What is the travel rule (FATF) in crypto?

The crypto travel rule is a requirement for virtual asset service providers (VASPs), such as exchanges, custodians, and crypto payment companies, to share certain sender and recipient information when transferring crypto between each other. It comes from the FATF travel rule (Recommendation 16) and applies to cryptocurrency transfers above jurisdiction-specific thresholds.

In plain terms, the FATF travel rule in cryptocurrency mirrors the “wire transfer” rule in banking. When a qualifying on-chain transfer moves from one VASP to another, the originating VASP must transmit basic originator details alongside the transaction, and the beneficiary VASP must receive and store that information. The data moves off-chain over secure messaging, while the funds move on-chain as usual.

How it works

1. Identify the parties. The originating VASP collects and verifies “originator” data (the sender), and the beneficiary VASP is responsible for “beneficiary” data (the recipient).
2. Check the transfer. If a transfer meets the local threshold (often set around the equivalent of USD/EUR 1,000, depending on the jurisdiction), the rule is triggered.
3. Transmit the data. The originating VASP sends the required information to the beneficiary VASP using a secure channel or standardized messaging format. This information does not appear on the blockchain.
4. Screen and store. Each VASP screens the transaction (sanctions, risk flags) and keeps records to support monitoring, investigations, and audits.
5. Handle special cases. When a customer sends funds to or from an unhosted (self-custody) wallet, VASPs follow local rules – often a risk-based approach, which may include additional checks or proof-of-ownership steps.

Key aspects

• Scope and thresholds. The FATF travel rule crypto framework is global guidance implemented through local laws, so exact thresholds and timelines vary by country.
• Covered entities. VASPs include exchanges, brokers, custodians, OTC desks, and crypto payment processors. Peer-to-peer transfers between self-custody wallets are generally outside scope, but interactions between a VASP and a self-custody wallet may require extra due diligence.
• Data elements. Typical fields include the originator’s name and account/wallet identifier, plus an address or national ID (as required locally), along with the beneficiary’s name and account/wallet identifier.
• Off-chain messaging. Travel rule data “travels” between VASPs using secure networks or APIs (for example, IVMS-101 formatted messages). The blockchain tx itself carries value, not personal data.
• Screening and monitoring. VASPs use sanctions and risk screening on the parties and addresses, and match the on-chain transaction to the received message for reconciliation.
• Sunrise and interoperability. Not all jurisdictions adopted rules at the same time. Providers often interoperate through travel rule networks to ensure messages reach the right counterparty, even across borders.
• Privacy and security. Sharing only the required fields, encrypting messages, and limiting data access help meet both AML and data-protection expectations.
• Records and reporting. VASPs retain travel rule data to support compliance reviews, suspicious activity reports, and customer support investigations.

Understanding the FATF travel rule cryptocurrency requirements helps businesses operate across exchanges and payment partners with predictable compliance. For customers, it explains why additional information may be requested before certain withdrawals or deposits can proceed.