Crypto Travel Rule: FATF Requirements Explained
Example H2
Due Team
Compliance
8 min read
Published: Jan 28, 2026
Updated: Jan 28, 2026

Crypto Travel Rule: FATF Compliance for Cross-Border Payments

Key takeaways
  1. The Travel Rule requires VASPs to collect and transmit originator and beneficiary information on crypto transfers, similar to requirements for traditional wire transfers
  2. 73% of jurisdictions have now passed Travel Rule legislation, up from 65 in 2024, but enforcement varies significantly by region
  3. The EU's Transfer of Funds Regulation took effect December 30, 2024, with zero threshold for crypto transfers
  4. Stablecoin transfers are explicitly included, with FATF noting increased use of stablecoins in both legitimate commerce and illicit activity

The crypto travel rule is now enforced across major financial centers, and the compliance window has closed. As of December 2024, the EU requires full originator and beneficiary information on every crypto transfer, regardless of amount. The US, UK, Singapore, and Japan all have active enforcement regimes. For VASPs and fintechs building cross-border payment infrastructure, Travel Rule compliance is no longer optional.

This guide explains what the Travel Rule requires, how implementation varies by jurisdiction, and what it means for businesses handling stablecoin and crypto payments.

What is the crypto travel rule?

The Travel Rule requires Virtual Asset Service Providers (VASPs) to collect, transmit, and store information about the sender (originator) and recipient (beneficiary) of crypto transfers. This information must "travel" with the transaction, enabling regulators to trace funds and detect illicit activity.

The Financial Action Task Force (FATF) extended existing wire transfer requirements to cover virtual assets in June 2019 through Recommendation 16. The core logic mirrors traditional banking: when money moves between institutions, identifying information about both parties should accompany it.

For a transfer between two VASPs, the originating VASP must collect and transmit:

  1. Originator's name
  2. Originator's account number (wallet address)
  3. Originator's physical address, national identity number, or date and place of birth
  4. Beneficiary's name
  5. Beneficiary's account number (wallet address)

The beneficiary VASP must verify this information before making funds available to the recipient.

Why the travel rule matters for cross-border payments

Cross-border crypto payments present unique AML challenges. Transactions settle in minutes across any border, often without the correspondent banking relationships that traditionally enabled compliance checks.

FATF's June 2025 update highlighted the stakes: the DPRK executed the largest single virtual asset theft in history ($1.46 billion from ByBit), with only 3.8% of stolen funds recovered. The same report noted approximately $51 billion in illicit on-chain activity related to fraud and scams in 2024.

For legitimate payment businesses, these statistics drive regulatory pressure. The Travel Rule creates an auditable trail that helps distinguish compliant operators from those facilitating illicit flows. Without it, regulators have limited visibility into who is sending and receiving funds across borders.

Regional implementation and thresholds

FATF sets the framework, but individual jurisdictions implement their own rules. This creates a patchwork of requirements that cross-border payment providers must navigate.

Jurisdiction Threshold Effective date Key details
EU (TFR) €0 (all transfers) December 30, 2024 Zero threshold for crypto; €1,000 for unhosted wallet verification
US (FinCEN) $3,000 1996 (extended to crypto 2019) $250 threshold proposed for international crypto transfers
UK (FCA) £0 (all transfers) September 1, 2023 Applies to all cryptoasset transfers
Singapore (MAS) SGD 1,500 Active Digital Payment Token service providers
Japan (JVCEA) ¥0 (all transfers) 2022 No minimum threshold

EU Transfer of Funds Regulation

The EU's approach is the most comprehensive. The Transfer of Funds Regulation (TFR), effective December 30, 2024, requires full Travel Rule compliance on every crypto transfer between Crypto Asset Service Providers (CASPs), regardless of amount.

For transfers to or from self-hosted wallets (non-custodial), CASPs must still collect originator and beneficiary information. Above €1,000, additional verification of wallet ownership may be required based on risk assessment.

The European Banking Authority published final Travel Rule Guidelines in July 2024, specifying how CASPs should detect missing information, manage non-compliant transfers, and handle technical limitations in data transmission.

United States

The US Travel Rule originated in the Bank Secrecy Act with a $3,000 threshold for wire transfers. FinCEN clarified in 2019 that this applies to convertible virtual currency transactions.

FinCEN has proposed lowering the threshold to $250 for international crypto transfers and implementing currency transaction reports above $10,000, though these proposals remain under consideration.

The sunrise problem

A persistent challenge is uneven global adoption. When a VASP in a compliant jurisdiction transacts with a counterparty in a jurisdiction without Travel Rule requirements, full compliance becomes difficult.

FATF's 2025 survey found that 73% of responding jurisdictions have passed Travel Rule legislation (85 of 117), up from 65 jurisdictions in 2024. However, even among jurisdictions with legislation, supervision and enforcement remain inconsistent.

For cross-border payment providers, this means building processes that can handle varying counterparty capabilities while documenting compliance efforts.

Travel rule requirements for stablecoins

Stablecoins are explicitly covered by the Travel Rule. FATF treats stablecoin transfers as virtual asset transfers, meaning the same originator and beneficiary information requirements apply.

This matters because stablecoin usage has grown significantly in cross-border payments. FATF's 2025 report noted that stablecoin use by illicit actors has continued to increase, and most on-chain illicit activity now involves stablecoins.

For payment infrastructure providers, this means:

  1. Stablecoin transfers between VASPs require full Travel Rule compliance
  2. Issuers and administrators of stablecoins may qualify as VASPs depending on their activities
  3. On-ramp and off-ramp services handling stablecoin conversions are covered

The regulatory treatment of stablecoins is also evolving through separate frameworks. In the US, the GENIUS Act provides regulatory clarity for stablecoin issuers. In the EU, MiCA establishes licensing requirements that work alongside the Travel Rule.

Transfers to unhosted wallets

Transfers to self-hosted (unhosted) wallets present a compliance challenge. There's no counterparty VASP to receive the transmitted information.

Under FATF guidance and most jurisdictional implementations, VASPs must still collect the required information even when sending to an unhosted wallet. The key differences:

  • No counterparty to transmit data to (so the VASP retains the information)
  • Risk-based verification of wallet ownership may be required above certain thresholds
  • Enhanced due diligence for higher-risk transfers

The EU's TFR specifically addresses this: for transfers above €1,000 involving unhosted wallets, CASPs must take measures to verify whether the self-hosted address is owned or controlled by their customer.

Compliance infrastructure for VASPs

Meeting Travel Rule requirements requires both operational processes and technical infrastructure.

Data collection and transmission

VASPs need systems to collect required information at the point of transaction initiation, validate completeness before processing, and transmit data securely to counterparty VASPs.

Several industry protocols have emerged to facilitate this data exchange:

  • TRUST (Travel Rule Universal Solution Technology): Backed by major exchanges including Coinbase
  • TRISA (Travel Rule Information Sharing Architecture): Open-source protocol focused on interoperability
  • OpenVASP: Decentralized messaging protocol for VASP-to-VASP communication

These protocols address the practical challenge that FATF doesn't mandate a specific technology for data sharing.

Counterparty verification

Before transmitting customer data to another VASP, the originating institution should verify the counterparty is a legitimate, regulated entity. This typically involves checking licensing status in the counterparty's jurisdiction and confirming identity through industry directories or direct verification.

Record keeping

All Travel Rule data must be retained for the period specified by local regulations, typically 5 years. Records should be available for regulatory examination and support transaction reconstruction if needed for investigations.

Build compliant payment infrastructure with Due

For fintechs building stablecoin or crypto payment capabilities, Travel Rule compliance is a foundational requirement. The operational burden is significant, but it's also a competitive differentiator: customers increasingly need partners who can support compliant cross-border flows.

Key considerations include:

  • Jurisdiction mapping: Understanding which rules apply based on where your customers and their counterparties are located
  • Threshold management: Implementing logic that applies the correct requirements based on transaction size and corridor
  • Counterparty due diligence: Verifying that receiving institutions are properly licensed and can handle Travel Rule data
  • Documentation: Maintaining records that demonstrate compliance efforts, especially for transactions with counterparties in non-compliant jurisdictions

Due's payment infrastructure includes built-in KYC/AML compliance and transaction monitoring across 80+ countries. For VASPs and fintechs navigating Travel Rule requirements, this means compliance infrastructure that scales with cross-border payment volume rather than requiring custom builds for each jurisdiction.

References

https://www.fatf-gafi.org/en/publications/Fatfrecommendations/targeted-update-virtual-assets-vasps-2025.html

https://www.fatf-gafi.org/content/dam/fatf-gafi/recommendations/Best-Practices-Travel-Rule-Supervision.pdf

https://www.eba.europa.eu/activities/single-rulebook/regulatory-activities/anti-money-laundering-and-countering-financing-terrorism/guidelines-information-requirements-relation-transfers-funds-and-certain-crypto-assets-transfers

https://eur-lex.europa.eu/eli/reg/2023/1113/oj/eng

https://www.elliptic.co/blockchain-basics/what-is-the-travel-rule

Share
Download Due & Move Money Without Borders

Blog & News

Read more
Company News
March 5, 2026
Due adds Solana to its stablecoin payment network
Company News
February 27, 2026
InstaPay and PesoNet: How to Transfer Money to and within the Philippines
International Money Transfers
January 30, 2026
ACH vs SWIFT: When to Use Each Payment Rail
Read more

Leave Old Finance Behind

Explore apiagenda una demo