The FATF Travel Rule in 2026: What Actually Changed

# The FATF Travel Rule in 2026: What Actually Changed IGInfocredit Group February 18, 2026 7 min read FATF's revised Recommendation 16 closes the most-exploited loopholes in virtual asset transfers — sub-threshold structuring, unhosted-wallet ambiguity, and inconsistent counterparty due diligence. Here's what compliance teams need to operationalise. When the Financial Action Task Force first extended **Recommendation 16** to virtual assets in 2019, adoption was uneven. By FATF's own 2024 targeted update, only **32 of 94 assessed jurisdictions** had fully or largely implemented the Travel Rule. The 2026 revisions — combined with the EU Transfer of Funds Regulation and the US Treasury's amended FinCEN rule — have tightened the screws considerably. The €1,000 threshold is gone in the EU Under the EU Transfer of Funds Regulation (TFR), **all** crypto transfers between CASPs must carry full originator and beneficiary information, regardless of value. The €1,000 de-minimis threshold only applies to transfers involving self-hosted wallets — and even then, additional verification is required above that amount. ## Three Changes That Matter Operationally ### 1\. Counterparty due diligence is now explicit Under the revised Interpretive Note to R.16, before transmitting Travel Rule data, the originating VASP must take "reasonable measures" to identify whether the beneficiary institution is itself a regulated entity, an unregulated counterparty, or a self-hosted wallet. In practice this means maintaining a continuously updated **VASP counterparty register** with licensing status, jurisdiction risk rating, and last verification date. ### 2\. Self-hosted wallets need risk-based controls Both FATF and the EU TFR stop short of banning transfers to self-hosted wallets, but require enhanced controls above €1,000 — typically wallet-address attribution, proof of ownership (e.g. Satoshi test, signed message), and screening against on-chain risk intelligence. ### 3\. Sunrise issues require fallback procedures Where a counterparty VASP cannot receive Travel Rule data — whether for technical, regulatory or jurisdictional reasons — firms must have a documented fallback: delay, reject, or proceed with enhanced due diligence and senior approval. Supervisors expect this decision tree to be codified in policy, not improvised by analysts. ## Implementation Patterns We See Working Single source of truth for the VASP counterparty register, refreshed at least monthly against authoritative regulator lists IVMS 101 message validation at ingestion — reject malformed payloads before they enter the case-management queue On-chain analytics enrichment for every inbound transfer above the EDD threshold, not just flagged ones Quarterly fire-drill on the sunrise fallback procedure with documented test results For a deeper walk-through of how Travel Rule controls fit into a broader MiCA programme, download our [MiCA Readiness Checklist](https://compliancesuite.ai/resources/mica-checklist) or speak to our [crypto-compliance team](https://compliancesuite.ai/contact). ## Turn compliance into your competitive advantage. See how ComplianceSuite.ai's four pillars can transform your KYC, AML, fraud, and transaction-monitoring workflows. [Book a demo](https://compliancesuite.ai/contact) [More insights](https://compliancesuite.ai/insights) ## We value your privacy We use essential cookies to make ComplianceSuite work. With your consent, we'll also use analytics and marketing cookies to improve the site and measure campaign performance. You can change your choice at any time. Read our [Privacy Policy](https://compliancesuite.ai/privacy) and [Cookie Notice](https://compliancesuite.ai/cookies). CustomiseReject non-essentialAccept all