Travel Rule: CASP Compliance Implementation Guide
Introduction
Tracking every crypto transfer, now a mandatory European obligation for CASPs.
The Travel Rule requires crypto service providers to share originator and beneficiary information during digital asset transfers. Derived from FATF recommendations, it is now mandatory in France and strengthened by the European TFR regulation. This practical guide details the requirements and solutions for complying with this complex obligation.
What you will learn:
- The origins and legal framework of the Travel Rule
- Thresholds and information to transmit
- Technical challenges specific to blockchain
- Available solutions and protocols
- Practical compliance for CASPs
Table of Contents
- Understanding the Travel Rule
- European Regulatory Framework (TFR)
- Information to Collect and Transmit
- Thresholds and Scope
- Specific Technical Challenges
- Solutions and Protocols
- Non-Custodial Wallets (Unhosted)
- Practical Compliance
- Sanctions and Controls
- FAQ
1. Understanding the Travel Rule
From bank transfers to crypto-assets, the evolution of a global anti-money laundering standard.
Origins: FATF Recommendation 16
The Travel Rule originated in FATF (Financial Action Task Force) Recommendation 16:
"Countries should ensure that financial institutions include required and accurate originator information and beneficiary information during electronic transfers." — FATF, Recommendation 16
History:
| Date | Event |
|---|---|
| 1996 | Creation of Travel Rule for bank transfers |
| 2019 | Extension to virtual assets by FATF |
| 2023 | Adoption of TFR regulation in Europe |
| 2024 | TFR entry into force |
| 2025 | Full application with enhanced controls |
Objective: Flow Traceability
Travel Rule purposes:
- Anti-money laundering: identify the origin of funds
- Counter-terrorism financing: trace suspicious flows
- International sanctions: detect sanctioned persons
- Transparency: create an audit trail
Crypto Specificity
The unique challenge of Travel Rule applied to crypto-assets:
| Traditional Finance | Crypto-Assets |
|---|---|
| Interbank network (SWIFT) | Multiple blockchains |
| Bank identification | VASP identification |
| Centralized infrastructure | Decentralized infrastructure |
| Established standards | Developing protocols |
2. European Regulatory Framework (TFR)
TFR harmonizes traceability obligations for all European CASPs.
The TFR Regulation
Regulation (EU) 2023/1113 on information accompanying transfers of funds (TFR - Transfer of Funds Regulation) extends Travel Rule to crypto-assets:
"This Regulation lays down rules concerning information on originators and beneficiaries accompanying transfers of funds and crypto-assets." — Article 1, TFR Regulation
Scope
Entities concerned:
- Crypto-Asset Service Providers (CASP/PSAN)
- Credit institutions providing crypto services
- Payment institutions
- Electronic money institutions
Covered transfers:
- Transfers between two CASPs
- CASP → unhosted wallet transfers (with conditions)
- Unhosted wallet → CASP transfers (with conditions)
- Internal transfers within the same CASP
Articulation with MiCA
┌─────────────────────────────────────────────────────────────┐
│ EU CRYPTO REGULATION │
│ │
│ ┌─────────────────────┐ ┌─────────────────────┐ │
│ │ MiCA │ │ TFR │ │
│ │ │ │ │ │
│ │ • CASP license │ │ • Travel Rule │ │
│ │ • Governance │ │ • Transfer info │ │
│ │ • Client protection│ │ • Thresholds │ │
│ │ • White papers │ │ • Unhosted wallets │ │
│ └─────────────────────┘ └─────────────────────┘ │
│ │ │ │
│ └────────────┬────────────┘ │
│ │ │
│ ▼ │
│ ┌─────────────────────────┐ │
│ │ Compliant CASP/PSAN │ │
│ └─────────────────────────┘ │
└─────────────────────────────────────────────────────────────┘
3. Information to Collect and Transmit
Name, address, wallet: collect and transmit data for each transfer.
Originator Information
Mandatory data:
| Information | Natural Person | Legal Entity |
|---|---|---|
| Name | First name and surname | Company name |
| Address | Full address | Registered office |
| Account number | Wallet address / identifier | Same |
| Verification | Identity document | Registration documents |
| Identification number | Optional (date/place of birth) | Company number/LEI |
Beneficiary Information
Mandatory data:
| Information | Requirement |
|---|---|
| Name | Full name (individual) or company name (entity) |
| Wallet address / identifier | Mandatory |
| Address | If no identification number |
| Identification number | Alternative to address |
Data Format
Formatting standards:
{
"originator": {
"name": "John Smith",
"accountNumber": "0x1234...5678",
"address": {
"street": "12 Main Street",
"city": "Paris",
"postalCode": "75002",
"country": "FR"
},
"dateOfBirth": "1985-03-15",
"placeOfBirth": "London, UK"
},
"beneficiary": {
"name": "Marie Martin",
"accountNumber": "0xabcd...ef01"
},
"transfer": {
"amount": "1.5",
"asset": "ETH",
"timestamp": "2025-01-15T10:30:00Z",
"txHash": "0x7890...1234"
}
}
4. Thresholds and Scope
Zero threshold: unlike fiat, all crypto transfers are covered.
Absence of Threshold for Crypto-Assets
Major difference from fiat transfers:
| Transfer Type | Travel Rule Threshold |
|---|---|
| Classic bank transfer | €1,000 |
| Crypto transfer (TFR) | No threshold |
⚠️ Critical point: Unlike traditional transfers, ALL crypto-asset transfers are subject to the Travel Rule, regardless of amount.
Exceptions and Special Cases
Exempt transfers:
- Prepaid cards/instruments: if strict conditions are met
- Internal transfers: between accounts of the same client at the same CASP
- Conversion without transfer: buy/sell without on-chain movement
Threshold for Unhosted Wallets
Specific regime above €1,000:
For transfers to/from unhosted (self-hosted) wallets:
- Below €1,000: information collected but not systematically verified
- Above €1,000: wallet ownership verification mandatory
5. Specific Technical Challenges
Identifying the destination CASP before the blockchain transfer, a major challenge.
The Counterparty Identification Problem
Fundamental challenge: How to identify the destination CASP before making the blockchain transfer?
CASP A (sender) CASP B (receiver)
│ │
│ 1. Client requests send │
│ to 0xABCD... │
│ │
│ 2. Who controls 0xABCD... ? │
│ └──▶ UNKNOWN │
│ │
│ 3. How to send Travel │
│ Rule info? │
│ └──▶ UNKNOWN │
│ │
▼ ▼
Blockchain transaction completed
│
└──▶ Too late for Travel Rule!
Solutions to the Identification Problem
Approaches developed:
- VASP Discovery: protocols to identify the CASP controlling an address
- Address Ownership Proof: proofs of address control
- Messaging Layer: inter-CASP communication layer
- Centralized registries: databases of known addresses
Protocol Interoperability
Current fragmentation: Multiple Travel Rule protocols coexist without perfect interoperability:
| Protocol | Adoption | Regions | Interoperability |
|---|---|---|---|
| TRISA | Medium | US, Global | Via bridges |
| OpenVASP | Medium | Europe | Open standard |
| Sygna | Medium | Asia | Proprietary |
| Notabene | High | Global | Multi-protocol |
| TRP (21 Analytics) | Medium | Europe | Open standard |
6. Solutions and Protocols
TRISA, OpenVASP, Notabene: choose the solution adapted to your infrastructure.
TRISA Protocol (Travel Rule Information Sharing Alliance)
Characteristics:
- Open source
- Based on PKI certificates
- Decentralized network of nodes
- Consortium governance
Operation:
┌─────────────┐ ┌─────────────┐
│ CASP A │ │ CASP B │
│ │ │ │
│ 1. Lookup │──────────────────────▶│ │
│ TRISA │ │ │
│ │◀──────────────────────│ 2. Response │
│ │ (CASP B identity) │ │
│ │ │ │
│ 3. Send │──────────────────────▶│ │
│ Travel │ (encrypted Travel │ │
│ Rule │ Rule data) │ │
│ info │ │ │
│ │◀──────────────────────│ 4. ACK │
│ │ │ │
│ 5. Blockchain transaction │ │
└─────────────┘ └─────────────┘
OpenVASP Protocol
Characteristics:
- Open European standard
- Based on Ethereum (initially)
- Swiss foundation governance
- Interoperable with other protocols
Commercial Solutions
Notabene:
- Market leader
- Unified multi-protocol interface
- Simple API integration
- Compliance dashboard
Chainalysis / TRM Labs:
- Travel Rule integration in their suites
- Analytics + Compliance
- Unhosted wallet detection
21 Analytics (TRP):
- European solution
- EU regulatory focus
- Open source (TRP protocol)
Solution Comparison Table
| Solution | Type | Estimated Price | Strengths |
|---|---|---|---|
| Notabene | Commercial SaaS | $$$ | Complete, multi-protocol |
| TRISA | Open source | $ (infra) | Decentralized, free |
| Sygna | Commercial SaaS | $$ | Strong in Asia |
| 21 Analytics | Commercial + open | $$ | Europe focus |
| Chainalysis | Integrated suite | $$$$ | Analytics included |
7. Non-Custodial Wallets (Unhosted)
Above one thousand euros, verify unhosted wallet ownership.
Definition and Issues
Unhosted wallet: A wallet where the user directly controls the private keys, without intermediary (e.g., MetaMask, Ledger, paper wallet).
Regulatory problem:
- No identifiable counterparty CASP
- Risk of use to circumvent Travel Rule
- Balance between privacy and traceability
TFR Requirements for Unhosted Wallets
Transfers > €1,000 to/from an unhosted wallet:
- Information collection: name, address of wallet owner
- Ownership verification: prove that the client controls the address
- Risk assessment: enhanced vigilance if necessary
- Documentation: preservation of evidence
Ownership Verification Methods
Accepted techniques:
| Method | Description | Reliability |
|---|---|---|
| Cryptographic signature | Message signed with private key | High |
| Micro-transaction | Sending a specific amount | Medium |
| Screenshot | Wallet screenshot | Low |
| Video | Transaction recording | Medium |
| Satoshi test | Specific micro-amount | Medium |
Cryptographic signature (recommended):
Sample message:
"I, [Name], confirm that I am the owner of address
0x1234...5678 for [CASP Name] on [Date]."
Signature:
0x7890abcd...ef12
Verification:
ecrecover(message, signature) == 0x1234...5678 ✓
Limits and Risks
Potential flaws:
- Wallet may be controlled by a third party (nominee)
- Signatures reused between CASPs
- Multi-sig wallets with multiple beneficiaries
- Complex smart contracts
8. Practical Compliance
Three to six months to integrate Travel Rule into your operational processes.
Compliance Plan
Phase 1: Assessment (1-2 months)
- Mapping of transfer flows
- Identification of current gaps
- Technical solution selection
- Budgeting
Phase 2: Implementation (2-4 months)
- Travel Rule solution integration
- Internal process development
- Team training
- Pre-production testing
Phase 3: Deployment (1-2 months)
- Progressive production rollout
- Monitoring of matching rates
- Adjustments
- Documentation
Compliance Checklist
Processes:
- Originator information collection procedure
- Beneficiary information collection procedure
- Inter-CASP transmission process
- Reception and verification process
- Transmission failure management
- Unhosted wallet management
- Ownership verification (unhosted wallets > €1,000)
Technical:
- Travel Rule solution integrated
- API functional with protocols
- Logs and audit trails
- Data encryption in transit
- Secure data storage
Organizational:
- Travel Rule officer designated
- Team trained
- Procedures documented
- Monitoring indicators defined
- Regulatory reporting prepared
Monitoring Indicators
Travel Rule KPIs:
| Indicator | Target | Description |
|---|---|---|
| Matching rate | > 90% | Transfers with complete info |
| Transmission delay | < 24h | Time between request and send |
| Failure rate | < 5% | Transfers without counterparty response |
| Unhosted verifications | 100% | Wallets > €1,000 verified |
9. Sanctions and Controls
Up to €5 million fine or license withdrawal for non-compliance.
Sanction Regime
Possible sanctions in France:
| Violation | Sanction |
|---|---|
| Travel Rule non-compliance | Fine up to €5M or 10% revenue |
| Transfer without information | Possible blocking by authority |
| Absence of procedures | Warning, formal notice |
| Repeat offense | Registration withdrawal |
AMF/ACPR Controls
Control procedures:
- Document-based controls (documentation request)
- On-site controls (inspection)
- Transaction tests (mystery shopping)
- Activity report analysis
Typical control points:
- Existence of procedures
- Effective application
- Transfer compliance rate
- Exception management
- Staff training
Emerging Case Law
⚠️ To watch: First sanctions for Travel Rule non-compliance are starting to fall in other jurisdictions (Singapore, South Korea). Europe should follow.
10. FAQ
General Questions
Q: Does Travel Rule apply to transfers between my own wallets?
A: If both wallets are at the same CASP and belong to the same client, Travel Rule does not apply (internal transfer). If one wallet is external (other CASP or unhosted), it applies.
Q: What to do if the destination CASP does not support Travel Rule?
A: You must still collect the information and attempt to transmit it. In case of repeated failure, enhanced risk assessment is required, and you may have to refuse the transfer.
Q: Does Travel Rule apply to NFTs?
A: NFTs that constitute crypto-assets within the meaning of MiCA are covered. Purely artistic NFTs without payment function could be excluded, but analysis is case by case.
Technical Questions
Q: How to identify the destination CASP of an address?
A: Via Travel Rule protocols (TRISA, OpenVASP, etc.) that allow "VASP discovery." Some solutions also maintain databases of known addresses.
Q: Are transfers to DEXs covered?
A: DEXs without custodian (truly decentralized) are not CASPs. Transfer to a DEX smart contract is treated as a transfer to unhosted wallet with associated verifications.
Practical Questions
Q: What budget for compliance?
A: SaaS solutions generally cost between €1,000 and €10,000/month depending on volume. Technical integration represents €20-50k. First-year total is €50-150k for an average CASP.
Q: How long to achieve compliance?
A: Between 3 and 6 months depending on your infrastructure complexity and existing preparation level.
Conclusion
Travel Rule is now an unavoidable obligation for any CASP operating in Europe. Despite technical challenges linked to the decentralized nature of blockchains, solutions exist and are progressively standardizing.
Key points to remember:
- Absolute obligation: all transfers are covered (no threshold)
- Extended information: originator + beneficiary for each transfer
- Unhosted wallets: ownership verification > €1,000
- Mature solutions: Notabene, TRISA, OpenVASP and others
- Interoperability: still imperfect, improving
- Real sanctions: controls and fines possible
Recommendations for CASPs:
✅ Choose a Travel Rule solution now ✅ Integrate Travel Rule into existing processes ✅ Train operational teams ✅ Monitor compliance rates ✅ Anticipate regulatory developments ✅ Participate in industry working groups
Travel Rule is not just a regulatory constraint: it contributes to the legitimization of the crypto sector and building a trusted ecosystem.
📚 Related Articles — Professional Compliance
Article updated December 2025. Information presented is educational and does not constitute legal advice. Consult a qualified professional for your specific situation.