Related Articles
FATF Travel Rule Crypto Guide: What It Means for Regulation in 2025
Sometimes called the Bitcoin travel rule, or the FinCen travel rule, the FATF Crypto Travel Rule is redefining how exchanges, custodians, and other crypto intermediaries handle user data.
So, what is the travel rule in crypto? In simple terms: if you’re a VASP (Virtual Asset Service Provider) and you’re managing crypto transactions of a certain value, you’ll need to collect and share sender and recipient information with regulatory authorities.
The rule is rooted in anti-money laundering logic but now applies to Bitcoin, Ethereum, stablecoins, and beyond. The Financial Action Task Force (FATF), the global watchdog behind the rule, has pushed the travel rule cryptocurrency framework to unify global standards. If your business deals with digital assets, you’ll need to familiarize yourself with travel rule compliance requirements.
The Origins of the FATF Travel Rule in Cryptocurrency
The original Travel Rule wasn’t built for crypto. It seems from the US Bank Secrecy Act (BSA), which was enacted in October 1970. Back then, the BSA was one of the first laws designed to tackle money laundering by forcing banks to share identifying data when money moved.
In 1996, this was fine-tuned by the Financial Crimes Enforcement Network (FinCEN) to apply to transfers over $3,000 in the US. Names, addresses, and account numbers had to be recorded for every transfer. In 2019, the Financial Action Task Force (FATF) recognized that crypto needed to be regulated.
Criminals were using pseudonymous wallets and decentralized platforms to sidestep the rules. The FATF decided to extend Recommendation 16 to virtual assets. That formed the foundation of the FATF travel rule in Crypto, which was updated again in 2021.
For the last few years, the regulation has rippled across the crypto industry. Exchanges and wallet providers (known as VASPs, CASPs, or MSBs, depending on where you are in the world) are now expected to behave more like traditional banks. That makes sense when you consider that about $40.9 billion in funds was moved by illicit addresses in 2024.
But enforcing this rule hasn’t been simple. A 2024 FATF update revealed that over 50% of jurisdictions had yet to implement the rule properly. The lag presents gaps that criminals can exploit. The FATF’s continued effort to pull crypto into alignment with TradFi aims to close those gaps.
FATF Travel Rule Explained: What Crypto Businesses Must Know
Before crypto became mainstream, traditional banks already had to follow what we now call the travel rule. Under both FinCEN regulations and FATF’s standards, these institutions are required to collect and transmit identifying data for any transfer of funds over $3,000. That includes full names, account numbers, physical addresses, and sometimes even the purpose of the transaction.
That information creates a trail, which helps regulators and law enforcement trace transactions tied to money laundering, drug trafficking, or terrorism financing. When the FATF expanded this to virtual assets, the logic was clear: if banks must do this for fiat, then crypto exchanges, wallet providers, and other VASPs should do the same for Bitcoin, USDT, and other digital currencies.
Requirements for VASPs (Crypto Exchanges, Custodial Wallets)
VASPs must now collect personally identifiable information (PII) on both senders and recipients for transfers above $1,000. That means names, wallet addresses, date of birth, and more. This is no longer a best practice. It’s the law in many regions.
But unlike banks, VASPs operate in a decentralized, fast-moving environment. Blockchain transactions don’t come with built-in identity fields. So how do you attach sensitive data to something that was built to be anonymous?
That’s where IVMS 101 comes in. This is the global messaging standard for Travel Rule data exchange. It’s what allows two VASPs in different countries to securely communicate user data, in a format both parties understand.
But even with IVMS 101 in place, there’s no “one-size-fits-all.” VASPs must vet counterparties, build technical integrations, and ensure legal alignment across borders.
How Does the Travel Rule Apply to Virtual Assets in 2025?
In 2025, the FATF Crypto Travel Rule covers various digital asset transactions. It’s all about ensuring that the movement of digital currencies doesn't become a blind spot for regulators. The rule mandates that VASPs collect and transmit specific information for transactions exceeding a certain threshold.
Any transfer exceeding the set threshold (in a specific region), even if assets are moving in the same country, can activate the rule.
Transactions covered include:
Wallet-to-Wallet Transfers: When a user sends crypto from one hosted wallet to another, both managed by VASPs, the Travel Rule applies.
Exchange Withdrawals: Transferring assets from an exchange to a custodial wallet triggers the rule, requiring the exchange to collect recipient information.
Stablecoin Transactions: Since they’re increasingly used in cross-border payments, stablecoin transfers can also be covered by the crypto travel rule.
The rule primarily targets custodial wallets, where a third party manages the private keys. Non-custodial wallets, controlled directly by users, present challenges. While the FATF recommends applying the rule to transactions involving non-custodial wallets, enforcement varies by jurisdiction.
The Thresholds for the Travel Rule in Crypto
Thresholds determine when the Travel Rule obligations kick in, and they vary between traditional finance and the crypto world. In traditional finance (conventional banking), the Bank Secrecy Act requires financial institutions to collect specific information on fund transfers worth more than $3,000. Banks need to collect names, account numbers, and addresses.
In crypto, the thresholds are a little different. The FATF recommended a lower threshold for virtual asset transactions of just $1,000 USD/EUR. That doesn’t mean that VASPs don’t need to collect any information on transfers that fall below that threshold. They may still need to collect wallet addresses and the names of the sender or the recipient.
However, if the transaction exceeds the threshold, they need to collect:
Originator details: Full name, wallet address, account number used for the transaction, physical address, national identity number, or date and place of birth.
Beneficiary Information: The beneficiary’s full name and wallet address.
One thing worth noting is that different jurisdictions interpret the threshold in different ways. Some countries have adopted the FATF's recommendation directly, while others have set different limits or have yet to implement the rule fully.
How Is the FATF Crypto Travel Rule Implemented Technically?
Making crypto transactions compliant with global financial regulations can be tricky. The FATF Crypto Travel Rule requires VASPs to securely share personal data when users move digital assets across platforms. Doing that across borders, in real-time, without compromising privacy or speed takes some serious coordination.
At the heart of the process is a careful approach to peer-to-peer data exchange. This is about getting VASPs to “talk” to each other securely. When a transaction happens, the originating VASP needs to send key details (think: names, wallet addresses) to the receiving VASP. This isn’t done through email or spreadsheets. It’s encrypted, automated, and happens peer-to-peer so that sensitive info doesn’t leak or get misrouted.
To pull this off smoothly, the industry has leaned into standardized protocols. The most widely used is IVMS 101. It acts like a shared language for compliance data. Everyone sends the same fields in the same format, so there’s no confusion and no missing pieces.
Using The IVMS 101 Standard
IVMS 101 defines what data needs to be sent and how. Here’s what’s typically included:
Full Name: For both the sender and recipient
Wallet Address: A unique string tied to each user
Unique Identifier: This could be a passport number, national ID, or something equivalent
The process usually starts with a request from the sending VASP. The receiving VASP then replies, confirming it got the data and that everything checks out. It's fast, it's structured, and compliant.
Using IVMS 101 and peer-to-peer exchange systems, VASPs can stay aligned with the FATF cryptocurrency regulations, without sacrificing the speed or integrity of crypto transfers.
Trust Frameworks for Compliant Crypto Transfers
Before one crypto platform sends sensitive user data to another, a basic question has to be answered: Can we trust you?
Under the FATF Crypto Travel Rule, VASPs must share personal details like names and wallet addresses during qualifying transactions. That means data is constantly moving between companies, across borders, across tech stacks, and regulatory environments. If those connections aren’t secure? Everything breaks down.
This is where trust frameworks come into play. Think of them as the rulebook and handshake combined. They set the legal ground rules, define the technical standards, and make sure that only verified, compliant VASPs are in the loop.
Take TRISA, the Travel Rule Information Sharing Alliance, for instance. It’s one of the standout frameworks helping VASPs authenticate each other and exchange data safely. With strong encryption, mutual identity verification, and decentralized architecture, TRISA keeps bad actors out and sensitive info locked down.
These frameworks also come with built-in audit trails and compliance logs. That way, if a regulator asks, a VASP can show what data was sent, when, to whom, and why.
Risk-Based Approach to Counterparty VASP Due Diligence
In crypto, not every VASP is created equal, and the FATF Travel Rule makes that matter more than ever. Before sending user data to another VASP, you need to ask: Who are they? Can we trust them to handle this information responsibly?
That’s where a risk-based approach comes in. Instead of applying one-size-fits-all rules, FATF encourages VASPs to tailor their assessments. This means evaluating a counterparty’s jurisdiction (Is it high-risk?), their licensing status (Are they regulated?), and their past behavior (Have they had breaches or violations?).
From there, you assign a risk score: low, medium, or high, and decide how strict your compliance checks need to be. Tools like IVMS 101 help streamline the process by giving VASPs a common format to exchange the necessary data.
FATF’s Global Impact: Jurisdictions Adopting the Rule in 2025
The FATF Crypto Travel Rule and compliance standards are spreading fast. As of 2025, dozens of countries have taken steps to enforce this rule, although how they do that still varies.
Countries Already Enforcing It
European Union: Through AMLD5, EU member states require compliance for virtual asset transfers over €1,000. Under the new MiCA framework, these rules are becoming even more tightly integrated.
Singapore: A global leader in digital asset regulation, Singapore adopted the Travel Rule back in 2020 and emphasizes user privacy through strict data handling laws.
United States: FinCEN enforces the Travel Rule at a higher threshold—$3,000. The rules are well-established but still being fine-tuned for crypto.
Places like Australia, Brazil, South Africa, and Canada are closing in on full implementation. Each is at a different stage, but all recognize the importance of standardizing data sharing for crypto.
The Cross-Border Puzzle
Here’s the catch – everyone isn’t playing by the same rulebook yet. Some countries enforce the $1,000 threshold. Others use $3,000. Some require full IVMS 101 integration. Others are still drafting policies. For VASPs operating across borders, this creates a compliance maze.
That’s why global coordination matters. Without interoperability, even the best systems fall apart at the edges. FATF continues to push for harmonization, but in the meantime, VASPs must stay alert, flexible, and informed.
The good news is that a growing global rollout signals a significant turning point in crypto. The world’s financial authorities are (gradually) aligning around the idea that crypto must be safe, auditable, and trustworthy.
Compliance Checklist: How to Prepare for the Travel Rule
Getting your platform in shape for the FATF Crypto Travel Rule is essential if you want to stay operational, secure, and ahead of regulators. Whether you're running a crypto exchange, wallet service, or a DeFi project that edges into custodial territory, here’s what you need to do:
Identify if you’re a VASP: Check if your business falls under the FATF’s definition of a Virtual Asset Service Provider. If you're handling crypto on behalf of users, chances are that the VASP definition applies to you.
Review your KYC/AML setup: Make sure your Know Your Customer and Anti-Money Laundering systems are collecting the right user data, and doing it consistently.
Implement a Travel Rule protocol (like IVMS 101): You’ll need a way to send and receive data securely with other VASPs. IVMS 101 is the go-to standard here.
Build in audit trails and data protection: Logs, backups, and encryption standards are all crucial. You’ll need to show regulators that you’re tracking the right data and keeping it safe.
Establish trusted relationships with counterparties: Not every VASP is trustworthy. Work only with verified, compliant partners.
Stay globally aware: One country’s rules aren’t the same as another’s. Make sure your system can handle cross-border compliance.
Tackle these steps now, and you’ll avoid chaos later.
Why the Travel Rule Will Reshape Crypto Compliance
The FATF Travel Rule isn’t just another regulation. It’s a signal that crypto has officially entered a new phase where privacy, security, and accountability all have to coexist.
For crypto platforms like Flipster and others, this means change. Companies will need to rethink how they collect data, move it, and protect it. But compliance shouldn’t be seen as a burden. It’s a chance to lead - to show your users that your platform takes trust seriously.
The rule raises questions about privacy. And yes, the tech lift can be heavy at first. But look past the friction: this is about long-term legitimacy. Compliance builds confidence. Confidence drives adoption. So don’t wait to be told what to do. Get ahead. Build smart systems. Align with global standards. Treat the Travel Rule not as a hassle, but as a blueprint for how crypto businesses grow up and earn global respect.
FAQs
What does the Travel Rule mean for everyday crypto users?
It means your exchange may ask for more personal information, especially for large transactions. This helps prevent illicit activity but can raise privacy concerns depending on the platform and jurisdiction.
How does the Travel Rule affect crypto exchanges?
Exchanges must collect, store, and securely share customer details when sending crypto over the threshold. That often requires system upgrades and partnerships with other compliant VASPs.
Why is Travel Rule compliance important for crypto platforms?
It’s not just about avoiding penalties. Following the rule helps protect users, reduce fraud, and build long-term trust with regulators and customers alike.
Is there a universal standard for Travel Rule data sharing?
Not exactly. IVMS 101 is the most common format, but different countries and platforms implement it in slightly different ways.
What’s the difference between the FATF Travel Rule and the BSA Travel Rule?
The FATF version is a global recommendation with a $1,000 threshold. The BSA Travel Rule, enforced in the U.S. by FinCEN, sets a $3,000 threshold and includes slightly different requirements.
Does the Travel Rule apply to DeFi platforms or non-custodial wallets?
Typically, no. But if a DeFi project acts like a VASP, by holding or managing user funds, it could be pulled into scope depending on local regulations.
Disclaimer: This material is for information purposes only and does not constitute financial advice. Flipster makes no recommendations or guarantees in respect of any digital asset, product, or service. Trading digital assets and digital asset derivatives comes with a significant risk of loss due to its high price volatility, and is not suitable for all investors. Please refer to our Terms.