March 22, 2026
Methodology About Contact
TOKENIZATION POLICY
The Vanderbilt Terminal for Digital Asset Policy
INDEPENDENT GLOBAL INTELLIGENCE FOR DIGITAL ASSET REGULATION
MiCA Full Enforcement: Jul 2026 ▲ CASP Licensing | GENIUS Act: Enacted ▲ Mar 2025 | SEC Enforcement: $4.7B ▲ 2024 Fines | VARA Licensed: 23 Entities ▲ +8 in 2025 | FATF Travel Rule: 58 Countries ▲ Adopted | BitLicense Holders: 36 ▲ New York | Regulated Jurisdictions: 72 ▲ Global | Tokenized RWA AUM: $17.2B ▲ +340% YoY | MiCA Full Enforcement: Jul 2026 ▲ CASP Licensing | GENIUS Act: Enacted ▲ Mar 2025 | SEC Enforcement: $4.7B ▲ 2024 Fines | VARA Licensed: 23 Entities ▲ +8 in 2025 | FATF Travel Rule: 58 Countries ▲ Adopted | BitLicense Holders: 36 ▲ New York | Regulated Jurisdictions: 72 ▲ Global | Tokenized RWA AUM: $17.2B ▲ +340% YoY |
Home EU MiCA & European Digital Asset Regulation EU Transfer of Funds Regulation: Crypto Travel Rule
Layer 1

EU Transfer of Funds Regulation: Crypto Travel Rule

Complete guide to the EU Transfer of Funds Regulation as applied to crypto-asset transfers — Travel Rule implementation, CASP obligations, unhosted wallet requirements, and compliance protocols.

Advertisement

EU Transfer of Funds Regulation: How the Crypto Travel Rule Works in Europe

The recast Transfer of Funds Regulation (TFR) — Regulation (EU) 2023/1113 — extends the FATF Travel Rule to crypto-asset transfers within the European Union, creating the most prescriptive Travel Rule implementation in the world. Unlike many jurisdictions that have adopted the Travel Rule with significant implementation flexibility, the EU’s approach requires originator and beneficiary information to accompany every crypto-asset transfer, regardless of amount — a zero-threshold requirement that goes beyond the FATF’s recommended minimum.

For CASPs operating in the EU, TFR compliance is not merely an AML obligation — it is an operational requirement that affects transaction processing, customer onboarding, technology infrastructure, and business relationships with counterparties.

Background and Legislative Context

The FATF Travel Rule

The FATF’s Recommendation 16 requires countries to ensure that Virtual Asset Service Providers (VASPs) obtain, hold, and transmit originator and beneficiary information for virtual asset transfers. The FATF’s Updated Guidance (2021) specifies that this requirement applies to transfers above applicable thresholds (typically USD/EUR 1,000).

EU’s Zero-Threshold Approach

The EU’s TFR goes beyond the FATF standard by requiring information to accompany ALL crypto-asset transfers, with no minimum threshold. This means:

  • Every crypto-asset transfer from a CASP must include originator and beneficiary information
  • Every crypto-asset transfer received by a CASP must include this information
  • There is no de minimis exemption — even a transfer of EUR 1 worth of crypto-assets triggers the obligation

The zero-threshold approach reflects the EU’s assessment that the anonymity of crypto-asset transfers poses money laundering risks that justify comprehensive data collection, regardless of transaction size.

CASP Obligations

Originator CASP (Sending)

When a CASP initiates a crypto-asset transfer on behalf of a customer, it must ensure that the transfer is accompanied by:

Originator information:

  • Full name of the originator
  • The originator’s distributed ledger address (where the transfer is registered on a distributed ledger) and crypto-asset account number (or unique transaction reference, where no such account exists)
  • The originator’s address, official personal document number, customer identification number, or date and place of birth

Beneficiary information:

  • Full name of the beneficiary
  • The beneficiary’s distributed ledger address (where applicable) and crypto-asset account number (or unique transaction reference)

Beneficiary CASP (Receiving)

The receiving CASP must:

  • Verify that the required originator and beneficiary information accompanies the transfer
  • Implement risk-based procedures to determine whether to execute, reject, or suspend a transfer that lacks required information
  • Not make the received crypto-assets available to the beneficiary until the required information is verified

Transfers Between CASPs

For transfers between two CASPs, the full dataset of originator and beneficiary information must be transmitted directly between the CASPs. This requires:

  • A messaging protocol or system for transmitting Travel Rule data between CASPs
  • Verification that the counterparty is an authorized CASP (checking the ESMA register)
  • Record-keeping of all transmitted and received information

Transfers Involving Unhosted Wallets

The TFR’s provisions for transfers to or from “unhosted” (self-hosted) wallets are among its most consequential:

Transfers from a CASP to an unhosted wallet:

  • The CASP must collect the originator information (same as any transfer)
  • The CASP must collect the name of the beneficial owner of the unhosted wallet
  • For transfers exceeding EUR 1,000: the CASP must verify whether the unhosted wallet is owned or controlled by the customer (the originator)

Transfers from an unhosted wallet to a CASP:

  • The CASP must collect the beneficiary information (same as any transfer)
  • The CASP must collect the name of the originator who owns the unhosted wallet
  • For transfers exceeding EUR 1,000: the CASP must verify the ownership of the unhosted wallet through appropriate measures

Verification measures for unhosted wallets may include:

  • Blockchain analysis to confirm the unhosted wallet’s transaction history
  • Requiring the customer to sign a cryptographic message from the unhosted wallet
  • Micro-transfer verification (sending a small amount from the CASP to the unhosted wallet and confirming receipt)
  • Documentary evidence of wallet ownership

Technical Implementation

Messaging Protocols

The TFR does not mandate a specific messaging protocol for transmitting Travel Rule data between CASPs, but interoperability is essential. Major protocols in use include:

  • TRISA (Travel Rule Information Sharing Architecture): Developed by the TRISA Working Group, uses certificate-based authentication and encrypted peer-to-peer messaging
  • OpenVASP: An open-source protocol for Travel Rule data exchange based on Ethereum smart contracts
  • Shyft Network (Veriscope): A blockchain-based Travel Rule solution
  • Sygna Bridge: A Travel Rule compliance solution widely used in Asia-Pacific
  • Notabene: A Travel Rule compliance platform that integrates multiple protocols

The lack of a single universal standard means CASPs must often support multiple protocols to ensure interoperability with all counterparties.

Data Storage and Security

CASPs must store Travel Rule data securely and in compliance with:

  • GDPR: Travel Rule data is personal data subject to GDPR requirements including lawfulness of processing, data minimization, storage limitation, and data subject rights
  • AML data retention: Travel Rule data must be retained for at least 5 years after the end of the business relationship or the date of an occasional transaction
  • Security measures: Encryption, access controls, and audit trails for all Travel Rule data

Integration with AML Systems

Travel Rule data should be integrated with the CASP’s broader AML system:

  • Transaction monitoring systems should incorporate Travel Rule data into risk scoring
  • Sanctions screening should be applied to originator and beneficiary information
  • Suspicious activity reporting should reference Travel Rule data where relevant

Enforcement and Penalties

Competent Authority Oversight

NCAs are responsible for supervising CASP compliance with TFR requirements:

  • Regular examination of Travel Rule compliance programs
  • Assessment of technology infrastructure and messaging capabilities
  • Review of procedures for handling incomplete or missing information
  • Evaluation of unhosted wallet verification procedures

Penalty Framework

Penalties for TFR violations are determined by national law but must be “effective, proportionate, and dissuasive.” Given the TFR’s connection to AML/CFT compliance, penalties can be severe:

  • Administrative fines proportionate to the violation
  • Suspension or withdrawal of CASP authorization for persistent violations
  • Personal liability for compliance officers and management
  • Publication of enforcement decisions (naming and shaming)

Practical Compliance Challenges

Counterparty Identification

One of the most significant practical challenges is identifying whether a counterparty address belongs to a CASP or an unhosted wallet:

  • No comprehensive global registry of CASP addresses exists
  • Blockchain analytics tools can identify addresses associated with known CASPs but may not capture all entities
  • New or small CASPs may not be in analytics databases
  • Privacy-preserving protocols may obscure the nature of counterparty addresses

Cross-Jurisdictional Transfers

Transfers between EU CASPs and CASPs in non-EU jurisdictions face additional complexity:

  • The counterparty jurisdiction may not have Travel Rule requirements (or may have different thresholds)
  • The counterparty CASP may not support compatible messaging protocols
  • Data protection requirements may conflict with information sharing obligations (particularly for transfers involving jurisdictions without GDPR adequacy)

Unhosted Wallet Verification at Scale

Verifying ownership of unhosted wallets for high-volume platforms creates operational challenges:

  • Micro-transfer verification is time-consuming and costly at scale
  • Cryptographic message signing requires customer technical knowledge
  • Blockchain analytics may not provide definitive ownership confirmation
  • Customer friction from verification requirements may drive customers to non-compliant platforms

What This Means for Your Business

For EU CASPs: TFR compliance is mandatory and non-negotiable. Invest in a Travel Rule compliance solution (protocol and counterparty discovery service) before processing any transfers. The zero-threshold requirement means every single transfer must be covered — there is no de minimis exemption to rely on.

For non-EU CASPs receiving transfers from the EU: EU CASPs will expect you to participate in Travel Rule data exchange. If you cannot provide counterparty information, EU CASPs may reject transfers to your platform, effectively cutting off EU liquidity.

For compliance teams: Build unhosted wallet verification procedures that balance regulatory compliance with customer experience. Document your risk-based approach to handling incomplete information. Maintain records of all verification efforts and outcomes.

For DeFi protocols: The TFR’s requirements do not directly apply to truly decentralized protocols, but the boundary between “decentralized” and “intermediated” is subject to interpretation. Protocols that include front-end interfaces, governance tokens with concentration, or identifiable developers may face TFR obligations.

Advertisement
Travel RuleTFRAMLcrypto transfersEU regulationFATF
Related Articles
BlackRock BUIDL Tokenization Case Study: Institutional Analysis
DORA: Digital Operational Resilience Act for Crypto Firms
ESMA Technical Standards Under MiCA: Implementation Guide
EU DLT Pilot Regime: Tokenized Securities Market Infrastructure
Advertisement
Network Intelligence

Institutional Access

Coming Soon