What is Global Ledger?

Global Ledger is a Swiss blockchain analytics company delivering fast, end-to-end AML compliance and investigation tools. Founded in 2019, we support over 2,000 digital assets and manage a database of over 700 million attributed addresses, updated daily. We perform 250,000 AML checks and monitor 30 million wallets every day. With an average response time of just 500ms and private server deployment options, Global Ledger combines speed, scale, and security.

Which blockchains does Global Ledger analyse?

Currently, the following blockchains are supported: Bitcoin (BTC) Bitcoin Satoshi Vision (BSV) Litecoin (LTC) Ethereum (ETH), including top tokens Tron (TRX), including top tokens Binance Coin (BNB) Polygon (MATIC) Arbitrum (ARB) Base (ETH) Avalanche (AVAX) Moonbeam (GLMR) Polkadot (DOT) Solana (SOL) TON.

How is the GL Score calculated?

The GL Score is a number from 0 to 100 that shows the degree of risk: low, medium, and high. Each score is represented by a corresponding color: green indicates low risk, yellow indicates medium risk, and red — high risk. The risk score is derived from the assessment of the riskiness of sources contributing to a requested address or transaction. To calculate the score, the algorithm analyzes incoming transactions, assesses the risk of identified sources, and calculates a score on a scale from 0 to 100. This score provides an indication of the potential level of risk associated with the address or transaction based on the evaluated sources and their associated activities. Learn more about risk score calculation from our blog article.

What are your data sources?

The Global Ledger team regularly collects and constantly analyses publicly available information, open data from the top blockchains, replenishes the internal information base by conducting its own investigations, as well as data purchased from reliable vendors.

What if I need help ASAP?

Our support team stays in touch 24/7 to provide clients with the most comfortable service and experience in case of unexpected hacks or cyberattacks. Please send your request with a brief description of your case to contact@globalledger.io, and our manager will reach you shortly.

What Is Travel Rule Compliance? 2026 Guide for VASPs

In 2026, Travel Rule compliance is no longer just a data-sharing requirement. It is a core part of how VASPs prevent risk, meet AML obligations, and maintain regulatory approval.

Regulators no longer ask whether a VASP merely has a Travel Rule policy. They increasingly assess whether the policy operates effectively in practice: whether required originator and beneficiary information is obtained, verified where required, securely transmitted to counterpart institutions, exceptions are identified and escalated, and records are retained in a manner that supports supervisory review and audit. For firms still treating Travel Rule compliance as a documentation exercise, the gap between policy and operational implementation is closing fast.

In this article, you'll find out what the Travel Rule is, what compliance teams need to follow in practice, and what challenges VASPs face in 2026.

Key Takeaways

Under FATF Recommendation 16, VASPs must obtain, hold and transmit required originator and beneficiary information for qualifying virtual asset transfers. FATF permits a de minimis threshold of USD/EUR 1,000, but national implementations differ. In the EU, Regulation (EU) 2023/1113 applies to crypto-asset transfers without a general EUR 1,000 threshold, while specific verification obligations apply to certain transfers involving self-hosted addresses above EUR 1,000.
Travel Rule compliance covers data collection, verification, transmission, exception handling, and record-keeping. The data it produces supports broader AML controls such as sanctions screening and pre-transaction risk assessment.
In the EU, Travel Rule requirements are set out in Regulation (EU) 2023/1113, the Transfer of Funds Regulation. CASPs must also comply with the broader EU AML/CFT framework, and competent authorities may consider Travel Rule controls as part of wider supervisory assessments.
Transfers involving self-hosted wallets remain the most complex compliance challenge across jurisdictions.

What Is the Travel Rule in Crypto?

The Travel Rule is a requirement under FATF Recommendation 16 that obligates Virtual Asset Service Providers (VASPs) to collect, verify, and transmit identifying information about the originator and beneficiary alongside crypto transfers above a defined threshold.

Originally introduced for traditional financial institutions, the Travel Rule was extended to virtual assets in 2019 as part of global AML standards set by the Financial Action Task Force (FATF). In this context, it is commonly referred to as the AML Travel Rule.

The AML Travel Rule requires VASPs to collect and transmit verified information about who is sending and receiving funds. This goes beyond basic customer identification — every qualifying transfer must be accompanied by required originator and beneficiary information, verified where required under the applicable legal framework.

What information must travel with the transaction?

When a VASP initiates a transfer, identifying information about both the sender (originator) and the recipient (beneficiary) must be passed to the receiving VASP at the time of the transfer. At minimum, this includes:

For the originator:

Full name
Account number or wallet address
One additional identifier (address, national ID, customer ID, or date and place of birth)

For the beneficiary:

Full name
Account number or wallet address

This is the minimum required information under the Travel Rule. Additional data or verification may be required depending on the jurisdiction and risk level of the transaction. For transfers below the threshold, basic information must still be collected, with verification required in higher-risk scenarios.

Travel Rule: minimum data to be shared. Source: Global Ledger

Why the Travel Rule matters beyond data collection

Travel Rule data gives regulators and VASPs the foundation to trace fund flows and support broader AML controls.

When properly collected and transmitted, the Travel Rule data enables compliance teams to:

Use verified counterparty data for sanctions screening against individuals, entities, and countries.
Support the identification of transfers linked to terrorist financing.
Enable consistent suspicious activity reporting (SAR) across counterparties.
Contribute to broader controls that prevent crypto assets from being used for money laundering.

      The Travel Rule is not only about sending data. It is a traceability obligation that supports broader AML/CFT controls by ensuring that key originator and beneficiary information is available to relevant institutions and authorities.
    

Travel Rule data flow between CASPs. Source: Global Ledger

What Is Travel Rule Compliance?

For VASPs, Travel Rule compliance in crypto refers to the full set of processes, systems, and controls used to meet Travel Rule obligations on an ongoing basis.

Knowing the rule is not compliance. A crypto firm is compliant when it can consistently:

collect and verify required data;
transmit it to counterparties;
detect missing or incomplete information and manage exceptions;
document every decision and retain records.

In practice, cryptocurrency Travel Rule compliance means building a workflow that works before, during, and after each transaction. As Travel Rule crypto regulation has tightened across a number of leading financial centres, the threshold for what counts as "compliant" has risen significantly — particularly around pre-transaction controls and self-hosted wallet handling.

Global Ledger and 21 Analytics to Make Travel Rule Compliance Easier

See how our partnership streamlines crypto compliance and Travel Rule operations for VASPs.

The five obligations that define crypto Travel Rule compliance

Counterparty VASP identification.

Before transmitting data, a crypto firm must determine whether the receiving address belongs to a regulated VASP or a self-hosted wallet. The workflows and obligations differ significantly between the two cases.
Pre-transaction data collection and verification.

The originator VASP collects KYC-verified information on the sender and confirms beneficiary details before the transfer executes. Data must flow from verified records, not unverified user input.
Secure data transmission to the beneficiary VASP.

Data may be transmitted through a Travel Rule messaging solution or protocol, often using data standards such as IVMS 101, so the counterparty receives it before or at the moment of transfer.
Exception handling and escalation.

When Travel Rule information is missing, incomplete, inconsistent, or otherwise raises risk indicators, the VASP must detect this, apply a risk-based assessment, and escalate where appropriate under its internal procedures. This includes documenting the decision and, where relevant, integrating the information into broader AML/CFT controls such as sanctions screening, transaction monitoring, or suspicious activity reporting, which operate as separate obligations outside the Travel Rule itself.

Under EU TFR, the receiving CASP is specifically expected to have procedures for detecting whether required information is missing/incomplete and deciding whether to execute, reject, return, or suspend a transfer.
Record-keeping and audit trail.

Required Travel Rule information and related records should be retained for the period required under the applicable regime. In the EU, Regulation (EU) 2023/1113 requires retention for five years.

In 2026, regulators increasingly expect Travel Rule controls to operate before or at the time a transaction is executed — not solely after settlement. On-chain transfers are generally irreversible once broadcast, which means required originator and beneficiary information, as well as related risk indicators, should be identified and assessed as early as possible in the transaction lifecycle. In the EU and UK, firms that rely primarily on post-transaction remediation may struggle to meet supervisory expectations around effective Travel Rule compliance and risk management.

The Current State of Crypto Travel Rule Compliance

Despite years of regulatory alignment, Travel Rule compliance across the industry is still uneven. Many VASPs have implemented parts of the process, but few have achieved consistent, end-to-end coverage.

According to industry data, over 61% of VASPs report that most inbound transactions still arrive without the required Travel Rule data. In practice, this leaves compliance teams making decisions with incomplete information.

This gap is driven by four persistent challenges.

1. Self-hosted wallets remain the hardest edge case

Transfers involving self-hosted wallets introduce uncertainty that regulation has not fully resolved.

In the EU, firms are 55% more likely to block self-hosted wallet transactions than the global average, while over 15% of EU providers have banned self-custody transactions entirely due to regulatory uncertainty.

The challenge is both operational and interpretational. For example:

Under the EU Transfer of Funds Regulation (TFR), where a transfer involving a self-hosted address exceeds EUR 1,000, the CASP must assess and verify whether that address is owned or controlled by its customer. Practical implementation remains difficult, particularly where third-party wallets or complex custody arrangements are involved.
The EBA Guidelines on policies and procedures under Regulation (EU) 2023/1113 provide additional supervisory expectations on risk management, detection of missing information, and treatment of transfers involving self-hosted addresses.
Separately, DAC8 introduces additional crypto-asset tax reporting obligations in the EU, adding another layer of compliance complexity for firms handling transfers involving self-hosted wallets.

Faced with legal uncertainty, operational complexity, and potential enforcement risk, some firms adopt a conservative approach by restricting certain self-hosted wallet transactions rather than relying solely on risk-based controls.

2. Fragmented protocols limit interoperability

There is still no single standard for Travel Rule data exchange. VASPs use different messaging systems that were built independently and do not always communicate with each other.

As a result, even two fully compliant firms may be unable to exchange the required data in real time — not because either is non-compliant, but because their systems do not connect.

3. Pre-transaction controls are not yet universal

Many crypto firms have implemented Travel Rule workflows, but not all apply them at the most effective stage of the transaction lifecycle.

In practice, checks are still sometimes performed only after a transaction has been broadcast on-chain. However, regulators increasingly expect firms to collect, verify where required, and exchange relevant Travel Rule information before or at the time of transfer, rather than relying solely on post-transaction remediation. Given the irreversible nature of many blockchain transactions, firms are also expected to identify and escalate relevant risk indicators as early as possible.

This means firms are increasingly expected to apply Travel Rule controls before or at the time a transfer is executed, rather than relying solely on post-transaction remediation.

4. The “sunrise” problem

A further challenge comes from uneven global implementation of the Travel Rule. When a VASP in a regulated jurisdiction interacts with a counterparty in a jurisdiction where the Travel Rule is not yet implemented or effectively operationalised, exchanging the required information may be difficult or inconsistent in practice.

In these situations, regulators generally expect firms to apply a risk-based approach. This may include:

Documenting attempts to transmit or obtain the required information.
Assessing relevant transactional and counterparty risk indicators, potentially including the use of blockchain analytics tools.
Applying internal escalation procedures and making a documented, risk-based decision on whether to proceed with the transfer.

      For compliance teams, the challenge is often not the absence of rules, but demonstrating that decisions were reasonable, risk-based, and defensible under supervisory scrutiny.
    

If you’d like to explore Travel Rule compliance challenges and best practices in more detail, watch the recorded live session, where Yulia Murat, Head of Regulatory Affairs at Global Ledger, and Lana Schwarzman, VP of Global Regulatory and Compliance Strategy at Notabene, discuss how VASPs can navigate evolving crypto AML regulations in practice.

Get the Recording

Conclusion

In 2026, Travel Rule compliance is part of daily operations, not just a checkbox. Regulators expect VASPs not only to collect and transmit data correctly, but to manage exceptions, retain records, and ensure that Travel Rule data feeds into the broader AML controls that prevent illicit transactions from going undetected.

For compliance teams, the challenge is not understanding the rule — it is making it work across fragmented systems, unclear edge cases, and global counterparties. The firms that succeed are those that move from reactive compliance to structured, timely decision-making.

Global Ledger helps VASPs implement Travel Rule compliance end-to-end — from counterparty due diligence and pre-transaction screening to audit-ready reporting. Request a demo to find out how you can turn Travel Rule into a reliable, real-time workflow without blocking legitimate transactions or slowing down operations.

See how Global Ledger can support
Travel Rule compliance for your team

Schedule a Demo

FAQ

What is the FATF Travel Rule?

The FATF Travel Rule is a requirement established under FATF Recommendation 16 that obligates financial institutions and VASPs to collect and transmit originator and beneficiary information alongside transfers above a defined threshold. FATF, the Financial Action Task Force, extended the rule to virtual assets in 2019. It forms the basis for national-level Travel Rule laws in the EU, UK, US, Singapore, and Switzerland.

What is the Travel Rule Regulation?

The Travel Rule regulation refers to the national and regional laws that implement FATF Recommendation 16 for crypto firms. In the EU, this is the Transfer of Funds Regulation (TFR, Regulation 2023/1113). In the UK, the Money Laundering Regulations are enforced by the FCA. In the US, FinCEN applies the Bank Secrecy Act Travel Rule to money transmitters. Each jurisdiction sets its own threshold within the FATF framework.

What does Travel Rule compliance mean for crypto firms?

Travel Rule compliance for crypto firms means maintaining systems to collect verified originator and beneficiary data, transmit it to counterparties, detect and manage exceptions, and retain records for audit. The data produced by this process supports broader AML obligations — but sanctions screening and transaction monitoring are separate controls, not part of Travel Rule compliance itself.

How does the Travel Rule fit into a VASP's AML program?

Travel Rule data directly supports sanctions screening and suspicious activity reporting. When that data reveals a potential match or gap, it can trigger blocking and SAR filing obligations, but those actions fall under the broader AML framework, not the Travel Rule itself.