66% of VASPs Impose Restrictions on Transactions With Self-Hosted Wallets: 2024 Travel Rule Compliance Insights

This article provides an in-depth look at virtual asset service providers' (VASPs) current transaction restrictions and compliance measures as they navigate Travel Rule compliance.

Based on the results from Notabene's 2024 State of Crypto Travel Rule Compliance survey, we explore how crypto businesses and financial institutions are preparing to meet these regulatory requirements. Download the report here to gain deeper insights.

Key Findings

Global Survey Overview
The survey, conducted between October 2023 and January 2024, included 70 companies from Europe, the Middle East, Africa (45.7%), Asia-Pacific (30%), and the Americas (21.4%).

66% of VASPs Enforce Restrictions on Withdrawals That Do Not Comply With Travel Rule Requirements

66% of VASPs enforce restrictions on withdrawals that do not comply with Travel Rule requirements. Notably, 23% do not allow withdrawals unless a Travel Rule message can be sent to the beneficiary VASP, up from 8% last year. This shift reflects a growing trend towards stricter compliance measures within the industry. The percentage of respondents permitting customers to withdraw funds without being able to send Travel Rule messages to the beneficiary VASP has dropped significantly from 37% in 2023 to 19% in 2024. This decrease of 49% underscores a heightened focus on ensuring compliance with regulatory requirements.

Moreover, 40% of respondents adopt a risk-based approach when determining whether to allow a withdrawal. This method reflects an industry-wide effort to balance business considerations with regulatory compliance. Given the persistent limitations that hinder full compliance, such as the Sunrise Issue, this approach is particularly significant. The increasing adoption of stringent compliance measures marks a notable shift in the industry’s approach to risk management, demonstrating a mature, proactive, and compliant stance in navigating the evolving landscape of crypto regulations.

66% of Companies Impose Restrictions on Transactions With Self-Hosted Wallets

66% of companies impose restrictions on transactions with self-hosted wallets. Approximately one-third of companies (33%) exclusively allow first-party transactions with self-hosted wallets and require customers to demonstrate control over the wallet address before authorizing the transaction. Additionally, 27% of companies allow third-party transactions with self-hosted wallets but collect beneficiary information from their customers, showcasing a commitment to due diligence. A minority of 6% of companies outright prohibit transactions with self-hosted wallets. 

There is still a substantial portion of respondents (29%) that do not impose any restrictions on transactions with self-hosted wallets. The “Other” category, comprising 6% of responses, suggests a unique range of approaches that some companies have adopted to handle transactions with self-hosted wallets. The distribution of survey responses illustrates the diversity of approaches that regulators worldwide take when defining rules for transactions involving VASPs and self-hosted wallets.

Over 20% of VASPs Return Deposits Missing Required Travel Rule Information

Handling Deposits

Over 20% of VASPs return deposits missing required Travel Rule information. Specifically, 21% of companies, upon identifying the originator VASP, promptly send requests for missing Travel Rule information. If the information is not received, companies take the decisive step of returning the funds. This approach often creates additional operational challenges for VASPs, which is further discussed in Chapter 5, Section 7 of the report. Another 10% follow a similar protocol but opt to collect the required information directly from their end-customers in the absence of the necessary data, using this as an alternative means to assess transaction risk when counterparty collaboration is lacking.

Nearly half (49%) of the respondents take more lenient approaches. Notably, 30% adopt a risk-based approach, evaluating the associated risks before deciding whether to make the deposit available to end-customers. Meanwhile, 19% of respondents permit their customers to receive deposits without the mandated Travel Rule information. This variation in approach may stem from the need to balance compliance with business needs. A significant portion of deposits from VASPs still lack Travel Rule information due to hindrances like the Sunrise Issue and interoperability issues. For these firms, strict compliance would entail refusing all deposits except from self-hosted wallets, which would have a significant and potentially disproportionate impact on business.

Diverse Compliance Strategies

VASPs employ a range of strategies to manage non-compliant deposits, from providing grace periods to negotiating compliance practices with counterparties. Some respondents revealed ongoing efforts toward implementation, development, or the intention to implement in the future. Strategies included providing grace periods for clients, negotiating compliance practices with counterparties, and adopting selective compliance measures based on specific circumstances. These diverse responses underscore the complex and evolving nature of the regulatory landscape and the varied approaches taken by entities within the crypto ecosystem. This emphasizes the need for continued collaboration and standardization for comprehensive and effective risk mitigation practices.

As the regulatory landscape continues to evolve, VASPs must stay abreast of changes and adopt robust compliance strategies. The increasing adoption of stringent compliance measures marks a significant shift in the industry's approach to risk management, demonstrating a mature, proactive, and compliant stance in navigating the evolving landscape of crypto regulations. For VASPs, staying ahead of these changes will be crucial in maintaining competitive advantage and fostering trust in the digital asset space.

{{report1="/cta-components"}}