Meet Dr. Marcus Hartmann
Dr. Marcus Hartmann has spent over two decades at the intersection of financial law and emerging technology. Based in Zug, Switzerland's Crypto Valley, he has guided exchanges, custodians, and institutional investors through the full spectrum of VASP and CASP licensing, where Travel Rule readiness is now a standard condition of authorisation.
He has implemented Travel Rule frameworks for clients operating under the EU Transfer of Funds Regulation, FinCEN rules in the US, and FATF-aligned regimes across the Gulf and Asia, and advises on counterparty due diligence and threshold logic across more than 60 jurisdictions.
The FATF Travel Rule is the application of FATF Recommendation 16 to crypto. It requires Virtual Asset Service Providers to collect, verify, and securely transmit identifying information about the sender (originator) and recipient (beneficiary) of a virtual asset transfer to the counterparty provider, just as banks do for wire transfers.
- The Travel Rule comes from FATF Recommendation 16, originally written for bank wires and extended to virtual assets so VASPs must pass sender and recipient data to each other
- FATF recommends a de-minimis threshold of USD or EUR 1,000; above it, fuller verified information must be exchanged
- The EU Transfer of Funds Regulation 2023/1113 applies no threshold at all, while the US FinCEN threshold is USD 3,000
- The sunrise issue, asynchronous adoption across countries, is the rule's biggest operational headache for cross-border transfers
- By 2025, 85 of 117 surveyed jurisdictions had passed Travel Rule legislation, and FATF revised Recommendation 16 in June 2025
What the Travel Rule Actually Is
The Travel Rule is not a crypto-specific invention. It originates in FATF Recommendation 16, part of the Financial Action Task Force's 40 Recommendations, the global benchmark for anti-money laundering and counter-terrorist financing. Recommendation 16 has long required that identifying information about the sender and recipient of a wire transfer "travels" with the payment through the banking chain. The same logic now applies to crypto.
In 2019, FATF extended Recommendation 16 to virtual assets and the businesses that handle them. The result is what the industry calls the crypto Travel Rule or VASP Travel Rule. A Virtual Asset Service Provider that sends crypto on behalf of a customer must gather originator and beneficiary details and share them with the receiving provider. If you are new to the VASP concept, our explainer on what a VASP is and how it is defined sets out exactly which businesses fall in scope.
The rule exists because crypto transfers, unlike bank wires, do not natively carry the sender and recipient identity needed for sanctions screening and investigation. The Travel Rule rebuilds that transparency layer on top of the blockchain, sitting squarely inside a VASP's wider AML obligations. Our companion guide on AML and KYC explained shows how Travel Rule data flows out of the customer identification process.
Sources: FATF Recommendation 16 and the FATF 2025 Targeted Update on virtual assets; EU Regulation 2023/1113; FinCEN 31 CFR 1010.410.
The Travel Rule Threshold Explained
The most-searched detail about the Travel Rule is the threshold, the transaction value at which fuller obligations kick in. FATF recommends a de-minimis threshold of USD or EUR 1,000 for virtual asset transfers. This is a recommendation, not a hard global figure: individual jurisdictions transpose it into law and can set the bar higher, lower, or remove it entirely.
It is a common mistake to assume transfers under USD 1,000 escape the rule. They do not. Below the threshold, FATF still expects the VASP to collect the names of the originator and beneficiary plus the wallet address for each, or a unique transaction reference number. The single practical difference is that this lower-tier information does not have to be independently verified. Above the threshold, verification becomes mandatory.
FATF also warns against structuring, the practice of breaking a large transfer into smaller pieces to stay under the limit. Where smaller transfers appear linked and together reach USD 1,000 or more, the full Travel Rule requirements apply to the aggregate. Monitoring systems therefore need to detect this pattern, not just check single transactions.
What Data Must Travel Between VASPs
Above the threshold, the originating VASP must transmit a defined set of data to the beneficiary VASP. The originator information comprises the customer's verified name, their account or wallet identifier, and either a physical address or an alternative identifier such as a national identity number, a customer identification number, or date and place of birth. The beneficiary information is lighter: the recipient's name and their account or wallet identifier.
That data must be shared securely and, in practice, before or at the same time as the on-chain transfer. This is the operational heart of the rule, because the public blockchain itself carries none of it. VASPs use dedicated Travel Rule messaging solutions and shared protocols to exchange the data off-chain in parallel with the on-chain movement of value.
| Data Field | Below Threshold | Above Threshold |
|---|---|---|
| Originator name | Required, not verified | Required and verified |
| Originator wallet / account ID | Required (or unique tx reference) | Required |
| Originator address or ID detail | Not required | Required (address, national ID, customer ID, or DOB + place) |
| Beneficiary name | Required, not verified | Required |
| Beneficiary wallet / account ID | Required (or unique tx reference) | Required |
Based on the FATF Recommendation 16 data requirements for virtual asset transfers. National rules may demand more.
"Founders fixate on the USD 1,000 figure, but the threshold that governs your business is the one in your licensing jurisdiction, not the FATF baseline. A CASP operating under EU TFR has no de-minimis at all, while a US money transmitter still works to USD 3,000. We map the right threshold regime before a client picks where to license."
Dr. Marcus Hartmann, Senior Licensing Advisor
FATF vs EU TFR vs FinCEN
The FATF standard is the floor, not the ceiling. What binds your business is the version your regulator has enacted, and the three major regimes diverge sharply, above all on the threshold. Understanding which one applies is a licensing decision as much as a compliance one. Our regulation hub tracks how individual countries have transposed these rules.
In the European Union, the Transfer of Funds Regulation (EU) 2023/1113 is the strictest of the three. It applies no de-minimis threshold whatsoever: crypto-asset service providers must attach originator and beneficiary data to every transfer regardless of value. The regulation became fully applicable on 30 December 2024, deliberately aligned with the start of MiCA licensing for CASPs, and CASPs must apply additional checks to self-hosted wallet transfers above EUR 1,000, including verifying that the customer controls the address.
In the United States, the FinCEN Travel Rule under 31 CFR 1010.410 applies to funds transfers of USD 3,000 or more. FinCEN confirmed in 2019 guidance that convertible virtual currency transactions are funds transfers caught by the rule. A 2020 proposal to cut the cross-border threshold to USD 250 remains unfinalised as of 2026.
| Regime | Threshold | Scope | Legal Basis | Key Feature |
|---|---|---|---|---|
| FATF (global) | USD / EUR 1,000 | All VASP virtual asset transfers | Recommendation 16 | Soft-law standard; jurisdictions adopt it |
| EU TFR | Zero (no de-minimis) | All CASP transfers | Reg. (EU) 2023/1113 | Strictest; self-hosted checks above EUR 1,000 |
| US FinCEN | USD 3,000 | Funds transfers incl. CVC | 31 CFR 1010.410 | Proposed cut to USD 250 cross-border, not finalised |
Why this matters for licensing: a firm that licenses as an EU CASP inherits a zero-threshold Travel Rule obligation from day one, while the same business model under a FinCEN money transmitter registration works to USD 3,000. The threshold regime should be part of your jurisdiction selection, not an afterthought once the licence is granted. See our VASP licence overview for how this fits the wider application.
Unsure which Travel Rule regime applies to your model? Get a free 30-minute consultation. We will map the threshold rules to your target markets and recommend a licensing route.
Get Free Consultation →The Sunrise Issue
The sunrise issue is the single most underestimated operational problem in Travel Rule compliance. It arises from asynchronous adoption: countries implement the rule at different times, so at any given moment some jurisdictions have it in force and others do not. A VASP in a compliant jurisdiction is legally obliged to share originator and beneficiary data, but it may have no compliant counterparty able to receive that data on the other side of a cross-border transfer.
This creates a genuine bind. The compliant VASP must still meet its obligation, yet the receiving provider may have no system to accept the message, no legal duty to act on it, and no incentive to respond. Firms manage this through counterparty due diligence, fallback procedures, and risk-based decisions about which transfers to allow when the receiving side cannot complete the exchange.
The good news is that the gap is narrowing. According to the FATF 2025 Targeted Update, the number of jurisdictions with Travel Rule legislation rose to 85 in 2025 from 65 in 2024, with a further 14 in the process of implementing. As more of the world switches on, the sunrise shadow shrinks, but until coverage is universal, the issue remains a live risk in any cross-border VASP relationship.
In our VASP and CASP licensing work across more than 60 jurisdictions, we routinely see the sunrise issue surface only after a licence is live, when a perfectly compliant client cannot complete a transfer because the counterparty sits in a jurisdiction that has not adopted the rule. Regulators increasingly expect to see this scenario addressed in the firm's risk assessment before they grant authorisation.
We also see applications stall on a more basic point: the firm has chosen a Travel Rule solution but cannot evidence how its threshold logic, counterparty checks, and data-retention process actually map to the legislation in its licensing jurisdiction. Building that documentation early, alongside the AML and KYC framework rather than after it, is consistently the difference between a smooth review and a long round of regulator queries.
The June 2025 Recommendation 16 Revision
The most significant recent change came in June 2025, when FATF fundamentally revised Recommendation 16. The revision broadened the rule's objectives beyond money laundering and terrorist financing to explicitly include fraud prevention and proliferation financing. This widens the lens through which Travel Rule data is expected to be screened and acted upon.
The revision also mandated Confirmation of Payee verification for cross-border transfers, a check that the beneficiary name matches the receiving account, and it fully integrated the requirements with the ISO 20022 messaging standard that is reshaping global payments infrastructure. For crypto businesses, the practical effect is that Travel Rule systems must keep pace with traditional payments standards rather than running on a separate, lighter track.
Enforcement, however, still lags adoption. The 2025 Targeted Update found that a majority of jurisdictions with Travel Rule laws had yet to issue supervisory findings or enforcement actions tied specifically to Travel Rule compliance. The direction of travel is clear: legislation first, supervision and enforcement to follow, which means the compliance bar in many markets will rise as regulators move from rule-making to active oversight.
How a VASP Complies
Complying with the Travel Rule is a process, not a single setting. The five steps below describe the core workflow a licensed VASP runs for every covered transfer. The detail varies by jurisdiction and threshold regime, but the sequence is consistent. Our AML and KYC compliance service implements this end to end as part of a licensing engagement.
FATF Travel Rule: Common Questions
Sources & Official References
- FATF: Targeted Update on Implementation of the FATF Standards on Virtual Assets and VASPs (2025)
- FATF: 2025 Targeted Update Report (full PDF)
- FATF: Best Practices on Travel Rule Supervision (June 2025)
- EUR-Lex: Regulation (EU) 2023/1113 (Transfer of Funds Regulation)
- EBA: Guidelines on Information Requirements for Transfers under Regulation (EU) 2023/1113
- eCFR: 31 CFR 1010.410 (FinCEN funds transfer recordkeeping rule)
- Federal Register: FinCEN proposed USD 250 cross-border threshold (2020)