Travel Rule (FATF Recommendation 16)

The Travel Rule is the informal name for FATF Recommendation 16, which requires financial institutions — and, since the FATF’s 2019 update, virtual asset service providers (VASPs) — to obtain, hold, and transmit information about the originators and beneficiaries of transactions above a specified threshold. The rule’s name derives from its application in the traditional wire transfer context, where the identifying information “travels” with the payment instruction from the sending institution to the receiving institution.

FATF Recommendation 16: Core Requirements

For wire transfers and virtual asset transfers above USD/EUR 1,000 (or local currency equivalent), VASPs must:

Originator information collected and transmitted:

• Full legal name
• Account number used to process the transaction (wallet address for virtual assets)
• Physical address, national identity number, customer identification number, or date and place of birth

Beneficiary information collected and transmitted:

• Full legal name
• Account number used to process the transaction (beneficiary wallet address)

This information must accompany the transfer and be made immediately available to competent authorities on request. Below the threshold, name and account number are still required, though verification may be risk-based. For transfers between a VASP and an unhosted wallet (a self-custodied address not held at any VASP), the FATF’s updated 2021 guidance requires VASPs to apply a risk-based approach and collect information about the unhosted wallet, though the specific obligations vary by jurisdiction.

The Sunrise Problem

The sunrise problem refers to the compliance gap that arises when not all jurisdictions implement the Travel Rule simultaneously. A VASP in a jurisdiction that has implemented the rule (a “sunrise” jurisdiction) may need to transact with a VASP in a jurisdiction that has not yet done so. The receiving VASP may be unable to receive structured Travel Rule data, unable to verify it, or operating under no legal obligation to collect it.

FATF has acknowledged the sunrise problem and issued guidance encouraging jurisdictions to implement the rule as quickly as possible. Practical approaches adopted by compliant VASPs include: only transacting with counterparty VASPs that can demonstrate Travel Rule compliance capability, maintaining manual processes for non-compliant counterparties, or refusing transfers to or from non-compliant jurisdictions.

Technical Solutions

Because no universal Travel Rule messaging protocol was specified by FATF, the industry developed competing technical standards:

TRISA (Travel Rule Information Sharing Architecture): An open-source peer-to-peer protocol and VASP directory enabling encrypted exchange of Travel Rule information directly between VASPs. Governed by the TRISA Association, a non-profit. Participating VASPs register in the TRISA Global Directory Service, establishing mutual authentication using PKI certificates.

Notabene: A commercial SaaS platform offering Travel Rule compliance workflow, VASP discovery, and cross-protocol data transmission. Supports multiple underlying protocols including TRISA, TRP (Travel Rule Protocol), and IVMS 101.

Sygna Bridge: Developed by CoolBitX, providing API-based Travel Rule data exchange with a VASP registry and multi-protocol support. Widely used in Asia-Pacific.

OpenVASP: An open standard developed by Bitcoin Suisse, using Ethereum smart contracts for VASP registration. Has seen limited adoption compared to TRISA and Notabene.

IVMS 101: The InterVASP Messaging Standard, developed by a consortium of industry groups including the Global Digital Finance (GDF), defines the data fields and format for Travel Rule information exchange. IVMS 101 is a data standard, not a transport protocol — most Travel Rule solutions use IVMS 101-formatted data transmitted over TRISA, Sygna, or proprietary channels.

Jurisdiction Implementation Status

As of early 2026, Travel Rule implementation status varies substantially:

• United States: FinCEN’s existing Bank Secrecy Act rules already required Travel Rule compliance for money transmitters, including VASPs handling virtual assets. FinCEN proposed a rule in 2020 lowering the threshold to $250 for international transfers; the rule had not been finalised as of early 2026.
• European Union: The Transfer of Funds Regulation (TFR), revised and extended to crypto-assets (effective December 2024, simultaneous with full MiCA application), mandates Travel Rule compliance for CASPs. Notably, the EU’s TFR sets no minimum threshold — all virtual asset transfers, regardless of amount, require originator and beneficiary information.
• United Kingdom: The Money Laundering Regulations were amended to include crypto Travel Rule requirements, effective September 2023.
• Singapore: MAS issued Payment Services (PS) Act amendments requiring Travel Rule compliance for digital payment token service licensees.
• Switzerland: FINMA circular and the Anti-Money Laundering Act require Travel Rule compliance; Switzerland uses a largely protocol-neutral approach.
• UAE: VARA’s AML/CFT Rulebook mandates Travel Rule compliance for all VARA-licensed entities.

Related entries: KYC/AML in Tokenization, FATF Virtual Asset Standards, VARA

Primary sources: FATF Recommendation 16 and Guidance | ESMA/EBA Travel Rule Guidance