
IoM FSA Travel Rule (Transfer of Virtual Assets) Code 2024
The Travel Rule (Transfer of Virtual Assets) Code 2024 was enacted under the Proceeds of Crime Act 2008 and the Terrorism and Other Crime (Financial Restrictions) Act 2014. It came into force on 28 October 2024 following approval by Tynwald. The Code establishes legal obligations for virtual asset service providers (VASPs) and intermediary VASPs operating in or from the Isle of Man. Its purpose is to implement the Financial Action Task Force’s Recommendation 16 specifically for virtual asset transfers, aligning the Island’s regulatory expectations for digital assets with those already applied to traditional wire transfers.
Application & Definitions
The Code applies to any person or business defined as a VASP or intermediary VASP and carrying on regulated sector business as described in the Proceeds of Crime Act 2008. A virtual asset transfer is defined broadly to include any transaction undertaken with the purpose of making a virtual asset available to a beneficiary. All virtual asset transfers are treated as cross-border, regardless of the geographic location of the transacting parties. The Code introduces defined terms such as originator, beneficiary, unique account identifier, and unhosted wallet, establishing a clear lexicon for compliance purposes.
Originator Obligations
VASPs acting for the originator of a virtual asset transfer must collect and transmit specific information to the VASP of the beneficiary immediately and securely. This includes the names and account identifiers of both parties, as well as one additional piece of identifying information for the originator, such as an address, national ID number, or date and place of birth. For legal entity originators, additional corporate information must also be collected. In the case of batch file transfers, this information must accompany the bundle but not each individual transaction within it. The originator’s information must be accurate, and compliance with these obligations is considered a customer due diligence measure under the AML/CFT Code 2019.
Beneficiary Obligations
VASPs receiving a virtual asset must ensure they have obtained the required information from the originator's VASP. They must confirm that the information is accurate and consistent with their own records. If any information is missing, incomplete or inconsistent, the receiving VASP must apply a documented risk-based procedure to determine whether to apply the funds to the beneficiary’s account, initiate further enquiries, or make an internal disclosure. These steps mirror the compliance expectations applied to financial institutions under WTR for fiat-based wire transfers.
Treatment of Unhosted Wallet Transfers
Where a VASP is involved in facilitating a transfer to or from an unhosted wallet, it must obtain the same core set of originator and beneficiary data as required for hosted wallet transfers. This ensures that even where no regulated institution exists on the other end of a transaction, a VASP remains accountable for gathering identifying information about its own customer.
De Minimis Transfers
The Code provides a limited concession for transfers under the value of one thousand euros or its equivalent in another currency. In these cases, VASPs are not required to collect the additional originator identifier, such as address or date of birth. However, if any suspicious activity is identified, this concession is voided and full information must be obtained in line with the standard requirements. This mirrors traditional thresholds in wire transfer regimes and ensures proportionality while maintaining vigilance against criminal abuse.
Due Diligence & Record Keeping
Any obligation to obtain information under the Code constitutes a formal customer due diligence requirement. As such, the provisions of the AML/CFT Code 2019 concerning record keeping and internal reporting apply. Information collected must be made available to the Isle of Man Financial Intelligence Unit upon request. Failure to comply is a criminal offence and may also lead to civil penalties administered by the Isle of Man Financial Services Authority, reinforcing the seriousness of these obligations.
Enforcement & Penalties
Failure to comply with the Code can result in prosecution. On summary conviction, the penalty includes up to twelve months’ custody or a fine. On indictment, it increases to up to two years’ custody or an unlimited fine. The Isle of Man Financial Services Authority also retains discretion to apply civil penalties where criminal proceedings have not been initiated, aligning enforcement flexibility with FATF best practice.
Conclusion: WTR Compliance Integration
The Travel Rule (Transfer of Virtual Assets) Code 2024 represents the Isle of Man’s formal integration of FATF Recommendation 16 into its virtual asset regulatory regime. By requiring that key identifying information travels with each virtual asset transaction and is verified, stored, and made available to authorities, the Code brings digital asset transfers in line with the same principles governing fiat wire transfers. It ensures that originators and beneficiaries are identifiable across the chain of a transfer, including where unhosted wallets are involved, and introduces proportionate but enforceable standards to prevent abuse of virtual assets for illicit finance. In doing so, the Isle of Man reinforces its commitment to international best practice and the transparency of cross-border value transfers.