Regulation (EU) 2023/1113 · Applies from 30 December 2024

TFR — the Travel Rule for crypto-asset transfers.

Every crypto transfer between CASPs must now carry full originator and beneficiary information. No de minimis threshold. Plus new rules for transfers to and from unhosted wallets.

Check Your Travel Rule ReadinessBook a demo

What data must travel with every crypto transfer.

Originator (sender)
  • Full name
  • Distributed-ledger address or transaction account number
  • Address — official document, customer ID, or date and place of birth
  • Customer identification number where assigned
Beneficiary (receiver)
  • Full name
  • Distributed-ledger address or transaction account number

Data sent through a TFR-compliant protocol (TRP, IVMS 101, TRUST, etc.) or a secondary channel that satisfies the security requirements of the Regulation.

Transfers to / from unhosted wallets.

The headline change in TFR. Self-hosted wallets aren't banned, but transfers above €1,000 trigger ownership-verification duties.

Below €1,000

Simplified due diligence: collect basic information about the customer's unhosted wallet but no formal ownership verification required.

€1,000 and above

You must verify that the unhosted wallet is owned or controlled by your customer. Cryptographic proof (signed-message challenge), micro-deposits, or equivalent technical means are acceptable.

Risk-based enhanced DD

Transfers above €1,000 to or from a high-risk jurisdiction or third party require enhanced due diligence. Sanctions screening on every transfer regardless of value.

Penalties

Enforced by national AML supervisors. Aligned to the AML Directive framework — pecuniary sanctions, withdrawal of CASP authorisation, public statements naming the breaching entity. Repeated breaches can mean exit from the EU market via MiCA-licence revocation.

How ComplyOne handles TFR.

TFR readiness assessment against EU 2023/1113 — every requirement scored
Wallet-ownership verification policy template (signed message + micro-deposit flows)
IVMS 101 message-format support audit
Counterparty-CASP onboarding due-diligence checklist
Missing-information detection rules and rejection workflow
Sanctions-screening control documentation (EU consolidated list, OFAC, UN)
Enhanced-due-diligence triggers for high-risk transfers
MiCA + TFR paired in one module — same dashboard, same audit trail

TFR — quick answers

When did TFR start applying to crypto?

The recast Transfer of Funds Regulation (EU 2023/1113) entered force on 29 June 2023 and applied from 30 December 2024 — aligned with the MiCA CASP regime. It extends FATF Recommendation 16 (the 'Travel Rule') to crypto-asset transfers.

Is there a minimum-value threshold like the €1,000 fiat threshold?

No. Unlike the €1,000 threshold for fiat wire transfers, the TFR has no de minimis for crypto-asset transfers between CASPs — originator and beneficiary information must travel with every transfer, regardless of value. Unhosted-wallet rules kick in at €1,000.

What about transfers to and from unhosted (self-hosted) wallets?

For transfers ≥ €1,000 to or from an unhosted wallet, the CASP must verify that the wallet belongs to (or is controlled by) its own customer. Acceptable methods include cryptographic proof-of-ownership (signed message), micro-deposits, or other technical means. Below €1,000, simplified due diligence applies.

What if the counterparty CASP doesn't send us complete information?

You have a duty to detect missing or incomplete information. The TFR requires you to have risk-based procedures to decide whether to execute, reject, or suspend the transfer. Repeated non-compliance by a counterparty must be reported to your AML supervisor and may require terminating the business relationship.

Get your Travel Rule readiness score.

See exactly where you stand against TFR — originator/beneficiary data, unhosted-wallet rules, sanctions screening — in minutes.

Start free trialBook a demo