Back to blog
What Is the FATF Travel Rule — And How Does It Affect Your Crypto?
Compliance

What Is the FATF Travel Rule — And How Does It Affect Your Crypto?

March 18, 2026 7 min read
CryptoPass Compliance Team
Compliance Experts

If you’ve ever tried to move a large amount of crypto between exchanges and been asked to provide wallet ownership proof — that’s the FATF Travel Rule at work.

Since 2019, the Financial Action Task Force (FATF) has required Virtual Asset Service Providers (VASPs) to collect and transmit sender and recipient information for crypto transactions above a certain threshold. By 2025, enforcement has expanded to over 40 jurisdictions including the EU, UK, US, Singapore, and UAE. For anyone holding, trading, or building on crypto, understanding this rule is no longer optional.

What the Travel Rule Actually Requires

The Travel Rule — officially FATF Recommendation 16 — was originally designed for traditional wire transfers. Its logic is simple: when money moves, so should the identity data attached to it.

Applied to crypto, the rule requires that any VASP sending a transaction above a threshold (typically $1,000 / €1,000) must:

  1. Collect the originator’s full name, account number (wallet address), and physical address
  2. Transmit this data to the beneficiary VASP before or during the transaction
  3. Verify that the receiving wallet belongs to the stated recipient
  4. Screen both parties against global sanctions lists (OFAC, EU, UN)

The challenge? Crypto is pseudonymous by design. A blockchain address doesn’t come with a name attached. This is exactly where most VASPs struggle — and where wallet compliance solutions become essential.

Who Must Comply?

The Travel Rule applies to Virtual Asset Service Providers, which regulators define broadly:

  • Centralized exchanges (Binance, Coinbase, Kraken, and all licensed platforms)
  • OTC desks and crypto brokers
  • Payment processors accepting crypto
  • Custodial wallet providers
  • DeFi platforms with identifiable control points (increasingly in scope under MiCA 2025)

What about individual users?

If you’re using a self-hosted (non-custodial) wallet like MetaMask or Trust Wallet, you’re not a VASP. However, if you send crypto to a regulated exchange, that exchange must verify your wallet ownership under the Travel Rule before crediting your account. This is why platforms now request proof-of-wallet documentation.

The Core Challenge: Wallet Ownership Verification

Traditional KYC verifies a person. The Travel Rule adds a new requirement: verify that this person controls this specific wallet.

This creates a practical problem that stumped the industry for years:

How do you prove someone owns a crypto address without exposing their private key?

The standard approach is a cryptographic signature challenge — the user signs a small message with their private key, proving control without revealing it. But this is technical, confusing for retail users, and time-consuming at scale.

CryptoPass takes a different approach: the Satoshi Test (part of our patented KYW™ technology) proves ownership through a simple on-chain micro-transaction — no browser extensions, no wallet SDK, no private key handling. On Ethereum and compatible chains, WalletConnect offers an instant alternative with no transaction needed. Combined with AML screening and identity checks, the result is a detailed KYW certificate with blockchain-verified hash that satisfies Travel Rule requirements across jurisdictions.

Travel Rule Enforcement by Jurisdiction (2025)

The rule is no longer theoretical. Here’s the current state of enforcement:

European Union Under MiCA (Markets in Crypto-Assets Regulation) and the Transfer of Funds Regulation (TFR), the Travel Rule applies to all crypto transactions above €0 — there is no minimum threshold in the EU as of 2024. VASPs must collect data for every transfer.

United States FinCEN’s Bank Secrecy Act requires Travel Rule compliance for transactions above $3,000, with additional OFAC sanctions screening obligations. The proposed “Crypto Asset Reporting Framework” (CARF) is expected to tighten this further.

United Kingdom The FCA enforces the Travel Rule from £0 threshold since September 2023, aligned with EU TFR.

Singapore MAS (Monetary Authority of Singapore) requires Travel Rule compliance for transfers above SGD 1,500 under the Payment Services Act.

UAE VARA (Virtual Assets Regulatory Authority) mandates full Travel Rule implementation for all licensed VASPs operating in Dubai and Abu Dhabi.

What Happens If You Don’t Comply?

Non-compliance isn’t just a regulatory inconvenience — it carries real consequences:

  • License suspension or revocation for VASPs
  • Fines ranging from tens of thousands to millions of euros/dollars depending on jurisdiction
  • Transaction blocking — major exchanges are increasingly refusing transfers from unverified wallets
  • Banking derisking — banks that provide fiat rails to crypto businesses audit Travel Rule compliance as part of due diligence
  • Reputational damage — public enforcement actions are increasingly published by regulators

Enforcement is accelerating: the Dutch Central Bank fined Coinbase €3.3M for operating without proper registration. The UK FCA has issued multiple warnings to unregistered crypto firms. In the US, FinCEN’s $100M penalty against BitMEX and Binance’s $4.3B settlement both cited AML compliance failures that included Travel Rule gaps. The trend is clear — regulators are moving from guidance to action.

How CryptoPass Makes Travel Rule Compliance Simple

CryptoPass was built precisely to solve the wallet verification gap at the heart of the Travel Rule. CryptoPass uses the Satoshi Test (part of our patented KYW™ technology) — an on-chain micro-transaction that cryptographically proves wallet ownership without ever exposing a private key. On Ethereum and compatible chains, WalletConnect provides instant verification with no transaction needed.

Here’s the actual flow for an end user:

  1. Download the app — free on iOS and Android. No sign-up, no credit card, no KYC to start
  2. Run the Satoshi Test — send a tiny amount (e.g. 0.00001234 BTC) to a specified address. This on-chain transaction proves you control the wallet — it’s the core of CryptoPass’s patented Know Your Wallet (KYW) technology
  3. Get your KYW Score — CryptoPass runs three checks simultaneously:
    • KYC — identity verification
    • AML / KYT — transaction history screening against sanctions lists (OFAC, EU, UN)
    • Ownership — confirmed by the Satoshi Test
    • The result is a single risk score (e.g. 87/100 — Low Risk) delivered in under two minutes
  4. Share your certificate — upgrade from EUR 10 to receive a detailed PDF certificate with a blockchain-verified hash. Share it via QR code, direct link, or downloadable PDF. Anyone can independently verify the hash on-chain

The free basic check gives you your risk score instantly. The paid certificate is what banks, exchanges, tax authorities, and OTC desks accept as formal Travel Rule documentation.

For businesses and VASPs, CryptoPass provides a REST API that integrates wallet verification directly into onboarding and transaction flows — each check takes seconds, replacing hours of manual compliance review.

Frequently Asked Questions

Does the Travel Rule apply to Bitcoin, Ethereum, and all crypto assets?

Yes. The FATF Travel Rule applies to all virtual assets regardless of the underlying blockchain. Bitcoin, Ethereum, stablecoins (USDT, USDC), and tokenized assets are all in scope.

What is the transaction threshold that triggers the Travel Rule?

It varies by jurisdiction: $1,000 in most countries, €0 in the EU and UK (every transaction), $3,000 in the US. Always check your specific regulatory environment.

Can I use a self-hosted wallet and still comply with the Travel Rule?

Yes. When sending from a self-hosted wallet to a regulated exchange, the exchange will typically request proof of wallet ownership. Tools like CryptoPass generate this proof in a user-friendly way without compromising your private key.

How does the Travel Rule interact with privacy coins like Monero?

Privacy coins create compliance challenges because transaction data is obfuscated by design. Many regulated exchanges have delisted privacy coins specifically because they cannot satisfy Travel Rule traceability requirements.

What is VASP-to-VASP Travel Rule data transmission?

When two regulated exchanges transact, they must exchange KYC data about their respective customers using a secure messaging protocol. Industry standards like the IVMS101 data format and networks like Notabene, Sygna, and TRP are used for this purpose.

The Bottom Line

The FATF Travel Rule has moved from regulatory recommendation to enforced reality. In 2025, operating in crypto without a wallet compliance strategy exposes you — whether as an individual user, a trader, or a platform — to blocked transactions, compliance flags, and regulatory risk.

The good news: compliance no longer means weeks of paperwork. With the right tools, proving wallet ownership and clearing AML checks takes less time than a bank transfer.

Get your free CryptoPass certificate →

Related Articles

How CryptoPass Turns BIS's Theoretical AML Approach into a User-Friendly Tool
Compliance

How CryptoPass Turns BIS's Theoretical AML Approach into a User-Friendly Tool

Read article
Integrating Compliance Into Your Crypto Strategy  [Step-by-Step]
Strategy

Integrating Compliance Into Your Crypto Strategy  [Step-by-Step]

Read article
Understanding MiCA: The European Union's Proposed Regulation For Crypto Investors
Regulation

Understanding MiCA: The European Union's Proposed Regulation For Crypto Investors

Read article

Ready to verify your wallet?

Free basic check. Results in 2 minutes. No KYC required.

Download Free