VASP Travel Rule Implementation: Practical Steps for Compliance and Banking Relationships

The FATF Travel Rule — Recommendation 16, requiring that originator and beneficiary information accompanies wire transfers — was extended to virtual asset transfers by FATF's updated Guidance on Virtual Assets in June 2019 and revised in October 2021. Implementation across FATF member states has been staggered, but the UK (September 2023), EU (under MiCA/Transfer of Funds Regulation revised), Singapore, US, and most major jurisdictions now have Travel Rule requirements in force. For VASPs, Travel Rule compliance is both a legal obligation and an increasingly important factor in maintaining banking relationships.

What the Travel Rule Requires

The UK's implementation, under The Money Laundering and Terrorist Financing (Amendment) (No. 2) Regulations 2022 (SI 2022/860), requires that for crypto asset transfers of £1,000 or more (equivalent in any currency), the originating VASP must collect, verify, and transmit to the beneficiary VASP the following information: originator's full name, originator's account number (wallet address or account identifier), originator's address (or date and place of birth, national identity number, or customer ID), and beneficiary's full name and account number. The beneficiary VASP must retain and be able to make available this information on request from law enforcement or supervisory authorities.

For transfers below £1,000, the originator's account number and name must still be included with the transfer, but verification of the originator's identity is not required (though the VASP's standard CDD obligations apply separately). The regulation applies to transfers between two VASPs; transfers to unhosted wallets engage different requirements, discussed below.

Unhosted Wallet Transfers: The Most Complex Scenario

Transfers involving unhosted wallets (self-custodied wallets not held at a VASP) present the greatest implementation challenge. Under UK and EU regulations, when a customer requests a transfer to or from an unhosted wallet above the threshold, the VASP must take "reasonable measures" to obtain beneficiary/originator information. In practice, this means implementing a wallet attribution process: asking the customer to verify ownership of the destination wallet (typically through a micro-transaction or signed message verification), and applying risk-based due diligence proportionate to the transaction value and customer risk profile.

The FCA's Finalised Guidance (FG23/3) on the Travel Rule provides that VASPs should assess the risk associated with unhosted wallet transfers and apply enhanced measures for higher-risk scenarios. High-risk indicators include: the wallet address associated with mixer or tumbler services (flagged by blockchain analytics), transfers to jurisdictions with weak AML frameworks, unusual transaction patterns relative to the customer's profile, and wallet addresses with no prior interaction history with known regulated exchanges.

Technical Solutions: Travel Rule Protocols

The Travel Rule creates a data exchange requirement between VASPs that has spawned a dedicated technology ecosystem. The leading protocols and platforms are:

• Notabene: An API-first Travel Rule compliance platform with a VASP directory and automated counterparty discovery. Supports IVMS 101 data standard and multiple underlying protocols (TRP, TRUST, OpenVASP).
• Sygna Bridge: Developed by CoolBitX, widely adopted in Asia and growing in European markets. Uses a centralised message-passing architecture.
• TRP (Travel Rule Protocol): An open-source protocol developed by a consortium including ING, Bitpanda, and Coinbase. Decentralised architecture, no single point of failure.
• VerifyVASP: Korean-origin platform with strong adoption in APAC markets and growing presence in Europe.
• TRUST (Travel Rule Universal Solution Technology): US-focused, developed by a consortium of major US exchanges.

The proliferation of protocols creates an interoperability challenge: a VASP using Notabene needs to communicate with counterparties using Sygna Bridge. Most platforms are building cross-protocol bridges, and the InterVASP Messaging Standard (IVMS 101) provides a common data format that facilitates interoperability regardless of the underlying protocol. VASPs selecting a Travel Rule solution should prioritise platforms with broad counterparty coverage and active interoperability development.

Impact on Banking Relationships

Banking partners increasingly include Travel Rule compliance as a criterion in their VASP onboarding assessments. An FCA-registered exchange that cannot demonstrate a live, operational Travel Rule compliance system will face resistance from specialist banking partners. The logic is straightforward: Travel Rule compliance is both a legal requirement and evidence of operational maturity — a VASP that has not implemented it despite legal obligation is either unaware of their compliance position or unable to execute on it. Neither scenario is reassuring to a banking partner.

Conversely, VASPs that can demonstrate a robust Travel Rule programme — including the technical platform, written procedures for handling non-compliant counterparties, and a clear process for managing unhosted wallet transfers — present a materially stronger compliance profile to banking partners and are significantly more likely to access and retain the specialist banking relationships needed for their operations.