Travel Rule

The Travel Rule emerged in the United States as a direct response to money laundering. Initially, it targeted traditional financial institutions mandated to comply with the Bank Secrecy Act (BSA). While the primary version of this rule applied to financial institutions only, in 2019, the FATF broadened the scope of its recommendations and included virtual asset service providers. 

The Financial Crimes Enforcement Network (FinCEN) described the “original” Travel Rule in one of its publications from 1996 as a requirement for financial institutions to “pass on certain information to the next financial institution, in certain funds transmittals involving more than one financial institution.”

The Travel Rule is designed to help companies combat money laundering and terrorism financing (ML/TF) by requiring them to obtain and exchange verified information about the sender and recipient of the transaction. The goal is to ensure that the exchanged information is secured and doesn’t leak and that the obliged entity verifies and confirms that the recipient counterparty VASP is correct.

The Travel rule is applicable to VASPs whenever their transactions involve fiat currency or virtual assets (VAs). Examples include traditional wire transfers, VA transfers between two VASPs, transfers between a VASP and other obligated entities like banks and other financial institutions, or transfers between a VASP and an unhosted wallet (except that VASPs aren’t obligated to provide mandatory information to non-obligated individuals, and in this case, it’s the unhosted wallet owners). 

Typically, VASPs share their customers’ data and rely on their counterparts to conduct Know Your Customer (KYC) checks. That means the originator VASP must ensure their counterparts’ identity verification processes are reliable and compliant. However, the FATF suggests conducting due diligence on other VASPs and counterparts, similarly to how banks conduct Know Your Business (KYB) checks on their partners to establish trusted relationships. 

Even after conducting thorough due diligence on a VASP, the FATF advises maintaining ongoing due diligence and preparing ongoing AML screening and monitoring processes for approving or denying transactions.

The FATF considers business entities classified as VASPs under crypto regulations if they:

• Facilitate the exchange of virtual assets and fiat currencies
• Facilitate the exchange of one or more forms of virtual assets
• Transfer virtual assets 
• Provide safekeeping or administrative services for virtual assets or instruments, enabling control over virtual assets
• Participate in or provide financial services related to the issuer’s offer or sale of virtual assets.

Peer-to-peer (P2P) platforms and decentralized services (DeFi) are considered VASPs as well under some circumstances, which requires them to comply with the Travel Rule.