← Back to Blog
Compliance

FATF Travel Rule: A Plain-English Guide for Crypto Founders

By Rahul Pareek·June 2026·7 min read

Table of Contents

  1. What Is the FATF Travel Rule?
  2. Who Does It Apply To?
  3. What Does It Require?
  4. India & Global Status
  5. How to Comply
  6. FAQs

What Is the FATF Travel Rule?

The Financial Action Task Force (FATF) Travel Rule — formally Recommendation 16 — requires Virtual Asset Service Providers (VASPs) to collect, verify, and transmit information about the originators and beneficiaries of cryptocurrency transactions above a certain threshold.

Think of it as the crypto equivalent of the wire transfer rules that banks have followed for decades. When a bank sends money internationally, it must include the sender's and recipient's details in the transaction. The Travel Rule extends this requirement to crypto.

The threshold: Transactions of USD/EUR 1,000 or equivalent trigger Travel Rule obligations in most jurisdictions. India's threshold under the Prevention of Money Laundering Act (PMLA) follows similar international standards.

Who Does the Travel Rule Apply To?

The Travel Rule applies to Virtual Asset Service Providers (VASPs) — a broad category that includes:

  • Cryptocurrency exchanges (centralized and increasingly decentralized)
  • Crypto wallet providers with custodial control
  • NFT marketplaces facilitating financial transactions
  • DeFi protocols with identifiable operators
  • Token issuers conducting public sales
  • Crypto payment processors

If your platform facilitates the transfer, exchange, or storage of crypto assets and you have identifiable users, you are likely a VASP subject to Travel Rule obligations.

⚠ The "we're decentralized" argument: Regulators are increasingly rejecting decentralization as a Travel Rule exemption. If your protocol has an identifiable interface, admin keys, or a team that profits from operations, you may be treated as a VASP. The Tornado Cash case is the clearest example of this approach.

What Does the Travel Rule Require?

At its core, the Travel Rule requires VASPs to:

  1. Collect originator information (name, account number, address or national ID, date of birth)
  2. Collect beneficiary information (name, account number)
  3. Transmit this information securely to the receiving VASP before or simultaneously with the transaction
  4. Screen both parties against sanctions lists (OFAC, UN, EU consolidated lists)
  5. Store records for at least 5 years

The challenge is that unlike the traditional banking system, there is no universal messaging standard for crypto Travel Rule data transmission. Several protocols have emerged — TRISA, TRP, and OpenVASP — but interoperability remains a challenge.

India & Global Implementation Status

India brought Virtual Digital Assets (VDAs) under the PMLA in March 2023 — a major regulatory step that made Indian crypto businesses subject to AML/CFT obligations including Travel Rule-equivalent requirements. The Financial Intelligence Unit India (FIU-IND) is the primary regulator.

Globally, major jurisdictions have implemented or are implementing the Travel Rule:

  • USA: FinCEN Travel Rule in effect for transfers above ,000
  • EU: MiCA and Transfer of Funds Regulation (TFR) — no minimum threshold
  • Singapore: MAS Travel Rule in effect since 2020
  • UAE: VARA Travel Rule requirements for licensed VASPs
  • India: PMLA obligations since 2023, FIU-IND enforcement active

How to Comply: A Practical Checklist

  • Implement a VASP-compliant KYC flow for all users transacting above thresholds
  • Integrate a Travel Rule solution provider (Notabene, Sygna, Chainalysis KYT) for VASP-to-VASP data transmission
  • Deploy real-time sanctions screening against OFAC SDN list, EU consolidated list, and UN sanctions list
  • Establish a transaction monitoring policy with defined thresholds and escalation procedures
  • Implement a VASP counterparty due diligence process — verify receiving VASPs are legitimate
  • Register with FIU-IND if operating in India (mandatory for all VDA service providers)
  • Maintain records for 5+ years in a format accessible to regulators

Practical tip: For early-stage projects, the fastest path to Travel Rule compliance is integrating a compliance-as-a-service provider rather than building in-house. The cost is far lower than the regulatory risk of non-compliance.

Frequently Asked Questions

Truly peer-to-peer transactions between unhosted wallets are generally not subject to Travel Rule obligations. However, when one side of the transaction involves a VASP (exchange, custodian), Travel Rule obligations apply to that VASP. Regulators are pushing for unhosted wallet identification requirements as well.
Consequences include regulatory fines, license revocation, criminal prosecution of directors, and banking relationship termination. India's FIU-IND has the authority to impose penalties under PMLA. The Tornado Cash case showed that even smart contract protocols are not immune.
KYC (Know Your Customer) is the process of verifying your own users' identities. The Travel Rule adds a transmission requirement — you must share that identity information with other VASPs when your users send or receive funds. KYC is a prerequisite for Travel Rule compliance, but Travel Rule goes further by requiring inter-VASP data sharing.
Need Help?

Build a Travel Rule compliance framework

Web3Legals designs VASP-compliant KYC/AML frameworks tailored to your platform. Book a free discovery call to get started.

Book a Free Call →