The Travel Rule extends FATF Recommendation 16 — originally written for wire transfers — to crypto. Virtual asset service providers (VASPs) must transmit sender and receiver identity data whenever value moves between institutions.
Who it covers
Any entity classified as a VASP: centralized exchanges, custodial wallets, OTC desks, regulated stablecoin issuers. Self-custody wallets themselves are outside scope; VASPs interacting with them are not.
Thresholds by jurisdiction
| Jurisdiction | Rule | Threshold |
|---|---|---|
| US | FinCEN BSA (31 CFR 1010.410) | USD 3,000 (proposed USD 250 for crypto, pending) |
| EU | Transfer of Funds Regulation (TFR) | None between CASPs; EUR 1,000 for unhosted-wallet verification |
| Singapore | MAS PS-N02 | SGD 1,500 |
| Hong Kong | SFC VASP regime (AMLO Sch. 2) | HKD 8,000 |
Data that must travel
- Originator: name, account or wallet identifier, plus one of — physical address, date and place of birth, customer ID, or national ID number.
- Beneficiary: name and account or wallet identifier.
How it's implemented
VASPs exchange payloads off-chain via interoperability protocols: IVMS 101 (standardized data schema), TRP, TRISA, Sygna Bridge, Notabene. The data travels alongside the transaction, not on-chain.
Why it matters
It's why exchanges ask for recipient identity on large withdrawals, why some CEXs restrict unhosted-wallet withdrawals per region, and why unverified accounts face stricter transfer caps.