Stay Updated on Crypto Compliance & Crypto Regulation in the EU
Stay informed about the latest events, webinars, and news on crypto compliance in the European Union. Join our community of compliance professionals and ensure your business stays ahead of regulatory changes.


Your Hub for Cryptocurrency Compliance in the European Union
Welcome to your go-to resource for all things related to crypto compliance in the EU. Here, you’ll find the latest news, upcoming events, and insightful webinars to keep you informed and compliant.
Recent News on Crypto Regulation in the EU
Stay up-to-date with the latest news articles, regulatory updates, and industry insights on crypto compliance in the EU.
For compliance professionals across Europe, the Transfer of Funds Regulation (TFR) plays a pivotal role in enhancing transparency and combating money laundering and terrorist financing. While its primary objective is to align with the Financial Action Task Force’s (FATF) “Travel Rule” for European Union (EU) member states, it’s equally important—but sometimes overlooked—that it also applies to the European Economic Area (EEA) member states, namely Norway, Iceland, and Liechtenstein. This blog post delves into how the TFR extends to the EEA, ensuring a homogeneous regulatory framework across the region.
TFR in the EEA: Not Just an EU Regulation
The TFR was first established under Regulation (EU) 2015/847*, mandating that financial service providers share information accompanying transfers of funds. This regulation is designed to combat money laundering and terrorist financing by ensuring transparency in financial transactions. When the regulation was introduced, the EEA Joint Committee, responsible for aligning EEA non-EU members with relevant EU regulations, formally incorporated it into the EEA Agreement.
EEA Joint Committee Decision No. 198/2016*, adopted on 30 September 2016, amended Annex IX (Financial Services) of the EEA Agreement to include the TFR, thereby extending its applicability to Iceland, Liechtenstein, and Norway. This decision ensured that non-EU EEA members implement the TFR within their financial systems, thus aligning their AML measures with EU standards.
The Complete List of EEA Countries Impacted by the TFR
Understanding which countries the TFR applies to is key for compliance. Here’s the full list of EEA member states:
EU Member States (27 countries):Â
- 🇦🇹 Austria
- 🇧🇪 Belgium
- 🇧🇬 Bulgaria
- đź‡đź‡· Croatia
- 🇨🇾 Cyprus
- 🇨🇿 Czech Republic
- 🇩🇰 Denmark
- 🇪🇪 Estonia
- 🇫🇮 Finland
- 🇫🇷 France
- 🇩🇪 Germany
- 🇬🇷 Greece
- đź‡đź‡ş Hungary
- 🇮🇪 Ireland
- 🇮🇹 Italy
- 🇱🇻 Latvia
- 🇱🇹 Lithuania
- 🇱🇺 Luxembourg
- 🇲🇹 Malta
- 🇳🇱 Netherlands
- 🇵🇱 Poland
- 🇵🇹 Portugal
- 🇷🇴 Romania
- 🇸🇰 Slovakia
- 🇸🇮 Slovenia
- 🇪🇸 Spain
- 🇸🇪 Sweden
EEA EFTA States (3 countries):Â
- 🇮🇸 Iceland
- 🇱🇮 Liechtenstein
- 🇳🇴 Norway
It’s worth noting that 🇨🇠Switzerland, although part of the European Free Trade Association (EFTA), is not a member of the EEA and is therefore not directly subject to the TFR.
How the TFR Enhances AML/CFT Measures Across the EEA
The TFR strengthens AML and Counter Financing of Terrorism (CFT) measures by requiring payment service providers to attach detailed payer and payee information to transfers of funds. For the EEA as a whole, this means consistent AML compliance standards for financial institutions across both EU and non-EU EEA states.
When Regulation (EU) 2023/1113* updated the TFR, it further extended these obligations specifically for virtual asset service providers (VASPs), bringing them under the same AML/CFT standards. This update is part of the EU’s broader Markets in Crypto-Assets (MiCA) framework, which aims to regulate cryptocurrency service providers consistently across the EEA.
This update extended obligations to VASPs across the EEA as part of the region’s coordinated AML/CFT strategy and ensured that virtual asset transfers include necessary information about the originator and beneficiary, aligning with the FATF’s Travel Rule.
Implications of the TFR for Financial Institutions and VASPs in the EEA
The TFR’s incorporation into the EEA Agreement means that financial institutions, including VASPs in Iceland, Liechtenstein, and Norway, must now comply with the same AML requirements as those in the EU. This uniformity is essential for:
- Legal Alignment: Ensuring a homogenous legal framework across all EEA member states.
- Compliance Requirements: Enforcing the same level of scrutiny for fund transfers within the EEA, enhancing transparency and reducing regulatory disparities.
- AML/CFT Strengthening: Bolstering defenses against money laundering and terrorism financing across borders, especially in high-risk sectors like virtual assets.
Why Compliance Professionals Shouldn’t Overlook EEA Obligations
For compliance officers, particularly those dealing with cross-border transactions, it’s essential to remember that the TFR’s obligations span the entire EEA. Ignoring the non-EU EEA countries—Norway, Iceland, and Liechtenstein—can lead to gaps in compliance, risking penalties and reputational damage. Every compliance framework and transaction protocol should therefore account for the TFR’s reach across these territories.
The TFR is not just an EU obligation; it applies to the entire EEA, including Iceland, Liechtenstein, and Norway. Its aim is to create a consistent and robust AML framework across Europe, aligning the EEA non-EU members with the EU’s AML/CFT standards. Compliance professionals and financial institutions should ensure that their policies and procedures reflect this broader scope of the TFR, safeguarding against regulatory and operational risks in today’s complex financial landscape.
Where to Find Further Guidance on EEA Compliance
The EFTA Secretariat offers access to legal texts and guidance on implementing EU regulations within the EEA, including the TFR. Additionally, each EEA EFTA state’s financial supervisory authority provides national guidelines to help institutions comply with the regulation’s requirements.
For more detailed information on the TFR’s integration into the EEA, refer to EEA Joint Committee Decision No 198/2016, published in the EEA Supplement to the Official Journal of the European Union. The official EFTA website also provides a repository of EEA-related legislative documents, ensuring that compliance professionals have the resources they need to meet EEA-wide AML standards.
*Sources
Regulation (EU) 2015/847 -Â https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32015R0847#ntr2-L_2015141EN.01000101-E0002
EEA Joint Committee Decision No. 198/2016 -Â Â https://www.efta.int/sites/default/files/documents/legal-texts/eea/other-legal-documents/adopted-joint-committee-decisions/2016%20-%20English/198-2016.pdf
Regulation (EU) 2023/1113 -Â 3Â https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32023R1113
As of 30 December 2024, compliance with the Transfer of Funds Regulation (TFR) and respective EBA Guidelines is mandatory for any CASPs operating in the EU.
▶︎ Watch this special video message from Lana Schwartzman, Head of Regulatory & Compliance at Notabene, explaining why compliance with TFR is so important, as what consequences may face CASPs that fail to comply.
A common misconception that we hear is that there is a “grace period” that delays the need to comply until July of this year. While it is true that the EBA guidelines foresee a transitional period until July 31, 2025, during which CASPs may exceptionally use infrastructures or services with certain technical limitations, this does not exempt them from Travel Rule compliance. CASPs using such infrastructures are required to take additional technical steps to ensure full compliance with the Travel Rule during this period.
This provision from the EBA Guidelines gave rise to misinterpretations that many are now incorrectly viewing as a grace period or exemption. The EBA already clarified that this is not the case. In page 51 of the final Guidelines “the EBA stresses that non-compliance with Regulation (EU) 2023/1113 is not accepted”. In fact, paragraph 24 of the EBA Guidelines clearly states that the technical limitations “need to be compensated by additional technical steps or fixes to fully comply with these Guidelines”.
It is therefore very clear that the TFR obligations must be fully complied with as of December 30, 2024.
CASPs that repeatedly or systematically fail to accompany crypto-asset transfers with the required information on the originator and beneficiary may face severe penalties and consequences under the Transfer of Funds Regulation and related EU directives. All told, the risks that a company faces by not complying with TFR are substantial.
Let’s have a look at the potential consequences of non-compliance with the TFR.
1. Financial Penalties
One of the most immediate and tangible consequences of non-compliance is the imposition of financial penalties. These can be substantial and may vary depending on the severity of the breach and the specific regulations in each EU member state. The regulation allows for substantial monetary sanctions:
- Standard Penalty: A maximum administrative fine of at least twice the amount of the benefit derived from the breach (if determinable) or a minimum of €1,000,000.
- Enhanced Penalties for Financial Institutions: For CASPs classified as credit or financial institutions, the penalties can be more severe:
- Legal Persons: Fines of up to €5,000,000 or 10% of the total annual turnover, whichever is higher.
- Natural Persons: Fines of up to €5,000,000
Keep in mind that penalties can accumulate, potentially resulting in daily fines. In addition, increased compliance costs and operational burdens may be necessary to resolve deficiencies, resulting in additional financial burden.
*Source: Article (3) of Directive (EU) 2015/849
2. Criminal and Administrative Sanctions
In more severe cases, particularly those involving deliberate non-compliance or gross negligence, entities and individuals may face criminal or administrative sanctions. This can include:
- Criminal liability for Chief Compliance Officers (CCOs) or executives responsible for overseeing AML/CFT protocols
- Administrative sanctions that could significantly impact business operations
- Public Statement: Authorities may issue a public statement identifying the CASP and detailing the nature of the breach.
- Cease and Desist Order: The CASP may be ordered to stop the non-compliant behavior and refrain from repeating it.
- Authorisation Suspension or Revocation: For authorized CASPs, their operating license may be suspended or withdrawn entirely.
- Managerial Ban: Individuals responsible for the breach, including those in managerial positions, may face a temporary ban from exercising managerial functions in obliged entities.
*Source: Article 29 of the TFR and Article 59(2) and (3) of Directive (EU) 2015/849)
3. Regulatory Sanctions
While exact details may vary, it's likely that regulatory sanctions for non-compliance could be severe:
- Suspension or revocation of operating licenses within the EU
- Restrictions on certain activities or prohibitions on cross-border crypto-asset transfers
4. Reputational Damage
In the highly regulated EU market, reputation is crucial. Non-compliance can lead to:
- Loss of trust from customers and partners
- Negative publicity that can be challenging to overcome
- Long-term impact on business relationships and growth opportunities
5. Heightened Regulatory Scrutiny
Entities found to be non-compliant will likely face increased attention from regulators:
- More frequent audits and inspections
- Increased reporting obligations, adding administrative burdens and costs
- Requirements to submit additional documentation to demonstrate compliance improvements
6. Counterparty Risks
Non-compliance can also affect business relationships, as partners may be hesitant to work with non-compliant entities, leading to lower transaction volumes and overall business success.
- Counterparties may report non-compliance to regulators. CASPs must report the repeatedly non-compliant counterparties to the competent authority responsible for Anti-Money Laundering/Counter-Terrorist Financing (AML/CTF) supervision within three months of identifying the non-compliance.
- Counterparties of CASPs that repeatedly or systematically fail to accompany crypto-asset transfers with the required information on the originator and beneficiary may be required to reject incoming transfers and terminate the existing business relationship or all reject future transfers from the non-compliant counterparty.
While no one has a crystal ball, the consequences of non-compliance with the EU's TFR after December 30th, 2024, are far-reaching and potentially severe. From financial penalties to reputational damage, the possible risks suggest that CASPs and other obligated entities should take seriously the need to be fully prepared with a TFR-ready Travel Rule solution when the regulation comes into force.
The European Union's Transfer of Funds Regulation (TFR) and the associated Travel Rule Guidelines from the European Banking Authority (EBA) are set to significantly impact how Crypto Asset Service Providers (CASPs) handle crypto-asset transactions. As these regulations come into effect, it is crucial for CASPs to understand the key requirements and prepare for compliance.Â
This blog highlights the top 10 things European CASPs need to know about the upcoming Travel Rule compliance enforcement.
1. Comprehensive Data Collection Requirements
Under Article 14, paragraphs 1 and 2 of the TFR, CASPs must ensure that all transfers include specific details about the originator and beneficiary.
This includes:
Natural persons
.png)
Legal persons
.png)
This comprehensive data collection ensures that all parties in a transaction can be unambiguously identified.
2. Robust Monitoring Systems
Beneficiary CASPs must implement robust monitoring systems to detect and manage non-compliant transactions. These systems should be capable of identifying missing, incomplete, or meaningless information and should align with the risk levels associated with money laundering and terrorist financing. [1]
{{european2="/cta-components"}}
3. Handling Non-Compliant Transactions
When a transaction lacks the required information, CASPs have four options: execute, reject, return, or suspend the transfer. The appropriate action depends on the specific circumstances and the risk assessment results. [2]

4. Managing Non-Compliant Counterparties
Repeated non-compliance by counterparties requires CASPs to reassess their relationships. This includes applying stricter monitoring and verification measures, potentially terminating business relationships, and reporting non-compliant counterparties to the relevant authorities. [3]

5. Verifying Self-Hosted Wallet Transactions
For transactions involving self-hosted wallets, the requirement to use two methods for wallet ownership verification has been removed. CASPs are now required to use only one method by default for verifying wallet ownership/control. [4]
6. Understanding Different Self-Hosted Wallet Transaction ScenariosÂ
The TFR categorizes self-hosted wallet obligations based on the transaction amount and whether the wallet owner is a customer of the CASP. These scenarios include transactions of 1,000 euros or less, transactions over 1,000 euros where the wallet owner is a CASP customer, and transactions over 1,000 euros where the wallet owner is not a CASP customer.
‍

7. Implementing Appropriate Risk Mitigation Measures on Self-Hosted Wallet Transactions
CASPs should adopt a risk-based approach to transactions involving self-hosted wallets and implement any necessary risk mitigation measures proportional to the identified risks. These measures may include verifying the identity of the transfer's originator or beneficiary, requesting additional information, and conducting enhanced ongoing monitoring of transactions. [5]
8. Ensuring Compliance with General Obligations
CASPs must ensure compliance with several general obligations, such as:
- Information transmission infrastructure: Must be fully capable of transmitting information without technical limitations. A transitional period until July 31, 2025, allows for exceptions with compensatory policies in place. [6]
- Compliance timing: Information must be transmitted immediately and securely, before or at the same time the crypto-asset transfer is completed. [7]
- Joint accounts: Transfers from joint accounts, addresses, or wallets must include information about all holders. [8]‍
- Information submission changes: Initial information submissions cannot be changed unless requested by the beneficiary CASP or if an error is identified. Subsequent CASPs must be informed and required to detect any missing or incomplete information. [9]
9. Evaluating Payment and Messaging Systems (Travel Rule solutions)
Payment and messaging system requirements: CASPs must evaluate selected messaging or payment protocols based on the following aspects:
- Communication with internal core systems and counterparty messaging or payment systems.
- Compatibility with other blockchain networks.
- Reachability, including the ability to reach counterparties and the success rate of transfers.
- Detection of transfers with missing or incomplete information.
- Data integration, security, and reliability. [10]
10. Preparing for the Future
By July 1, 2026, the European Commission will assess the necessity for additional measures to mitigate risks associated with self-hosted wallet transactions. This evaluation will encompass examining the efficacy and proportionality of verification mechanisms and considering potential restrictions. [11]
‍
{{european1="/cta-components"}}
‍
The upcoming Travel Rule compliance regulation imposes comprehensive requirements on CASPs to ensure the integrity of crypto-asset transactions. By understanding and adhering to these requirements, CASPs can effectively manage transaction information, monitor compliance, handle non-compliant transactions, and manage relationships with non-compliant counterparties. This regulatory framework not only helps in mitigating risks associated with money laundering and terrorist financing but also fosters a more secure and transparent crypto-asset ecosystem in the European Union.
‍
Want to learn more? Read our blogs on beneficiary VASPs' transaction requirements under the TFR and the upcoming self-hosted wallet requirements.
FATF Travel Rule Requirements in the European Union

Resources for Crypto Compliance
Explore our collection of whitepapers, case studies, and guides to deepen your understanding of crypto compliance in the EU.
Today, the European Banking Authority (EBA) released an explainer entitled Preventing Money Laundering and Terrorism Financing in the EU’s Crypto-Assets Sector. As the crypto landscape evolves, the EU is tightening its grip on compliance with the introduction of MiCAR (Markets in Crypto-Assets Regulation) and its accompanying AML/CFT rules, including the Transfer of Funds Regulation (TFR).
One common misconception among crypto-asset service providers (CASPs) is that MiCAR includes a “grandfathering” exemption under the new European Travel Rule.
Let’s set the record straight: this is definitively not the case.
▶︎ Watch this special video message from Lana Schwartzman, Head of Regulatory & Compliance at Notabene, explaining why compliance with TFR is so important, as what consequences may face CASPs that fail to comply.
What Does Article 143(3) of MiCAR Really Say?
The much-discussed Article 143(3) states:
“Crypto-asset service providers that provided their services in accordance with applicable law before 30 December 2024, may continue to do so until 1 July 2026 or until they are granted or refused an authorization pursuant to Article 63, whichever is sooner.”
At first glance, this might appear to grant a blanket reprieve for CASPs operating before the cut-off date. In reality, the provision is far more limited in scope.
What This Provision Actually Means
While this transitional clause provides a limited window for CASPs to continue operating while applying for MiCAR authorization, it is not a free pass to avoid compliance. CASPs operating under existing frameworks—such as AMLD (Anti-Money Laundering Directive) or domestic AML/CFT regimes—must still adhere to all applicable AML/CFT requirements and that includes the Regulation (EU) 2023/1113, also know as the Transfer of Funds Regulation (TFR).
In simple terms:
- Yes, CASPs can keep operating during the transitional period.
- No, this does not exempt them from complying with the updated AML/CFT framework (including TFR).
The same stringent rules that apply to credit and financial institutions also apply to “grandfathered” CASPs.

The Travel Rule is Here to Stay
A major component of these regulations is the European Travel Rule, requiring CASPs to ensure that crypto transfers include comprehensive information about both originators and beneficiaries with the goal of preventing illicit activities like money laundering and terrorist financing in the crypto ecosystem and reporting it. This rule is non-negotiable and applies equally to CASPs during the transitional period.
Furthermore, CASPs engaging in transactions with self-hosted wallets or operating across borders will need to implement robust measures to trace and verify transfers.
Why Compliance Matters Now
While the transitional period may offer some operational flexibility, CASPs that delay in meeting compliance requirements risk jeopardizing their long-term viability. Here’s why:
- Increased Scrutiny: The EBA and upcoming EU AML Authority are tasked with enforcing strict compliance.
- Reputation at Stake: Operating without adherence to AML/CFT standards could harm trust with customers, partners, and regulators. As a matter of fact, we published earlier this year the results of our State of Crypto Travel Rule Report which showed from the survey that 66% of VASPs restrict withdrawals that do not comply with Travel Rule requirements
- Operational Risks: Failure to comply could lead to service suspension, fines, or denial of authorization.

For more on the risks of not complying with TFR, read our recent article on the Consequences of Non-Compliance with EU's Travel Rule After December 30th.
The Path Forward for CASPs
For CASPs looking to thrive under the new regime:
- Act Now: Begin implementing Travel Rule solutions and robust AML/CFT measures immediately.
- Understand the Framework: Familiarize yourself with MiCAR, Regulation (EU) 2023/1113, and the EBA Travel Rule Guidelines.
- Prepare for Licensing: Gather the necessary documentation and establish a compliance-first culture to streamline your MiCAR authorization process.
Debunking the Myth
The takeaway is clear: there is no blanket “grandfathering clause” exempting CASPs from compliance. The transitional provision simply ensures continuity while maintaining full AML/CFT obligations.
As the compliance deadline of December 30, 2024 approaches, proactive measures will separate the leaders from those left scrambling to catch up. The time to act is now—ensure your operations are Travel Rule-ready and compliant with the evolving regulatory landscape.
Let’s work together to build a safe, compliant, and thriving crypto ecosystem in the EU. 🌍
As the EU’s Travel Rule regulations continue to advance, other global regions are beginning to feel the ripple effects. The Transfer of Funds Regulation (TFR), notably Regulation (EU) 1113/2023, sets stringent requirements on crypto asset service providers (CASPs) within the EU to mitigate risks of money laundering, terrorist financing, and other financial crimes.
Yet, the effects of these rules extend beyond EU borders, influencing jurisdictions worldwide as they adapt to the standards set forth by these robust regulations.
Let’s have a look at some of the ways the EU’s TFR could impact regions globally.
A Surge in Global Compliance Demand
North America
VASPs in the US and Canada are closely observing the EU’s strict stance, with regulators considering updates or FAQs to enhance their own frameworks. The EU’s Travel Rule has set a benchmark, making it difficult for non-compliant entities to serve EU-based customers without adhering to similar standards.
Asia-Pacific
Countries like Singapore and Japan, which have already implemented Travel Rule provisions, are likely to refine their compliance measures further to align with EU requirements. This is especially important as EU-based financial institutions increasingly demand verification of counterparties in these regions.
Strengthening Due Diligence and AML Practices
The EU’s TFR mandates comprehensive due diligence for CASPs, which has led other jurisdictions to adopt or enhance similar anti-money laundering (AML) practices. For instance, LATAM countries, particularly those with high remittance flows, are tightening scrutiny on VASP activities to align with FATF recommendations and TFR influences.
For example, according to Reuters, Argentina’s cryptocurrency transactions have surged to $85.4 billion in the past year, raising concerns about money laundering. In response, the government is implementing new regulations, including a July 2024 fiscal package offering tax amnesty for individuals declaring up to $100,000 in registered crypto assets. This initiative aims to align with Financial Action Task Force (FATF) standards and prevent Argentina from being placed on the FATF’s grey list, which could deter foreign investment and harm the economy. Additionally, the government is amending laws related to money laundering and reporting entities to strengthen oversight of the crypto market. Regionally, the Financial Action Task Force of Latin America (GAFILAT), comprising 18 countries from South, Central, and North America, is enhancing anti-money laundering frameworks to align with global standards.
These efforts ensure that transactions from different regions meet EU standards, thereby reinforcing global AML practices.
Influencing Emerging Economies and Adoption Challenges
For emerging markets, particularly in Africa, the drive toward compliance is becoming essential as EU-based users and entities prefer to transact only with VASPs in compliance with their own regulatory standards.
This could either foster rapid compliance adoption or limit market access for non-compliant VASPs in these regions. This was also noted in our State of Crypto Travel Rule Report where survey results showed that VASPs are increasingly intolerant towards transacting with counterparties that do not comply with the Travel Rule. In fact, over 66% of VASPs somehow restrict withdrawals that don't comply with Travel Rule requirements.

In Nigeria, a leading African cryptocurrency market, VASPs face pressure to align with international standards to maintain global market access. In December 2023, the Central Bank of Nigeria (CBN) issued guidelines for VASPs, lifting a two-year restriction on financial institutions operating accounts for cryptocurrency service providers or processing crypto-related transactions. However, smaller VASPs often struggle with the financial and operational burdens of compliance, creating a dichotomy:
- Rapid Compliance Adoption: VASPs that can afford necessary compliance measures may gain a competitive advantage by attracting EU-based clients and partners, thereby expanding their market reach.
- Limited Market Access: Conversely, VASPs unable to meet these standards risk exclusion from transactions with EU entities, limiting their growth potential.
This dynamic underscores the importance for African VASPs to invest in compliance infrastructure. While initial costs may be high, the long-term benefits include maintaining access to international markets, fostering trust with global partners, and enhancing the overall credibility of the African cryptocurrency market, which can attract more investors and users.
Increasing Demand for Compliance Technology
As VASPs worldwide aim to meet EU standards, the demand for compliance technology is surging. Many are adopting regtech solutions to streamline KYC, AML, and data-sharing processes, enabling efficient alignment with international standards, particularly for cross-border transactions. This trend is reshaping how global VASPs approach compliance.
The Road Ahead: Potential Challenges and Opportunities
The EU’s TFR is reshaping the regulatory landscape, creating both challenges and opportunities for global VASPs. Increased regulatory pressure may lead to market consolidation, where larger entities excel while smaller players struggle to adapt. However, harmonized regulations promise more secure, trustworthy global transactions, offering users a safer and more navigable digital asset ecosystem.
This evolving environment demands proactive investment in compliance solutions. For VASPs, adapting to these changes is not just a regulatory necessity—it’s an opportunity to enhance credibility, foster innovation, and help standardize the global digital transaction landscape.
If your business is located outside of the EU and you would like to speak with our team about implementing a TFR-compliant Travel Rule program, you can schedule a free demo of our solution at notabene.id/demo
Lately, we’ve been hearing a recurring question from our customers and prospects: Is the EU Transfer of Funds Regulation (TFR) being postponed by six months? Let’s set the record straight.
The short answer: No, the TFR is not being delayed.
Understanding the Source of the Confusion
This misunderstanding likely stems from recent discussions around MiCA (Markets in Crypto-Assets) regulatory technical standards (RTS). As members of BlockchainForEurope, we’ve joined others in addressing concerns about MiCA’s RTS and its implementation timeline. The letter we co-signed with other industry members highlights several key challenges that MiCA introduces, including:
- Timing and Legal Uncertainty: With less than two months left before MiCA’s application on December 30, 2024, delays in RTS adoption have left both national competent authorities (NCAs) and CASPs scrambling to prepare.
- Inconsistent Transitional Periods: Divergent “grandfathering” clauses across Member States create a compliance patchwork—5 months in Lithuania versus 18 months in France—undermining the intended harmonization.
- Foreseeable Delays and Risks: Without coordinated measures, we risk regulatory uncertainty, market disruptions, and reputational harm, detracting from MiCA’s goals.
- Operational Challenges: CASPs face impractical requirements, such as applying in all Member States, while some states have ceased accepting pre-MiCA applications.
- Proposed Mitigations: The letter calls for ESMA to issue a “no action” letter to promote consistency among NCAs and extend transitional arrangements.
How Does This Relate to TFR?
It’s crucial to understand that MiCA and TFR are separate regulations. While MiCA includes transitional or “grandfathering” clauses for existing CASPs, the TFR does not.
For TFR, there is no "traditional" transitional period. Under the EBA Travel Rule Guidelines, until July 31, 2025, CASPs may exceptionally use infrastructures or services with technical limitations, but are required to implement additional technical steps to ensure full compliance with the requirements. This does not exempt them from Travel Rule compliance. CASPs using such infrastructures are required to take additional technical steps to ensure full compliance with the Travel Rule during this period. This means that all existing CASPs, regardless of their new status, must fully comply with the TFR requirements by the official application date. Any delays or mitigations proposed under MiCA will not directly impact TFR timelines.
Failing to comply with the TFR by the December 30, 2024, deadline carries serious consequences, including the potential for service disruptions, reputational damage, and regulatory penalties. We recently explored this topic in detail in our article: The Consequences of Non-Compliance with the EU’s Travel Rule After December 30th. If you’re preparing for compliance, it’s worth a read.
At Notabene, we’re committed to helping businesses navigate these regulatory complexities. If you have questions or concerns about preparing for the TFR, we’re here to help. Feel free to reach out to our Regulatory & Compliance team at [email protected]

Travel Rule Compliance in the European Union: Summary

FATF Travel Rule Requirements in the European Union

Travel Rule Compliance in the European Union: An In-Depth Analysis
Notabene Customer Workshop - EU Travel Rule (Session 2)
Notabene Customer Workshop - EU Travel Rule
Introducing SafeConnect Components: Seamless end-to-end TFR Compliance
Become an Expert on Travel Rule in the EU
Compliance Deep Dive: Travel Rule in the European Union (2022)
Navigating Crypto Regulations in the UK and EU in 2021


Response to the Public Consultation on the Draft Legislative Decrees for Adapting National Legislation to the 'MiCAR' and 'TFR' Regulations on Crypto-Assets
Upcoming Events on EU Crypto Industry Compliance
Join us at the latest events focused on crypto compliance in the EU. Network with industry leaders and gain insights into the latest regulatory developments.

Get Certified as an Expert in EU Travel Rule Compliance
Sign up for our course to teach you everything you need to know about Travel Rule compliance in the EU.
FAQs
What is crypto compliance in the EU?
Crypto compliance in the EU involves adhering to regulatory standards set by the European Union for cryptocurrency operations, including anti-money laundering (AML) and counter-terrorism financing (CTF) measures.
What is the EU Travel Rule?
The EU Crypto Travel Rule requires cryptocurrency exchanges and wallet providers to share specific information about transactions to comply with AML and CTF regulations. This rule aims to enhance transparency and security in crypto transactions.
How does financial crime impact crypto compliance?
Financial crime, such as money laundering and fraud, poses significant risks to the crypto industry. Crypto compliance measures, including AML and CTF regulations, are crucial in mitigating these risks and ensuring the integrity and security of cryptocurrency transactions.
Are stablecoins regulated?
Yes, stablecoins are regulated to ensure they adhere to financial regulations, particularly concerning anti-money laundering (AML) and counter-terrorism financing (CTF) standards. Regulatory bodies require stablecoin issuers to maintain transparency and ensure that their assets are properly backed and audited.
What regulations do crypto exchanges need to comply with?
Crypto exchanges need to comply with a range of regulations, including:
- Anti-Money Laundering (AML): Implement measures to detect and prevent money laundering activities.
- Know Your Customer (KYC): Verify the identity of users to prevent fraud and illegal activities.
- Counter-Terrorism Financing (CTF): Ensure transactions do not facilitate terrorism financing.
- Crypto Travel Rule: Share specific transaction information to comply with international regulatory standards.
- Data Protection: Adhere to data protection laws such as GDPR to ensure user privacy and data security.
Hosting these gateways within the VASP's own infrastructure, such as a data center or cloud account, is advised for optimal security. This approach, particularly when using an enclave server, allows for enhanced security measures, aligning with the principle that control over the hosting environment can significantly bolster security.