Crypto Travel Rule 101

What is counterparty crypto wallet identification & how does it work?


The importance of counterparty wallet identification in regulated crypto transactions

Virtual asset service providers (VASPs) must identify the counterparty wallet type to determine the requirements that apply to the transaction at hand. Suppose the transaction is coming from or being routed to a self-hosted wallet. In that case, Travel Rule information transmission obligations do not apply, and VASPs must fulfill different requirements. To ensure compliant transactions regardless of counterparty wallet type, VASPs need a wallet identification tool that allows them to identify self-hosted wallets, confirm beneficial ownership, collect the necessary information for each transaction, and apply appropriate jurisdiction requirements without impeding their customer's transaction experience.

What is crypto counterparty wallet identification?

Counterparty crypto wallet identification is the process of verifying the identity of the individuals or entities that hold or control a cryptocurrency wallet. Counterparty wallet identification aims to ensure that transactions are conducted with legitimate and known parties and to prevent transacting with sanctioned entities and illegal activities such as money laundering and terrorist financing. 

In context to the crypto Travel Rule, counterparty wallet identification helps VASPs determine who is on the other side of a transaction and when to adhere to additional self-hosted wallet identification requirements, as required by the VASP's jurisdiction.

What is the difference between a hosted wallet and a self-hosted wallet? A hosted wallet is hosted and maintained by a third-party service provider, often requiring the user to go through a know-your-customer (KYC) process. On the other hand, a self-hosted crypto wallet is a wallet stored on the user's device or computer, giving them complete control over their private keys, and does not require a KYC process.

FATF adds self-hosted wallets to the scope of the Travel Rule

Historically, the FATF and local regulators have generally focused on enforcing AML/CFT controls on transactions that involve intermediaries, such as VASPs or other obliged entities. The Crypto Travel Rule, by definition, mandates VASPs to collect, store, and send customer information when transferring digital assets to another VASP. 

In its initial Guidance for VAs and VASPs (June 2019), crypto transfers between VASPs and self-hosted wallets were already subject to information collection obligations. Yet, after a significant uptick in crypto activity, the Financial Action Task Force (FATF) expanded its stance and added new requirements for transfers between VASPs and self-hosted wallets in specific cases. (October 2021) 

The FATF now recommends that VASPs take a risk-based approach when interacting with unhosted wallets and apply additional risk mitigation measures if necessary, including potentially only allowing VASP to VASP transactions.

A VASP may choose to impose additional limitations, controls, or prohibitions on transactions with unhosted wallets in line with their risk analysis. Potential measures include: 
a. enhancing existing risk-based control framework to account for specific risks posed by transactions with unhosted wallets (e.g., accounting for specific users, patterns of observed conduct, local and regional risks, and information from regulators and law enforcement); and 
b. studying the feasibility of accepting transactions only from/to VASPs and other obliged entities, and/or unhosted wallets that the VASP has assessed to be reliable.

(FATF. 2021, pp. 86, 67, para. 297)

This adds additional complexity to Travel Rule compliance. Going forward, when a VASP receives a transaction from a self-hosted wallet, their customer (the transaction beneficiary) must identify the transaction originator. When a VASP sends a transaction to a self-hosted wallet, they must require their customer (the transaction originator) to identify the transaction beneficiary. Additionally, VASPs shall apply additional risk mitigation measures as they see fit. 

This brings wallet identification to the forefront. VASP must now determine if the counterparty wallet is self-hosted or hosted to apply the appropriate PII requirements to the transaction. 

Several components of Travel Rule compliance hinge upon determining whether a transaction is with a counterparty VASP, a self-hosted wallet, or another service. Below, we revisit the steps of crypto Travel Rule compliance.

Steps to Crypto Compliance Officers must take to fulfill Travel Rule compliance | Notabene
(Steps Crypto Compliance Officers must fulfill for each Travel Rule transaction. Source: Notabene)

Jurisdictions have different approaches to self-hosted wallets

National regulators have interpreted and applied several elements of the Travel Rule in differing ways that work best for their jurisdictions. Approaches to self-hosted wallet transactions are one of these varying elements, alongside thresholds that trigger compliance, enforcement dates, counterparty VASP due diligence obligations, transacting during the sunrise period, etc. 

Regulators have taken three distinct approaches to transactions between VASPs and self-hosted wallets, listed from lightest measures to heaviest measures below:

Comparing the approach to self-hosted wallets across jurisdictions | Notabene
A non-exhaustive comparison of the approach to self-hosted wallets across jurisdictions. (Source: Notabene)

How can VASPs identify and verify the owner of a counterparty self-hosted wallet?

Self-hosted wallets pose unique challenges when verifying identities, as traditional KYC/AML methods aren't effective in these cases. VASPs can leverage the following techniques to identify and verify self-hosted wallet ownership:

  1. Obtaining ownership proofs from clients
    As there is no other VASP from which to obtain the information when transacting with self-hosted wallets, VASPs will need to collect all the necessary Travel Rule information (names, account numbers or wallet addresses, addresses or IDs, DOBs, POBs, etc.) from their customer, without compromising user experience. 
  2. Wallet-signed messages
    In some jurisdictions, VASPs are required to verify the ownership of the self-hosted wallet. For this, VASPs shall use methods that allow them to tie an identity to the wallet they are transacting with. Companies can accomplish this through cryptographic signatures or satoshi tests. 
  3. Avoid interactions with self-hosted wallets
    Finally, VASPs can choose to impose additional limitations and controls or even avoid interacting with self-hosted wallets when dealing with potentially higher-risk transactions.

Click here for more information about ensuring Travel Rule Compliance on transactions involving self-hosted wallets.

How can Notabene help with crypto wallet identification?

Our fully-customizable wallet identification solution offers your customers a seamless and secure transaction experience. With SafeWithdraw, you no longer have to worry about incomplete data and unknown counterparties. Our tool automates compliance by instantly identifying self-hosted wallets, recommending the best-fit method for each wallet, and applying the appropriate regulations per jurisdiction. SafeWithdraw also offers three cryptographic ownership proof methods and identifies regulated transactions against Travel Rule thresholds. Additionally, it provides reusable proofs and allows your customer to submit missing information post-deposit.


FATF. 2021. Updated Guidance for a Risk-based Approach to Virtual Assets and Virtual Asset Service Providers. Paris: FATF. Published June 21, 2021.


Counterparty Crypto Wallet Identification

What are self-hosted wallets?

A self-hosted or non-custodial wallet allows users to store their private keys and retain control over their funds.

Does the Travel Rule apply to transactions with self-hosted wallets?

FATF recommends that VASPs have their customer identify the transaction originator when receiving a transaction from a self-hosted wallet. When a VASP customer sends a transaction to a self-hosted wallet, the customer (the transaction originator) must identify the transaction beneficiary. Additionally, VASPs shall apply additional risk mitigation measures as they see fit.

Why is counterparty crypto wallet identification important for VASPs?

Determining the type of wallet on the other side of a transaction is integral to Travel Rule compliance because it determines which rules apply to the transaction. The FATF recommends collecting information about a self-hosted wallet's owner from a VASP customer. Still, different jurisdictions have different approaches to regulating transactions between VASPs and self-hosted wallets.

How can VASPs ensure Travel Rule compliance when transacting with self-hosted wallets?

VASPs can leverage wallet identification tools to help them collect the appropriate customer-identifying information for each Travel Rule-regulated transaction to/from self-hosted wallets.