The Travel Rule is a global anti-money laundering standard that requires Virtual Asset Service Providers (VASPs) to collect and transmit identifying information about the originator and beneficiary of crypto transactions that exceed certain thresholds.
Originally applied to traditional finance, the Financial Action Task Force (FATF) extended the rule to cover crypto in 2019. Drawing largely on FATF’s own guidelines and statements, this article explores what the Travel Rule is, why compliance matters, how criminals attempt to evade detection through tactics like smurfing, and how VASPs can stay ahead with behavior-based transaction monitoring tools.
Although the Travel Rule is now closely associated with crypto, it was originally introduced in 1996 by the FATF—an intergovernmental body—to combat money laundering and terrorist financing using traditional financial institutions like banks. The rule requires the sharing of originator and beneficiary information for transactions exceeding a certain threshold. It is $3000 in the United States and $1000 in other countries.
In June 2019, the FATF extended these guidelines to include VASPs, recognizing both the rapid growth of the crypto industry and the heightened risks posed by anonymous transactions.
Since then, the FATF has taken a phased approach to implementing the Travel Rule for VASPs, acknowledging the technical and operational challenges involved. It has conducted periodic reviews to assess global progress, beginning with its first review in July 2020 and the most recent in July 2024.
The FATF defines a VASP broadly, encompassing five categories of business activities: exchange between virtual assets and fiat currencies, exchange between one or more forms of virtual assets, transfer of virtual assets, safekeeping and/or administration of virtual assets or instruments, and participation in and provision of financial services related to an issuer’s offer or sale of a virtual asset.
Notably, the Travel Rule applies to VASPs as defined by FATF, even if a jurisdiction uses a different term locally. For example, under the European Union’s Markets in Crypto-Assets Regulation (MiCA), the equivalent designation is Crypto-Asset Service Provider (CASP).
The FATF states that the Travel Rule applies to VASPs across 98 jurisdictions, including member countries such as Brazil, Canada, China, France, Hong Kong, Japan, Singapore, and the United States. It also tracks non-member jurisdictions like the Bahamas, Cayman Islands, Estonia, Seychelles, Ukraine, and Russia—the latter having had its membership suspended in February 2023.
Despite the FATF's phased approach to implementation—with 75% of jurisdictions still only partially compliant or non-compliant as of July 2024—serious consequences remain on the table for continued failure to meet Travel Rule obligations.
Below are some of the most important reasons why it’s essential that VASPs comply with the Travel Rule:
At the national level, jurisdictions that fall short of FATF standards and are subsequently placed on the graylist or blacklist can deter foreign investment, tourism, and global financial partnerships. No forward-looking country wants to be associated with high-risk or non-compliant jurisdictions. Compliance with the Travel Rule is therefore not just a legal obligation—it’s a signal of trustworthiness, professionalism, and long-term viability.
Criminals often exploit gaps in Travel Rule compliance by using a tactic known as smurfing, or structuring. This involves breaking a large transfer into many smaller transactions that fall below the threshold requiring the transmission of originator and beneficiary information—$3,000 in the U.S. and $1,000 in other jurisdictions. By doing so, bad actors aim to avoid triggering the Travel Rule and fly under the radar of VASPs.
For example, imagine a criminal wants to transfer $18,000 worth of crypto. Instead of sending it in one go, they split it into 20 separate $900 transactions from different wallets across multiple days. Each transaction appears compliant and doesn’t individually require information sharing under the Travel Rule. But collectively, this behavior indicates a clear attempt to avoid detection.
This is why compliance teams need more than just a threshold-based system—they require a behavior-based rule engine within their transaction monitoring platform. Such a system goes beyond checking if a transaction exceeds a set amount; it proactively identifies patterns of behavior that may indicate Travel Rule evasion. It can detect unusual frequency, transaction structuring, and other anomalies—even when the wallets involved are not on any public or private watchlist. A behavior-based engine would flag a suspicious smurfing pattern as a possible Travel Rule evasion attempt, allowing the VASP to investigate, report, or block the activity in real time.
The Travel Rule requires VASPs to share originator and beneficiary information for transactions above certain thresholds, aiming to prevent crypto from being used to fund money laundering and terrorism. As regulators ramp up enforcement globally to follow the FATF guidelines, compliance is no longer optional—it’s essential for maintaining trust and operating across jurisdictions.
Merkle Science’s Compass helps VASPs comply not just with the letter, but the spirit of the Travel Rule. Our behavior-based rule engine detects structuring and smurfing attempts, even from previously unknown wallets. Contact us today for a free demo and see how we can support your compliance strategy for the Travel Rule and other policies.
