What is the Travel Rule in crypto?
The Travel Rule is a requirement that Virtual Asset Service Providers (VASPs) — exchanges, custodians, and other regulated crypto businesses — must collect and transmit identifying information about the parties to a crypto transfer when the value exceeds a specified threshold. The term comes from the 1996 US Bank Secrecy Act rule for wire transfers, which required banks to "travel" customer information alongside fund transfers. The Financial Action Task Force (FATF) extended this concept to virtual assets in its 2019 Guidance, and it has since been implemented in law across the US, EU, UK, Singapore, Switzerland, Japan, and many other jurisdictions.
Why the Travel Rule was created
Money launderers exploit information gaps. When a wire transfer carries no originator information, tracing illicit funds becomes an investigative challenge. The original Travel Rule for banks ensured that a criminal could not cleanly layer funds through multiple banks without leaving a paper trail. The FATF recognised that crypto transfers without similar controls create the same layering opportunity — and that the pseudonymous nature of blockchain addresses makes the information gap even wider.
The Travel Rule does not mean regulators can see all your transactions in real time. It means that when you send crypto from one regulated exchange to another, both parties must collect and retain originator and beneficiary data, and share it on request from law enforcement.
What information must travel with a crypto transfer?
- Originator (sender) — Full legal name, account number (or wallet address at the originating VASP), and either physical address, national identity number, date and place of birth, or customer identification number.
- Beneficiary (receiver) — Full legal name and account number (or wallet address at the receiving VASP).
In practice, because crypto wallet addresses are pseudonymous, VASPs use specialised Travel Rule messaging protocols (Sygna Bridge, Notabene, OpenVASP, TRP, Shyft) to securely exchange this information between each other before the on-chain transfer is released.
What thresholds trigger the Travel Rule?
- FATF recommendation: transfers of $1,000 / €1,000 or above.
- United States: $3,000 (the existing bank wire threshold; crypto-specific rulemaking in progress).
- European Union (TFR): €0 — the EU's Transfer of Funds Regulation applies to all crypto transfers with no minimum from December 2024.
- United Kingdom: £1,000.
- Singapore: SGD 1,500 (approx. $1,100).
- Switzerland: CHF 1,000.
- Japan: JPY 100,000 (approx. $650).
The EU's decision to set the threshold at zero — meaning every single crypto transfer from one VASP to another requires Travel Rule compliance regardless of amount — is the strictest implementation globally and is pushing European exchanges to invest heavily in Travel Rule infrastructure.
How does the Travel Rule work in practice?
When you initiate a withdrawal from Exchange A to Exchange B, Exchange A's Travel Rule system first queries Exchange B to confirm that the destination address belongs to a VASP it can share data with. If Exchange B is a registered VASP, Exchange A transmits the originator information securely to Exchange B before releasing the transaction. Exchange B then performs its own AML checks on the incoming transfer and the originator information.
The challenge arises when the destination address is unhosted — a wallet you control directly (MetaMask, Ledger, Trust Wallet). In that case, the VASP may require you to self-certify that you own the address (wallet ownership verification) or apply enhanced due diligence to the transfer, particularly if it exceeds the local unhosted wallet threshold.
Unhosted wallets and the Travel Rule
Unhosted (or self-hosted) wallets are addresses controlled directly by users, not by a VASP. The Travel Rule technically applies to VASP-to-VASP transfers, but regulators are increasingly extending scrutiny to VASP-to-unhosted-wallet transfers. The EU's TFR requires VASPs to collect originator/beneficiary information for all transfers to unhosted wallets above €1,000, and to apply enhanced due diligence for transfers above €3,500.
To prove ownership of an unhosted wallet, exchanges typically ask you to sign a message with the wallet's private key (a cryptographic proof of ownership) or to send a micro-deposit from the wallet. This is sometimes called the "sunrise problem" — users who are not technically sophisticated find the verification process confusing or off-putting.
Travel Rule compliance protocols: how VASPs talk to each other
- Notabene — A SaaS platform that connects over 350 VASPs globally for Travel Rule data exchange. Supports TRISA, TRUST, and other protocols.
- Sygna Bridge — Built by CoolBitX, widely used in Asia. Supports both TRISA and Sygna's own protocol.
- OpenVASP — An open-source, decentralised protocol backed by Bitcoin Suisse and others. No central operator.
- TRP (Travel Rule Protocol) — Developed by a consortium of major exchanges including Coinbase and Bitstamp. Uses HTTPS-based messaging with signed JWTs.
- TRISA (Travel Rule Information Sharing Architecture) — An open source, PKI-based protocol maintained by CipherTrace / Mastercard.
Interoperability between these protocols is a known pain point: if Exchange A uses Notabene and Exchange B uses TRP, they need a gateway solution. Industry coalitions are working on bridging standards, but full interoperability is not yet achieved in 2026.
What the Travel Rule means for everyday crypto users
For most users, the Travel Rule is invisible — it happens in the background between exchanges. The moments when you notice it:
- Withdrawals to new wallet addresses may be delayed by a few minutes while the Travel Rule check runs.
- Large withdrawals to unhosted wallets may prompt a wallet ownership verification request.
- Sending to exchanges in jurisdictions that have not implemented the Travel Rule may be flagged or delayed.
- Receiving funds from non-compliant VASPs may trigger enhanced due diligence on your account.
If you hold USDT or USDC, it is worth understanding how stablecoin transfers interact with Travel Rule requirements. See our Tether (USDT) market page and USD Coin (USDC) market page for context on stablecoin regulation.
Travel Rule enforcement actions and lessons
In 2023, FinCEN and OFAC jointly penalised Bittrex $53 million partly for Travel Rule failures — specifically for processing transfers without collecting required originator information. The FCA issued guidance in 2023 that UK VASPs must be Travel Rule compliant by September 2023, and has flagged non-compliance in subsequent supervision. These enforcement actions demonstrate that Travel Rule is not a paper exercise: regulators are actively auditing compliance.
The future of the Travel Rule: challenges ahead
- Protocol interoperability — the industry needs a universal standard that all VASPs can connect to.
- Privacy — transmitting personal data between VASPs across borders raises GDPR and equivalent data protection concerns.
- Unhosted wallet scaling — as DeFi use grows, the volume of VASP-to-unhosted transfers requiring enhanced due diligence will increase substantially.
- Sunrise problem — jurisdictions that have not implemented the Travel Rule create compliance gaps: sending to a VASP in a non-compliant jurisdiction means the receiving VASP cannot fulfil the data receipt obligation.
This article is for informational purposes only. Travel Rule requirements vary by jurisdiction. Exchanges and VASPs should consult a compliance specialist.




