The AML Travel Rule (TFR): What Crypto Businesses Need to Know

What is the Travel Rule?

The "travel rule" requires financial institutions to share sender and recipient information when transferring funds. Originally developed by FATF (Financial Action Task Force) for traditional finance, the EU has extended this requirement to crypto-asset transfers through the Transfer of Funds Regulation (TFR).

The recast TFR (Regulation 2023/1113) came into force alongside MiCA, creating comprehensive AML requirements for the crypto sector.

Why the Travel Rule Matters

Money laundering and terrorist financing don't respect borders. When funds move between institutions, the information about who sent and who received those funds must travel with them - hence the name "travel rule."

For crypto-assets, this presents unique challenges. Traditional wire transfers have clear intermediaries. Crypto transfers can be peer-to-peer, pseudonymous, and cross-border by default.

What Information Must Travel?

For crypto-asset transfers, the TFR requires the following information:

Sender Information (Originator)

• Name
• Account number (wallet address)
• Address, national identity number, customer ID, or date and place of birth

Recipient Information (Beneficiary)

• Name
• Account number (wallet address)

When Does the Travel Rule Apply?

The travel rule applies to crypto-asset transfers where:

Both Parties Use CASPs

When a transfer occurs between two crypto-asset service providers (CASPs), full travel rule compliance is mandatory regardless of amount.

One Party Uses a CASP

When a transfer goes from a CASP to an unhosted (self-custodied) wallet, or vice versa:

• Transfers over €1,000 require collecting counterparty information
• CASPs must verify the self-hosted wallet is controlled by their customer

CASP to CASP Transfers

All CASP-to-CASP transfers require:

• Immediate transmission of originator and beneficiary information
• No minimum threshold applies

Unhosted Wallet Challenges

Self-custodied wallets present particular challenges:

Transfers to Unhosted Wallets

When a customer withdraws to their own unhosted wallet:

• CASP must verify wallet ownership
• Methods may include signed message verification or small test transactions

Transfers from Unhosted Wallets

When a customer deposits from an unhosted wallet:

• CASP must collect originator information
• For transfers over €1,000, additional verification applies

Third-Party Unhosted Wallets

Transfers to/from unhosted wallets controlled by third parties carry highest risk and require enhanced due diligence.

Technical Implementation

CASPs must implement technical solutions to:

1. Collect Required Data

Capture originator and beneficiary information at the point of transaction initiation.

2. Transmit Information

Send required data to the receiving CASP before, during, or immediately after the transfer.

3. Receive and Validate

Accept incoming information from sending CASPs and validate completeness.

4. Maintain Records

Store all travel rule data for the required retention period (5 years minimum).

Travel Rule Protocols

Several protocols have emerged to facilitate travel rule compliance:

TRUST (Travel Rule Universal Solution Technology)

Developed by major US exchanges, gaining adoption globally.

OpenVASP

Open-source protocol based on Ethereum messaging.

Sygna Bridge

Asian-focused solution with broad regional adoption.

TRISA (Travel Rule Information Sharing Architecture)

Decentralized protocol using PKI infrastructure.

CASPs typically integrate with multiple protocols to ensure broad counterparty coverage.

Relationship with MiCA

The TFR works alongside MiCA to create comprehensive crypto regulation:

• **MiCA**: Authorizes and supervises CASPs
• **TFR**: Imposes AML/CFT obligations on transfers

A CASP cannot obtain MiCA authorization without demonstrating TFR compliance capabilities.

Penalties for Non-Compliance

TFR violations carry significant penalties:

• Administrative fines determined by member states
• Potential license suspension or revocation
• Criminal penalties for willful violations
• Reputational damage affecting business relationships

Compliance Checklist

Use this checklist to assess your TFR readiness:

How FinlexPro Helps

The TFR contains detailed technical requirements that interact with MiCA, AMLR, and other regulations. FinlexPro indexes:

• Complete TFR regulation text
• Related ESMA guidelines
• AML package provisions (AMLR, AMLD6)
• Cross-references to MiCA requirements

Search specific TFR requirements and understand how they connect to your broader compliance obligations.