FATF Expanded the Bitcoin Travel Rule in June 2025 — Most Traders Have Not Heard About It

In June 2025, the Financial Action Task Force fundamentally revised Recommendation 16 — the global standard underpinning the Bitcoin Travel Rule — to expand its objectives beyond money laundering and terrorist financing for the first time since the rule was applied to virtual assets in 2019. The revised standard now explicitly covers fraud prevention and proliferation financing, mandates Confirmation of Payee (CoP) verification systems for cross-border transfers, and requires integration with ISO 20022 messaging standards. That change is working its way into national legislation in 2026, and the compliance burden on exchanges and their users is rising as a result.

The Bitcoin Travel Rule is the application of FATF Recommendation 16 to virtual asset transfers, requiring virtual asset service providers (VASPs) to collect, transmit, and store the names and wallet details of both the sender and recipient for Bitcoin and other crypto transfers above the applicable threshold. The rule is modeled directly on the wire transfer rules that banks have operated under since the 1990s — its purpose is to create an auditable chain of identity data that follows every qualifying transaction, making it possible for regulators and law enforcement to trace funds and detect illicit activity. As of May 2026, 85 of 163 assessed jurisdictions have enacted Travel Rule legislation, up from 65 in 2024.

This article explains how the Bitcoin Travel Rule works in practice, what data must accompany a transfer, how thresholds differ across the US, EU, UK, and Asia, what the June 2025 FATF revision adds to existing obligations, and what the rule means concretely for traders who deposit or withdraw Bitcoin on regulated platforms. The mechanics matter now more than ever: non-compliant transfers are increasingly delayed, returned, or frozen — and the user is often the one who notices first.

How the Bitcoin Travel Rule Works

The crypto Travel Rule operates entirely off-chain. When a user initiates a Bitcoin withdrawal from a regulated exchange to another regulated platform, the sending exchange — called the originating VASP — must transmit a standardized data packet to the receiving exchange — called the beneficiary VASP — before or simultaneously with the on-chain transaction. This data packet contains identifying information about both the sender and the recipient. The transaction only proceeds once the beneficiary VASP confirms it has received and screened the data.

The data travels using the IVMS 101 (InterVASP Messaging Standard), a globally adopted messaging protocol that defines the fields and format for Travel Rule data exchange. The originating VASP must include the originator's legal name, account number or wallet address, and physical address or national identity number. The beneficiary VASP must confirm the beneficiary's name and account number. Both VASPs must screen the data against applicable sanctions lists before the transfer is executed. If either VASP cannot verify the counterparty's data — or if the receiving platform is not Travel Rule-compliant — the transfer may be held pending further review.

The Threshold Question: What Triggers the Rule

Thresholds vary by jurisdiction, and understanding the difference matters for active traders moving funds across platforms internationally. FATF recommends a de minimis floor of $1,000 / €1,000. The EU applies a zero threshold under its Transfer of Funds Regulation — every crypto-asset transfer, regardless of size, requires full Travel Rule compliance as of December 30, 2024. The US applies a $3,000 threshold for cross-border transfers under FinCEN rules. The UK applies a £1,000 threshold enforced by the Financial Conduct Authority. Singapore sets its threshold at SGD 1,500, while Japan and several other Asian jurisdictions apply zero-threshold rules similar to the EU. Canada applies CAD 1,000.

Below the threshold, reduced obligations apply. FATF guidance requires that for sub-threshold transfers, VASPs still collect the originator's and beneficiary's names and wallet addresses — they simply do not have to transmit the full data packet. This means that even small Bitcoin withdrawals leave a compliance trail at the originating platform, even if the data is not actively shared.

What Data Must Travel with a Bitcoin Transfer

For a qualifying transfer, the originating VASP transmits six core data fields: the originator's full legal name, the originator's account identifier (wallet address or account number), the originator's physical address, country of residence, or date and place of birth plus national identity number, the beneficiary's full legal name, the beneficiary's account identifier, and a unique transaction reference. The beneficiary VASP must verify the beneficiary's name and account number against its own records before accepting the transfer. The FCA's published guidance is explicit that firms remain liable for compliance even when using a third-party Travel Rule solution — the liability stays with the licensed entity, not the software vendor.

The June 2025 FATF Revision: What Is New

The June 2025 revision to FATF Recommendation 16 introduced three additions that are materially changing how VASPs must operate in 2026. First, fraud prevention is now an explicit objective of the Travel Rule, not just a secondary benefit. This means that jurisdictions implementing the revised standard must require VASPs to use Travel Rule data not only for AML/CFT screening but also for fraud detection — broadening the use cases for the data and the liability exposure for platforms that fail to act on fraud signals embedded in it.

Second, Confirmation of Payee (CoP) systems are now mandated for cross-border transfers. CoP requires the originating VASP to verify, before sending, that the beneficiary's account at the receiving VASP is actually held in the name stated in the transfer instruction. This is designed to prevent misdirected payments and impersonation fraud — problems that have cost crypto users significant losses in address-spoofing attacks. Implementing CoP requires real-time communication between VASPs before a transaction is broadcast, adding a new technical layer to the compliance stack.

Third, integration with ISO 20022 messaging standards is now required for cross-border transfers. ISO 20022 is the global financial messaging standard used by SWIFT and major central bank payment systems. Its adoption for crypto Travel Rule compliance creates interoperability between traditional finance and crypto settlement infrastructure — a significant architectural shift that major exchanges are actively building toward in 2026.

The Sunrise Issue: Why Compliance Is Still Uneven

Despite 85 jurisdictions enacting Travel Rule legislation, enforcement is significantly less uniform than the legislation count suggests. FATF's own June 2025 Best Practices on Travel Rule Supervision report notes that approximately 59% of jurisdictions with Travel Rule laws have not yet issued supervisory findings, directives, or enforcement actions tied specifically to Travel Rule compliance. This "sunrise issue" — the lag between legislation and operational enforcement — creates a compliance asymmetry: a VASP in a fully enforcing jurisdiction (France, Singapore, UK) that sends a transfer to a VASP in a non-enforcing jurisdiction will send Travel Rule data that the counterparty has no infrastructure to receive or process.

For traders, the sunrise issue manifests as unexplained delays on cross-border withdrawals. When a compliant originating VASP cannot confirm that a counterparty VASP has received and acknowledged Travel Rule data, it may hold the transfer pending manual review or return it to the sender. Understanding which jurisdictions are actively enforcing — and therefore which cross-platform transfers are most likely to be smooth — is increasingly practical knowledge for active Bitcoin traders.

Unhosted Wallets and the Travel Rule's Reach

One of the most contested and practically significant aspects of the Bitcoin Travel Rule is its application to transfers involving unhosted wallets — self-custody wallets where the user controls the private keys, not a regulated platform. The rule is aimed exclusively at VASPs, not at individuals — peer-to-peer transfers between two self-custody wallets are not subject to the Travel Rule at the protocol level.

However, transfers from an unhosted wallet to a regulated exchange trigger compliance obligations at the receiving platform. The exchange must assess the source of funds, apply transaction monitoring, and in the EU must collect information about the unhosted wallet's beneficial owner for transfers above €1,000 under the Transfer of Funds Regulation. FATF data shows that peer-to-peer transfers involving unhosted wallets accounted for approximately 84% of illicit stablecoin volume — a figure that regulators cite when arguing for stricter unhosted wallet rules. The US has proposed but not yet finalized equivalent beneficial-owner requirements for unhosted wallet transfers; that rulemaking is expected to progress in the second half of 2026.

For traders who regularly move Bitcoin between self-custody and an exchange, the practical implication is that the exchange's compliance team evaluates every self-custody deposit against the account's declared transaction profile. A large transfer from a previously unseen wallet address, or from an address with a blockchain analytics risk score above the exchange's internal threshold, will trigger a review — and potentially an Enhanced Due Diligence request — regardless of the transfer's actual legality.

What the Travel Rule Means for Active Bitcoin Traders

Most Bitcoin Travel Rule coverage focuses on what exchanges must do. The trader's perspective is underserved, and it is worth addressing directly. When you initiate a withdrawal from one regulated exchange to another, you may be asked to declare that you own the destination wallet address. This is the exchange fulfilling its Travel Rule obligation to identify the beneficiary. Failing to respond, or providing mismatched information, will delay or cancel the withdrawal.

Traders who buy and trade Bitcoin on a compliant spot platform benefit from the Travel Rule's infrastructure — it is the reason that regulated exchanges can onboard institutional counterparties and access banking rails that unregulated platforms cannot. The compliance overhead has a real cost in friction, but it also underwrites the liquidity and reliability that make regulated platforms the venue of choice for significant volume.

Transfers between a regulated exchange and a self-custody wallet are the scenario most likely to generate friction in 2026. Preparing for this means knowing your wallet's risk profile (which blockchain analytics tools can estimate), being ready to provide ownership verification, and understanding that a transfer hold is not an accusation — it is a compliance queue that resolves once the required data is provided.

FAQ

What is the Bitcoin Travel Rule?

The Bitcoin Travel Rule requires regulated exchanges (VASPs) to collect and transmit the sender's and recipient's identifying information alongside Bitcoin transfers above the applicable threshold. It is derived from FATF Recommendation 16 and is designed to make crypto transfers as traceable as bank wire transfers. As of May 2026, 85 jurisdictions have enacted Travel Rule legislation.

What threshold triggers the Bitcoin Travel Rule?

Thresholds differ by jurisdiction. FATF recommends $1,000 / €1,000 as the de minimis floor. The EU applies a zero threshold to all crypto transfers. The US threshold is $3,000 for cross-border transfers. The UK applies £1,000, Singapore applies SGD 1,500, and Japan applies zero threshold. Below the threshold, reduced data collection obligations still apply.

What data must travel with a Bitcoin transfer?

The originating VASP must transmit the originator's full name, account or wallet address, and physical address or identity reference, plus the beneficiary's full name and account identifier. This data travels off-chain using the IVMS 101 messaging standard and must be screened against sanctions lists by both VASPs before the transaction proceeds.

Does the Travel Rule apply to self-custody wallets?

The Travel Rule does not apply to transfers between two self-custody wallets — it covers only VASP-to-VASP transfers. However, transfers from a self-custody wallet to a regulated exchange trigger compliance obligations at the receiving platform, including source-of-funds assessment and, in the EU, beneficial owner data collection for transfers above €1,000.

What happens if a Bitcoin transfer fails Travel Rule checks?

If a VASP cannot verify Travel Rule data — because the counterparty is non-compliant, the data is missing, or a sanctions match is found — the transfer is typically held pending manual review or returned to the sender. Persistent failures may trigger a Suspicious Activity Report. Traders can minimize holds by declaring wallet ownership proactively and ensuring their withdrawal addresses have not been flagged by blockchain analytics tools.

Conclusion

The Bitcoin Travel Rule in 2026 is a more demanding standard than it was even twelve months ago. FATF's June 2025 revision expanding the rule's scope to fraud prevention, mandating Confirmation of Payee systems, and requiring ISO 20022 integration signals that the regulatory trajectory is toward tighter convergence between crypto compliance infrastructure and traditional finance standards. Traders who understand how the rule works — and what triggers a hold — are better positioned to move funds efficiently on compliant platforms.

The most actionable step for any active trader is to declare wallet ownership at the point of withdrawal, not after a hold has already been placed. Most compliant exchanges now offer a wallet whitelisting function that pre-clears self-custody addresses before a transfer is initiated — using it removes the most common source of Travel Rule-related friction.

If you are looking to start trading Bitcoin on a fully Travel Rule-compliant platform, the BYDFi guide to buying BTC covers the full onboarding process including wallet verification. For current BTC market data and regulatory news in one place, the BYDFi Bitcoin overview is a practical reference as compliance timelines across the EU and US continue to develop through the rest of 2026.