance, the ‘Travel Rule’ applies to any transaction over USD/EUR 1000. The information transmitted along with a transfer varies between the BSA requirements and FATF guidance but generally includes:

  • The name and account number of the originator
  • The originator’s address, national identity number, customer identification number, or date and place of birth
  • The name and account number of the beneficiary

Other information may include the date and amount of the transfer, the originator’s and recipient’s financial institutions, and other identifying information about the beneficiary.

The Scope of FATF’s Risk-Based Approach for Virtual Assets (VAs) and VA Service Providers

Because cryptocurrencies and related cryptocurrency businesses continue to grow, FATF extended the scope of the Risk-Based Approach to include ‘Virtual Assets’ and ‘Virtual Asset Service Providers’ (VASPs).

FATF has defined virtual assets (VAs) as a digital representation of value that can be digitally traded, transferred, and used for payment or investment purposes. VAs include:

  • Cryptocurrencies (such as Bitcoin, Ethereum, and Litecoin)
  • Some stablecoins (depending on their exact nature)
  • Gaming tokens
  • Non-Fungible Tokens (NFT) when they can be ’cashed out’ by exchanging the digital currency back to fiat currency

The definition of VAs does not include Central Bank Digital Currencies (CBDCs) (considered digital representations of fiat currencies), securities, Non-Fungible Tokens (NFTs) when used as collectibles and other financial assets that are already covered elsewhere in the FATF Recommendations.

FATF has also defined a VASP as any person or entity who is not covered elsewhere under the Recommendations and, as a business, conducts one or more of the following activities or operations for or on behalf of another person:

  • An exchange between VAs and fiat currencies
  • An exchange between one or more forms of VAs
  • A transfer of VAs (moves a VA from one VA address or account to another)
  • The safekeeping or administration of VAs or instruments enabling control over VAs
  • Participation in and provision of financial services related to an issuer’s offer or sale of a VA

Under this definition, VA exchanges (fiat/crypto or crypto/crypto), VA brokerages, custodial and advanced trading services, Bitcoin ATMs, Stablecoins and Initial Coin Offerings would be considered a VASP. On the flip side, consumers, peer-to-peer transactions, individual miners (if they are mining for themselves) and software and ancillary service providers would not fall under FATF’s definition of a VASP.

The FATF released its preliminary VA guidance in 2019 and has continued to review and update this guidance based on feedback from the industry. It is intended to help national authorities, VASPs and other entities involved in VA activities understand their AML/CFT obligations and how they can effectively comply with these requirements. Once an entity is classified as a VASP, thus falling within the scope of the FATF standards, this triggers a wide range of regulatory requirements (i.e., licensing, monitoring, reporting, training, compliance, etc.).

Does the Travel Rule apply to Virtual Assets and Virtual Asset Service Providers?

In October 2021, the FATF updated its VA and VASP guidance. As a part of the update, FATF increased the scope of cryptocurrency AML-CFT obligations to include customer due diligence (CDD) (Recommendation 10) and the ’Travel Rule’ (Recommendation 16). The travel rule requires regulated entities to ensure that certain information about the parties involved in all transactions over USD/EUR 1,000 ‘travels’ with the transaction to the receiving entity. The required data and actions related to the ‘Travel Rule’ are summarized below:

Does the Travel Rule apply to private or unhosted wallets?

The ‘Travel Rule’ should apply to VA transfers between two obliged entities (e.g., two VASPs or a VASP and a traditional financial institution). The ‘Travel Rule’ will not necessarily apply to transactions between a VASP and an unhosted or otherwise known as a self-hosted wallet (a crypto-wallet that is not held with or managed by a third-party financial institution or other regulated entity). 

Even if an originating VASP could collect the ultimate beneficiary’s details, unhosted wallets may present some challenges to implementing the ‘Travel Rule.’ Due to the nature of open, public, permissionless and decentralized networks such as the Bitcoin network, there is no way that the blockchain ledger could validate the accuracy of these details or validate that the specific account belongs to the person(s) claimed. Contrary to an International Bank Account Number (IBAN), which inherently contains several pieces of information such as the country, bank, branch and account number, a bitcoin address or a hash does not have any of the above. Finally, unlike bank accounts created and maintained by a centralized authority or intermediary such as a bank, the creation of VA addresses in public and permissionless networks such as the Bitcoin network is unlimited and cannot be controlled or stopped by any centralized authority. In fact, hierarchical deterministic (HD) wallets held in smartphones or hardware wallets can create an infinite number of random public/private keys, all deriving from a single mnemonic phrase, otherwise known as a seed phrase (a sequence of 12-24 words). 

The ‘Sunrise’ Challenge in Complying with the Travel Rule

Many VASPs face a challenge when complying with the ‘Travel Rule’ and facilitating transactions across jurisdictions called the ‘sunrise’ challenge – or problem. This occurs when jurisdictions are at different stages of complying with or setting expectations for the travel rule. In jurisdictions where VASPs must adhere to the travel rule (aka the sun has risen), they could find it very difficult to transact and even maintain relationships with VASPs where travel rule compliance is not yet established or enforced (aka the sun is still down). 

Will the requirements for unhosted wallets change in the near future?

However, a March 31, 2022 development in Europe might influence the regulatory obligations surrounding unhosted wallets. The Economic and Monetary Affairs Committee and the Committee on Civil Liberties, Justice and Home Affairs voted to approve an amendment to its regulation on information accompanying the Transfer of Funds. Aside from verifying the originator’s details, details of the recipient may also be required for any transfer of funds exceeding EUR 1,000. When information on the payer or the payee is incomplete or missing, the payment may be rejected by the payment service provider (PSP), or the PSP may require information to be collected before crediting the payee’s account or making the funds available. 

The proposed rules must be passed via trialogue negotiation between the EU Parliament, European Council, and the European Commission to be enacted. If they remain unopposed, the crypto industry will have somewhere from nine to 18 months to fully comply with the legislation. Given the above, 40+ crypto business leaders have asked the European Union to ensure that regulations regarding unhosted wallets do not go beyond rules already in place under FATF, which sets standards for combating money laundering. 

In an interesting precedent, in May 2021, DNB, the central bank of the Netherlands, officially acknowledged an exchange from the Netherlands’s (Bitonic’s) objection to their so-called wallet verification requirement after the regulator formally acknowledged that the requirement to provide proof of the beneficiary’s ownership of a bitcoin wallet in Nov 2020 was unlawful and should never have been required during Bitonic’s registration. 

The G-7 Finance Ministers and Central Bank Governors met in Petersberg, Germany, on 18-20 May 2022 with the Heads of the International Monetary Fund (IMF), World Bank Group, Organisation for Economic Cooperation and Development (OECD), and Financial Stability Board (FSB). Regarding Virtual Assets, the G-7 (among others) called for the rapid implementation of the Financial Action Task Force’s (FATF’s) ‘Travel Rule.’ They welcomed the FATF´s ongoing efforts to enhance beneficial ownership transparency and affirmed the benefits of making this information public, where possible. 


It appears unlikely that the crypto community will adopt a single Travel Rule solution but rather utilize multiple solutions that foster communication between VASPs. The interoperability of solutions is vital to ensure comprehensive coverage when facilitating transactions with VASPs across the crypto-community. Voices in the community agree that a solution should use an open-source architecture that is decentralized, secure, scalable, reliable, interoperable and globally available. In addition, NICE Actimize and our partner CipherTrace believe that a system should also be customizable to fit each VASPs unique wants or needs. 

To continue learning more about AML obligations related to cryptocurrencies, check out our top 15 most frequently asked questions about crypto by AML professionals.

Speak to an Expert