What is the Crypto Travel Rule? An Overview

Explore the Crypto Travel Rule and learn what data needs to be collected, who qualifies as a VASP, as well as the necessary steps and tools for crypto platforms to comply with the FATF guidelines.

The Crypto Travel Rule is mandated by the Financial Action Task Force (FATF), a global anti-money laundering (AML) watchdog. In 2019, the FATF expanded its recommendations to cover virtual assets (VAs) and Virtual Asset Service Providers (VASPs). Since then, companies involved in cryptocurrency and DeFi must comply with stricter regulatory guidelines, also known as Recommendation 16 or the “Travel Rule,” which is part of FATF’s 40 Recommendations.

Initially adopted in 2016 and updated again in 2021, the Crypto Travel Rule applies to businesses handling crypto transactions. It mandates VASPs and financial institutions involved in VA transfers to share transaction details, including sender and receiver information, above a specified threshold to combat money laundering and illicit activities.

Countries use different terms to categorize crypto service providers. Some alternative terms to VASPs include Crypto Asset Service Providers — or CASPs — Money Services Businesses — or MSBs — and so on. The most common reporting transaction threshold for companies is set at $1,000. However, in the United States, it’s $3,000

Businesses must comply with the Crypto Travel Rule to avoid extra scrutiny or be declined altogether. Regular crypto users are now also required to disclose their identity to exchanges and service providers. Therefore, it’s not just important but crucial for businesses to fully understand the impact of the Travel Rule and ensure they are in compliance with these regulations regarding crypto assets.

What is the Crypto Travel Rule?

The Crypto Travel Rule, or FATF Recommendation 16, is a set of guidelines designed to prevent money laundering and terrorist financing. It specifically targets financial institutions involved in virtual asset transfers, and crypto companies, referred to as VASPs. The Travel Rule ensures that personal data accompanies transfers.

Recommendation 16 pertains to both international and domestic wire transfers. According to FATF Recommendations, its goal is to hinder “terrorists and other criminals” from freely using wire transfers to move their funds and to identify and prevent such misuse.

Related: 40 Recommendations of the FATF

The Role of the FATF in the Context of the Travel Rule

The Crypto Travel Rule is mandated by the Financial Action Task Force (FATF). It is an intergovernmental body involving G-7 countries and approximately 30 others who are responsible for various policy initiatives. 

The FATF introduced the Travel Rule in order to help law enforcement agencies and obliged entities involved in sending and receiving funds through formal funds transfer systems. This law aims to better prevent, detect, and prosecute activities mainly related to:

  • Money laundering
  • Terrorism financing
  • Sanctions breaches
  • Other financial crimes

The interpretation and enforcement of the Crypto Travel Rule vary among regulators. While pioneers like the United States have embraced it early on, others, for example, the United Kingdom, only recently integrated its principles into their regulatory framework, marking their adoption in August 2023.

Why is the Crypto Travel Rule important?

The Crypto Travel Rule is important because it:

  • Enables law enforcement to request and access transaction details from VASPs and crypto companies. 
  • Helps tracking illicit actors using crypto for fraud, eliminating the anonymity shield associated with some cryptocurrencies and VASPs.

The Travel Rule in practice means establishing procedures for collecting and exchanging client data, verifying transaction details, and maintaining accurate records. It’s vital because this regulation seeks to combat money laundering via crypto, prevent terrorist financing and payments to sanctioned individuals, and facilitate the reporting of suspicious activities.

Who is Covered by the Crypto Travel Rule?

The Crypto Travel Rule applies to financial companies that deal with virtual asset transfers and crypto businesses (CBs), also referred to as VASPs

This includes entities offering exchange services between virtual assets and fiat currencies, custodian wallet providers, and financial service providers for ICOs and token offerings.

For example:

  • A cryptoasset exchange broadly includes entities facilitating exchanges or arranging them. 
  • A custodian wallet provider is an entity offering services to hold cryptoassets or cryptographic keys on behalf of customers. This definition excludes non-custodial wallets where the custodian isn’t involved in asset transfers, as owners directly interact with the payment system.
A graphic representation of the key services virtual asset providers (VASPs) are known for in the context of the Crypto Travel Rule.

FATF’s Definition of a VASP

According to the FATF, a company is considered a VASP if it offers these services:

  1. Transferring virtual assets
  2. Exchanging between virtual assets and fiat currencies
  3. Exchanging between one or more forms of virtual assets
  4. Safeguarding or managing virtual assets and instruments 
  5. Participating in and providing financial services related to an issuer’s offer or sale of a virtual asset

So, all in all, crypto exchanges, custodial wallet providers, unhosted wallet providers, MSBs are affected. Decentralized services (DeFi) and other peer-to-peer (P2P) platforms also fall under the classification of VASPs and are required to comply with the FATF Travel Rule.

Crypto Businesses’ and Third-Party Providers’ Obligations for the Travel Rule

Crypto businesses subject to the Travel Rule should take necessary measures to ensure compliance and mitigate risks of financial crime. A practical approach should include the following steps:

  • Take the necessary steps to exercise due diligence.
  • Maintain responsibility for compliance with the Travel Rule, including when using third-party suppliers.
  • Ensure complete compliance with the Travel Rule when sending or receiving cryptoasset transfers from firms in the operating country or other jurisdictions that have implemented the Travel Rule.
  • Regularly review and audit the implementation status of the Travel Rule in other jurisdictions and adjust your internal business operations.

Related: Third-Party Money Laundering Risks Explained

What Does the Crypto Travel Rule Mean for VASPs?

The Crypto Travel Rule mandates that virtual asset service providers (VASPs), such as banks, custodial solutions, exchanges, and other financial service providers, must transparently identify the origins and destinations of crypto transactions exceeding the specified threshold. 

The Crypto Travel Rule means that:

  • Any crypto transaction surpassing a specific threshold must include the customer’s personal information.
  • VASPs must conduct sanction screening on the counterparty customer and undertake due diligence on the counterparty VASP.

FATF recommendations are similar to the regulations enforced by the Financial Crimes Enforcement Network (FinCEN) under the US Bank Secrecy Act, simplifying the adoption of the Crypto Travel Rule in the United States.

A visual representation of the key differences between the FATF Travel Rule and the Bank Secrecy Act (BSA)

In summary, the Crypto Travel Rule means that anyone facilitating cryptocurrency transfers along with customer data must ensure that this data is being sent to a secure location.

What are the Key Requirements of the Crypto Travel Rule?

The Crypto Travel Rule requires VASPs to collect and share accurate information about the sender and recipient of virtual asset transfers with counterpart VASPs or financial institutions. This disclosure must occur either during the transaction or before it takes place.

For originating VASPs, the Crypto Travel Rule requires to:

  1. Conduct due diligence on the counterparty before sharing any data.
  2. Identify their client (the originator).
  3. Obtain, retain, and share the necessary information from the originator with the beneficiary VASP after all checks.
  4. Screen to ensure the beneficiary is not a sanctioned entity.
  5. Monitor transactions and report any suspicious activities.

For beneficiary VASPs:

  1. Receive and verify the accuracy and consistency of information from the originator’s VASP and keep a record.
  2. Screen to ensure the originator is not a sanctioned entity.
  3. Monitor transactions and report any suspicious activities.
A graphic illustration explaining the vital steps and features that should be implemented as VASP due diligence measures to comply with the Crypto Travel Rule.

The Travel Rule aims to align the crypto sector with traditional finance’s AML/CTF standards. So, gathering this data helps authorities detect suspicious behavior more accurately, such as funds transfers linked to criminal entities, and enact measures to halt or prosecute illicit actions. 

More Detailed Data Collection Requirements for VA Transfers

The FATF recommends that countries implement a de minimis threshold of $1,000 USD/EUR for VA transfers. Transactions below this threshold will have fewer regulatory requirements compared to those above it.

For virtual asset transfers below the threshold, VASPs are required to collect this data:

  • The VA wallet address for each party or a unique transaction reference number.
  • The names of the sender and the recipient.

For transfers above the determined threshold, VASPs are required to gather:

  • Originator’s name
  • Originator’s account number used for the transaction
  • Originator’s address, customer identification number, national identity number, or date and place of birth for unique identification
  • Beneficiary’s name
  • Beneficiary’s account number used for the transaction

However, it’s worth mentioning that the FATF doesn’t list a specific method or RegTech service for data sharing in their recommendations. This allows businesses to be flexible and choose the solution that best fits their needs.

How Does the Crypto Travel Rule Impact its Users?

Once again, it all comes down to data. The Travel Rule affects not only companies but also users, who are asked to provide additional information to crypto exchanges and VASPs. Critics argue that VASPs adhering to regulations might scrutinize or reject cross-border cryptocurrency transactions from entities that need to be compliant with the Travel Rule. 

Additionally, the Crypto Travel Rule could slow down innovation in the virtual asset industry by making compliance so burdensome that it discourages new business models, leading to fewer choices for crypto users. Despite some of the critic’s concerns, a proper AML compliance program protects crypto users and the businesses behind them. It safeguards entities from major issues like terrorism financing and other criminal behavior

The Benefits of the Crypto Travel Rule

The Crypto Travel Rule’s biggest benefit of all is its mission to prevent the use of virtual assets for money laundering or financing terrorism. By sharing information on virtual asset transfers, businesses can:

  • Help prevent money laundering and terrorism financing, increase transparency, as well as aid in creating a better system to trace and report suspicious virtual asset transactions.
  • Promote a more legitimate virtual asset market based on a standard, unified regulatory framework that attracts more users and investors. 
  • Boost communication and collaboration between VASPs, dedicated to maintaining a trusted and secure virtual asset landscape.

Using automated AML software, VASPs can benefit from the Travel Rule and support the establishment of a safer global regulatory standard for VA transfers. However, certain factors make up good software for crypto companies, as it should offer both compliance and a user-friendly interface for the crypto users who are used to its anonymous nature.

Related: AML Automation — Streamlined Compliance 101 for Businesses

Top 5 Steps for Complying with the Travel Rule Using Automation

What’s more — iDenfy can help you amplify these benefits and stay compliant with the Crypto Travel Rule using automation solutions, which streamline various tasks, such as:

  1. Collecting and verifying originator and beneficiary details.
  2. Cross-referencing info with trusted sources, like official government databases.
  3. Keeping verification data for proper compliance and auditing purposes.
  4. Screening against multiple sanctions and global watchlists.
  5. Conducting ongoing monitoring and spotting AML red flags in real-time based on sophisticated risk-scoring models, as well as customizing onboarding flows based on every use case and adjustment required for enhanced due diligence (EDD).

Our in-house experts can help you ensure easy integration with your existing AML program, supporting your scaling efforts while helping you embrace a proactive approach to fraud detection and regulatory compliance in the crypto sphere. 

Interested to learn more? Let’s chat.

Save costs by onboarding more verified users

Join hundreds of businesses that successfully integrated iDenfy in their processes and saved money on failed verifications.