%20-%20C.png){kind=small}
The Travel Rule for Cryptoasset Transfers in the UK
What VASPs Must Collect, Verify & Transmit
Why Travel Rule Compliance Matters
The FATF Travel Rule (Recommendation 16) has been formally extended to cover Virtual Asset Service Providers (VASPs). In the UK, this requirement has been implemented through the Money Laundering and Terrorist Financing (Amendment) Regulations 2022, which came into force on 1 September 2023. VASPs are now required to collect, verify, and securely transmit originator and beneficiary information for qualifying virtual asset transfers. This is a foundational AML/CFT safeguard. Non-compliance can result in fines, reputational damage, and even exclusion from regulated markets and partner networks.
Who Must Comply
The Travel Rule applies to:
Virtual Asset Service Providers (VASPs), including exchanges, wallet providers, brokers, and custodians
Transfers of virtual assets between two VASPs, or between a VASP and a traditional financial institution
In the UK, the Travel Rule applies to cryptoasset transfers equivalent to £1,000 or more, although firms may apply it to lower-value transfers as part of a risk-based approach. The Financial Conduct Authority (FCA) supervises UK-registered cryptoasset firms for AML/CFT compliance, including adherence to Travel Rule obligations.
Core Data Requirements
For each qualifying transfer, the sending VASP must collect, verify, and transmit the following information to the receiving institution:
Payer (Originator):
Full legal name
Wallet address or unique identifier
At least one of: full physical address, national ID number, customer ID number, or date/place of birth
Payee (Beneficiary):
Full legal name
Wallet address or unique identifier
This information must be verified against customer records and transmitted securely, prior to or simultaneously with the transaction.
How to Transmit the Data
To comply, VASPs should use a recognised messaging protocol designed for secure Travel Rule data exchange, such as TRISA, OpenVASP, Shyft, or Notabene. These solutions must support the IVMS101 data standard, which structures Travel Rule fields in a globally interoperable format. Data should always be exchanged through encrypted, API-based channels. Sending Travel Rule information via email, blockchain payloads, or unsecured networks is not compliant and poses serious privacy and security risks.
Risk-Based Controls
The FATF and UK regulations both mandate a risk-based approach to implementation. Institutions must first assess whether their counterparty is a regulated, Travel Rule-capable VASP. Where the destination is an unregulated jurisdiction or a personal wallet (if permitted), firms must apply enhanced due diligence. If a counterparty fails to provide the required information promptly and accurately, or cannot respond via a compliant protocol, the transaction should be escalated or rejected, according to internal policies and regulatory expectations.
Recordkeeping & Audit
VASPs are required to retain all Travel Rule data and transmission records for at least five years. This includes logs of information exchanged, any missing or malformed fields, exception handling steps, and records of fallback procedures. Documenting these processes is essential to demonstrate compliance during regulatory inspections or internal audits.
Common Pitfalls
Institutions should guard against the following frequent errors:
Delayed or incomplete data transmission, leaving transactions in breach of compliance requirements.
Use of non-standard or free-text data formats, which undermine interoperability and message verification.
Accepting transfers from unregistered or non-compliant VASPs, creating regulatory and reputational risk.
Failure to detect and apply value thresholds, leading to unreported qualifying transactions.
Summary
Travel Rule compliance in the virtual asset space is now a regulatory obligation in the UK. Whether your firm is already transmitting data or preparing to do so, implementing secure, interoperable, and standards-based processes will ensure continued access to regulated markets and build confidence among counterparties and regulators alike.