What is the Crypto Travel Rule (TFR)?

The “Travel Rule” transposes **FATF Recommendation 16** into EU law: with every crypto-asset transfer, prescribed information on the **originator** and the **beneficiary** must accompany the transaction — collected, verified, retained and transmitted to the counterparty crypto-asset service provider. The aim is traceability for anti-money-laundering and counter-terrorist-financing purposes, mirroring what has applied to conventional wire transfers for years ^[1].

The typical data set comprises the name (natural or legal person), the distributed-ledger address or crypto-asset account number, and — on the originator side — one of: address, official document number, customer ID, or date and place of birth. The EBA guidelines specify the requirements in detail ^[3].

The legal basis is **Regulation (EU) 2023/1113** of 31 May 2023 on information accompanying transfers of funds and certain crypto-assets — a recast of the old Transfer of Funds Regulation (EU) 2015/847 that, for the first time, extends scope to **crypto-asset service providers (CASPs)** ^[1]. It is the AML/CFT counterpart to MiCA: where MiCA governs CASP authorisation and the conduct regime, the TFR imposes the Travel Rule obligations on those same CASPs.

The TFR’s crypto provisions **apply from 30 December 2024** — deliberately aligned with the date of application of MiCA (Regulation (EU) 2023/1114). They cover originator and beneficiary CASPs as well as intermediary CASPs (ICASPs) ^[1].

The most frequently misunderstood point: for **crypto-asset transfers there is no value threshold**. Recital 30 of the regulation states explicitly that crypto-asset transfers “should be subject to the same requirements regardless of their amount and of whether they are domestic or cross-border transfers” ^[1]. Full originator and beneficiary data is therefore required for **every** crypto-asset transfer.

The much-cited **EUR 1,000 threshold** for simplified information applies only to conventional **funds transfers** (Art. 5–6 of the TFR) — not to crypto. Conflating the two regimes — and assuming sub-EUR 1,000 crypto transfers need no Travel Rule data — breaches the regulation. (The EUR 1,000 figure does appear in the crypto context, but in one specific place only — self-hosted wallets, see below.)

**Art. 14(5)** governs the originator side: for a transfer of **more than EUR 1,000 to a self-hosted address**, the originator’s CASP must take “adequate measures” to assess **whether that address is owned or controlled by the originator** ^[1]. **Art. 16(2)** mirrors the duty on the beneficiary side (receipt of more than EUR 1,000 from a self-hosted address).

An important distinction: this EUR 1,000 threshold triggers a **verification of wallet ownership** — it is **not** a threshold for whether Travel Rule data must be transmitted (that applies from the first cent, see above). And per the EBA guidelines (para. 83), a **mere self-declaration** by the customer that they own the address does **not** suffice — additional, technical evidence is expected ^[3].

The **EBA Travel Rule Guidelines (EBA/GL/2024/11)** of 4 July 2024 — applicable from 30 December 2024 — flesh out the information requirements and replace the old Joint Guidelines JC/GL/2017/16 ^[2][3]. They require, among other things, **risk-based procedures** to detect missing or incomplete data, and leave it to the CASP to decide on a risk basis whether to execute, reject, return or suspend a transfer.

Typical practical pitfalls: the so-called **“sunrise issue”** — EU CASPs transacting with foreign VASPs that are not yet (or not technically) Travel-Rule-capable, so the data exchange breaks; handling **repeatedly non-compliant counterparty CASPs** (potential reporting to the supervisor, restricting or terminating the relationship); and the link to **sanctions screening**, which is hollow without counterparty data. Travel Rule data is also a key input to the AML obligations under the new AMLR (Regulation (EU) 2024/1624).