← Back to guides

Travel Rule Implementation

2026-04-06 · Web3 Compliance AI

What Is the Travel Rule?

FATF Recommendation 16 — commonly called the Travel Rule — requires Virtual Asset Service Providers to exchange originator and beneficiary information when transferring virtual assets. Originally designed for wire transfers in traditional finance, it was extended to crypto in 2019 as part of the FATF's updated guidance.

What Information Must Be Shared?

For the originator: full name, account number (wallet address), and either physical address, national identity number, customer identification number, or date and place of birth. For the beneficiary: full name and account number. Some jurisdictions require additional fields — always check local implementation.

Threshold Considerations

The FATF recommends applying the Travel Rule to transfers of USD/EUR 1,000 or more. However, jurisdictions vary: the US applies it at $3,000, the EU under MiCA's Transfer of Funds Regulation applies it to all transfers (no threshold for crypto), Singapore applies it at SGD 1,500, and Switzerland at CHF 1,000. When operating across jurisdictions, apply the strictest applicable threshold.

Technical Implementation Options

Protocol-Based Solutions

  • TRISA (Travel Rule Information Sharing Architecture) — Open-source, decentralized protocol using mTLS certificates for VASP identity verification. Operated by the TRISA Directory Service.
  • OpenVASP — Open protocol using decentralized identifiers and encrypted messaging for VASP-to-VASP communication.
  • TRP (Travel Rule Protocol) — Developed by a consortium including Notabene; uses an API-based approach with broad industry adoption.

Commercial Providers

Several vendors offer Travel Rule compliance as a service: Notabene, Chainalysis (via Comply), Sygna Bridge, and CoolBitX. These handle counterparty discovery, information exchange, and record-keeping. Evaluate based on network coverage (how many counterparty VASPs they connect to), supported jurisdictions, and integration complexity.

Implementation Steps

  1. Map your obligations — Identify which jurisdictions' Travel Rule requirements apply to your operations and the applicable thresholds.
  2. Choose a solution — Select a protocol or vendor. Network effect matters — choose a solution where your most common counterparties are already connected.
  3. Integrate technically — Build the Travel Rule data exchange into your transaction workflow. This typically means collecting required originator data at withdrawal time and validating beneficiary data at deposit time.
  4. Counterparty VASP verification — You must verify that the receiving VASP is legitimate before sharing customer data. Use directory services, regulatory registries, or your provider's verification tools.
  5. Handle unhosted wallets — Transfers to/from unhosted (self-custodied) wallets are a special case. Some jurisdictions require wallet ownership verification above certain thresholds. Implement proof-of-ownership procedures where required.
  6. Record-keeping — Store all Travel Rule data exchanges for at least five years. Maintain audit trails of successful and failed exchanges.

Sunrise Issue

Not all jurisdictions have implemented the Travel Rule at the same pace. You may encounter counterparty VASPs in jurisdictions without Travel Rule requirements. Develop a risk-based approach: attempt the information exchange, document failures, and apply enhanced monitoring to transfers where Travel Rule data cannot be obtained.