FATF Travel Rule: Crypto Compliance in 2026

What is the Crypto Travel Rule?

The Travel Rule refers to the application of Financial Action Task Force (FATF) Recommendation 16 to virtual asset (VA) transfers. While Recommendation 16 also applies to traditional wire transfers, the term “Travel Rule” is used in the context of VA transfers. 

Often referred to as the crypto Travel Rule, this requirement sets standards for transparency in cross-border financial transfers to detect crimes.

Under this Travel Rule framework for VAs like cryptocurrencies, Virtual Asset Service Providers (VASPs) must collect and verify information about the originator and beneficiary of a transaction, and share it with counterparties. This information must “travel” with the transfer to increase transparency and traceability.

Originally developed for wire transfers in the traditional finance sector and fiat currency, FATF Recommendation 16 has been incorporated into the national legislation of many jurisdictions and extended to cover VAs. As a result, the Travel Rule requires VASPs worldwide to implement systems that enable the secure exchange of required sender and recipient data in transactions to adapt to the evolving financial crime landscape.

Who needs the Travel Rule?

Crypto Travel Rule obligations apply to VASPs where they have been implemented through the national legislation of the jurisdiction in which they operate. 

An entity is generally considered a VASP if it provides any of the following activities:

• Exchange between virtual assets and fiat currencies
• Exchange between one or more forms of virtual assets
• Transfer of virtual assets on behalf of customers
• Safekeeping or administration of virtual assets, or instruments that enable control over them
• Participation in, or provision of financial services related to, an issuer’s offer or sale of a virtual asset

💡Even if an entity qualifies as a VASP, this doesn't necessarily mean that the Travel Rule applies to it (for example, in relation to participation in, or provision of financial services related to, an issuer’s offer or sale of a virtual asset).

The activity determines whether a business is subject to VASP compliance obligations, such as due diligence under the FATF Travel Rule, as introduced into local crypto compliance requirements.

The Travel Rule applies to businesses in situations such as:

• Transfers involving unhosted (self-custodial) wallets, where a VASP must collect required originator and beneficiary information from its customer; however, no Travel Rule information is transmitted to the unhosted wallet itself, as there is no counterparty
• Transfers where both parties in the transaction chain qualify as VASPs under applicable legislation (including cases where traditional financial institutions act as VASPs by providing VA services)

Jurisdictions list

FATF Travel Rule requirements

🌍 Cross-border transfers

🔹 Transfers < $/€1,000

Originator:

• Name
• Account number, or if none, a unique reference number

Beneficiary:

• Name
• Account number, or if none, a unique reference number

What’s changed:

• No change in data scope

🔹 Transfers ≥ $/€1,000

Originator:

• Name
• Account number, or if none, a unique reference number
• Address (or country and town name, or nearest alternative)
• For individuals: Date of birth
• For legal entities:
  • Business Identifier Code (BIC), or
  • Legal Entity Identifier (LEI), or
  • Unique official identifier

Beneficiary:

• Name
• Account number, or if none, a unique reference number
• Country and town name (or nearest alternative)
• For legal entities:
  • BIC, or
  • LEI, or
  • Unique official identifier

What’s changed:

• Beneficiary address (country/town) is now required
• Originator data is stricter:
  • Previously: address, ID, or place/date of birth
  • Now: date of birth is mandatory
• Legal entity data clarified:
  • BIC, LEI, or official identifier required for both parties

🏠 Domestic transfers

🔹 Transfers < $/€1,000

Originator:

• Name
• Account number, or if none, a unique reference number

Beneficiary:

• Not required

What’s changed:

• Previously unclear; now clarified

🔹 Transfers ≥ $/€1,000

Originator:

• Name
• Account number, or if none, a unique reference number
• Address (or country and town name, or nearest alternative)
• For individuals: Date of birth
• For legal entities:
  • BIC, or
  • LEI, or
  • Unique official identifier

Beneficiary:

• Not required

What’s changed:

• No major changes, except updated data requirements as above

Notes:

• Countries may set a de minimis threshold
• Requirements apply unless the information is already accessible to authorities or beneficiary institutions through other means

What are Travel Rule thresholds?

In practice, there isn’t just one type of threshold for when the Travel Rule takes effect. Some thresholds act as “de minimis” thresholds, which set a level below which certain Travel Rule obligations may not apply, or may apply in a limited way depending on the jurisdiction.

Some thresholds also determine how much data needs to be collected and shared. In these cases, obligations apply at all transaction values, but the amount of required information increases once a transaction exceeds a certain level.

Additional thresholds may also exist. For example, some jurisdictions set thresholds for when extra checks are required, such as verifying originator and beneficiary information, applying counterparty due diligence, or verifying unhosted (self-custodial) wallets. These requirements may depend on transaction value or apply regardless of it, depending on local regulations.

The FATF’s Travel Rule de minimis threshold recommendation is USD/EUR 1,000 for VA transfers. Above this amount, it advises that identifying information must be collected and shared between obliged entities.

However, as our jurisdictions list shows, implementation is not uniform. Individual jurisdictions determine their own limits, meaning the applicable Travel Rule de minimis threshold can vary significantly. Some countries follow the FATF’s recommended standard of USD/EUR 1,000, others set different thresholds, and some require reporting regardless of transaction value.

For example, in the United States, the Bank Secrecy Act applies a USD 3,000 de minimis threshold to certain financial institution transfers under the BSA Travel Rule framework. This exceeds the FATF recommendation and shows how national rules may diverge from global guidance.

Businesses must carefully assess local regulatory requirements. Depending on the jurisdiction, information may only need to be shared above a defined limit, different data requirements may apply below the threshold, or all qualifying transactions may be subject to reporting and recordkeeping obligations.

Suggested read: Ask Sumsubers: Does the Travel Rule apply to decentralized platforms, gambling platforms, or on/off-ramp platforms?

What is a Travel Rule data transfer?

When relevant in a transaction, required originator and beneficiary information must be transmitted between the obliged entities in a Travel Rule data transfer. Under the FATF Travel Rule framework, this data must “travel” alongside a VA or fiat transfer so that the movement of assets remains transparent and traceable.

This information typically includes identifying details such as names, wallet or account numbers, and, depending on the applicable threshold, personal data, including address information, as required under local regulations.

VASPs need to make sure the data is accurate. Failed transmissions, missing data fields, or insecure channels can risk regulatory exposure and delay transaction processing.

Travel Rule implementation challenges

Travel Rule implementation can be complex due to both regulatory and technical factors, particularly given that FATF Recommendations are highly influential but not legally binding. This means jurisdictions can choose how or whether to implement them, leading to fragmented adoption and inconsistent regulatory frameworks. 

Jurisdictional differences in thresholds, privacy laws, and verification standards can create uncertainty for VASPs operating in global markets, leading to a misalignment from staggered global enforcement known as the “sunrise issue.” Evolving regulatory expectations and an increasing number of jurisdictions introducing divergent approaches to the Travel Rule can also further complicate compliance.

Entities need to align compliance with processes that satisfy regulatory standards without disrupting user experience. Ensuring data accuracy, preventing transmission failures, and maintaining audit-ready documentation are also ongoing challenges.

Suggested read: Regulatory Fragmentation: The Hidden Cost of Compliance in Digital Assets

Relevance of technology solutions

Effective Travel Rule solutions are key to reducing compliance stress while ensuring accurate, up-to-date processes with minimal user frustration. Automated data collection, sanctions screening, monitoring, and secure information transmission infrastructure help VASPs meet their regulatory expectations efficiently.

Travel Rule infrastructure typically operates across multiple layers, including messaging protocols for data exchange and transaction monitoring systems. However, to ensure end-to-end compliance, VASPs need orchestration layers that unify processes within a single workflow.

Modern compliance platforms also help with audit trails and reporting, making it easier to demonstrate compliance during reviews. Ineffective workflows, meanwhile, can increase operational risk.

Suggested read: Same Rule, Same Problems: Will FATF's New Travel Rule Fix the Divide?

Cross-system interoperability

A significant challenge in Travel Rule implementation is interoperability between Travel Rule protocols. Supporting multiple protocols helps reduce failed transfers and compliance gaps, making it key for smooth cross-border transactions and global regulatory alignment.

Counterparty identification requirements

Accurately identifying counterparties is another significant Travel Rule compliance challenge.

Suggested read: Seven Travel Rule Blind Spots Putting VASPs in the Danger Zone

Regional differences in FATF Travel Rule implementation

Although the Financial Action Task Force Travel Rule has been in place for years, its implementation remains fragmented across jurisdictions. Requirements vary significantly between major markets. The European Union applies a comprehensive framework under the Transfer of Funds Regulation (TFR) with no general transaction threshold, while the United States implements the rule under the Bank Secrecy Act with a USD 3,000 threshold. The UK and many Asia-Pacific jurisdictions take a more risk-based approach, particularly for transfers involving self-hosted wallets.

Additional complexity arises in regions such as the UAE, where obligations differ across emirates and financial zones. As a result, global VASPs must manage compliance on a jurisdiction-by-jurisdiction basis, using adaptable systems to handle varying thresholds, data requirements, and supervisory expectations.

Challenges for market participants

These differences create operational challenges for VASPs, including managing inconsistent thresholds, varying data requirements, and differing expectations for enhanced due diligence. As a result, firms must implement flexible compliance systems capable of adapting to multiple regulatory regimes without disrupting transaction flows or increasing friction for users.

Suggested reads: 
Travel Rule at the Turning Point: Latin America’s Crypto Boom Meets Mandatory Compliance
Crypto Compliance in West Africa: Challenges, Gaps, and the Road to Travel Rule Readiness

FATF Travel Rule checklist for VASPs: Interoperability, data sharing, and compliance

The following checklist is based on guiding questions developed in FATF discussions to support the implementation and interoperability of Travel Rule solutions. It is not exhaustive but highlights key considerations for Virtual Asset Service Providers (VASPs).

🔗 Interoperability with other Travel Rule solutions

• ☐ Is the tool or solution interoperable with other Travel Rule tools?
• ☐ What type of interoperability is built into the solution?
• ☐ Has interoperability testing been conducted (e.g., pilot, functional, stress, or live data testing)?
• ☐ What was the scope of testing (e.g., data types, participating VASPs)?
• ☐ Are there plans for future interoperability testing or expansion?

⏱️ Timing and scope of Travel Rule data submission

• ☐ Can the solution support Travel Rule data submission for transfers below USD/EUR 1,000 to meet varying jurisdictional thresholds?
• ☐ Does the solution cover all relevant virtual asset (VA) types?
• ☐ Can it securely handle high volumes of transactions across multiple jurisdictions?
• ☐ Does it allow flexibility in data sharing (e.g., restricting data transmission to certain jurisdictions due to sanctions or risk concerns)?

📊 Recordkeeping and Transaction Monitoring

• ☐ Does the solution support compliant recordkeeping (e.g., retaining data for at least 5 years)?
• ☐ Can VASPs easily access and download stored data when required?
• ☐ Does the tool facilitate effective transaction monitoring and auditability?

Source: FATF Targeted Update on Implementation of the FATF Standards on Virtual Assets and Virtual Asset Service Providers

FATF Travel Rule FAQ

• What are the implications of the Travel Rule for crypto users?

  The crypto Travel Rule is a regulatory obligation for VASPs, not their users. Users may be required to provide additional information about the other party to the transfer and, where required, take specific actions, such as verifying an unhosted wallet.

• How does compliance with the Travel Rule affect cryptocurrency exchanges?

  Travel Rule compliance requires implementing systems to collect, verify, transmit, and securely store the required originator and beneficiary data. This may involve upgrading AML controls, integrating secure messaging solutions, and enhancing transaction monitoring processes.

• Is there a standard for Travel Rule data transfers?

  There is no single global standard for Travel Rule data sharing, but industry frameworks and technical solutions have emerged to facilitate interoperability. VASPs may use compatible systems or a shared Travel Rule messaging protocol to securely exchange required information. However, VASPs must also handle data collection, verification, screening, and monitoring. Platforms like Sumsub address this through a unified orchestration layer, enabling end-to-end Travel Rule and crypto compliance within a single system.

• What is the difference between the FATF Travel Rule and the BSA Travel Rule?

  The FATF Travel Rule is an international standard based on FATF Recommendation 16, which sets global expectations for sharing originator and beneficiary information in financial transactions. The BSA Travel Rule, on the other hand, is the United States’ implementation of these requirements under the Bank Secrecy Act.
  
  While both aim to increase transparency and combat financial crime, the FATF framework provides high-level guidance for countries, whereas the BSA Travel Rule defines specific legal obligations for institutions operating in the US.