What is the FATF Travel Rule?

The Financial Action Task Force (FATF) Travel Rule is an important piece of anti-money laundering and countering the financing of terrorism (AML/CFT) guidance. It states that financial institutions (FIs), and since 2019, virtual asset service providers (VASPs), should collect and share personal data for both the originators and beneficiaries of domestic and cross-border digital asset transfers. For example, FIs and VASPs are required to include information with money transfers, such as names, addresses, and account numbers.

Why was the FATF Travel Rule created?

The Travel Rule has been a core part of international AML standards since the 1990s and originated in the 1996 Bank Secrecy Act, which outlines the information that must “travel” with a transmittal of funds. It has always applied to traditional FIs, such as banks, for standard wire transfers of fiat currency. In 2019, VASPs were added as accountable entities.

The Travel Rule addresses AML/CFT challenges posed by FIs, cryptocurrencies, and virtual assets (VAs) by increasing the traceability of FI and VA transfers. This allows institutions and law enforcement agencies to detect criminal activity more effectively. 

VASPs were added as accountable entities in 2019 as VA transactions attract a wide range of customers, leaving them open to exploitation by criminals who use them to launder money and evade detection. The rapid growth of the VA sector has created significant regulatory gaps, a situation that the Travel Rule intends to address.

Given this importance, all regulated entities should be familiar with the Travel Rule and its requirements.

What does the FATF Travel Rule require?

The Travel Rule applies to all FIs and VASPs, whether they are ordering, intermediary, or beneficiary institutions in a transaction.

These include traditional financial institutions such as:

• Banks
• Credit unions
• Money services businesses (MSBs)

And VASPs like:

• Crypto exchanges 
• Wallet providers and custodians 
• Brokerage firms  
• Crypto hedge funds 
• Crypto ATMs 
• Mining pools 

Following the 2025 revisions, the FATF clarified that the payment chain begins with the financial institution that receives the customer’s initial instruction.

The FATF recommends a minimum threshold of $1000 (or €1000) for transactions subject to the full Travel Rule. For transactions below and above this amount, see below:

The June 2025 revisions streamlined these requirements to simplify compliance for the private sector, with a final global implementation deadline set for the end of 2030.

How has the Travel Rule evolved for digital assets?

The FATF maintains a list of 40 recommendations that individual jurisdictions are encouraged to translate into domestic legislation. Originally introduced in 2019 as an update to Recommendation 16, the Travel Rule adapted traditional wire transfer standards for the VA sector.

Under the 2019 standard, firms were required to monitor transactions to detect missing information and take appropriate action. This ensured that basic data, such as names and account numbers, remained attached to the payment throughout the transfer chain.

What were the 2025 FATF revisions?

In June 2025, the FATF significantly revised Recommendation 16 to reflect the demands of the growing digital-first economy. The update addressed this new economy’s “payment transparency” needs and expanded the rule’s scope to explicitly combat the financing of fraud and proliferation.

The 2025 update introduced three critical changes for compliance teams:

• Standardized P2P data: For cross-border peer-to-peer (P2P) transfers exceeding $1000, firms should now include the originator’s address and date of birth.
• Chain responsibility: It clarified that the payment chain begins with the first institution to receive a customer’s instruction, preventing compliance gaps in complex FinTech stacks.
• Fraud prevention tools: Firms are now required to adopt technology, such as “Confirmation of Payee” and name-matching tools, to protect customers from misdirected payments and fraud.

While the report noted that 99 jurisdictions have passed or are in the process of passing Travel Rule legislation, the “sunrise issue” remains a persistent challenge. This occurs when a regulated firm attempts to send data to a counterparty in a jurisdiction that has not yet implemented these high standards.

Which countries lead in FATF Travel Rule implementation?

Since the FATF is the global standard-setter for compliance, not a regulator, firms are not legally required to follow its recommendations directly. It is up to individual member states to implement them via domestic laws. Despite the FATF’s 2024 admission that global implementation of the Travel Rule was “lagging”, some jurisdictions have made progress. These include:

1. United States

As mentioned, the Bank Secrecy Act (BSA) has included a section known as the “Travel Rule” since 1996, with the Financial Crimes Enforcement Network (FinCEN) extending these requirements to all VASPs in 2019.

The US maintains a $3,000 domestic and international transfer threshold, though in 2025, increased pressure from FinCEN and the Treasury called for lowering it to $1,000 for international transfers to align with FATF standards.

2. United Kingdom 

Since September 2023, the Financial Conduct Authority (FCA) has required crypto firms to collect, verify, and share information in line with FATF guidance. This applies even when sending funds to a jurisdiction that lacks a Travel Rule.

In late 2025, the UK Parliament passed the Financial Services and Markets Act 2000 (Cryptoassets) Regulations 2025, which further integrated crypto into the broader financial regulatory framework. The FCA continues to require UK firms to “take reasonable steps” to obtain information, even when dealing with VASPs in non-regulated jurisdictions.

3. European Union 

In 2024, the European Banking Authority (EBA) released guidance specifying the information firms had to collect, including names, identity document numbers, and account numbers, and how to proceed when information is missing. 

As of December 30, 2024, the Transfer of Funds Regulation (TFR) and the Markets in Crypto-Assets (MiCA) regulation became fully applicable. 

In 2025, the EBA issued final guidelines on “central contact points” for VASPs to ensure seamless data sharing and reporting across all member states, making the EU one of the most harmonized regions for Travel Rule compliance.

4. Singapore 

Singapore’s Monetary Authority of Singapore (MAS) Notice PSN02 has been in effect since 2020, acting similarly to equivalents in other jurisdictions, although less stringent demands apply for transfers under $1500. 

However, the Financial Institutions (Miscellaneous Amendments) Act 2024, or FIMA Act, which became fully effective in January 2025, expanded the MAS’s powers, allowing for on-site inspections of entities dealing in crypto-derivatives and tightening oversight of cross-border digital payment token (DPT) transmissions.

A guide to anti-money laundering for crypto firms

Our hands-on guide outlines crypto firms' biggest compliance challenges and how they should respond. Read it to find out how to scale a crypto AML program, how to navigate regulatory change, and the threats to look out for.

Download your copy

What are the challenges of implementing the Travel Rule?

Compliance with the Travel Rule and its variants worldwide places significant demands on firms regarding data collection, verification, sharing, and privacy. Specifically, these include:

• Sunrise issue: As the rollout of the Travel Rule has been fragmented, and implementation speeds vary by country, firms often find themselves sending data to a counterparty that is not yet legally required to receive or share it. This means firms operating internationally should consider all relevant regulations and not assume compliance in one jurisdiction means compliance in all. 
• User experience vs. security: Crypto users value speed and simplicity. If a firm’s onboarding and screening processes create excessive friction or delays, customers may migrate to less-regulated platforms. The challenge lies in reducing friction without compromising the effectiveness of AML controls.
• Data security and privacy: Sharing personally identifiable information (PII) across borders creates tension between AML requirements and strict privacy laws such as the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act. It is recommended that firms ensure their data-sharing protocols meet high security standards, such as ISO27001, to avoid liability for confidentiality breaches.
• Rising operational costs: VASPs have only come under regulatory scrutiny relatively recently, with the Travel Rule applying to them only since 2019. Some firms may not be set up to handle the additional work and investment required by manual compliance. These firms should consider the range of available AML software solutions and choose one that suits their needs and is highly cost-effective.
• Self-custody complexity: Interacting with unhosted wallets remains a technical and compliance hurdle, as there is no intermediary on the other side to share data with.

How can firms comply with the FATF Travel Rule?

As the volume and velocity of digital asset transfers continue to grow, relying on manual compliance checks is becoming increasingly unsustainable. To meet the FATF Travel Rule requirements, FIs and VASPs should adopt a technology-first strategy that automates data sharing and enables robust, real-time risk assessment. Key areas of focus include:

1. Risk-based due diligence

Not all transactions carry the same level of risk. A robust compliance program applies a sliding scale of scrutiny based on the customer profile and the nature of the transfer.

• Enhanced due diligence (EDD): Use EDD for high-value transfers or transactions involving high-risk jurisdictions.
• Source of funds: Depending on the risk level, firms should require additional identifying materials or perform source of funds (SOF) and source of wealth (SOW) checks to verify the legitimacy of the assets involved.

2. Standardized data sharing

Firms should implement secure information-sharing measures alongside their standard customer data collection. This ensures the necessary data is transmitted to intermediary or beneficiary institutions instantly during a transaction.

• Application programming interface (API)- first approach: An API enables different software components to exchange information automatically. In its guidance on implementing the Travel Rule, the FATF explicitly advises firms to make use of API technology to integrate AML workflows with risk data.
• Security standards: Firms should ensure their sharing solutions meet global data security standards, including GDPR and ISO27001, to protect sensitive user information during transit.

3. Real-time screening

To detect red flags and reduce the risk of VAs’ misuse, firms should implement a payment screening solution that uses real-time sanctions and watchlist data.

• Proactive compliance: Implement solutions that screen originators and beneficiaries against global sanctions and politically exposed persons (PEPs) lists in real-time before the “travel” data is sent.
• Know your customer (KYC) integration: All FIs and VASPs should collect specific data to follow KYC best practices and identify AML risks at the point of entry.
• Reporting: If any information attached to a payment indicates involvement in money laundering (ML) or terrorist financing (TF), it is required that firms investigate and report suspicious activity to their local financial intelligence unit (FIU).

4. Fraud prevention tools

A key development in 2025 was the heightened focus on “fraud and error” prevention. VASPs are expected to take proactive steps to ensure transaction integrity.

• Verification: Adopt tools that can pre-validate wallet addresses and beneficiary names to meet the 2025 “fraud and error” mandate. This reduces the risk of funds being sent to unintended or illicit recipients due to typos or spoofing.

AI-powered compliance tools for Travel Rule-obligated firms

At ComplyAdvantage, our global customer base includes firms that provide services related to cryptocurrency and VAs. We provide tailored compliance solutions enhanced with artificial intelligence (AI) and machine learning (ML) to meet the massive data requirements of the Travel Rule without slowing transaction speeds.

ComplyAdvantage’s advanced AML solutions come with:

• Real-time global risk data: We move beyond third-party lists by maintaining our own comprehensive risk database. We ingest data directly from source – including sanctions lists, PEP registers, watchlists, and corporate registries – as well as processing approximately 8 million articles daily for adverse media. Our ingestion pipeline picks up sanctions changes in under a minute, with full availability for screening within hours, ensuring your Travel Rule checks are based on the most current global intelligence.
• High straight-through processing (STP): Our Payment Screening solution achieves a 99% STP success rate. By utilizing advanced machine learning and probabilistic scoring algorithms, we reduce false positives by up to 82% compared to industry baselines. This allows the vast majority of transactions to process instantly (with a latency target of 200-250ms), ensuring that rigorous compliance and business growth go hand in hand.
• Scalable API-based integration: By providing a single integration point, we eliminate the need for disconnected legacy systems and provide a unified risk view across your entire compliance workflow – from initial screening to ongoing monitoring.
• Full data security compliance: We adhere to the highest international security standards, including ISO 27001 certification and SOC 2 Type II compliance. Our architecture ensures all sensitive information is protected with enterprise-grade encryption and immutable audit logs for every decision, ensuring your data meets both global protection requirements and strict AML regulatory mandates.