Key Takeaways:
Since December 2024, the crypto Travel Rule in the EU has shifted from recommendation to requirement — a compliance obligation verified during licensing and supervision. For VASPs, this means more than simply sending transfer data; it requires integrating sanctions screening, KYT checks, and transaction blocking procedures in real time.
But there's one category of transactions creating particular challenges: transfers involving self-hosted wallets. Regulatory uncertainty in this area is already driving mass blocking — and it's a problem not just for users, but for the entire industry. So how can VASPs navigate this reality whilst staying compliant?
The FATF Travel Rule (also referred to as FATF Recommendation 16) requires Virtual Asset Service Providers (VASPs) to collect, verify, and transmit originator and beneficiary information alongside crypto transfers. The purpose isn't just data exchange — it's about giving VASPs the ability to assess counterparty risk, identify suspicious activity, and block high-risk transactions before they “settle on the blockchain”.
Under crypto AML regulations now in force across the EU, VASP Travel Rule compliance has become a licensing condition, not a "nice to have". Travel Rule requirements are now embedded into transaction monitoring frameworks, and regulators expect pre-transaction checks, sanctions screening, and escalation procedures to be operational.
In the EU, Travel Rule requirements are now embedded in law through the Transfer of Funds Regulation (TFR) and reinforced by MiCA. As a result, VASP Travel Rule compliance is no longer optional — it is a condition for operating legally.
Recent data shows that EU companies are 55% more likely to block transactions involving self-hosted wallets (also referred to as unhosted or non-custodial wallets) compared to the global average, and more than 15% have already banned them entirely.
Why? The answer is simple: when the rules are unclear and the penalties are steep, blocking everything feels safer than making the “wrong call”. Rather than investing resources to navigate the complexity, many providers choose the path of least resistance — a complete ban on self-custody transactions.
VASPs face multiple requirements that don't always align, creating uncertainty about compliance expectations. The Transfer of Funds Regulation requires verification of wallet ownership or control for transfers exceeding €1,000, though the scope of this requirement — particularly for third-party self-hosted wallets — remains subject to interpretation. EBA Guidelines recommend verification of self-hosted wallets in broader circumstances than TFR explicitly mandates. Meanwhile, DAC8 introduces tax reporting obligations for transfers involving self-hosted wallets, requiring VASPs to collect and report additional information.
For many companies, it's simpler to block all self-custody transactions than navigate the nuances of applying the rules.
Blocking self-hosted wallets carries consequences beyond compliance:
Yet the risks are real. 61.6% of VASPs report that almost none or only a small portion of inbound transactions contain required Travel Rule data, according to the same report. This is a direct consequence of fragmented Travel Rule protocols and slow standards adoption — particularly for self-hosted wallet transactions.
Without proper Travel Rule compliance mechanisms in place, VASPs face counterparty risk: they might inadvertently transact with sanctioned entities, facilitate money laundering, or fall out of compliance with crypto AML regulations.
In this environment, the question is not whether to comply — but how to do so responsibly, without sacrificing users or regulatory trust. What teams can do:
Using blockchain analytics and transaction tracing tools, VASPs can:
When Travel Rule data cannot be exchanged — which is common in VASP ↔ self-hosted wallet flows — VASPs are still expected to assess risk.
Blockchain analytics, transaction history, real-time monitoring & alerts, and advanced entity due diligence provide critical context that helps fill these gaps and supports informed pre-transaction decisions.
The challenge many VASPs face is that Travel Rule compliance tools only address one piece of the puzzle — data transmission. But crypto AML compliance requires understanding who you're transacting with, not just receiving their name.
For VASP compliance teams, this means:
When VASPs can generate comprehensive counterparty or entity exposure reports — even on self-hosted wallets lacking formal Travel Rule data — they gain the visibility needed to meet regulatory expectations whilst avoiding unnecessary de-risking.
When working with self-hosted wallets, it's critical not just to make decisions but to document the data:
It ensures that decisions are defensible and evidence-based, and supports regulatory reporting obligations, including the preparation and submission of SARs or STRs where required.
Self-hosted wallets remain a core feature of crypto, and the real challenge for VASPs is learning how to manage their risks responsibly.
While regulatory uncertainty will persist and data gaps will remain, VASPs are not without options. A risk-based approach, clear internal processes, and transparent decision-making can help teams operate with confidence — even in imperfect conditions.
If you’d like to explore Travel Rule compliance challenges and best practices in more detail, watch the recorded live session with Yulia Murat, Head of Regulatory Affairs at Global Ledger, and Lana Schwarzman, VP of Global Regulatory and Compliance Strategy at Notabene, as the compliance experts discuss how VASPs can navigate evolving crypto AML regulations in practice.