Head of International Corporate Law and Fintech Practice
Expert in fintech, crypto, and international corporate law with over 20 years of experience. Specializes in crypto licensing (VASP/CASP), iGaming business support, and international structuring, asset protection, and OSINT analytics for risk assessment and due diligence.
Implementation of Travel Rule systems in Europe
The Travel Rule is a mandatory requirement for all CASP/VASPs that transfer crypto assets in Europe. Without compliance with the Travel Rule: the exchange will not receive a CASP license; the bank may close the account; and customer transactions will be automatically blocked. This is why the Travel Rule is not an “optional extra” but a critically important part of the AML infrastructure.
What is the Travel Rule?
This is a rule that requires the transmission of data about the sender and recipient of each crypto transfer between VASPs/CASPs.
Required data:
Originator
- Name / company name.
- Document number or registration number.
- Address or date of birth.
- Wallet identifier.
Beneficiary
- Name / company name.
- Wallet ID.
Obligations are set out in:
- EU Transfer of Funds Regulation.
- MiCA + AML Regulation.
- FATF Guidance on Virtual Assets.
Which companies are FULLY required to comply with the Travel Rule?
- EU CASPs/VASPs;
- Central Exchanges (CEX);
- OTC providers;
- crypto-fiat on-ramp platforms;
- Custodial wallets;
- Brokerage services.
Optional (but recommended):
- DeFi without control over private keys;
- self-hosted wallets.
In 2025, all EU banks will require crypto platforms to have a Travel Rule system.
Stages of registration and implementation of the Travel Rule system
This is an incorrect formulation – Travel Rule is not registered, the provider is registered / integrated with the regulator as part of the CASP document package. Therefore, the correct procedure is as follows.
Choosing a Travel Rule provider
Notabene
- works in the EU, USA, APAC;
- supports automatic verification of counterparties;
- integration with Chainalysis;
- suitable for exchanges and large VASPs.
TRP (Travel Rule Protocol)
- open-source model.
- good compatibility with neuCASP in Lithuania.
Scorechain TR Module
- often adopted by French platforms (AMF-friendly).
Sygna Bridge (Shyft Network)
- popular among Asian exchanges, supports EU TFR.
When choosing a provider, consider: client jurisdiction; transaction volumes; support for unhosted wallets; the possibility of manual and automatic approval flow; API compatibility with the backend.
Travel Rule provider due diligence
In 2025, regulators will require an assessment of:
- technical reliability.
- cybersecurity.
- RCSA (Risk Control Self-Assessment).
- GDPR compliance.
- local data storage.
- FIU access.
We prepare:
- Due Diligence Report.
- Vendor Risk Assessment.
- Data Mapping and Storage Analysis.
PIA/DPIA — Data Protection Impact Assessment (GDPR)
According to GDPR Art. 35 — mandatory for crypto platforms.
The DPIA describes:
- Data model;
- Information flows between VASPs;
- List of personal data;
- Leakage risks;
- Encryption methodology;
- Retention periods (up to 5 years — TFR requirement).
Without a DPIA, no EU regulator will approve a CASP permit.
Preparation of Travel Rule policies and procedures
Documents that we prepare for VASP/CASP:
- Travel Rule Policy (describes: data transfer algorithm, actions in case of unidentified VASP, processing of unhosted wallets).
- Unhosted Wallet Risk Protocol (critical for OTC and on-ramp).
- VASP/VASP Counterparty Assessment Procedure (verification of who the data is transferred to).
- Blockchain Analytics SOP (based on Chainalysis/Elliptic).
- Data Transfer Matrix (processing map) (structure of data flows → required by the regulator; without these documents it is impossible to submit a CASP application).
Technical integration with the backend
This includes:
- Travel Rule API connection.
- testing webhook notifications.
- implementation of the “soft block” mechanism.
- integration with KYC/AML (Sumsub/Ondato/Veriff).
- sanctions check module.
- connection with KYT.
In 80% of cases we work directly with the client’s dev team.
Testing (sandbox)
The Travel Rule provider conducts:
- test transactions.
- stress test.
- false scenarios (bad actor, unknown VASP).
- encryption check.
- log check.
Result — Travel Rule Compliance Certificate, which is submitted to the regulator.
Submission of documents to the regulator together with the CASP application
The regulator checks:
- presence of the provider;
- a full set of policies;
- DPIA;
- IT architecture + data flow;
- risk scoring system;
- preparation of AML and MLRO;
- availability of KYT and sanction filters.
In France (AMF) this is a separate section — “Travel Rule compliance assessment”. In Lithuania and Poland — part of the AML complex.
After launch — ongoing compliance
Travel Rule should work: before the transaction (pre-transaction screening); during; after; in reporting (FIU reporting).
Monthly:
- log audit.
- data testing.
- MLRO internal control.
- VASP counterparty review.
Annually:
- IT audit.
- AML audit.
- DPIA review.
Why is this important?
In 2025, 80% of crypto platform fines in the EU were due to:
- incomplete implementation of the Travel Rule.
- lack of an unhosted wallets protocol.
- incorrect AML risk scoring.
- failure to provide counterparty data to another VASP.
- incorrect data storage (GDPR breach).
To avoid fines, we do a complete compliance stack. We do a turnkey:
- selection of a Travel Rule provider;
- legal analysis of TFR + MiCA;
- AML/CTF policies;
- DPIA (GDPR);
- technical documentation for the regulator;
- VASP risk model;
- integration with blockchain analytics;
- support during audits;
- MLRO/Compliance Officer recruitment.
Order a consultation and find out the cost of legal support in implementing the Travel Rule system by filling out the form below.
Calculate the cost of services
1 question
Do you need advice on implementing the Travel Rule system?
2 question
Are you interested in AML transaction verification?
3 question
Do you want to register a crypto company in the EU?
You may also need:
call back
during the day
Compensation for moral, material damage
Protection of honour, dignity, and business reputationContract Development for Business and Legal Entities
Licensing of business activities
Compensation for moral, material damage
Legal services in the field of cryptocurrency and blockchain
REGISTRATION OF COMPANIES AND OPENING OF BANK ACCOUNTS
Sale and purchase of ready-made firms
Grants and attracting investment
Business registration and support in Great Britain
Business registration and support in Switzerland
Business registration and support in the EU
Business Registration and Support in the Gulf Countries (GCC)
Business registration and support in Turkey
Business registration and support in USA
Lawyer for administrative cases
Legal services for medical businesses and doctors
Protection of honour, dignity, and business reputation
Real estate transaction support
Escort of the tender participant
Trial lawyer: support and defense in court
European Court of Human Rights (ECHR)

