US Crypto Travel Rule: FinCEN Requirements for Crypto Businesses

Travel Rule violations are the most commonly cited infraction under the Bank Secrecy Act (BSA) — the primary US Anti-Money Laundering Law — identified by the Internal Revenue Service (IRS) during examinations of Money Services Businesses (MSBs) engaged in convertible virtual currency transmission. (Source: Kenneth A. Blanco, FinCEN Director, Blockchain Symposium, March 15, 2019) Understanding exactly what compliance requires, and where gaps typically appear, starts with the rule itself.

The United States applies the Travel Rule to crypto transfers through regulations administered by the Financial Crimes Enforcement Network (FinCEN). Crypto businesses classified as MSBs must comply with specific data collection, recordkeeping, and information transmission obligations under the Bank Secrecy Act framework.

As a result, the US Crypto Travel Rule functions as a mandatory component of AML Compliance for companies facilitating convertible virtual currency transfers, building on the broader FATF Crypto Travel Rule Framework that established the global standard later adopted and adapted by national regulators worldwide.

Legal and Regulatory Basis of the US Crypto Travel Rule

The US Crypto Travel Rule forms part of the mandatory Anti-Money Laundering obligations established under the Bank Secrecy Act (BSA) and enforced by the Financial Crimes Enforcement Network (FinCEN). These requirements are legally binding for financial institutions operating in the United States, including crypto businesses that qualify as Money Services Businesses when they transmit value on behalf of customers.

In regulatory terms, the framework operates through two connected mechanisms codified in federal law:

• Recordkeeping Rule (31 CFR §1010.410(e)). It requires financial institutions to collect and retain specified information for funds transfers of $3,000 or more.
• Travel Rule provision (31 CFR §1010.410(f)). It requires that this information accompany the transfer and be transmitted to the next financial institution involved in processing the transaction.

(Source: FinCEN and Federal Reserve Board, Joint Final Rule, January 3, 1995, codified at 31 CFR 1010.410(e) and 31 CFR 1010.410(f). Full text available via eCFR: ecfr.gov)

In practical terms, when a regulated institution executes a crypto transfer for a customer, it must:

This structure ensures transaction data remains accessible throughout the payment chain and can be obtained by regulators or law enforcement when investigating suspicious activity.

Although these rules were originally designed for traditional banking payments, FinCEN later clarified that they also apply to businesses dealing with convertible virtual currencies. In its May 9, 2019 guidance on virtual currency business models, the agency explained that no new obligations were introduced; instead, existing AML requirements already applied to crypto businesses engaged in money transmission activities.

As a result, qualifying crypto transfers are treated under US law in the same manner as traditional wire transfers for AML purposes. While US regulation uses terminology such as “convertible virtual currency” and “Money Services Business,” and international standards refer to “Virtual Assets” and “VASPs,” the operational consequence is the same: intermediaries facilitating value transfers must comply with identical AML recordkeeping and information-sharing obligations.

Who Must Comply Under US Law

Not every company operating in the crypto market automatically falls under Travel Rule obligations. Compliance depends on whether a business performs activities that qualify as money transmission under US law. This section explains how crypto businesses are classified and when regulatory obligations arise.

Crypto Businesses Classified as Money Services Businesses (MSBs)

Under FinCEN regulations, a Money Services Business (MSB) includes any entity engaged in money transmission within the United States. Money transmission generally means accepting and transmitting value that substitutes for currency on behalf of another person. In its guidance (FIN-2013-G001 and FIN-2019-G001), FinCEN clarified that this definition applies to certain activities involving Convertible Virtual Currency (CVC), even where no fiat currency is involved.

FinCEN defines CVC as virtual currency that either has an equivalent value in real currency or acts as a substitute for it. When a company accepts and transmits CVC for customers, or buys and sells CVC as a business activity, it may qualify as a money transmitter and therefore as an MSB under the Bank Secrecy Act (BSA).

The decision tree shown above is a simplified analytical flow illustrating how FinCEN’s guidance typically applies in practice. However, regulatory status is ultimately determined through a facts-and-circumstances analysis. Classification depends on what a company actually does operationally — not how it labels its services or structures its branding.

Businesses Commonly Falling within the MSB Classification Include:

Importantly, companies cannot generally avoid MSB status by describing themselves as software providers if, in substance, they accept and transmit value on behalf of users. Functional activity, not marketing language, determines regulatory treatment.

Where an entity qualifies as a Money Transmitter MSB, it becomes subject to BSA obligations, including registration, AML Program requirements, recordkeeping duties, and the Funds Transfer Recordkeeping and Travel Rule requirements under 31 CFR 1010.410(f). In this sense, Travel Rule compliance is a consequence of MSB status rather than a standalone crypto-specific obligation.

When a Crypto Company Is Considered a Money Transmitter

A crypto company is generally considered a money transmitter when it accepts and transmits value from one person or location to another on behalf of customers. The regulatory trigger is operational activity, not corporate labels or technical architecture.

In practical terms, a company may be considered a money transmitter when it:

• Accepts cryptocurrency from one customer and transfers it to another party,
• Processes payments or transfers on behalf of users,
• Controls or manages transfers involving customer funds,
• Facilitates transactions in which value is transmitted between parties via the platform.

By contrast, individuals or businesses using cryptocurrency solely to purchase goods or services for themselves are not considered MSBs. Personal or internal use of crypto does not constitute money transmission because no service is provided on behalf of third parties.

FinCEN enforcement practice shows that Travel Rule obligations are actively monitored during routine supervisory examinations. Regulatory examinations conducted through delegated examiners have repeatedly identified Travel Rule compliance failures among crypto businesses engaged in money transmission, demonstrating that these requirements are not theoretical but part of ongoing supervisory activity.

Once classified as an MSB, a crypto company becomes subject to several obligations, including:

• Registration with FinCEN as a Money Services Business;
• Implementation of a written AML Compliance Program;
• Filing of Suspicious Activity Reports (SAR) where required;
• Compliance with recordkeeping and Travel Rule requirements for qualifying transactions.

Information Requirements for Crypto Transfers

When a Money Services Business processes a transmittal of funds that reaches or exceeds $3,000, specific data collection and retention obligations arise under the Bank Secrecy Act and related regulations. In regulatory terms, a transmittal of funds is a transfer of value conducted on behalf of a customer, and once this threshold is reached, a regulated institution must obtain and retain all required information before, at, or during execution of the transaction.

For each qualifying transmittal order, the MSB must collect and retain:

• The originator’s Name and Address;
• The originator’s account number, if the transfer is conducted through an account;
• The amount of the transmittal order and the execution date;
• The identity of the recipient’s financial institution.

This information forms the core of what regulators refer to as “originator information.” In practice, originator information identifies the person initiating the transfer and the basic transaction details that allow law enforcement and AML professionals to trace value flows through the financial system.

For beneficiary information, the institution must likewise collect:

• The beneficiary’s Name and Address;
• The beneficiary’s account number, when applicable;
• Any other specific identifier of the recipient that is received with the transmittal order.

Collecting both originator and beneficiary information forms part of the institution’s core responsibility as an MSB. Where information is passed from one regulated institution to another, each covered institution is responsible for retaining and transmitting the required data in accordance with the Travel Rule’s obligations.

The $3,000 threshold represents the point at which the full data collection and transmission obligations are triggered. Transfers below this level do not automatically trigger the full Travel Rule transmission requirements, but MSBs must still retain transaction data as part of their overall AML compliance and recordkeeping duties.

Source: Federal Register, NPRM October 27, 2020 + FFIEC BSA/AML Manual, Funds Transfers Recordkeeping

The regulations do not mandate a specific method for collecting or verifying this information, leaving MSBs flexibility in implementation. However, the rule does not permit the use of coded names or pseudonyms that obscure customer identity. Abbreviated names or trade names may be acceptable when used in a manner consistent with the institution’s legal recordkeeping and verification practices.

Source: Federal Register Notice, November 28, 2003 — Expiration of CIF Exception

In December 2020, FinCEN proposed requirements for banks and MSBs to verify customer identity and report transactions involving unhosted wallets (RIN 1506-AB47). This proposal was officially withdrawn in August 2024. A separate October 2020 NPRM proposing to lower the Travel Rule threshold from $3,000 to $250 for cross-border transactions has not been finalized and remains under consideration. Neither proposal forms part of the Travel Rule obligations that apply today.

Source: Unhosted wallets NPRM (Withdrawn): Treasury.Gov Press Release + Consumer Financial Services Law Monitor — Withdrawal Notice. Threshold NPRM (Still Pending): Federal Register, October 27, 2020

Recordkeeping and Transmission Obligations

Once a crypto business qualifies as an MSB and a transfer triggers Travel Rule obligations, compliance is not limited to collecting customer data. The regulations also require MSBs to retain specified records and, when another financial institution is involved, transmit required information so it can “travel” through the payment chain.

Recordkeeping Requirements

For covered transmittal orders, a financial institution must retain either the original or a microfilm, other copy, or electronic record of the required information. The rules are format-neutral, but the record must remain accessible for regulatory examination.

Record retention is generally aligned with the BSA recordkeeping standard for funds transfer records, and institutions are expected to retain these records for 5 years.

Records must also be organized to allow efficient retrieval. At a minimum, information must be retrievable by reference to the originator’s name, and where the originator is an established customer using an account for funds transfers, records must also be retrievable by account number.

Importantly, recordkeeping is an independent obligation. Even if operational or technical issues prevent successful transmission to the next institution, the originating MSB must still retain a complete record of the information it was required to obtain and maintain.

Transmission Obligations Between Crypto MSBs

Where a transfer involves more than one financial institution, the Travel Rule requires the originator’s bank or transmittor’s financial institution to include required information in the payment or transmittal order sent to the next financial institution in the chain.

Intermediary institutions also have continuing obligations: to the extent required information is received, an intermediary financial institution must pass it forward to the next institution in the payment chain, preserving continuity of identifying information across the transfer process.

MSBs remain responsible for the completeness and quality of the information they collect from their own customers and introduce into the transfer process. The regulations do not prescribe a single verification method, but they are designed to prevent identity obfuscation and ensure that required information is not replaced with coded names or pseudonyms.

FinCEN has not mandated a specific technical protocol for information exchange between crypto MSBs. As a result, market participants have developed interoperable approaches and data standards to support compliance (for example, IVMS 101 as a common data model and industry networks for exchanging Travel Rule information).

Operational Challenges in Travel Rule Compliance

Implementing Travel Rule obligations presents practical operational challenges for crypto businesses subject to US AML compliance requirements. The main difficulty lies in integrating Travel Rule processes into existing AML monitoring systems while preserving transaction speed and operational efficiency. In practice, MSBs must ensure that transactions reaching regulatory thresholds are correctly identified, that required customer information is collected at the appropriate stage, and that necessary information can be securely transmitted to counterparty institutions.

Identifying transaction counterparties remains one of the most complex operational tasks. Unlike traditional banking, where standardized identifiers enable routing between institutions, the crypto ecosystem lacks universally adopted mechanisms for counterparty identification. When processing outbound transfers, an MSB must determine whether the receiving address belongs to another regulated institution or to a self-hosted wallet and, if another institution is involved, how the required information should be transmitted securely.

Although industry initiatives and technical standards have emerged to facilitate Travel Rule data exchange, interoperability challenges persist. Institutions often rely on different technical solutions, making automated information exchange difficult when counterparties operate on incompatible systems. As a result, transfers may require manual intervention or additional verification, increasing operational workload and sometimes slowing transaction execution.

Regulatory risk further amplifies these operational difficulties. Non-compliance can expose crypto businesses to enforcement action not only from federal authorities but also from state regulators, who increasingly scrutinize AML compliance programs. Enforcement actions in recent years demonstrate that failures in key compliance areas can result in significant financial penalties and supervisory consequences, particularly where deficiencies involve:

• Customer Due Diligence,
• Transaction Monitoring,
• Or improper handling and transmission of required data.

Technical errors in data collection and transmission also remain common sources of compliance risk. Institutions frequently encounter challenges due to inconsistent name formatting, differences in address verification, or incompatible character sets across systems. Such mismatches may delay, reject, or process transfers without complete information, creating compliance gaps even when institutions attempt to meet regulatory expectations.

Operational uncertainty also persists when transactions involve self-hosted wallets. In these situations, institutions may be unable to confirm whether a counterparty is another regulated entity, often requiring additional internal controls or enhanced due diligence procedures that slow transaction processing and increase compliance costs. Many of these operational frictions reflect broader industry-wide Crypto Travel Rule Implementation Challenges, particularly where regulatory expectations intersect with evolving technical infrastructure.

Practical Compliance Priorities for US Crypto Businesses

Crypto businesses subject to the US Crypto Travel Rule must translate regulatory requirements into consistent operational practices. In practical terms, compliance depends less on isolated technical solutions and more on the strength of internal controls, procedural discipline, and readiness to demonstrate compliance efforts during regulatory examinations.

A first priority is ensuring proper MSB registration and regulatory status assessment. Businesses must regularly evaluate whether their activities constitute money transmission under US law and confirm that they meet and maintain their registration obligations with FinCEN. Failure to register or maintain registration can itself become grounds for enforcement action.

A second priority is maintaining a written AML compliance program tailored to crypto-specific risk exposure. Programs must reflect the nature of the company’s products, customer base, transaction flows, and geographic exposure rather than relying on generic templates developed for traditional financial institutions.

Operational compliance also requires systems and procedures capable of identifying transactions that trigger Travel Rule obligations and ensuring required customer data is collected before transfers are executed. Monitoring systems must support timely reporting of suspicious activity and enable compliance teams to intervene when transactions present elevated risk.

Documentation readiness represents another critical compliance element. Institutions should maintain records demonstrating not only successful compliance actions but also efforts undertaken when required information cannot be obtained or transmitted due to technical or counterparty limitations. Maintaining evidence of compliance attempts can become essential during supervisory reviews or enforcement investigations.

Effective compliance also depends on staff training and procedural consistency. Employees responsible for processing transactions must understand: when customer information must be collected, what information must be retained and transmitted, and how to document exceptions or operational failures.

Regular training updates help ensure that compliance procedures remain consistently applied as operational practices and regulatory interpretations evolve.

Finally, crypto businesses relying on external service providers must maintain oversight of outsourced compliance functions. Even where technology vendors support data exchange or monitoring processes, responsibility for compliance remains with the regulated institution. Firms must therefore implement oversight and verification procedures to ensure outsourced systems operate in line with regulatory expectations.

The US Crypto Travel Rule In The Broader Global Context

The US Crypto Travel Rule operates as part of a broader global movement to apply Travel Rule principles to virtual asset transfers. Many jurisdictions are incorporating similar requirements into domestic regulation at different speeds and through different legal mechanisms, but the underlying objective remains consistent: regulated intermediaries must collect and transmit originator and beneficiary information to reduce money laundering and terrorist financing risks in digital asset markets.

As a result, the US model represents one regional implementation among several emerging frameworks worldwide, including approaches now being adopted across Europe and Asia. Businesses operating internationally increasingly encounter multiple regulatory environments, including the EU's implementation of the Travel Rule, as countries continue to adapt global standards to their domestic legal systems.

Conclusion

The US Crypto Travel Rule is a mandatory element of US AML compliance for crypto businesses classified as Money Services Businesses. Through FinCEN’s administration of Bank Secrecy Act obligations, qualifying crypto transfers are subject to defined requirements for collecting originator and beneficiary information, retaining records, and transmitting required data to other financial institutions when applicable. The $3,000 threshold (or its equivalent in convertible virtual currency) serves as the operational trigger for these Travel Rule and recordkeeping duties.

Correct implementation requires more than policy statements. Crypto MSBs must maintain controls that identify covered transfers, capture required customer data at the right point in the transaction flow, and support reliable information transmission and record retention. Because Travel Rule compliance is routinely examined and enforcement actions can involve significant civil penalties, potential criminal exposure in serious cases, and state-level licensing consequences, firms should treat documentation readiness and consistent operational execution as core compliance priorities.

FAQ