The crypto Travel Rule is a regulatory requirement that mandates cryptocurrency service providers, such as exchanges, to share transaction information to prevent money laundering and illicit activities. This information that must be shared includes the details of the sender and receiver for cryptocurrency transfers above a certain threshold.
The Travel Rule is required by the money laundering and anti-terrorist financing watchdog Financial Action Task Force (FATF) to prevent these illicit activities. It was first adopted by the FATF in 2016 and updated in 2021 to apply to businesses that conduct crypto-related transactions.
FATF intergovernmental activities initiate policies for G7 countries and around 30 more participating nations. Regulators have interpreted and applied the crypto Travel Rule differently; some were relatively early adopters, such as the United States and Canada. Others, like the United Kingdom in August 2023, have more recently put the crypto Travel Rule into effect.
In many countries, the threshold for affected transactions is equivalent to $1,000; in the U.S., it’s higher at $3,000. This means that everyday users of cryptocurrency need to share identifying information with cryptocurrency exchanges and service providers, and both users and exchanges must adopt additional data privacy protection. Transfers to regions or businesses not complying with the Travel Rule can be subject to additional checks or even rejected, so it’s important to understand the Travel Rule for crypto assets and the implications.
What is the crypto Travel Rule?
Recommendations by the FATF are designed to prevent money laundering and anti-terrorist financing and ensure compliance with Anti-Money Laundering (AML) policies. The anonymity, or pseudonymity, of many cryptocurrencies has historically caused concern for governments and regulators because of their evident potential to enable anonymous transfers of money across borders generated by or to be used in criminal activities.
The crypto Travel Rule requirements for virtual asset service providers (VASPs), including cryptocurrency exchanges, banks, over-the-counter (OTC) traders, hosted wallets, crypto custodial solutions, and other financial and DeFi bodies, are that they clearly identify the origins and destinations of crypto transactions above the given jurisdiction’s set threshold.
FATF recommendations supersede similar rules imposed by the Financial Crimes Enforcement Network under the U.S. Bank Secrecy Act. These existing regulations made adopting the Travel Rule easier for the United States.
It’s up to FATF members, participating countries and FATF-style regional bodies to decide whether to implement the FATF Travel Rule recommendations and how. This results in regulations and impacts varying from country to country.
To date, countries that have adopted the crypto Travel Rule include the U.K., U.S., Canada, Singapore, Switzerland, Gibraltar, Malaysia and South Korea. In June 2023, the FATF called for more countries to implement the Travel Rule to prevent criminals from exploiting “loopholes” not protected by regulation.
What is the Financial Action Task Force (FATF)?
Founded in 1989 by the G7 and in Paris, the initial remit of the FATF was to combat money laundering, and this was extended a few years later to include terrorism financing. The body sets international standards to prevent these activities and the harm they cause, and it works to bring about legislative and regulatory reform to achieve these standards.
It currently has 39 members, with a total of 200 countries committing to implement its standards as a global response to these detrimental issues.
How does the crypto Travel Rule apply to digital asset transfers?
Under the crypto Travel Rule, VASPs and cryptocurrency businesses must share customer information with each other when transferring cryptocurrency, or digital assets, above the threshold. This personally identifiable information (PII) must include:
- Name and wallet address of the sender
- Sender’s physical address, national identity number, customer identity number, or date and place of birth
- Name and wallet address of the recipient.
The Travel Rule also states that transfers below the set threshold should include the names and account numbers of the sender and recipient but that the information does not have to be verified unless there is suspicion of money laundering or terrorist financing activities.
Why is the crypto Travel Rule important?
The crypto Travel Rule allows law enforcement to request and obtain transaction details from VASPs and cryptocurrency businesses. This means that illicit actors who use cryptocurrencies to support their activities can be traced, which serves as a preventative measure, as they can no longer take advantage of the anonymity some cryptocurrencies and VASPs provide.
Ultimately, the Travel Rule aims to prevent money laundering via crypto assets, prevent terrorist financing and payments to sanctioned recipients, and support reporting suspicious activities.
What are the implications of the Travel Rule for VASPs and cryptocurrency exchanges?
Cryptocurrency businesses that comply with the Travel Rule must find ways to collect and share customer information without exposing it to cybersecurity and data privacy attackers and hackers. VASPs must also navigate the varied implementation of the Travel Rule from country to country.
Not only do cryptocurrency businesses need to acquire information themselves safely, but they must also undertake due diligence checks for recipient VASPs and cryptocurrency exchanges. In short, anyone enabling the transfer of cryptocurrencies with associated customer data must ensure they are sending it to a safe place.
To help meet this new challenge of creating interoperable systems for compliance, Paxos, with partner members including Coinbase, Circle, Gemini and Kraken, introduced Travel Rule Universal Solution Technology. This initiative aims to aid cryptocurrency exchange compliance in the U.S. and beyond, with exchanges obliged to meet security and privacy requirements.
Binance and Crypto.com chose another technology solution, Traveler, from crypto intelligence company CipherTrace. In 2020, CipherTrace chief analyst John Jefferies succinctly outlined the impact on the cryptocurrency sector:
“Travel Rule enforcement is simultaneously the biggest milestone and the biggest setback for crypto. It has and will continue to force a level of maturity that will enable the industry to grow into an institutionally accepted asset class. [...] It also presents an existential threat for many exchanges and poses potential privacy issues for users.”
Though the crypto Travel Rule has challenged VASPs, it also means these companies can understand their customers better, contribute to money laundering and terrorist finance prevention, and more greatly manage risks from customers and transactions. Through compliance and adopting AML and Know Your Customer checks, cryptocurrency businesses have begun to operate like conventional financial institutions.
How does the crypto Travel Rule affect cryptocurrency users?
The crypto Travel Rule also impacts cryptocurrency users, who now must provide additional information to VASPs and exchanges and protect themselves against hacks and data leaks that could result from doing so. There is additional risk from illicit or fake VASPs who might use legislation as an opportunity to collect user data, as well as from oppressive regimes seeking to control legitimate users of cryptocurrencies.
Additionally, there is the potential for VASPs complying with regulations to scrutinize or even refuse cross-border cryptocurrency transfers from overseas entities that still need to commit to Travel Rule compliance. Some global regulators have also extended the rule to self-hosted wallet transactions.
Emerging cryptocurrency transaction regulations can be controversial as, by definition, they begin to centralize and control a technology and means of money transfer originally created to be peer-to-peer, without borders and beyond third-party influence.
In this case, the crypto Travel Rule has significant implications and has its fair share of challenges for cryptocurrency businesses and risks for users. However, on the flip side, appropriate cryptocurrency regulatory frameworks can serve to protect cryptocurrency users and broader society. It’s difficult to argue against the benefits of preventing criminal activities or halting the funding of terrorist activities.