Eighty-five of 117 surveyed jurisdictions have passed legislation implementing the crypto Travel Rule, per FATF’s 2025 targeted update. Yet 59% of those jurisdictions, 50 in total, have taken zero enforcement or supervisory action to verify compliance. The gap between law on paper and enforcement in practice defines the current state of crypto AML compliance.
The data below covers Travel Rule requirements, threshold differences, enforcement gaps, and practical steps for virtual asset service providers navigating a fragmented global framework.
Key Takeaways
- 85 of 117 jurisdictions (73%) have passed Travel Rule legislation as of FATF’s June 2025 survey, up from 65 in 2024.
- 59% of jurisdictions with Travel Rule laws have taken zero enforcement or supervisory actions on compliance.
- The EU enforces a zero threshold for all crypto-asset transfers, while the US maintains a $3,000 threshold for cross-border transactions.
- Approximately 84% of illicit virtual asset transaction volume in 2025 involved stablecoins, per FATF’s targeted report on stablecoins and unhosted wallets.
- Illicit cryptocurrency addresses received at least $154 billion in 2025, a 162% year-over-year increase, according to Chainalysis.
- FATF revised Recommendation 16 in June 2025 to expand the Travel Rule’s scope to include fraud prevention and proliferation financing.
- Only 1 jurisdiction is fully compliant with FATF Recommendation 15 as of the 2025 assessment.
Editor’s Choice
- DPRK-linked hackers stole $2 billion in crypto during 2025, including nearly $1.5 billion from the Bybit exploit alone, per Chainalysis.
- FinCEN has proposed reducing the US crypto Travel Rule threshold from $3,000 to $250 for international transfers, a change under consideration since 2020.
- Over 250 stablecoins were in circulation by mid-2025, with a combined market capitalization exceeding $300 billion, per FATF.
- Jurisdictions with materially important VASP activity represent approximately 98% of the global virtual asset market.
- 76 jurisdictions reported having licensed or registered a VASP in practice by 2025, up from 69 in 2024.
Crypto AML Compliance: What the FATF Travel Rule Requires
FATF Recommendation 16, revised at the June 2025 Plenary, requires virtual asset service providers to collect and transmit originator and beneficiary information for crypto-asset transfers exceeding the applicable threshold. The rule originated under the US Bank Secrecy Act in 1996 for traditional wire transfers and was expanded internationally in 2001, per Elliptic.
The June 2025 revision expanded the Travel Rule’s objectives beyond money laundering and terrorist financing to explicitly include fraud prevention and proliferation financing. The update also mandated Confirmation of Payee verification systems for cross-border transfers and integrated the requirements with ISO 20022 messaging standards.
The ISO 20022 alignment signals that regulators view crypto transfers as part of the broader payment infrastructure.
How Travel Rule Thresholds Differ Across Jurisdictions
The FATF recommends a de minimis threshold of USD/EUR 1,000 for virtual asset transfers, but implementation varies significantly across jurisdictions, per Sumsub. The EU, through Regulation 2023/1113 (the Transfer of Funds Regulation), applies a zero threshold to all crypto-asset transfers as of 30 December 2024. The United States applies a $3,000 threshold for cross-border transfers, as confirmed by FinCEN’s 2019 guidance (FIN-2019-G001), classifying convertible virtual currency transactions as funds transfers under the Bank Secrecy Act.
The divergence creates uneven crypto AML compliance burdens across major markets.
| Jurisdiction | Threshold | Unhosted Wallet Verification | Implementation Date |
| EU (27 member states) | EUR 0 (all transfers) | Required above EUR 1,000 | 30 Dec 2024 |
| United States | $3,000 (cross-border) | Not required / risk-based | 1996; crypto clarified 2019 |
| United Kingdom | No minimum | Risk-based | 1 Sep 2023 |
| Singapore | SGD 1,500 | Required for all transactions | Active |
| Hong Kong | No minimum | Required for all transactions | 1 Jun 2023 |
| Switzerland | No minimum | Required for all transactions | Active |
| Canada | CAD 1,000 | Not required / risk-based | Active |
| South Korea | KRW 1,000,000 | Risk-based | Active |
Source: FATF, FinCEN, EU Commission, Sumsub
By the numbers: According to FATF’s 2025 targeted update, 85 jurisdictions enacted Travel Rule legislation by mid-2025, a 31% increase from 65 in 2024. Yet this legislative progress masks a deeper problem: 59% of those jurisdictions have not taken any enforcement action to verify compliance.
FinCEN has proposed reducing the US crypto threshold from $3,000 to $250 for international transfers, a change under consideration since 2020, per Elliptic. If adopted, the US would shift from one of the highest thresholds among major economies to one of the lowest.
The Sunrise Problem: Why Compliance Stays One-Sided
The “sunrise issue” of the crypto Travel Rule refers to staggered global enforcement that produces varying stages of compliance among VASPs, according to Notabene. While 85 jurisdictions passed legislation, 50 of those (59%) have yet to issue findings, directives, or take enforcement actions on Travel Rule compliance, per FATF’s 2025 update.
When a compliant VASP in the EU sends a transfer to a VASP in a jurisdiction without Travel Rule enforcement, the originator collects all required data but has no counterpart to receive it.
Compliant VASPs face significant challenges when dealing with non-compliant counterparts, including difficulties in data transfer, identifying counterparty VASPs, and managing counterparty risk, according to Notabene.
The problem compounds across three dimensions for crypto exchange market data:
- Identification: Sending VASPs cannot always verify whether a receiving address belongs to a regulated VASP or a self-hosted wallet
- Data transmission: Compliant VASPs may use incompatible messaging protocols (TRISA, OpenVASP, Sygna, Shyft)
- Liability: Sending data to a non-compliant counterpart that fails to protect it still carries regulatory risk
The pattern we’ve documented across 18 regulatory events in our compliance and regulation coverage holds here too: enforcement follows legislation, typically with a lag of 12 to 18 months. The sunrise problem is a timing gap, not a permanent state.
Even when both VASPs comply, one class of transfer escapes the net entirely.
Unhosted Wallets and the Travel Rule’s Biggest Blind Spot
Although the FATF standards do not apply directly to self-hosted wallets, jurisdictions are encouraged to assess the scale and risks of peer-to-peer activity and implement proportionate mitigation measures, per FATF’s stablecoins and unhosted wallets report. Approximately 84% of the volume of illicit virtual asset transactions in 2025 involved stablecoins, with a significant share taking place in a peer-to-peer environment often involving self-hosted wallets, per the FATF.
The regulatory approach to unhosted wallets splits sharply by jurisdiction.
Hong Kong, the Philippines, Singapore, and Switzerland require unhosted wallet verification for all transactions regardless of amount, per Sumsub. EU member states require verification for transfers above EUR 1,000 to self-hosted wallets under Regulation 2023/1113. The United States, Canada, and Japan apply risk-based or no verification requirements for unhosted wallets.
A user can withdraw stablecoins from a regulated EU exchange to a self-custody wallet and transfer peer-to-peer without any Travel Rule data attached.
FATF noted that peer-to-peer transactions involving self-hosted wallets may fall outside traditional AML/CFT safeguards applied by regulated entities, including customer due diligence procedures and transaction monitoring mechanisms.
Exchanges in jurisdictions requiring verification must build wallet ownership proof systems, while those without such requirements face no cost but bear higher counterparty risk.
Illicit Crypto Flows and the Case for Stronger AML
Illicit cryptocurrency addresses received at least $154 billion in 2025, representing a 162% year-over-year increase, according to Chainalysis’s 2026 Crypto Crime Report. Stablecoins accounted for 84% of all illicit transaction volume, driven by easy cross-border transferability, lower volatility, and broader utility. Illicit transactions still represented less than 1% of all overall attributed crypto transaction volume.
The concentration in specific threat categories is notable.
- DPRK-linked hackers stole $2 billion in 2025, including nearly $1.5 billion from the February Bybit exploit, the largest digital heist in crypto history.
- The value received by sanctioned entities surged 694% in 2025, the primary driver of the overall illicit volume increase.
- FATF confirmed that stablecoin use by DPRK actors, terrorist financiers, and drug traffickers has continued to increase since the 2024 Targeted Update.
Key finding: According to Chainalysis’s 2026 Crypto Crime Report, illicit crypto addresses received at least $154 billion in 2025, a 162% year-over-year increase driven primarily by a 694% surge in sanctioned entity activity. Stablecoins accounted for 84% of that illicit volume, reinforcing FATF’s focus on stablecoin-specific AML obligations across all jurisdictions.
The data strengthens the case for Travel Rule enforcement. When crypto adoption rates by country continue to grow, the compliance infrastructure must keep pace.
FATF’s 2025 Compliance Scorecard: Where Jurisdictions Stand
Of the 138 jurisdictions assessed by FATF, 29% were largely compliant with Recommendation 15 (up from 25% in 2024), while non-compliance dropped from 25% to 21%, per the 2025 targeted update. Only one jurisdiction achieved full compliance with R.15.
| Metric | 2024 | 2025 | Change |
| Jurisdictions with Travel Rule legislation | 65 | 85 | +31% |
| Largely compliant with R.15 | 25% | 29% | +4 pp |
| Non-compliant with R.15 | 25% | 21% | -4 pp |
| Jurisdictions with licensed/registered VASPs | 69 | 76 | +10% |
| Jurisdictions conducting ML/TF risk assessments | 71% | 76% | +5 pp |
Source: FATF Targeted Update (2025)
The number of jurisdictions that reported having licensed or registered a VASP rose to 76 in 2025 from 69 in 2024. Meanwhile, 76% of 163 jurisdictions (124 total) reported conducting ML/TF risk assessments for virtual assets and VASPs, up from 71% in 2024.
Jurisdictions with materially important VASP activity constitute approximately 98% of the global virtual asset market. The gap between legislation and enforcement remains the critical bottleneck.
Building a Travel Rule Compliance Program
FinCEN’s 2019 guidance (FIN-2019-G001) confirmed that VASP AML obligations under the BSA include developing, implementing, and maintaining an effective written AML program, registering with FinCEN as a money services business, and complying with the Funds Transfer Rule and the Funds Travel Rule.
A practical crypto AML compliance program for VASPs covers five core components:
- Customer identification and verification (KYC): Collect and verify originator and beneficiary data before processing transfers above the applicable threshold
- Counterparty VASP due diligence: Identify whether the receiving entity is a regulated VASP and select compatible messaging protocols
- Transaction monitoring: Screen transfers against sanctions lists, PEP databases, and adverse media
- Record retention: Store all Travel Rule data for the mandated period
- Suspicious activity reporting: File SARs (US), STRs (EU/UK), or equivalent reports when transactions meet reporting thresholds
The European Banking Authority published Travel Rule Guidelines (EBA/GL/2024/11) to harmonize the implementation of Regulation 2023/1113 across the EU, specifying information requirements for both fund transfers and crypto-asset transfers.
For exchanges in multiple jurisdictions, the crypto AML compliance program must meet the highest applicable standard.
The DeFi market statistics underscore a related challenge: decentralized protocols without a central operator fall outside the VASP definition, creating another transfer category the Travel Rule does not reach.
What Comes Next for Crypto AML Regulation
The June 2025 revision of Recommendation 16 integrated the Travel Rule with ISO 20022 messaging standards and mandated Confirmation of Payee verification for cross-border transfers, per FATF. Several regulatory changes affecting crypto AML compliance are already queued.
- FinCEN’s proposal to lower the US threshold from $3,000 to $250 for international crypto transfers has remained under consideration since 2020.
- FATF’s stablecoins and unhosted wallets report noted that over 250 stablecoins were in circulation by mid-2025 with a market capitalization exceeding $300 billion, raising specific concerns about peer-to-peer transfers evading AML safeguards.
The pattern across CoinLaw’s coverage of regulatory events is consistent: each jurisdiction’s enforcement framework hardens after a major exploit or crisis event. The $1.5 billion Bybit hack in February 2025 may accelerate the enforcement timeline for the 50 jurisdictions that have legislation but no enforcement action yet.
Frequently Asked Questions (FAQs)
The FATF Travel Rule (Recommendation 16) requires virtual asset service providers to collect and share originator and beneficiary information for crypto transfers above the applicable threshold. The rule originated under the US Bank Secrecy Act in 1996 and was expanded internationally in 2001, per Elliptic.
VASPs must collect and share originator and beneficiary information for crypto transfers above the applicable threshold. The specific data fields include names, account references, and identifying details for both parties.
FATF standards do not apply directly to self-hosted wallets, though jurisdictions are encouraged to assess and mitigate the risks of peer-to-peer activity. The EU requires additional verification for transfers above EUR 1,000 to self-hosted wallets under Regulation 2023/1113.
The US applies a $3,000 threshold for cross-border crypto transfers under the Bank Secrecy Act, as confirmed by FinCEN’s 2019 guidance (FIN-2019-G001). FinCEN has proposed lowering this to $250 for international transfers, but the change has remained under consideration since 2020.
As of FATF’s June 2025 survey, 85 of 117 jurisdictions (73%) passed Travel Rule legislation, up from 65 in 2024. However, 59% of those have not yet taken enforcement or supervisory actions to verify compliance.
Conclusion
Eighty-five jurisdictions have written the crypto Travel Rule into law, but the enforcement gap tells the real story: 50 of those have taken zero action to verify that VASPs actually comply. Three structural problems define the current landscape. Threshold divergence means the same FATF standard produces compliance burdens ranging from zero euros (EU) to $3,000 (US). The sunrise problem means Travel Rule data exchange fails when a compliant VASP sends to a non-compliant counterpart. The unhosted wallet gap means peer-to-peer transfers, which carried approximately 84% of illicit stablecoin volume in the latest data, largely escape the Travel Rule’s reach.
This guide serves compliance officers, exchange operators, and legal teams building AML programs across multiple jurisdictions. FATF’s scorecard shows legislation jumped from 65 to 85 jurisdictions in a single year. R.15 compliance rose from 25% to 29%, and risk assessments now cover 76% of surveyed jurisdictions. The gap to close is enforcement, and the regulatory trajectory suggests that closing is coming.
