The Travel Rule is now one of the most important regulatory requirements facing crypto firms. Yet five years after FATF extended Recommendation 16 to virtual assets, implementation across jurisdictions remains fragmented, inconsistent, and technically difficult. 

CryptoUK recently hosted a webinar for our members that explored these challenges through the lens of the UK’s experience — and uncovered why Travel Rule compliance is still far from straightforward.

What emerged was clear: there is one global rule, but many operational realities. And until these are reconciled, firms will continue to face unnecessary friction, rising supervisory pressure, and growing technical debt.

You can watch the full webinar here:

The panellists: legal, technical and compliance expertise in one room

Last week’s webinar brought together three experts whose day-to-day work places them at the sharp edge of Travel Rule implementation. Between them, they advise global regulators, support some of the world’s largest VASPs, and work directly on the systems that make Travel Rule compliance possible. 

Their combined experience spans legal interpretation, supervisory expectations, technical interoperability, sanctions handling, and real-world operational challenges — making them uniquely well placed to explain not just what the rules say, but how they actually work in practice.

• Catarina Veloso — Director, Regulatory & Compliance, Notabene
  A specialist in Travel Rule implementation across multiple jurisdictions, bringing deep insight into interoperability challenges, best practices and cross-border operational realities.
  
• Anastasia Sakharova — Head of Digital Assets, Sumsub
  Providing the compliance and identity-verification perspective, with hands-on experience designing and improving Travel Rule solutions that align with regulatory expectations.
  
• Bhavesh Panchal — Senior Associate, Paul Hastings LLP
  Offering the legal and supervisory view, advising crypto firms on Travel Rule obligations, FCA expectations and the complexities of cross-jurisdictional compliance.

A Rule Built for Global Consistency — Delivered Through Fragmentation

FATF Recommendation 16 is designed to be a global framework. But the way it has unfolded in practice is anything but global. Jurisdictions have implemented the Travel Rule:

• On different timelines
• With different data requirements
• With different thresholds
• With different supervisory expectations
• And in some cases, not at all

As the panel highlighted, 85 out of 163 FATF jurisdictions have implemented the rule, with another 14 in progress. That leaves large parts of the world operating under no Travel Rule obligations — creating “sunrise” problems for firms in jurisdictions that are already live.

For a compliance requirement that relies on two counterparties exchanging information, fragmentation is not simply inconvenient — it fundamentally undermines the rule’s effectiveness.

The UK Roll-Out: A Long, Iterative Journey

The UK’s Travel Rule journey began in 2021, when HM Treasury consulted on adding Travel Rule obligations to the Money Laundering Regulations. It continued through several distinct phases:

• 2021: Consultation closes
• 2022: MLR amendments enacted
• 2022–2023: FCA sandbox testing with industry cohorts
• August 2023: JMLSG issues detailed guidance
• 1 September 2023: Travel Rule enters into force
• Late 2023: Industry raises “sunrise issue” concerns
• 2024–2025: FCA increases supervisory focus

A unique feature of the UK roll-out was the Notabene testnet program within the FCA’s regulatory sandbox, which gave the FCA unprecedented visibility into the operational realities of Travel Rule implementation.

It also provided firms with a rare opportunity to test the rule with real counterparties before the deadline — something most jurisdictions have not offered.

What Makes the Travel Rule So Hard in Practice?

Throughout the webinar, our panellists consistently returned to one core truth: The Travel Rule was built for identity-based payment systems. Crypto is address-based. 

That mismatch sits at the root of many operational issues, including:

1. Counterparty discoverability is still weak

A wallet address does not reveal:

• Whether the counterparty is a VASP
• Which legal entity it belongs to
• Whether it is Travel Rule-obligated
• Which protocol it uses to exchange data

Blockchain analytics can identify brands but usually not legal entities. And Travel Rule obligations apply to legal entities.

2. Deposits cannot be stopped before funds arrive

Because most crypto transactions still rely on wallet addresses:

• Customers request a deposit address
• Funds are sent
• Only then does the VASP analyse where the funds came from

This creates sanctions risk, AML risk, and customer-support burdens that do not exist in traditional finance.

As of today, according to Notabene’s 2025 State of Crypto Travel Rule Report, 61.6% of VASPs claim that almost none or only a small portion of incoming transactions arrive without required Travel Rule information.

And firms have no technical way to block these transfers pre-transaction.

3. Thresholds and rules conflict across borders

The UK requires Travel Rule information for all transactions.

But the US only requires it above $3,000.

When a UK firm receives a US transfer below that threshold:

• The US sender is fully compliant
• But the UK recipient is not

This is precisely the kind of “one rule, many realities” conflict the industry now faces daily.

4. Structural conflicts between regulations and crypto operations

Regulatory expectations often clash with how crypto transactions actually function. Here are several examples:

1. Many VASPs rely on hot-wallet pools, where the exact sending address is unknown until the moment of transaction execution. This directly conflicts with requirements that expect data to be transmitted before or at the time of the transfer.
2. Traditional frameworks assume concepts like batch files and fixed account numbers, which don’t map cleanly onto the crypto environment.
3. The definition of an intermediary VASP also doesn’t match reality. In practice, intermediaries are custodians. Regulators, however, expect intermediaries to be entities that receive and transfer assets. Custodians, in turn, safeguard assets and sign transactions, but no actual transfer occurs between the VASP and the custodian, only an instruction to transfer.

Sumsub’s recent analysis, including proposals submitted to the FATF, highlights these structural contradictions and explains why traditional fiat-era assumptions remain difficult to apply in a crypto context.

Supervision: The FCA’s Growing Expectations

The FCA has made one message clear: firms must treat Travel Rule failures as a reportable supervisory issue, not a minor inconvenience.

Two expectations stand out:

1. The “repeated failures” reporting requirement

If a counterparty repeatedly fails to send required information, UK-registered firms must:

• Record each incident
• Maintain internal logs
• Report the counterparty to the FCA
• Submit detailed data (27+ fields) every six months

This is extremely resource-intensive for high-volume exchanges and custodians.

2. The FCA will increasingly test operational readiness

As firms move into FSMA-based regulation, the FCA will gain stronger oversight powers, and Travel Rule controls will move from “best practice” to “regulatory expectation”.

Compliance teams should anticipate more questions — and more scrutiny.

Interoperability: The Industry’s Most Persistent Problem

Perhaps the most difficult challenge discussed in the webinar was interoperability between Travel Rule solutions.

The landscape today includes:

• Limited-use open protocols, such as TRP
• Large provider-based networks that exchange data within their own ecosystems and build bilateral bridges, such as Notabene or Sumsub
• Closed or semi-closed systems maintained by major exchanges, such as TRUST

This results in:

• Limited counterparty reachability
• Duplicate integrations
• Inconsistent data quality
• Manual workarounds
• Higher compliance costs
• Fragmentation that actively weakens AML controls

The panellists made one point very clear: as long as closed Travel Rule networks persist, the industry will remain fragmented.

Catarina’s position is that, long-term, the only sustainable path is neutral, open standards — not proprietary walled gardens. This reflects the movement to industry-led solutions regulators have taken a liking to in recent years.

The Future: From Wallet Addresses to Authorise-Then-Settle

One of the most compelling themes of the discussion was the shift toward pre-transaction authorisation — a model that mirrors traditional finance.

Instead of sending funds to a wallet address, the flow becomes:

1. A payment link is initiated
2. Both VASPs exchange Travel Rule data
3. Both run sanctions and AML checks
4. Both decide whether the transaction is permitted
5. Only then is the settlement address revealed
6. Funds move with full context and confidence

This model solves multiple problems:

• Removes pre-deposit opacity
• Reduces sanctions exposure
• Ensures data arrives before the funds
• Improves compliance efficiency
• Sets the stage for secure B2B payments and CBDC-compatible rails

The Travel Rule, ironically, may become the catalyst that finally pushes crypto into more robust, institutional-grade payment flows. The pay-off is transaction delays. 

What Travel Rule Implementation Teaches Us

The overarching lesson from the webinar:

We don’t have a Travel Rule problem — we have an implementation problem.

And the implementation challenges are not primarily regulatory — they are architectural:

• Crypto was not built to exchange identity data
• Wallet-address-based transfers create structural operational hurdles
• Counterparty discovery is not native to blockchains
• Closed networks fracture the industry
• Cross-border transfers trigger contradictory obligations

The UK roll-out shows what’s possible when regulators, industry providers, and trade bodies collaborate early — but it also exposes the limits of what can be achieved without global technical alignment.

One Rule, Many Realities — But a Clear Direction of Travel

The Travel Rule is here to stay. But its real impact is only now being felt in day-to-day compliance operations, product design, risk assessment and user experience.

The next phase of adoption will not be defined by regulation alone, but by:

• Interoperability
• Pre-authorisation workflows
• Neutral and open standards
• Better counterparty discovery
• Shared best practices
• Industry collaboration through bodies like CryptoUK
• Public-private sector collaboration to adjust the regulatory landscape to the realities of crypto transactions

The firms that embrace these changes early will not only stay compliant — they will help shape the next generation of secure, scalable digital asset infrastructure.

Watch the Full Discussion

This article captures the highlights, but the full conversation goes even further. Watch the full webinar below to hear the panel’s insights in their own words and gain a deeper understanding of how the Travel Rule is evolving in practice.

If you have any questions or would like to discuss how these developments affect your firm, please feel free to reach out to us at hello@cryptouk.io.