Reference matrix for how deposit and withdrawal handling under the Travel Rule differs by jurisdiction. This is general regulatory information, not legal advice — always confirm current requirements with local counsel before relying on this for a compliance decision. USD figures are approximate and will drift with exchange rates.
Deposit
Type of tx: Transfer from Originator VASP to Beneficiary VASP
Client role: Beneficiary VASP
| Country | Wait for notification? | De minimis threshold | Data tier structure | Self-hosted wallet verification | Legislation / guidance | Notes |
| Australia | Yes | None. Applies to all transfers regardless of amount. | Full data always — no threshold; complete data set required on every transfer. | Required — wallet must be classified custodial vs self-hosted and ownership verified. (Formal reporting on unverified self-hosted wallets deferred to March 2029.) | AML/CTF Act 2006 (Cth), as amended 2024; AUSTRAC virtual asset Travel Rule guidance (FATF Recommendation 16) | Info must be collected/verified before the transfer is given effect. Fully enforced from 1 July 2026. |
| Canada | No | ~USD 730 (CAD 1,000). Separate ~USD 7,300 (CAD 10,000) threshold triggers a Large Virtual Currency Transaction Report. | Binary threshold — no Travel Rule obligation below the threshold; full data required above it. | Not yet specified by FINTRAC — self-hosted wallet transfers currently fall outside explicit Travel Rule scope. | PCMLTFA s. 9.5; PCMLTFR ss. 124–124.1; FINTRAC Travel Rule guidance (FATF Recommendation 16) | FINTRAC requires reasonable measures to ensure info is included when receiving, but does not mandate withholding the deposit pending confirmation. |
| EU | Yes | None. Applies to every CASP-to-CASP transfer. | Full data always — no threshold; complete data set required on every transfer. | Required above ~USD 1,050 (€1,000), assessed cumulatively — must verify the customer controls the self-hosted wallet. | Regulation (EU) 2023/1113 (TFR recast); EBA Travel Rule Guidelines (July 2024) (FATF Recommendation 16) | The CASP should not execute the transfer until the info is obtained, or should return/reject the funds. |
| Hong Kong | Yes | ~USD 1,025 (HKD 8,000) for the fuller data set (name/account number only required below this). | Tiered — basic data (name, account number) below the threshold; fuller data (e.g. address, ID) above it. | Required above the threshold — VASP must assess self-hosted wallet risk and apply risk-mitigating measures. | AMLO (Cap. 615), Chapter 12; SFC AML/CTF Guideline for Licensed Corporations and SFC-licensed VASPs (FATF Recommendation 16) | In substance, given immediate/irreversible on-chain settlement, the SFC expects info collected/passed on before the transfer. |
| Japan | No | Effectively near-zero / no de minimis for the core notification obligation (earlier guidance referenced ~USD 660, JPY 100,000, for additional beneficiary address/purpose data). | Effectively full data always in practice — threshold is near-zero, though the additional-data reference above complicates a clean “full vs. tiered” read. | Travel Rule obligations do not directly cover unhosted wallet transfers, but VASPs must collect and retain records on wallets not covered by Travel Rule requirements in any jurisdiction. | Act on Prevention of Transfer of Criminal Proceeds (APTCP); JVCEA self-regulatory rules (FATF Recommendation 16) | During the transitional period, a “best-efforts” approach applies — collect reasonably available sender info when a deposit arrives without full Travel Rule data. |
| Singapore | Yes | ~USD 1,100 (SGD 1,500) for the fuller data set; basic originator/beneficiary data is required on every transfer regardless of amount. | Tiered — basic data required on every transfer; fuller data above the threshold. | VASPs must collect originator/beneficiary info on self-hosted wallets and make it available to authorities on request; sending VASP must verify the receiving institution is legitimate before transmitting data. | Payment Services Act 2019; MAS Notice PSN02 (effective 28 Jan 2020), further specified by MAS' Guidelines to Notice PSN02 (FATF Recommendation 16) | In practice, deposits may remain pending until required information is verified, then credited. |
| South Korea | No | ~USD 740 (KRW 1,000,000). | Binary threshold — no Travel Rule obligation below the threshold; full data required above it. | No current requirements for transfers to/from self-hosted or non-custodial wallets. | Act on Reporting and Using Specified Financial Transaction Information (FTRA); Virtual Asset User Protection Act (2024) (FATF Recommendation 16) | No explicit statutory hold identified; risk-based approach. Additional originator identity info must be provided within 3 business days if requested. |
| Switzerland | Yes | ~USD 1,120 (CHF 1,000), assessed over a rolling 30-day period. | Binary threshold — no Travel Rule obligation below the threshold; full data required above it. | Required — must verify the customer's power of disposal over the external wallet via suitable technical means; third-party-owned wallets require identifying the third party and beneficial owner too. | Art. 10 AMLO-FINMA; FINMA Guidance 02/2019 (FATF Recommendation 16) | One of the strictest regimes — data is only exchanged with properly supervised counterparty VASPs in the first place. |
| UAE (Dubai / VARA) | No | ~USD 1,000 (AED 3,500) for mandatory verification; info must be obtained/held for all qualifying transfers. | Binary threshold — no Travel Rule obligation below the threshold; full data required above it. | Required — enhanced due diligence, including additional customer identification and source-of-funds verification. | Law No. (4) of 2022 (Dubai); Cabinet Decision No. (134) of 2025 implementing Federal Decree-Law No. (10) of 2025; VARA Compliance and Risk Management Rulebook, Part G (rulebooks.vara.ae). Note: ADGM (FSRA) and DIFC (DFSA) apply their own, differing frameworks. (FATF Recommendation 16) | Not an explicit “must wait,” but the originating VASP must confirm the beneficiary VASP is properly regulated before executing the transfer; persistent counterparty failures must be documented and reported to VARA. |
| UK | No | No threshold for basic data; fuller data required above ~USD 1,050 (€1,000) equivalent. | Tiered — basic data required on every transfer; fuller data above the threshold. | Not mandatory to send data to an unhosted wallet, but firm must collect info and apply risk-based due diligence. | MLR 2017, Part 7A, inserted by MLTFR (Amendment) (No. 2) Regulations 2022; FCA cryptoasset AML/CTF guidance (FATF Recommendation 16) | Risk-based, not automatic. Firm assesses risk and decides to credit, request more info, or reject/report. Repeated originator failures must be reported to the FCA. |
| US | No | USD 3,000 (proposed USD 250 cross-border threshold not finalized). | Binary threshold — no Travel Rule obligation below the threshold; full data required above it. | Not explicitly mandated by FinCEN at federal level; individual platforms may apply their own ownership-proof procedures. | Bank Secrecy Act; 31 CFR § 1010.410(f); FinCEN 2019 CVC guidance (FATF Recommendation 16) | No explicit statutory hold requirement. Screening before crediting is risk-based practice, not a Travel Rule mandate. |
| Rest of world | No | FATF recommends ~USD/EUR 1,000 as a baseline, not binding without domestic law. | Varies / not applicable — no binding domestic threshold structure absent implementing legislation. | Generally not enforced absent domestic implementing legislation. | No binding domestic implementing law in these jurisdictions (FATF Recommendation 16) | Accept the deposit — many jurisdictions have not yet implemented Travel Rule legislation for virtual assets (the “sunrise problem”). |
Type of tx: Transfer from Originator (Self-hosted) to Beneficiary VASP
Client role: Beneficiary VASP
There's no counterparty VASP in this scenario — the Beneficiary VASP's own customer is the wallet owner. “Verification” here means confirming that customer actually controls the sending wallet, not exchanging data with another institution.
| Country | Verification required before crediting? | Threshold | Verification method / notes | Legislation / guidance |
| Australia | Yes | None specified — applies regardless of amount (formal reporting on unverified self-hosted wallets deferred to March 2029). | Must classify the wallet as self-hosted and verify the customer's ownership/control of it before crediting. | AML/CTF Act 2006 (Cth), as amended 2024; AUSTRAC virtual asset Travel Rule guidance (FATF Recommendation 16) |
| Canada | Not specified | Not specified | FINTRAC has not yet specified a verification procedure — self-hosted transfers currently fall outside explicit Travel Rule scope. | PCMLTFA s. 9.5; PCMLTFR ss. 124–124.1; FINTRAC Travel Rule guidance (FATF Recommendation 16) |
| EU | Yes | Above ~USD 1,050 (€1,000), assessed cumulatively. | Must verify the customer controls the wallet — typically a signed message (cryptographic proof) or, where the wallet can't sign, a micro-deposit / “Satoshi test.” | Regulation (EU) 2023/1113 (TFR recast); EBA Travel Rule Guidelines (July 2024) (FATF Recommendation 16) |
| Hong Kong | Yes | Above ~USD 1,025 (HKD 8,000). | VASP must apply a risk assessment and risk-mitigating measures; specific verification method not prescribed in the guideline. | AMLO (Cap. 615), Chapter 12; SFC AML/CTF Guideline for Licensed Corporations and SFC-licensed VASPs (FATF Recommendation 16) |
| Japan | Not explicitly mandated | Not applicable | Travel Rule obligations do not directly extend to unhosted wallet transfers; VASPs must instead collect and retain records on the wallet. | Act on Prevention of Transfer of Criminal Proceeds (APTCP); JVCEA self-regulatory rules (FATF Recommendation 16) |
| Singapore | Yes | Applies regardless of amount. | Must collect identifying info on the self-hosted wallet holder and make it available to MAS or other authorities on request. | Payment Services Act 2019; MAS Notice PSN02 (effective 28 Jan 2020), further specified by MAS' Guidelines to Notice PSN02 (FATF Recommendation 16) |
| South Korea | No | Not applicable | No current requirement for transfers to/from self-hosted or non-custodial wallets. | Act on Reporting and Using Specified Financial Transaction Information (FTRA); Virtual Asset User Protection Act (2024) (FATF Recommendation 16) |
| Switzerland | Yes | Above ~USD 1,120 (CHF 1,000), assessed over a rolling 30-day period. | Must verify the customer's power of disposal over the wallet via suitable technical means (signature preferred; micro-deposit as fallback where signing isn't supported). Third-party-owned wallets require identifying the third party and beneficial owner too. | Art. 10 AMLO-FINMA; FINMA Guidance 02/2019 (FATF Recommendation 16) |
| UAE (Dubai / VARA) | Yes | Above ~USD 1,000 (AED 3,500). | Enhanced due diligence — additional customer identification plus source-of-funds verification. | Law No. (4) of 2022 (Dubai); Cabinet Decision No. (134) of 2025; VARA Compliance and Risk Management Rulebook, Part G (rulebooks.vara.ae) (FATF Recommendation 16) |
| UK | Not mandatory, but risk-based collection required | No threshold specified for self-hosted wallets specifically. | Firm must collect available info and apply risk-based due diligence; specific verification method not prescribed. | MLR 2017, Part 7A, inserted by MLTFR (Amendment) (No. 2) Regulations 2022; FCA cryptoasset AML/CTF guidance (FATF Recommendation 16) |
| US | Not explicitly mandated | Not applicable | FinCEN does not mandate a specific method at federal level; individual platforms commonly use a signed message or micro-deposit as their own ownership-proof procedure. | Bank Secrecy Act; 31 CFR § 1010.410(f); FinCEN 2019 CVC guidance (FATF Recommendation 16) |
| Rest of world | Generally not enforced | Not applicable | No domestic implementing legislation in most of these jurisdictions. | No binding domestic implementing law in these jurisdictions (FATF Recommendation 16) |
Withdrawal
Type of tx: Transfer from Originator VASP to Beneficiary VASP
Client role: Originator VASP
| Country | Send notification? | Due diligence on VASP required? | What due diligence? | Wait for response? | Data tier structure | Threshold / self-hosted verification | Legislation / guidance |
| Australia | Yes | Not specified | — | No | Full data always — no threshold; complete data set required on every transfer. | None threshold. Must classify destination wallet and verify customer controls it before releasing funds to a self-hosted address. | AML/CTF Act 2006 (Cth), as amended 2024; AUSTRAC virtual asset Travel Rule guidance (FATF Recommendation 16) |
| Canada | Yes | Not specified | — | No | Binary threshold — no obligation below the threshold; full data required above it. | ~USD 730 (CAD 1,000). Self-hosted verification not yet specified by FINTRAC. | PCMLTFA s. 9.5; PCMLTFR ss. 124–124.1; FINTRAC Travel Rule guidance (FATF Recommendation 16) |
| EU | Yes | Not specified | — | No | Full data always — no threshold; complete data set required on every transfer. | None threshold. Self-hosted verification required above ~USD 1,050 (€1,000) cumulative before releasing funds. | Regulation (EU) 2023/1113 (TFR recast); EBA Travel Rule Guidelines (July 2024) (FATF Recommendation 16) |
| Hong Kong | Yes | Not specified | — | No | Tiered — basic data below the threshold; fuller data above it. | ~USD 1,025 (HKD 8,000). Required above threshold — risk assessment and mitigating measures before releasing funds. | AMLO (Cap. 615), Chapter 12; SFC AML/CTF Guideline for Licensed Corporations and SFC-licensed VASPs (FATF Recommendation 16) |
| Japan | Yes | Yes | Confirm the beneficiary VASP's jurisdiction is on Japan's recognised list of jurisdictions with equivalent Travel Rule regulation. | No | Effectively full data always in practice — threshold is near-zero. | Effectively near-zero threshold. Travel Rule does not directly extend to unhosted wallets; enhanced record-keeping applies instead. | Act on Prevention of Transfer of Criminal Proceeds (APTCP); JVCEA self-regulatory rules (FATF Recommendation 16) |
| Singapore | Yes | Yes | Verify the receiving institution is a legitimate, regulated entity before transmitting data. | No | Tiered — basic data required on every transfer; fuller data above the threshold. | ~USD 1,100 (SGD 1,500) for fuller data set. Sending VASP must verify the counterparty is regulated before transmitting self-hosted wallet data. | Payment Services Act 2019; MAS Notice PSN02 (effective 28 Jan 2020), further specified by MAS' Guidelines to Notice PSN02 (FATF Recommendation 16) |
| South Korea | Yes | Not specified | — | No | Binary threshold — no obligation below the threshold; full data required above it. | ~USD 740 (KRW 1,000,000). No current requirements for self-hosted or non-custodial wallet transfers. | Act on Reporting and Using Specified Financial Transaction Information (FTRA); Virtual Asset User Protection Act (2024) (FATF Recommendation 16) |
| Switzerland | Yes | Yes | Confirm the counterparty VASP is subject to appropriate AML supervision before any data is exchanged. | No | Binary threshold — no obligation below the threshold; full data required above it. | ~USD 1,120 (CHF 1,000), rolling 30-day period. Must verify customer's power of disposal over external wallet before releasing funds. | Art. 10 AMLO-FINMA; FINMA Guidance 02/2019 (FATF Recommendation 16) |
| UAE (Dubai / VARA) | Yes | Yes | Confirm the beneficiary VASP is properly regulated in its jurisdiction of incorporation or operation. | No | Binary threshold — no obligation below the threshold; full data required above it. | ~USD 1,000 (AED 3,500). Enhanced due diligence including additional customer ID and source-of-funds verification. | Law No. (4) of 2022 (Dubai); Cabinet Decision No. (134) of 2025; VARA Compliance and Risk Management Rulebook, Part G (rulebooks.vara.ae) (FATF Recommendation 16) |
| UK | Yes | Not specified | — | No | Tiered — basic data required on every transfer; fuller data above the threshold. | No threshold for basic data; fuller data above ~USD 1,050 (€1,000) equivalent. Firm must assess ownership/control risk before releasing to unhosted wallet. | MLR 2017, Part 7A, inserted by MLTFR (Amendment) (No. 2) Regulations 2022; FCA cryptoasset AML/CTF guidance (FATF Recommendation 16) |
| US | Yes | Not specified | — | No | Binary threshold — no obligation below the threshold; full data required above it. | USD 3,000. Not explicitly mandated at federal level for self-hosted wallets. | Bank Secrecy Act; 31 CFR § 1010.410(f); FinCEN 2019 CVC guidance (FATF Recommendation 16) |
| Rest of world | Yes | Not specified | — | No | Varies / not applicable — no binding domestic threshold structure absent implementing legislation. | FATF baseline ~USD/EUR 1,000, not binding. Generally not enforced absent domestic implementing legislation. | No binding domestic implementing law in these jurisdictions (FATF Recommendation 16) |
Notes & definitions
Column definitions
| Column | What it means |
| Wait for notification before accepting deposit? | Whether the Beneficiary VASP must have received/confirmed the Travel Rule data (originator/beneficiary KYC info) from the Originator VASP before crediting the deposit to its customer. “No” doesn't mean no obligation exists — it usually means a risk-based decision or a chase-and-hold process instead of a hard block. |
| Send notification to beneficiary VASP? | Whether the Originator VASP is required to transmit the Travel Rule data along with the withdrawal, before or at the time of sending. This is a data-transmission duty — it says nothing about whether the beneficiary side gets to review or reject the transfer. |
| Due diligence on VASP required before sending? | Whether the Originator VASP must first confirm the counterparty (the Beneficiary VASP itself) is a properly regulated, supervised institution — before any customer data is sent to it. This is separate from self-hosted wallet verification: it's about vetting the receiving institution, not the wallet owner. |
| Wait for a response before sending? | Whether the Originator VASP must receive some reply from the Beneficiary VASP before it's even allowed to send the notification/data in the first place. None of the researched jurisdictions require this. It is a different thing from TRP's optional Transfer Inquiry (accept/reject) step, which happens after the data is sent but before assets move on-chain — that's a protocol design choice a VASP can adopt voluntarily, not a legal requirement covered by this column. |
| De minimis threshold | The transaction value above which fuller Travel Rule data becomes mandatory. Below the threshold, some jurisdictions still require basic data (e.g. name, wallet address); above it, fuller data is required (e.g. physical address, ID number, date of birth). “None” means the full data set is required on every transfer regardless of amount. |
| Data tier structure | How the threshold actually behaves, since “threshold” alone doesn't tell the whole story: “Full data always” means there's no threshold at all (EU, Australia); “Binary threshold” means nothing is required below the line but the complete data set is required above it (Canada, Switzerland, US, UAE, South Korea); “Tiered” means basic data is required on every transfer, with fuller data required above the threshold (Hong Kong, UK, Singapore). |
| Self-hosted wallet verification | Whether/how a VASP must verify a customer actually controls a self-hosted (non-custodial) wallet before crediting a deposit from it or releasing a withdrawal to it. This only applies when there's no counterparty VASP on the other end — see the dedicated self-hosted deposit table for the full picture on that scenario. |
| Verification required before crediting? (self-hosted deposit table) | Same concept as above, specifically for a deposit arriving directly from a customer's own self-hosted wallet with no VASP on the sending end. |
| Legislation / guidance | The primary statute or regulation, plus the regulator's implementing guidance document. Every row also links to FATF Recommendation 16, since all of these regimes derive from that FATF standard — countries implement it differently, but it's the common root. |
| Notes | Supplementary context that doesn't reduce cleanly to a Yes/No answer — e.g. effective dates, exceptions, or how a jurisdiction's risk-based approach actually plays out in practice. |
Notification vs. Accept/Reject — don't conflate these
The “notification” columns in this matrix describe a legal minimum: whether Travel Rule data must be sent, and whether anything must happen before it's sent. They do not describe or replace TRP's Transfer Inquiry workflow, where the Beneficiary VASP can accept or reject a transfer after the data arrives but before assets move on-chain. A VASP can be fully compliant with every “No” in this matrix while still choosing to run Transfer Inquiry as a voluntary risk control — the two are independent layers, not alternatives to each other.
Comments
0 comments
Article is closed for comments.