Crypto Travel Rule Operating Checklist

The EBA Travel Rule guidance applies from December 30, 2024 under Regulation (EU) 2023/1113. CASPs must manage missing or incomplete transfer information.

That means Travel Rule work cannot sit only in legal. It must appear in onboarding, deposit review, withdrawal release, exceptions, records, and customer support.

Set the required originator and beneficiary fields by transfer type, jurisdiction, customer segment, and counterparty type.

Do not let operators decide case by case from memory. Build a decision table: collect, validate, pause, reject, or escalate. The table should include unhosted wallet handling and third-party VASP cases.

Missing information is not rare. Names differ. Wallet ownership is unclear. Counterparties send partial payloads. Customers make mistakes.

The process should define how many correction attempts are allowed, what evidence is accepted, when a transfer is paused, and when it is rejected. Keep the record with the transfer.

Travel Rule data does not replace wallet risk screening. A transfer can have complete originator data and still involve a scam wallet, sanctioned exposure, stolen funds, or a high-risk service.

Run wallet screening beside Travel Rule checks. The decision file should show both identity data status and blockchain risk status.

A policy that creates too many manual exceptions will fail under volume.

Track missing-data rate, correction time, rejected transfers, escalations, high-risk wallet matches, and repeated counterparty failures. These numbers show whether the process is working or only documented.

A supervisor should be able to open a transfer and see what data was required, what was received, what was missing, how wallet risk scored, who approved the action, and why.

If that record does not exist, the business is asking staff to defend a decision from memory.