US banking regulators have sent their clearest signal yet: the Travel Rule now applies to all banks offering crypto custody services.

In a July 2025 joint statement on crypto-asset safekeeping, the OCC, Federal Reserve, and FDIC outlined expectations for cybersecurity, operational resilience, and risk management. But one line in particular caught the attention of compliance teams: for the first time, US regulators explicitly named the Travel Rule as a compliance requirement for banks providing crypto custody.

Shifting US Regulatory Expectations for Crypto Custody and Travel Rule Compliance

The Travel Rule, first implemented under the Bank Secrecy Act (BSA) in 1996, requires financial institutions to transmit verified originator and beneficiary information with qualifying transfers. In traditional finance, it’s a cornerstone of AML compliance.

In the digital asset space, however, its application has long been debated. In the US, crypto (as “convertible virtual currency”) became explicitly subject to the Travel Rule when FinCEN issued guidance in 2013 and again in 2019, but the rule itself dates back to 1996. Many in the crypto industry have treated it as a requirement specific to crypto companies—something that only virtual asset service providers (VASPs) need to worry about, not banks.  

The July 14 statement changes that. For the first time, US regulators have written the Travel Rule directly into formal interagency guidance for banks engaged in crypto custody:

“Crypto-asset safekeeping relationships are subject to applicable Bank Secrecy Act/anti-money laundering (BSA/AML), countering the financing of terrorism (CFT), and Office of Foreign Assets Control (OFAC) requirements … and follow the Travel Rule.”

— OCC, Federal Reserve, and FDIC, Interagency Statement on Crypto-Asset Safekeeping, July 14, 2025

This explicit mention transforms what was once implicit under broader BSA and AML obligations into a direct supervisory expectation.

How This Fits Into the Broader Regulatory Progression

This joint statement builds on a broader sequence of federal actions that have opened the door for national banks to offer digital-asset custody services. Find the complete timeline in our article on US banking regulators formally clearing national banks to engage in crypto custody.

What matters for this update is the regulatory trajectory: for the first time, the Travel Rule is explicitly written into interagency guidance for crypto-asset safekeeping, marking a shift from implied obligations to clear supervisory expectations.

Implications of Travel Rule Guidance for Banks

For banks entering or expanding crypto custody services, the joint statement removes longstanding ambiguity about compliance expectations. It makes clear that digital asset safekeeping is subject to the same regulatory rigor as traditional banking activities.

Key takeaways for compliance teams and leadership include:

• Compliance is explicit. The Travel Rule is now a named regulatory obligation, not an interpretive assumption.
• Identity-linked data sharing is required. Banks must be able to transmit verified originator and beneficiary information between counterparties.
• Architecture matters. Custody and ledger systems must support Travel Rule compliance, enabling secure data exchange and counterparty verification.
• Governance is essential. Boards, BSA officers, and compliance teams must integrate these requirements into their crypto risk management frameworks.

In short, Travel Rule compliance has evolved from a crypto industry best practice into a baseline expectation for banking supervision.

A Broader Signal for the Industry

The interagency statement doesn’t introduce new supervisory powers. It does, however, codify regulators’ view that Travel Rule compliance is integral to “safe and sound” digital-asset operations.

By positioning the Travel Rule alongside AML, CFT, and OFAC controls, regulators are signaling a convergence: the path forward for crypto custody depends on interoperable compliance infrastructure. Financial institutions will need solutions that make identity sharing seamless across ledgers, institutions, and jurisdictions.

Travel Rule Compliance as a Banking Baseline

The Travel Rule is moving from a crypto-industry guideline to a core requirement in US banking compliance. Firms entering or expanding crypto custody services must treat it not as an optional standard, but as a baseline obligation.

Compliance with the Travel Rule and transaction authorization need to be embedded from day one to operate safely, securely, and in line with regulatory expectations. Meeting these standards will be critical for both operational integrity and regulatory readiness.

Notabene Transact: The Trusted Approach to Travel Rule Compliance

Regulatory clarity is only half the challenge. Banks also need infrastructure that makes compliance operational. Notabene Transact provides that foundation.

Purpose-built for regulated financial institutions, Transact embeds pre-transaction authorization, counterparty verification, and Travel Rule compliance directly into the transaction flow. It automates decisioning before funds move, ensuring every crypto custody transaction is compliant, authorized, and secure.

With the world’s largest active network of Travel Rule–compliant entities, Notabene enables institutions to scale confidently as digital asset regulations mature. Notabene Transact turns Travel Rule compliance into a competitive advantage and a driver of trust. As regulators align expectations across traditional finance and digital assets, embedding trust and transparency into transaction infrastructure will determine which institutions lead the next phase of crypto adoption.