If your business moves USDC, USDT, PYUSD, or any other stablecoin on behalf of customers, the Travel Rule applies to you. FATF Recommendation 16 requires Virtual Asset Service Providers (VASPs) to exchange originator and beneficiary information on qualifying transfers, the same way SWIFT banks have done since 1996. The rule is now enforced in over 70 jurisdictions, and as of 2026 the EU's Transfer of Funds Regulation (TFR) drops the threshold to zero. This guide breaks down what stablecoin issuers, exchanges, custodians, and wallet providers need to collect, which TRP networks dominate compliance traffic, and how the self-hosted wallet carve-out actually works.
What is the Travel Rule?
The Travel Rule is FATF Recommendation 16, adopted in its current crypto form in June 2019. It requires originating and beneficiary VASPs to obtain, hold, and transmit specified counterparty information on virtual asset transfers above a defined threshold. The rule "travels" with the transaction so law enforcement can trace funds and screen against sanctions lists.
Answer capsule: The Travel Rule forces crypto businesses to share sender and recipient identity data on stablecoin transfers, typically above $1,000 USD or €0 in the EU. It is enforced by FATF members and implemented through messaging networks like TRP, TRISA, Sumsub, Notabene, and Veriscope.
Who does the Travel Rule apply to?
FATF defines a VASP as any entity conducting one or more of five activities for or on behalf of another person: exchange between virtual assets and fiat, exchange between virtual assets, transfer of virtual assets, safekeeping or administration, and participation in financial services related to issuance. In practice for stablecoins, this captures:
Centralized exchanges. Coinbase, Kraken, Binance, Bitstamp.
Custodians. BitGo, Anchorage Digital, Fireblocks, Copper.
Stablecoin issuers. Circle (USDC), Tether (USDT), Paxos (PYUSD, USDG), Agora (AUSD).
Hosted wallet providers. anyone holding customer keys.
Payment processors and on/off ramps handling fiat conversion.
Purely self-custodial wallets that never hold customer assets (MetaMask, Rabby, Phantom in their default modes) sit outside the VASP perimeter. Smart contract protocols are also generally out of scope, though FATF's October 2021 updated guidance pulled some DeFi front-end operators into the definition where they exert sufficient control.
What information has to be collected and transmitted?
FATF Recommendation 16 mandates the originating VASP collect and send:
Originator's name.
Originator's account number or wallet address used for the transaction.
Originator's physical address, national identity number, customer ID, or date and place of birth.
Beneficiary's name.
Beneficiary's account number or wallet address.
The beneficiary VASP must verify the information and screen the counterparty against sanctions lists (OFAC SDN, EU consolidated list, UN). Both sides retain records for five years. KYC at onboarding feeds this data set, so the Travel Rule sits downstream of customer due diligence, not in place of it.
Travel Rule thresholds by jurisdiction
Thresholds and effective dates vary, and the EU's TFR overhaul in 2026 is the most aggressive change. The comparison below reflects rules as of May 2026.
Jurisdiction | Threshold | Effective date | Who is covered |
United States (FinCEN) | $3,000 (proposed $250 cross-border) | 1996 (banks), proposed 2020 rulemaking pending | MSBs, including crypto exchanges and custodians |
European Union (TFR) | €0. every transfer | 30 December 2024 | All CASPs under MiCA, including EMT and ART issuers |
United Kingdom (FCA) | £1,000 (domestic), £0 cross-border | 1 September 2023 | FCA-registered cryptoasset businesses |
Singapore (MAS) | SGD 1,500 | 28 January 2020 | DPT service providers under PS Act |
Japan (JFSA) | JPY 100,000 (approx. $670) | 1 June 2023 | Registered crypto asset exchange service providers |
The EU figure is the headline. Under the TFR, every transfer of crypto-assets between CASPs requires full Travel Rule data regardless of value, and transfers to or from self-hosted wallets above €1,000 require additional verification that the customer controls the destination address.
How is the Travel Rule actually implemented?
FATF specifies the data; it does not specify the wire format. The industry has converged on a handful of interoperable messaging networks and KYC-tech vendors:
TRP (Travel Rule Protocol). an open API standard backed by 21 Analytics, BitGo, Fidelity Digital Assets, and others. RESTful, signed JSON payloads.
TRISA (Travel Rule Information Sharing Alliance). open-source gRPC protocol with a directory of certified VASPs. Used by CipherTrace (Mastercard) and a wide alliance of mid-tier exchanges.
Notabene. SaaS platform aggregating multiple protocols (TRP, TRISA, IVMS 101). Used by Bitstamp, Luno, Copper.
Sumsub Travel Rule. bundled with Sumsub's KYC stack, supports TRP, TRISA, and Sygna BridgePlus. Common among EU exchanges aligning TFR compliance with onboarding KYC.
Veriscope. Shyft Network's decentralized Travel Rule solution, focused on self-hosted wallet attribution.
All five settle on IVMS 101 as the underlying data schema, the joint InterVASP standard ratified in 2020. So while the transport differs, the payload is portable.
The self-hosted wallet carve-out
FATF's October 2021 guidance and the EU TFR both acknowledge that a VASP cannot transmit Travel Rule data to a counterparty that is not itself a VASP. The treatment splits:
EU (TFR Article 14b). for transfers over €1,000 to or from a self-hosted wallet, the CASP must verify that the customer is the owner or controller of that wallet, typically via Satoshi test, AOPP signature, or video KYC.
UK. similar verification requirement above £1,000.
US (proposed FinCEN rule). would require recordkeeping for self-hosted wallet transfers above $3,000 and reporting above $10,000. Rule not yet finalized as of May 2026.
Singapore, Japan. no formal verification mandate, but enhanced due diligence expected risk-based.
For stablecoin issuers operating their own redemption flows, the practical implication is that customer-initiated withdrawals to MetaMask or Phantom now need an ownership attestation step in the UI when the amount clears the threshold.
How does the Travel Rule interact with MiCA and stablecoin regulation?
The EU's MiCA Regulation and TFR were intentionally aligned. MiCA covers issuance and conduct rules for EMTs (e-money tokens like USDC EURC) and ARTs (asset-referenced tokens). TFR covers transfer-level information sharing. A Circle or Paxos entity operating under MiCA must satisfy both: authorization as an EMT issuer and Travel Rule compliance on every redemption or transfer between CASPs. See our explainer on MiCA EMT vs ART tokens for the issuance side, and reserve attestation for the auditing side.
What happens if a VASP ignores the Travel Rule?
Enforcement has accelerated. The Enforcement has accelerated. The FCA, BaFin in Germany, and MAS in Singapore have all cited Travel Rule controls in supervisory action over the past two years.. BaFin in Germany has used TFR non-compliance as grounds to refuse MiCA passporting. In Singapore, MAS has revoked at least two DPT licenses citing AML failures that included Travel Rule gaps. In the US, FinCEN treats Travel Rule violations under the same BSA framework as other MSB compliance failures, with civil penalties up to $250,000 per violation and criminal exposure for willful conduct.
What should a stablecoin business do next?
Map every product flow where customer assets move and classify each as on-VASP, VASP-to-VASP, or VASP-to-self-hosted.
Pick a Travel Rule provider that supports both TRP and TRISA, since counterparty coverage is still fragmented.
Integrate IVMS 101 fields into your KYC pipeline so Travel Rule data is captured at onboarding, not bolted on at withdrawal.
Build a self-hosted wallet verification UX (Satoshi test or signed message) for EU and UK flows.
Document your risk-based threshold policy and align with your sanctions screening provider.
Methodology and sources
This guide synthesizes primary regulatory texts and vendor documentation reviewed in May 2026. Thresholds and effective dates were cross-checked against jurisdictional regulator publications. Implementation notes draw on public technical specifications from each protocol.
FATF, Updated Guidance for a Risk-Based Approach to Virtual Assets and VASPs (October 2021). fatf-gafi.org.
European Banking Authority, Guidelines on the Travel Rule under Regulation (EU) 2023/1113. eba.europa.eu.
ESMA, MiCA Consultation Papers on stablecoin issuance. esma.europa.eu.
FinCEN, Notice of Proposed Rulemaking on Convertible Virtual Currency (FinCEN-2020-0020).
TRP specification. travelruleprotocol.org.
TRISA technical documentation. trisa.io.
Sumsub Travel Rule product docs. sumsub.com/travel-rule.
Notabene Network specifications. notabene.id.
Veriscope by Shyft Network. veriscope.network.