Crypto Travel Rule Guide (Updated 2026)
Dec 26, 2025
·
15 min read
Contents
The Crypto Travel Rule is becoming a major concern for fintech and crypto firms in 2026. What began as a banking rule on money transfers has now expanded into the digital asset space. As a result, exchanges, wallets, and other providers are facing new expectations around data sharing and compliance.
In this guide, we explain what the Travel Rule is, how it developed, and why it matters for businesses working with crypto. We also look at the regulators involved, the differences in thresholds around the world, and the latest updates shaping enforcement.
At InnReg, we help money services businesses and fintechs navigate the Crypto Travel Rule. Our team supports AML frameworks, vendor management, and Travel Rule policy design tailored to your business model. Contact us to learn more.
What Is the Crypto Travel Rule?
The Crypto Travel Rule is a regulation that requires banks, fintechs, and cryptocurrency companies to share certain customer details whenever money or digital assets are transferred. This is not a novel idea, as it started in traditional finance.
For decades, banks have had to include names, account numbers, and other key details with wire transfers. The purpose is simple: give regulators the ability to trace money and flag suspicious activity. Once crypto transactions started happening globally and at scale, regulators realized the same risks applied, so they extended the same standards to digital assets. That’s where the Financial Action Task Force (FATF) stepped in.
In 2019, FATF updated its guidance to include digital assets and made it clear that crypto exchanges, custodians, and wallet providers would need to follow rules similar to banks. Since then, countries around the world have been creating their own versions of the Travel Rule, often with slightly different requirements and thresholds.
Who Regulates the Travel Rule in Crypto?
The Crypto Travel Rule applies worldwide, but there’s no single authority in charge of it. Instead, each region has its own regulators, and their approaches often differ.
US Regulators
In the US, the Travel Rule comes from the Bank Secrecy Act (BSA), a long-standing law designed to fight money laundering. When it comes to crypto, the Financial Crimes Enforcement Network (FinCEN) enforces this rule. FinCEN sets the threshold and decides which firms need to comply, including exchanges, custodial wallets, and other money transmitters.
But FinCEN isn’t the only player, and sometimes other regulators step in, too. For instance, the Securities and Exchange Commission (SEC) is involved when digital assets are treated as securities, and the Commodity Futures Trading Commission (CFTC) oversees them when they fall under derivatives. This overlap means Travel Rule compliance often ties into bigger responsibilities, like registration and investor protection.
Additionally, the Office of Foreign Assets Control (OFAC) requires firms to screen transactions against sanctions lists. This adds another dimension to compliance programs, as firms must verify not only that they are transmitting the correct customer details but also that they are not facilitating prohibited transactions.
For fintech and crypto firms, compliance is rarely a single-step process. It involves coordinating across regulators, each with its own focus, and building compliance programs that work holistically rather than in isolation.
EU Regulators
In the European Union, the Travel Rule is enforced through the Transfer of Funds Regulation (TFR), which was effective in December 2024. The TFR applies to all crypto asset service providers across the 27 member states and creates one consistent framework for collecting and transmitting customer data during transfers. The aim is to close loopholes that previously led to uneven enforcement across the EU.
Supervision takes place at the national level, where financial intelligence units and local regulators oversee compliance. To keep things aligned, the European Banking Authority (EBA) coordinates efforts and publishes technical standards that guide how data should be transmitted. This role helps service providers work within a consistent approach across member states.
For fintech and crypto firms, the EU framework brings both relief and challenges. The good news is that companies no longer have to juggle different rules in every country. Instead, they can follow one set of standards across the region. On the flip side, the lack of thresholds and the strict reporting format create heavy operational challenges, especially for firms that handle lots of small transactions.
UK Regulators
In the UK, the Financial Conduct Authority (FCA) is responsible for supervising how the UK Travel Rule applies to virtual asset service providers. Crypto businesses are required to collect and share details about each transfer’s sender and recipient. This approach keeps the UK aligned with global anti-money laundering rules and gives businesses a clear understanding of what is expected in the local market.
The UK framework has been in force since September 2023, leaving firms with little time to adapt. It requires crypto businesses to apply the Travel Rule to all transfers, regardless of their amount. Even when the counterparty is in a country without equivalent requirements, UK firms are still expected to collect the necessary details. For companies working with partners in markets where the rule is not yet rolled out, this can be especially challenging.
The FCA has issued guidance to support firms. Businesses are expected to take reasonable steps to collect and share the required information, keep records of any gaps, and maintain systems they can demonstrate to regulators. Unlike the EU, where implementation is being harmonized across member states, the UK follows a risk-based approach. The FCA focuses on how well each firm manages its exposure to financial crime risks rather than applying the same standard to all.
For fintech and crypto businesses, this means compliance is not only about ticking the box on data collection. It also involves being prepared for FCA reviews, documenting how information is shared, and showing that gaps with unregulated jurisdictions are actively managed.
Asia-Pacific Regulators
In the Asia-Pacific region, countries are taking very different approaches to the Travel Rule, depending on how advanced their regulations are. Singapore was one of the first to act. The Monetary Authority of Singapore (MAS) requires crypto providers to collect and share information about both the sender and the receiver for every transfer.
Japan has also built a solid framework. The Japan Financial Services Agency (JFSA) sets strict rules for customer checks and recordkeeping. What makes Japan stand out is the active role of the Japan Virtual Currency Exchange Association (JVCEA), which works alongside regulators to help firms follow the rules in practice.
South Korea has taken a similarly strict stance. The Financial Services Commission (FSC) and the Korea Financial Intelligence Unit (KoFIU) require all registered exchanges to follow the Travel Rule. Firms must use approved technology solutions for data sharing, which has pushed the industry toward adopting standardized protocols faster than in many other markets.
Other countries in the region are still catching up. In Hong Kong, new licensing rules for virtual asset platforms already include Travel Rule obligations as part of the Securities and Futures Commission (SFC) anti-money laundering framework. In Australia, the regulator AUSTRAC already requires digital currency exchanges to report suspicious transactions and has signaled that stricter oversight of cross-border transfers is on the way.
For firms operating across the Asia-Pacific, the challenge is managing uneven rules. Some jurisdictions demand full compliance today, while others are in transition. This creates a need for flexible systems that can handle stricter requirements in markets like Singapore or South Korea while staying adaptable in regions that are still developing their approach.
Other Regions
Around the world, countries are taking very different approaches to the Travel Rule. Here’s how some key markets handle it:
Canada: The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) enforces the rule as part of the country’s anti-money laundering laws. Crypto businesses registered as money services businesses must collect and share sender and recipient details for transfers over 1,000 Canadian dollars, which makes Canada one of the stricter jurisdictions compared to countries with higher thresholds.
United Arab Emirates (UAE): The UAE has positioned itself as a regional hub for virtual assets while also tightening oversight. The Virtual Assets Regulatory Authority (VARA) in Dubai and the Abu Dhabi Global Market (ADGM) both require licensed firms to comply with Travel Rule standards, with an emphasis on aligning with FATF guidance.
Switzerland: Through the Swiss Financial Market Supervisory Authority (FINMA), Switzerland has adopted one of the toughest versions of the Travel Rule. Crypto firms must identify both parties in a transaction, even for amounts below thresholds used in other regions. This approach reflects Switzerland’s focus on balancing fintech innovation with a reputation for strict financial oversight.
Latin America: Rules in the region are still evolving. Brazil and Mexico have introduced requirements for crypto service providers to register and meet anti-money laundering obligations, while other countries are still developing clear frameworks. As adoption increases, FATF pressure is expected to drive more widespread implementation.
For firms with global operations, these differences mean compliance cannot be handled with a single template. A transaction that meets requirements in one region may trigger additional obligations in another. Building compliance programs that can adapt to these regional differences is becoming a key priority for international fintech and crypto businesses.
See also:
Global Travel Rule Thresholds Compared
Regulators around the world agree on the importance of the Travel Rule, but they set different reporting thresholds. For some, every crypto transfer requires customer details, no matter how small. Others apply a higher cutoff. These differences affect how firms build compliance programs, especially when transfers cross multiple borders.
Region | Threshold | Key Notes |
|---|---|---|
United States | $3,000 | FinCEN applies the rule under the Bank Secrecy Act. Banks, money services businesses, and crypto exchanges must share sender and recipient information at or above this level. |
European Union | €0 | The Transfer of Funds Regulation requires customer details for all crypto transfers, with no threshold. |
United Kingdom | £0 | The FCA requires data on every transfer. Firms must still collect details even if the counterparty is in a jurisdiction without equivalent rules. |
Asia-Pacific | Mixed | Singapore, Japan, and South Korea apply stringent thresholds (often zero). South Korea sets a practical threshold of KRW 1,000,000 (~USD 800). Australia and Hong Kong are moving toward full adoption. |
Other Regions | Mixed | Canada applies CAD 1,000. Switzerland requires details even below this. The UAE applies FATF-aligned rules through VARA and ADGM. Latin America is uneven, with Brazil and Mexico ahead of others. |
The impact of these thresholds is best seen in practice. A $2,500 transfer between two US-based crypto exchanges falls below the FinCEN threshold, so no Travel Rule data needs to be transmitted. But if the same transfer involves a counterparty in the EU or UK, customer details must still be included. For a firm processing global flows, this means US standards alone are not enough.
Smaller transfers can be even trickier. A $500 transaction might be exempt in the US but would require full reporting in Europe, Singapore, and Japan. This is why firms that serve customers across multiple regions often decide to collect and transmit customer information on all transfers, even when not strictly required in one jurisdiction. While this adds operational work, it creates consistency and reduces the risk of missing a requirement.
For compliance teams, designing systems around the strictest rules, rather than tailoring for each jurisdiction, can simplify operations and reduce regulatory risk. The trade-off is higher upfront effort, but it helps avoid confusion as rules evolve and more regions tighten their standards.
Need help with money transmitter compliance?
Fill out the form below and our experts will get back to you.
What Are the Travel Rule Requirements in the US?
In the US, the Travel Rule applies when transfers reach or exceed $3,000. At that level, financial institutions and crypto exchanges must transmit key customer information along with the transaction.
The required information includes:
Name and account number of the sender
Address (or other identifying information) of the sender
Name and account number of the recipient
Recipient’s financial institution
The financial institution handling the transfer
The date and amount of the transaction
The Travel Rule applies to more than just banks. FinCEN’s definition also includes money services businesses, broker-dealers, and registered crypto exchanges. Because of this wide reach, most firms that handle digital assets encounter the rule in some way.
The Travel Rule also links directly to other US anti-money laundering obligations. For example, a flagged transaction might require a suspicious activity report (SAR), while counterparties must be screened against OFAC sanctions lists. Ultimately, rather than standing alone, the rule fits into a broader system of safeguards.
For fintech and crypto companies, the main challenge is operational. Systems must be able to flag transfers that hit the $3,000 threshold, gather the right information, and transmit it securely. Firms that operate internationally also need to reconcile US standards with stricter requirements abroad, where thresholds are often lower or nonexistent.
What Are the Travel Rule Requirements in the EU?
In the EU, the TFR requires customer information to be collected and shared for every crypto transfer, regardless of the amount. Both the originator and the beneficiary must be identified, and service providers are responsible for verifying this information before completing the transfer. The details include names, account identifiers, and wallet addresses.
These rules apply to exchanges, custodians, and wallet providers across the EU, creating a single framework that ties into the region’s broader fight against money laundering and terrorist financing. Because even the smallest transfers are covered, companies now need systems that can reliably capture and send customer data every time.
Who Must Comply With the Travel Rule
The Travel Rule does not apply to every company handling digital assets. Regulators focus on businesses that act as intermediaries in transfers, especially those with custody over client funds.
1. Virtual Asset Service Providers (VASPs)
VASPs are the main group covered by the Travel Rule. This includes exchanges, custodial wallet providers, and other businesses that move or store crypto for customers. Regulators define the category broadly, treating VASPs much like banks or money transmitters in traditional finance so that most businesses acting as intermediaries fall within its scope.
For these firms, compliance means collecting and sharing details about both the sender and the recipient each time a transfer goes through. This requirement applies to transactions at home and across borders, regardless of whether the other party is regulated. To keep up with these obligations, many companies turn to third-party tools that help customer data move securely between providers.
2. Stablecoin Issuers and Administrators
Stablecoins have become a big part of the digital asset world, used every day for payments, trading, and moving money across borders. Because of their size and importance, regulators now treat issuers and administrators of stablecoins as subject to the Travel Rule when they perform activities that fall within the definition of a VASP or money services business. That means entities handling stablecoin issuance, redemption, or transfer in this capacity have to collect and share customer details, just like exchanges and custodians do. This often requires compliance processes that look a lot like those used in traditional finance.
Regulators made this move because stablecoins now play such a significant role in payments. And with so much money moving every day, even small gaps could create big risks.
3. Exemptions and Non-Covered Entities
People using self-custody wallets are generally excluded, since they are not acting as intermediaries that hold funds for others. This means that peer-to-peer transfers between two private wallets are usually outside the scope.
Some countries also allow limited exemptions for very small or domestic transfers. But with the EU and UK applying the rule to every transaction, these carve-outs are becoming rare. The global trend is moving toward broader coverage, not narrower.
DeFi adds another layer of uncertainty. Most regulators have not placed Travel Rule obligations directly on decentralized protocols, but they do expect intermediaries to apply the rule where they can. This is, however, still an evolving area, and one worth watching closely.
For compliance teams, the main takeaway is that exemptions exist but are becoming narrower. Relying on them as part of day-to-day operations is risky as international standards continue to tighten.
See also:
Recent Updates and Enforcement Trends in 2026
The Travel Rule is constantly evolving. Regulators are still refining how it applies, and enforcement is picking up as new laws come into force. Several regions rolled out major updates in late 2025, and 2026 is already shaping up to be a year of active supervision.
1. EU and UK Travel Rule Enforcement
The EU’s Transfer of Funds Regulation (TFR) took effect in December 2024, creating a unified framework for Travel Rule compliance across all member states. The UK has been enforcing its version since September 2023 under FCA guidance. In both regimes, every crypto transfer, regardless of size, must include full sender and recipient details.
For firms, this represents a major operational shift. Compliance processes that once applied only to large transfers now extend to all transactions. When counterparties are in jurisdictions without equivalent rules, firms are expected to take reasonable steps to obtain available information and document their efforts.
In 2026, regulators are likely to look beyond written policies and focus on how effectively these requirements are integrated into daily operations, making automated, scalable solutions increasingly important.
2. US Discussions on Thresholds and Unhosted Wallets
In the US, regulators are debating whether the current $3,000 threshold remains effective. Regulators have floated proposals to lower it, especially for international transfers or transactions involving unhosted/self-custody wallets. No formal rule change has been adopted yet, but discussions in Washington suggest this could resurface as a policy priority in the coming years.
Unhosted wallets are also under scrutiny. Policymakers are weighing how to balance financial crime prevention with personal privacy. Some proposals would have required exchanges to collect additional details when customers send or receive funds from self-custody wallets. If revived, such measures would extend compliance obligations and add new technical requirements for US firms.
3. FATF Pressure on Lagging Countries
The FATF continues to push countries that have been slow to put the Travel Rule in place. In its recent reviews, FATF called out several jurisdictions for only partially adopting the rule or applying it inconsistently. This creates risks for global transfers, since payments moving through these regions may not carry the same level of transparency.
Looking ahead, FATF has signaled that it will continue stepping up monitoring and public pressure on jurisdictions that lag behind, with implementation expected to remain a focus in 2026. For crypto businesses, that means dealing with practical challenges when working with partners in markets that lack full Travel Rule enforcement. Firms may need to add extra checks, request customer information directly, or limit activity with higher-risk regions.
4. Industry-Led Solutions Such as TRUST and TRISA
While regulators set the rules, the industry has built tools to make compliance more practical. TRUST is one such framework, backed by major exchanges, which lets VASPs share Travel Rule data securely. Another is TRISA, an open-source protocol focused on global interoperability and privacy-preserving data exchange.
These tools help firms deal with the headache of different laws in different countries. Instead of building custom integrations for every counterparty, companies can plug into a protocol that handles identity, encryption, and message delivery for them.
Adoption is still uneven, but more firms are beginning to join TRUST and TRISA, and regulators are paying close attention to how these frameworks develop.
FAQs on the Crypto Travel Rule
Does the Travel Rule apply to self-custody wallets?
No. Transfers between two self-custody wallets are generally outside the scope because there is no regulated intermediary. However, if a self-custody wallet interacts with a regulated exchange or service provider, the regulated entity may need to collect and verify details about the wallet owner.
What happens if my counterparty does not comply?
If a counterparty fails to provide the required Travel Rule information, regulators expect firms to pause, delay, or reject the transfer. Some jurisdictions also require firms to apply enhanced due diligence or file a suspicious activity report. In practice, many businesses manage this by using industry protocols that only connect them with compliant partners.
How long do I need to keep Travel Rule records?
Recordkeeping requirements vary by jurisdiction. In the United States, firms must keep Travel Rule records for at least five years under the BSA. The EU and UK apply similar timelines, often ranging from five to ten years, depending on local laws. Compliance teams should always check the specific retention period in each market where they operate.
Are DeFi protocols covered?
At this stage, most DeFi protocols are not directly covered by the Travel Rule because they are decentralized and lack a central operator. Regulators instead place the responsibility on intermediaries that provide access to DeFi, such as exchanges or custodial wallet providers. This means the obligation often falls on the on- and off-ramps rather than the protocols themselves.
Can Travel Rule data sharing conflict with privacy regulations like GDPR?
Yes. Sharing customer data under the Travel Rule can create tension with privacy laws such as the EU’s GDPR. Regulators expect firms to strike a balance by collecting only the required details, transmitting them securely, and limiting access to authorized parties. Many businesses address this by adopting standardized protocols that support both compliance and data protection requirements.
—
The Crypto Travel Rule has now moved from guidance to reality in most major markets. For fintech and crypto businesses, this makes it a day-to-day operational challenge rather than something on the horizon. The mix of different thresholds, growing enforcement, and added expectations around self-custody wallets and cross-border transfers has made compliance more complex.
Firms that fold the Travel Rule into their broader compliance strategy are better able to adapt. That means putting systems in place that can handle different thresholds across jurisdictions, keeping clear records, and using well-recognized data-sharing protocols. Taken together, these steps help companies meet regulatory expectations while maintaining efficient operations.
How Can InnReg Help?
InnReg is a global regulatory compliance and operations consulting team serving financial services companies since 2013.
We are especially effective at launching and scaling fintechs with innovative compliance strategies and delivering cost-effective managed services, assisted by proprietary regtech solutions.
If you need help with money transmitter compliance, reach out to our regulatory experts today:
Published on Dec 26, 2025
Last updated on Dec 26, 2025
Related Articles
Featured LinkedIn Posts
