The European Banking Authority (EBA) has issued comprehensive guidelines on the so-called "Travel Rule," a regulatory framework governing the information that must accompany transfers of funds and certain crypto assets. This move is designed to combat money laundering and terrorist financing by ensuring traceability across financial transactions involving digital assets.
These new guidelines aim to establish a consistent and effective approach for implementing the Travel Rule throughout the European Union. By standardizing requirements, they empower supervisory authorities to fully track cross-border transfers when necessary—helping prevent, detect, or investigate illicit financial activity.
👉 Discover how global crypto compliance is evolving in 2025
Effective Date and Regulatory Scope
The guidelines take effect on June 30, 2024, replacing the previous Joint Guidelines under Article 25 of Regulation (EU) 2015/847. That earlier regulation outlined procedures for payment service providers (PSPs) to detect missing or incomplete payer/beneficiary data and manage non-compliant fund transfers.
Under its mandate, the EBA now provides detailed guidance to national regulators, PSPs, and crypto asset service providers (CASP) in three key areas:
- Measures PSPs and CASPs must implement to comply with specific provisions of Regulation (EU) 2023/1113
- Technical aspects related to the application of the Travel Rule to direct debits
- Standards and methods for identifying and verifying initiators or beneficiaries in transactions involving self-hosted wallets
This marks a significant step toward harmonizing anti-money laundering (AML) and counter-terrorist financing (CTF) controls across Europe’s rapidly expanding digital asset ecosystem.
What the Travel Rule Requires
At its core, the Travel Rule mandates that certain identifying information travel with every transaction—whether traditional funds or crypto assets. Specifically, it requires:
- Full names of the sender and recipient
- Account numbers or wallet addresses
- Physical addresses or dates of birth where accounts are not tied to formal identification
Payment service providers (PSPs), intermediary PSPs (IPSPs), crypto asset service providers (CASP), and intermediary CASPs (ICASPs) are required to:
- Implement systems to detect missing or incomplete data in outgoing and incoming transfers
- Establish clear protocols for handling transactions that lack required information
- Apply risk-based measures when dealing with transfers to or from self-hosted wallets
Failure to meet these obligations can result in penalties, operational restrictions, or loss of licensing.
Regulation (EU) 2023/1113, which came into force in June 2023, expanded the EU's legal framework to align with Financial Action Task Force (FATF) standards. It extends Travel Rule obligations to crypto asset service providers—closing a critical gap in financial oversight.
National competent authorities are expected to report their adherence to these updated guidelines within two months of the official EU language translations being published.
👉 Stay ahead of global crypto compliance requirements
Broader Regulatory Context: A Risk-Based Approach
In addition to the Travel Rule guidelines, the EBA is advancing broader regulatory tools for CASPs. These include:
- Risk-based AML/CFT supervision guidelines for CASPs
- Guidance on effectively managing ML/TF risk exposures
- Ongoing development of internal policies, procedures, and controls for compliance with restrictive measures applicable to CASPs and other financial institutions
Together, these initiatives reflect a coordinated effort to integrate crypto assets into the regulated financial system while mitigating systemic risks.
As decentralized finance grows, regulators are focusing on balancing innovation with accountability. The emphasis on risk-based supervision ensures that compliance efforts are proportionate to threat levels—avoiding overregulation while maintaining integrity.
Industry Response: “Mastering Travel Rule Compliance”
In response to tightening regulations, compliance platform Sumsub, in collaboration with Mercuryo, released a whitepaper titled Mastering Travel Rule Compliance. This resource offers practical guidance for virtual asset service providers (VASPs) navigating the complexities of implementation.
With FATF reporting that 35 out of 135 jurisdictions have already enacted Travel Rule legislation—and the EU following suit by mid-2024—the timing is critical. VASPs must act now to align operations with international standards.
The whitepaper addresses key challenges such as:
- Interoperability between different VASPs and legacy financial systems
- Privacy concerns when sharing personal data
- Cost-effective technical solutions for small-to-mid-sized platforms
It also emphasizes that compliance isn’t just about avoiding penalties—it’s a strategic enabler for long-term growth, trust-building, and access to institutional capital.
Why Compliance Matters Beyond Regulation
Beyond legal necessity, adhering to the Travel Rule strengthens market confidence. Transparent, auditable transaction trails make it easier for exchanges, custodians, and DeFi platforms to:
- Onboard institutional clients
- Partner with traditional banks
- Expand into regulated markets
Moreover, compliant platforms are better positioned to resist cybercrime, phishing attacks, and fraud—issues that disproportionately affect poorly monitored ecosystems.
Frequently Asked Questions (FAQ)
Q: What is the Travel Rule in cryptocurrency?
A: The Travel Rule requires financial institutions and crypto asset service providers to collect and share identifying information about the sender and recipient of a transaction. This includes names, account details, and contact information, ensuring transparency for AML/CFT purposes.
Q: Who must comply with the EU Travel Rule?
A: All crypto asset service providers (CASP), payment service providers (PSP), and their intermediaries operating within the EU must comply. This includes exchanges, custodial wallets, and firms facilitating transfers above specified thresholds.
Q: What happens if a CASP fails to comply?
A: Non-compliance can lead to regulatory fines, operational restrictions, license revocation, or exclusion from banking partnerships. It may also increase exposure to financial crime and reputational damage.
Q: How do self-hosted wallets affect Travel Rule compliance?
A: Transfers involving self-hosted wallets pose unique challenges. CASPs must apply risk-based controls—such as enhanced due diligence or transaction limits—when users send or receive funds from private wallets.
Q: Is the Travel Rule global?
A: While not universal, over 35 countries have implemented or are developing Travel Rule frameworks based on FATF recommendations. Harmonization efforts are ongoing to ensure cross-border interoperability.
Q: Can technology help automate Travel Rule compliance?
A: Yes. Many firms use compliance platforms that integrate with blockchain analytics, identity verification tools, and secure messaging protocols (like IVMS 101) to automate data sharing while preserving privacy.
The EBA’s updated guidelines signal a turning point in Europe’s approach to crypto regulation. With clear rules in place, the industry can move from uncertainty to structured innovation.
As global regulators converge on common standards, proactive compliance will separate market leaders from those left behind. For VASPs and financial institutions alike, investing in robust systems today ensures resilience tomorrow.