Travel Rule compliance for crypto exchanges: evidence that survives an exam
The Travel Rule is not hard to understand. It is hard to evidence. The originator and beneficiary data, the counterparty VASP, the sanctions screen, and the wallet exposure are produced by different tools and live in different places. Here is what the rule requires, and how to keep per-transfer evidence on one record.
What the Travel Rule requires
The Travel Rule requires the institution sending a qualifying transfer to pass originator and beneficiary information to the receiving institution. In the United States it sits in the Bank Secrecy Act recordkeeping and transmittal rules and applies to transmittals of 3,000 dollars or more. Internationally, FATF Recommendation 16 extends the same idea to virtual-asset service providers (VASPs) with a de minimis around 1,000 dollars or euros, and the EU Transfer of Funds Regulation applies it to crypto-asset transfers with no de minimis.
The obligation is simple to state. The data points are name, account or wallet reference, and, depending on the regime, physical address or identifier for both the originator and the beneficiary, exchanged at or before settlement. Confirm the exact fields and thresholds against the rule that supervises you, since they vary by jurisdiction and have been revised.
Why crypto makes it hard
Four things make the Travel Rule harder for a crypto business than for a bank.
- Pseudonymity. A wallet address is not a name. Identifying the counterparty VASP behind an address is its own step.
- Unhosted wallets. When the other side is self-custody, there is no VASP to exchange data with, and your obligation shifts to collecting and screening on your own side.
- The sunrise problem. Adoption is uneven across jurisdictions, so a counterparty may not yet be obligated or able to receive the message.
- Protocol fragmentation. Travel Rule messaging runs across multiple competing protocols, so a single transfer can involve a provider, a protocol, and a counterparty that each record state differently.
The evidence an examiner expects
For any given transfer, a defensible file shows the originator and beneficiary information, the counterparty VASP and how it was identified, the protocol used and whether the message was sent and acknowledged, the sanctions screening result on the counterparty, and the disposition. Each of those is produced by a different tool: the Travel Rule provider, the sanctions screen, the blockchain-analytics tool, and your own KYC record. The only way to put them in one place today is to copy them there.
One record per customer: every Travel Rule signal in one place
FinQub is the single source of truth for fintech risk decisions. It sits alongside your Travel Rule provider, your sanctions and chain-analytics tools, and your KYC vendor, and lands every signal each one produces on one record per customer.
FinQub does not send the message. Your Travel Rule provider still performs VASP discovery and the secure data exchange. What FinQub adds is the record those outcomes land on: the counterparty VASP identification, the message status, the sanctions result, and the wallet exposure are on one record, so a per-transfer question is answered with a query, not a walk across dashboards.
Signals, not decisions. A wallet-exposure score or a sanctions hit is a signal. Your rulebook or your analyst makes the call on whether to proceed, hold, or escalate, and FinQub records that decision, who made it, and the evidence it stood on.
The file survives the exam. Because every transfer, signal, and decision is on the record with the policy version that applied, the look-back an examiner runs is a query and a signed exam packet, not a reconstruction across three vendor consoles.
A checklist for tightening your Travel Rule evidence
- Confirm the threshold and the required fields for every jurisdiction you transmit in.
- Make sure the counterparty VASP identification and the message status land on the same record as the customer's KYC and the wallet exposure.
- Keep the sanctions screening result on the counterparty attached to the transfer, not in a separate tool.
- Define how unhosted-wallet transfers are handled and recorded, since the obligation differs.
- Confirm you can produce per-transfer evidence on one query for any past transfer an examiner asks about.
Frequently asked questions
What threshold triggers the Travel Rule?
It depends on the regime. The FinCEN Travel Rule applies to transmittals of 3,000 dollars or more. FATF Recommendation 16 sets a de minimis of 1,000 dollars or euros for virtual-asset transfers, which many jurisdictions have adopted. The EU Transfer of Funds Regulation applies to crypto-asset transfers with no de minimis. Confirm the current threshold for each jurisdiction you operate in, since they have moved and continue to.
Does the Travel Rule apply to unhosted (self-custody) wallets?
The originator and beneficiary information requirement is between obligated institutions (VASPs). For transfers to or from an unhosted wallet, your obligations shift toward collecting and verifying counterparty information on your own customer's side and screening the wallet. Treatment varies by jurisdiction, so map it to the rule that supervises you.
Does FinQub send the Travel Rule message for me?
No. Your Travel Rule provider (such as Notabene, Sumsub Travel Rule, or Veriff) handles VASP discovery and the secure exchange of originator and beneficiary data. FinQub is the record those signals land on: the counterparty VASP identification, the message status, the wallet exposure, and the KYC result all sit on one record per customer, so per-transfer evidence is a query rather than a reassembly across dashboards.
What does an examiner expect to see for a Travel Rule transfer?
Per transfer: the originator and beneficiary information, the counterparty VASP and how it was identified, the protocol used and the message status, any sanctions screening result, and the disposition. Today that lives across a Travel Rule provider, a sanctions tool, and a blockchain-analytics tool, so it is reconstructed by hand. On one record it is already together.
FinQub sits beneath your Travel Rule, sanctions, and chain-analytics tools as the single source of truth for fintech risk decisions. See the same pattern applied to SAR evidence, or book a short walkthrough below.