Travel Rule
The Travel Rule, as applied to virtual assets, refers to the requirement that VASPs obtain, hold, and transmit originator and beneficiary information when conducting virtual asset transfers. The requirement derives from FATF Recommendation 16 (originally applicable to wire transfers in traditional finance) as adapted for virtual assets in the FATF’s 2019 Guidance on Virtual Assets and VASPs.
FATF Standard
FATF Recommendation 16 requires that ordering financial institutions include originator and beneficiary information with transfers, and that beneficiary institutions verify the information received. For virtual asset transfers, this means the ordering VASP must collect and transmit the originator’s name, account or wallet address, and either physical address, national identity number, or date and place of birth, along with the beneficiary’s name and account or wallet address.
UAE Implementation
VARA’s February 2026 circular on Implementation of the UAE Virtual Assets Travel Rule Requirements establishes the jurisdiction-specific implementation for VARA-licensed VASPs. This circular translates the FATF standard into binding requirements for VASPs operating in Dubai.
ADGM-FSRA and DFSA impose parallel travel rule requirements through their respective AML frameworks.
For the complete implementation guide, see our travel rule implementation guide.
Information Requirements
Under the travel rule, the ordering VASP must collect and transmit the following information:
Originator information: Full name, account number or wallet address used to process the transaction, and at least one of: physical address, national identity number, customer identification number, or date and place of birth.
Beneficiary information: Full name and account number or wallet address used to process the transaction.
This information must be transmitted to the beneficiary VASP immediately and securely alongside the virtual asset transfer. The beneficiary VASP must verify the information received and take appropriate action if the information is incomplete or missing, which may include rejecting the transfer, suspending the transaction pending resolution, or filing a suspicious transaction report.
Technical Implementation
Travel rule compliance requires technical solutions for VASP-to-VASP information exchange. Solutions include TRUST, OpenVASP, Sygna Bridge, Notabene, and Veriscope. Blockchain analytics providers like Chainalysis and Elliptic may offer integrated travel rule modules.
Key technical considerations for UAE VASPs include:
Protocol selection: VASPs must select a travel rule protocol or network that enables interoperability with the broadest possible range of counterparty VASPs. Protocol fragmentation — where different VASPs use different, incompatible travel rule solutions — remains a practical challenge.
Counterparty VASP identification: Before transmitting originator and beneficiary information, the ordering VASP must identify which VASP controls the beneficiary address. Blockchain analytics platforms support this process through VASP attribution databases, but not all addresses can be attributed to known VASPs.
Data security: Travel rule information includes personal data subject to data protection requirements. The transmission channel must be encrypted and access-controlled to prevent unauthorized access to customer information.
Integration with existing systems: Travel rule solutions must integrate with the VASP’s transaction processing infrastructure, triggering information collection at the point of withdrawal initiation and information verification at the point of deposit receipt.
For the complete implementation guide, see our travel rule implementation guide.
Unhosted Wallet Challenge
Transfers to and from unhosted wallets (wallets not controlled by a VASP) present a unique challenge because there is no counterparty VASP to receive or send information. VASPs must implement enhanced procedures for unhosted wallet transfers including wallet ownership verification and enhanced monitoring.
Practical approaches to the unhosted wallet challenge include:
- Wallet ownership verification: Requiring customers to demonstrate control of unhosted wallet addresses through cryptographic signature challenges (signed message verification)
- Enhanced transaction monitoring: Applying heightened scrutiny to transactions involving unhosted wallets, including blockchain analytics screening through Crystal Blockchain or similar platforms
- Risk-based limits: Implementing lower transaction limits for unhosted wallet transfers compared to VASP-to-VASP transfers
- Documentation requirements: Requiring customers to declare the purpose of unhosted wallet transfers and maintain records of declared purposes
Threshold Considerations
The FATF travel rule applies to all virtual asset transfers without a de minimis threshold, unlike the traditional wire transfer rule which applies a USD/EUR 1,000 threshold. However, jurisdictions may implement practical thresholds for certain information requirements. UAE VASPs should apply the travel rule requirements based on the specific thresholds established in VARA’s February 2026 circular and equivalent guidance from ADGM-FSRA and DFSA.
Enforcement Implications
Non-compliance with travel rule requirements constitutes a regulatory breach under each UAE jurisdiction’s framework. While no published enforcement action has specifically cited travel rule failure as of March 2026, the requirement is established and will form the basis for future supervisory assessment. The issuance of VARA’s February 2026 Travel Rule circular signals that compliance expectations are now formally binding and that supervisory assessment of travel rule compliance is expected to follow.
For the full enforcement framework, see our VARA enforcement powers deep dive and the enforcement action dashboard.
Related Terms
For regulatory context, visit UAE Tokenization Regulations and Dubai Tokenisation.