Travel Rule Deep Dive

TRAVEL RULE DATA REQUIREMENTS (FATF Standard)

Different jurisdictions have implemented different thresholds and requirements:

TRAVEL RULE THRESHOLDS BY JURISDICTION

- Traditional wire: $3,000+
- Crypto (proposed): $3,000+ (FinCEN rulemaking pending)
- Current practice: Exchanges often apply $3,000

- Threshold: €0 (no threshold - all transfers)
- But enhanced requirements above €1,000
- For <€1,000: Basic originator/beneficiary info
- For >€1,000: Full information required
- Unhosted wallet enhanced verification

- Threshold: SGD 1,500+ (~USD 1,100)
- Full originator/beneficiary information required
- Digital Payment Token Service providers covered

- Threshold: Based on FATF standard
- Implemented through JVCEA guidelines
- Full compliance required for licensed exchanges

- Threshold: CHF 1,000+
- Aligned with FATF
- Self-regulatory organization implementation

- Post-Brexit framework
- Aligned with FATF standards
- Implementation through FCA rules

- Threshold: AED 3,500+ (~USD 950)
- Full Travel Rule compliance required
- Enhanced requirements for higher amounts

DATA QUALITY STANDARDS

---

THE PROTOCOL FRAGMENTATION PROBLEM

TRUST (Travel Rule Universal Solution Technology)

Founded by: Coinbase, with founding members including
Fidelity Digital Assets, Gemini, others

Adoption: 50+ members (as of 2024)

TRISA (Travel Rule Information Sharing Architecture)

Founded by: CipherTrace (now Mastercard)

Adoption: Growing, especially among compliance-focused entities

Sygna Bridge (CoolBitX)

Founded by: CoolBitX (Taiwan)

Adoption: 40+ VASPs, strong in Asia

OpenVASP

Founded by: Open-source community initiative

Adoption: Smaller but growing

Veriscope (Shyft Network)

Founded by: Shyft Network

Adoption: Growing ecosystem
```

PROTOCOL INTEROPERABILITY

The problem:
Exchange A uses TRUST
Exchange B uses Sygna
Customer wants to transfer from A to B
How do they share Travel Rule data?

---

TRAVEL RULE OPERATIONAL WORKFLOW

PRE-TRANSACTION:

• Customer requests withdrawal to external address

• Exchange identifies withdrawal address

• Is destination address at a known VASP?

• How to identify: Address attribution, customer declaration

• If VASP identified: Proceed to Step 3

• If unhosted wallet: Different process (see Section 4)

• Customer provides beneficiary name

• Customer confirms ownership (if self-transfer)

• Or provides recipient information

• Originating VASP contacts beneficiary VASP

• Uses Travel Rule protocol

• Transmits originator information

• Requests beneficiary confirmation

• Receiving VASP checks beneficiary information

• Confirms match with their customer records

• Responds to originating VASP

TRANSACTION EXECUTION:

• All Travel Rule data exchanged and verified

• Compliance check complete

• Transaction authorized

• Blockchain transaction submitted

• Standard settlement (3-5 seconds for XRP)

• Receiving VASP confirms receipt

• Records retained at both ends

POST-TRANSACTION:

• Both VASPs retain all Travel Rule data
• 5+ years per regulatory requirements
• Available for audit/law enforcement

TRAVEL RULE TIMING IMPACT

TRAVEL RULE FAILURE SCENARIOS

---

UNHOSTED WALLET PROBLEM

Definition:
Unhosted wallet = self-custody wallet not held at VASP
Also called: Non-custodial, self-hosted, personal wallet

Travel Rule assumption:
VASP ←→ VASP transfer
Both ends have KYC'd customers
Both can share/receive data

Unhosted wallet reality:
VASP → ??? (self-custody)
No counterparty VASP
No one to receive originator data
No one to confirm beneficiary

REGULATORY APPROACHES TO UNHOSTED WALLETS

UNHOSTED WALLET VERIFICATION METHODS

---

TRAVEL RULE IN ODL CORRIDORS

ODL transaction flow:
Sending Institution → Origin Exchange → XRPL → Destination Exchange → Receiving Institution

Requirement:
All parties must be Travel Rule compliant
Weakest link breaks the chain
Both corridor endpoints must support
```

RIPPLE/ODL TRAVEL RULE APPROACH

ODL CORRIDOR TRAVEL RULE ASSESSMENT

Result:
ODL corridors are travel-rule compliant
Compliance is requirement for institutional use
But creates operational complexity
```

---

✅ Travel Rule requirements are expanding globally. FATF guidance is being implemented. Major jurisdictions have regulations. Compliance is mandatory for licensed VASPs.

✅ Multiple protocols exist and are operational. TRUST, TRISA, Sygna, and others are functioning. VASPs are implementing and using them.

✅ Threshold and requirement variations create complexity. EU's €0 threshold vs. US $3,000 creates different obligations. Compliance must address strictest applicable requirement.

✅ Unhosted wallets remain a challenge. No universal approach. Different jurisdictions, different requirements. Creates friction for self-custody users.

⚠️ Which protocol(s) will dominate. Market still fragmented. Consolidation likely but unclear which will "win."

⚠️ US final Travel Rule for crypto. FinCEN rulemaking still pending. Final requirements uncertain.

⚠️ Long-term unhosted wallet treatment. Will restrictions tighten? Will verification become required universally?

⚠️ Enforcement priority. How strictly will Travel Rule be enforced? Penalties for non-compliance unclear.

🔴 "Travel Rule doesn't apply yet." It does in many jurisdictions. EU TFR is in effect. Japan, Singapore, others enforcing.

🔴 "Small transactions are exempt." EU has no threshold. Even where thresholds exist, AML obligations continue.

🔴 "Unhosted wallets avoid compliance." VASPs must still comply on their end. Enhanced scrutiny for unhosted transfers.

🔴 "Protocol choice doesn't matter." If your exchange uses incompatible protocol with counterparty, transaction may be delayed or refused.

Travel Rule implementation is real, complex, and evolving. The protocol landscape is fragmented but functional. Compliance creates transaction friction but is required for institutional legitimacy. ODL corridors require Travel Rule compliance at both endpoints—it's a prerequisite for the institutional use case that drives XRP value. Understanding Travel Rule helps evaluate exchange quality and corridor viability.

---

Assignment: Complete a Travel Rule implementation assessment for a specific ODL corridor, evaluating requirements at both endpoints, protocol compatibility, and operational challenges.

Requirements:

• Select an ODL corridor (current or proposed)

• Document origin and destination jurisdictions

• Explain corridor significance

• Travel Rule threshold

• Required data fields

• Unhosted wallet treatment

• Enforcement status

• What Travel Rule protocols are VASPs at each end likely using?

• Is there interoperability?

• What are the gaps?

• How would Travel Rule compliance work in this corridor?

• What's the expected timing impact?

• What failure scenarios exist?

• Overall compliance viability rating (High/Medium/Low)

• Key risks

• Recommendations

• Regulatory accuracy (25%): Are requirements correctly documented?

• Protocol analysis (25%): Is protocol landscape accurately assessed?

• Operational realism (25%): Is workflow realistic?

• Risk assessment (25%): Is evaluation well-reasoned?

Time investment: 2-3 hours
Value: Develops practical skill in corridor compliance assessment

---

For Next Lesson:
Lesson 7 examines blockchain analytics and chain surveillance—how compliance teams analyze on-chain transactions to detect suspicious activity and attribute wallets to real-world identities. We'll examine the major providers, methodologies, accuracy considerations, and privacy implications.

---

End of Lesson 6

Total words: ~5,500
Estimated completion time: 55 minutes reading + 2-3 hours for deliverable