The Travel Rule requires financial institutions participating in a cryptocurrency transaction (aka VASPs: Virtual Asset Service Providers) to exchange relevant beneficiary and originator KYC information. Any business holding crypto on behalf of their customers (a VASP) is required to implement the Travel Rule for transactions over a certain threshold sent to customers of another VASP. The specific threshold amount is determined by each national regulator. FATF has recommended it be set to US$1000.
In the below diagram, you can see the different parties involved in such a transaction. The core transfer is between the Originating Customer and the Beneficiary Customer, who could be the same person.
Before the underlying settlement transaction is performed on the blockchain, the Originating VASP (for example, a fiat on-ramp) is required to implement the Travel Rule by identifying the Beneficiary VASP and sending details about the transaction to the counterparty. The Beneficiary VASP has to make the decision if they want to accept the transaction before the transaction is sent.
Why is it important?
The Travel Rule has existed in traditional banking for many years and requires an originating financial institution to send identifying information about their customer as well as the beneficiary of the payment to the beneficiary institution.
The global AML watchdog, the Financial Action Task Force (FATF), has recommended that financial regulators around the world require this of crypto businesses (or as they call them VASPs). Many prominent financial hubs such as the United States, Singapore, and Switzerland are already enforcing the Travel Rule, and most other countries are in the process of passing these requirements.
If you are in a jurisdiction such as Singapore, which makes implementing the Travel Rule in your business a requirement for receiving a license, this should be at the top of your mind.
Even if your home jurisdiction has not yet implemented the Travel Rule, you do need to evaluate which of your counterparties require it or they will no longer be allowed to transact with you.
As an example, if you are a crypto-to-crypto exchange in a jurisdiction without the Travel Rule, but rely on fiat-onramps in other countries where the requirement exists, this could mean huge losses of revenue.
What information needs to be included in the Travel Rule request?
Primarily you need to include the following information:
The asset to be transferred (eg. BTC)
Amount of asset to be transferred
Information about the Originating Customer. Each country will have different requirements, but generally may include:
Name
Account number or blockchain address
Physical Address
Identity number eg. National ID number or Passport number
Information about the Beneficiary Customer
Name
Account number or blockchain address
The industry has convened on the IVMS101 standard data model for defining this, which is supported in its entirety by Notabene.
What about Unhosted Wallets?
The FATF guidelines require VASPs to ask their customers for additional information about who they are sending funds to. Some regulators are implementing this by requiring proof of ownership of an unhosted wallet by a customer.
Regardless of your jurisdiction, you should have some level of record-keeping to at least prove that the Travel Rule was not required for a particular transaction.