Travel Rule – FinCEN, FATF Rec 16, EU TFR

The Travel Rule is a Bank Secrecy Act regulation (31 CFR § 1010.410(f)) that requires financial institutions to pass along specific originator and beneficiary information when transmitting funds. Adopted in 1996 for traditional wire transfers, the rule was extended to convertible virtual currency through 2019 FinCEN guidance and a 2020 NPRM. FATF Recommendation 16 is the international counterpart adopted by most G20 jurisdictions, and the EU's Transfer of Funds Regulation (Regulation (EU) 2023/1113) extended the rule to crypto-asset service providers from 2024-12-30.

Information that has to travel

For traditional wires above USD 3,000 in the U.S.: originator's name, account number, and address; the amount and date; the identity of the originator's and beneficiary's financial institutions; and the beneficiary's name and address (when received). For virtual-currency transmissions, the FATF Rec 16 information set is similar, with a USD/EUR 1,000 threshold in many jurisdictions and a 0 EUR threshold under the EU TFR. The Canadian PCMLTFA threshold is CAD 1,000.

Who is subject

Banks, broker-dealers, money services businesses, and now virtual asset service providers (VASPs). U.S. crypto MSBs and exchanges are squarely in scope. Canadian FINTRAC-registered MSBs dealing in virtual currency are in scope at CAD 1,000. The EU TFR brings every crypto-asset service provider into scope. National implementations vary on threshold, scope of exempt activities, and operational expectations.

Why the Travel Rule is hard for crypto

Three structural reasons:

• Public-ledger pseudonymity. Crypto transactions on Bitcoin, Ethereum, and most other chains do not natively carry originator or beneficiary identity. The wallet address is a pseudonym; identity has to be matched to the address out of band.
• Unhosted-wallet counterparties. When the destination is a self-custodied wallet, there is no VASP on the other side to receive the Travel Rule message. The compliance posture differs.
• Protocol fragmentation. No single VASP-to-VASP messaging standard achieved universal adoption. TRP, TRUST, Sygna Bridge, OpenVASP, and several others compete with imperfect interoperability. Sending a message in a protocol the recipient does not run is functionally a non-delivery.

The sunrise issue

"Sunrise" describes the period during which different jurisdictions and different VASPs adopt the Travel Rule on different timelines. A VASP in a jurisdiction with full Rec 16 adoption may try to send a Travel Rule message to a VASP in a jurisdiction that has not yet adopted, or to a VASP that has chosen a non-interoperable protocol. Sunrise gaps are real compliance risk – sending a transaction without the required information when the destination cannot receive it does not absolve the originating VASP of its obligation. Documenting attempts and the counterparty posture matters for examiner conversations.

Unhosted wallets

Transmissions to or from a self-custodied wallet are not VASP-to-VASP and therefore raise different problems. The 2020 FinCEN NPRM proposed reporting and recordkeeping requirements for unhosted-wallet transactions above specific thresholds (USD 10,000 reporting; USD 3,000 recordkeeping). The proposal has not been finalized, and the U.S. posture remains in flux. The EU TFR took a different approach with verification requirements at the EUR 1,000 threshold for transfers with unhosted-wallet counterparties.

Evidence Travel Rule compliance produces

• Counterparty due-diligence records distinguishing VASPs from unhosted wallets
• Originator and beneficiary information capture per transmittal
• Travel Rule message records (sent and received) linked to the underlying blockchain transaction hash
• Non-interoperability records explaining when a Travel Rule message could not be delivered and what was done
• Counterparty risk assessments, refreshed on a documented cadence
• SAR/STR filings when sanctions or suspicious-activity flags trigger

How FinQub supports Travel Rule compliance

FinQub orchestrates Travel Rule providers – Notabene, Sumsub Travel Rule, Veriff Travel Rule, and others – alongside the institution's broader KYC, sanctions, and transaction-monitoring stack. Counterparty VASP identification, unhosted-wallet detection, originator and beneficiary capture, and Travel Rule message dispatch and receipt are logged to a hash-chained audit trail tagged with the applicable framework (BSA, FATF Rec 16, EU TFR, PCMLTFA).

Per-transmittal evidence – the protocol used, the counterparty, the message status, and the disposition – is queryable rather than reassembled across vendor dashboards. When a vendor changes or when a new protocol gains adoption, the orchestration layer absorbs the change without breaking continuity of evidence.