FATF Travel Rule Compliance for Virtual Asset Providers
FATF Recommendation 16 requires all Virtual Asset Service Providers to transmit originator and beneficiary data on transactions above $1,000 / €1,000. By 2026, enforcement is active in 30+ jurisdictions. Here is what your business needs to build for compliance.
What the Travel Rule Requires
FATF Recommendation 16 was originally written for banks: when a wire transfer above a threshold is sent, customer identification data must "travel" with the transaction to the receiving institution. FATF extended this obligation to VASPs in 2019.
For crypto, this means: when you send a transaction on behalf of a customer to another VASP, you must transmit the originator's name, wallet address, and identifying information to the receiving VASP before or simultaneously with the transaction. The receiving VASP must confirm they can receive this data.
The practical challenge: blockchain transactions are pseudonymous. The Travel Rule creates an obligation to overlay real-world identity data on top of on-chain transactions — requiring a separate data-sharing infrastructure between VASPs.
The Three Technical Approaches
TRISA (Travel Rule Information Sharing Architecture)
Open-source protocol using mTLS certificates and gRPC for direct VASP-to-VASP communication. PKI-based — VASPs register their certificates in a directory. Well-supported by major exchanges.
Travel Rule Protocol (TRP)
HTTP-based REST protocol from BitGo. Simpler to implement than TRISA. Uses a VASP directory to discover counterparty endpoints. Lower adoption than TRISA.
Third-party solutions (Notabene, Sygna, VerifyVASP)
Hosted services that handle the Travel Rule messaging layer for you. Faster to deploy, no infrastructure to manage. Suitable for smaller VASPs that can't run their own TRISA node.
Required Data Fields
Originator (sender)
- Full legal name
- Account number (wallet address)
- Physical address
- OR: national ID number
- OR: date and place of birth
Beneficiary (receiver)
- Full legal name
- Account number (wallet address)
- Additional info for high-risk transactions
Travel Rule Enforcement by Jurisdiction
| Jurisdiction | Threshold | Status | Regulator |
|---|---|---|---|
| United States | $3,000 (wire), $1,000 (crypto) | Enforced | FinCEN |
| European Union | €1,000 | Enforced (MiCA 2024) | EBA |
| United Kingdom | £1,000 | Enforced | FCA |
| Singapore | SGD 1,500 | Enforced | MAS |
| Japan | ¥100,000 (~$650) | Enforced | FSA |
| Canada | CAD 1,000 | Enforced | FINTRAC |
| Switzerland | CHF 1,000 | Enforced | FINMA |
| South Korea | $1,000 | Enforced | FSC/FIU |
| UAE | AED 3,500 | Enforced (VARA) | VARA/CBUAE |
| Australia | AUD 1,000 | In implementation | AUSTRAC |
AML Screening and the Travel Rule
Travel Rule compliance requires knowing whether the counterparty wallet belongs to a regulated VASP. Before you can route a Travel Rule data packet, you need to identify the VASP operating the destination wallet. This is where AML screening tools like CryptoAML connect to Travel Rule workflows.
If the destination wallet is an unhosted wallet (not affiliated with any known VASP), different rules apply. Most jurisdictions require enhanced due diligence for transactions to unhosted wallets above the threshold.
@scorechain_amlbot and @ScorechainAML_bot flag whether a wallet is associated with known VASPs, darknet markets, mixers, or sanctioned entities — information that feeds directly into your Travel Rule decision tree.
Check Wallet Risk
Identify VASP affiliation, sanctions exposure, and risk profile before routing Travel Rule data.
Try @scorechain_amlbotAPI DocumentationFATF Key Numbers
Travel Rule: FAQ
What is the FATF Travel Rule?
FATF Recommendation 16 requires Virtual Asset Service Providers to collect and transmit originator and beneficiary information when transferring virtual assets above a threshold (typically $1,000 / €1,000). The rule mirrors the existing wire transfer rule for banks (the 'Travel Rule' name comes from the information 'travelling' with the transaction).
Who must comply with the Travel Rule?
Any entity classified as a VASP (Virtual Asset Service Provider) that transfers virtual assets on behalf of customers. This includes centralized exchanges, OTC desks, custodial wallet providers, and payment processors. Non-custodial wallets are generally exempt in most jurisdictions, but this is an active regulatory debate in 2026.
What information must travel with the transaction?
For the originator: full legal name, account number (wallet address), and one of: physical address, national identity number, date and place of birth. For the beneficiary: full legal name and account number (wallet address). Some jurisdictions require additional fields for higher-risk transactions.
What happens for transactions below the threshold?
Below $1,000 / €1,000, full Travel Rule data transmission is not required in most jurisdictions. However, you must still collect and store the information — you just don't need to transmit it in real time. Some jurisdictions (EU MiCA) have removed the threshold entirely and require Travel Rule data on all transactions.
How does the 'sunrise problem' affect Travel Rule compliance?
The sunrise problem occurs when your jurisdiction enforces the Travel Rule but your counterparty VASP's jurisdiction does not yet require it. If the receiving VASP cannot accept structured Travel Rule data, you face a compliance gap. Best practice: send via a Travel Rule protocol (TRISA, TRP, OpenVASP) and document that the receiving VASP lacks capacity.
Does @scorechain_amlbot help with Travel Rule compliance?
Directly for wallet risk screening — yes. @scorechain_amlbot and the CryptoAML API identify whether a counterparty wallet belongs to a known VASP, which is a prerequisite for Travel Rule routing decisions. For the data transmission layer itself, Travel Rule-specific solutions (TRISA, Notabene, Sygna) handle the messaging protocol. CryptoAML covers the AML risk screening component.