The rise of cryptocurrencies has brought an evolution in financial regulations to mitigate the risks associated with the sector. One such measure is the FATF's Travel Rule.

Initially, the Travel Rule only applied to financial institutions; however, in 2019, the FATF expanded its recommendations to include VASPs Virtual Asset Service Providers.

Key requirements

For VA transfers under the 1,000 USD/EUR threshold, FATF recommends to collect the following information:

• The name of the originator (sender) and the beneficiary (recipient).
• The VA wallet address for each or a unique transaction reference number.

For transfers exceeding the above threshold, VASPs should collect:

• The originator’s name.
• The originator’s account number for the account used to process the transaction (e.g., wallet address).
• The originator’s physical (geographical) address, national identity number, and customer identification number (i.e., not a transaction number) that uniquely identifies the originator to the ordering institution or date and place of birth.
• The beneficiary’s name.
• The beneficiary’s account number for the account used to process the transaction (e.g., wallet address).

Sumsub’s Travel Rule solution

Sumsub’s Travel Rule check is part of our Transaction Monitoring solution. It includes a multi-level risk evaluation system that helps businesses determine the risk of the counterparty and, hence decide on transacting with it.

The main benefits of using the solution are:

• Seamless integration with your system and other Sumsub products. You can use the Travel Rule check along with other user verification and transaction monitoring features and AML checks to get detailed information about each transaction.
• Most popular data exchange protocols under the hood including TRP, GTR, Sumsub custom protocol, and email notifications, to streamline the Travel Rule data exchange. The system will automatically select the quickest and easiest way to obtain the counterparty data.
• VASP attribution allowing to determine whether the VA Transaction is carried out with a VASP or an Unhosted Wallet and establish the Counterparty VASP's identity.
• Screening of VA transaction participants against watchlists, global sanctions lists (OFAC, UN, HMT, EU, DFT, etc.), and adverse media.
• Secure ecosystem. Access to the most recent verification data and other documentation related to other Travel Rule ecosystem members to ensure quick confirmation of all transactions.
• Straightforward solution for the interoperability and the Sunrise issues.
• Vast functionality that allows you to configure the exact fields when exchanging data to meet specific regulations.
• 8000+ supported virtual assets.
• Crypto wallet scoring mechanism that lets our clients set up automated transaction rejection based on the wallet's status.

Travel Rule challenges

Since the FATF Recommendations are not legally binding, they need to be implemented into domestic legislation by the relevant legislative bodies on a national/regional level. Therefore, such bodies have a high degree of flexibility when implementing the FATF recommendations into domestic legislation. As a result, several complications may arise:

• The Sunrise Issue. Some jurisdictions require their VASPs to comply with the Travel Rule before other jurisdictions, creating the so-called "sunrise issue". It can be challenging for VASPs to determine their approach when dealing with VASPs in jurisdictions where the Travel Rule is not yet in force.
• Transactions with unlicensed/unregistered VASPs. Based on the local authorities' recommendations, organizations should determine whether to perform transactions with unlicensed/unregulated foreign VASPs. For example, local regulators may limit transactions to only foreign licensed/registered VASPs.
• Interactions with unhosted wallets. Businesses should also determine their actions in case of transactions with unhosted wallets. For example, local regulators may oblige them to collect relevant Travel Rule information.
• Situations when the Counterparty VASP cannot be contacted. In such situations (mainly when you are the originating VASP), businesses need to collect the relevant evidence of their attempt to contact the counterparty.
• Interoperability issue. The counterparty VASPs may have different data exchange protocols, which will prevent them from sharing the required information.
• Differences in Travel Rule requirements. Jurisdictions implement Travel Rule differently by establishing different de-minimis transaction value thresholds, the scope of information required to be collected/transmitted, and so on.
• Data Protection and privacy issues. Most jurisdictions require licensed/registered VASPs to meet local DPP regulations when processing personal data following national AML/CFT requirements. Some jurisdictions have imposed additional data security requirements on VASPs in the process of registration/licensing approvals, such as asking to obtain an information security certificate.
• Dealing with cross-border transfers. Due to jurisdictional differences, a VASP needs to be able to distinguish between a domestic VA Transaction and a cross-border VA Transaction to determine which rules and regulations to follow.
• Dealing with inaccurate or incomplete information. Where the Beneficiary VASP becomes aware that the information is missing or incomplete when receiving VA transfers, it shall reject the transfer and ask for the required information on the Originator and the Beneficiary before determining whether to make the virtual assets available to the Beneficiary.

Get started

Rules engine and client lists