CRYPTOASSETS AND COMPLIANCE UNDER THE EU TRAVEL RULE

Mapa normativo europeo sobre la aplicación de la Travel Rule a transferencias de criptoactivos según el Reglamento (UE) 2023/1113

Implementation of the Travel Rule in Europe and Spain: Current Requirements and Outstanding Challenges

Introduction
On June 26, 2025, the Financial Action Task Force (FATF) published an updated report on the implementation of its standards for Anti-Money Laundering and Counter-Terrorist Financing (AML/CFT) regarding Virtual Assets (VAs) and Virtual Asset Service Providers (VASPs or CASPs). The report highlighted notable regulatory progress, while also identifying persistent gaps. One of the key findings was the low level of effective implementation of the so-called Travel Rule, despite its critical role in combating financial crime.

In the European context, the legal framework has evolved in a harmonised manner, particularly with the entry into force of Regulation (EU) 2023/1113 on information accompanying transfers of funds and certain crypto-assets, and Regulation (EU) 2023/1114 on crypto-asset markets (MiCA). Both have been applicable since December 30, 2024.

The Travel Rule: A Key FATF Requirement
FATF Recommendation 16 —commonly known as the Travel Rule— requires VASPs to obtain, hold and transmit information about both the originator and the beneficiary in any transfer of virtual assets, immediately and securely, and before the transaction is processed.

According to the June 2025 report, although 73% of jurisdictions surveyed have adopted legislation to implement the Travel Rule, less than half have put in place effective supervision and enforcement mechanisms. Significant difficulties persist in identifying actual responsible parties, especially within DeFi ecosystems or extraterritorial structures.

Europe: Harmonisation through Regulation (EU) 2023/1113
Regulation 2023/1113 establishes a uniform EU-wide framework for applying the Travel Rule to crypto-asset transfers. Key obligations include:

  • Collection and transmission of data:

    • Originator: name, address, ID number or wallet address.

    • Beneficiary: name and wallet address.

    • Additional information when the transfer exceeds EUR 1,000 or poses a risk.

  • Identity verification:

    • Required when the user acts through the same CASP.

  • Immediate and secure transmission alongside the transaction.

  • Execution halt obligation:

    • Transfers must not be executed if the required information is missing.

  • Chain liability:

    • All involved CASPs must ensure compliance with the Travel Rule.

Spain: Regulatory Status and Transition to MiCA
In Spain, the Bank of Spain Register —in force since 2021— has ceased accepting new applications and remains active for information purposes only. Entities already registered may continue operations until December 31, 2025 or until they obtain a MiCA authorisation from the CNMV, whichever comes first.

As Regulation 2023/1113 is directly applicable, no transposition is needed in Spain. The CNMV is now the competent authority for issuing MiCA licences under the new European framework.

Outstanding Challenges
The FATF report identifies several challenges that also apply to the Spanish environment:

  • Difficulty in identifying and supervising offshore operators offering services to EU residents without registration.

  • Technological interoperability issues between CASPs for secure and automatic data transmission.

  • Widespread use of privacy-focused stablecoins such as USDT on the Tron network.

  • Proliferation of complex scams (e.g. investment and romance frauds), increasingly hard to trace.

  • Lack of effective sanctions against non-compliance, despite the binding nature of the rule.

The Travel Rule is now a fully applicable legal obligation in Europe and Spain, and a fundamental tool in tracing virtual assets to combat money laundering and terrorism financing. However, its effectiveness hinges on technological adaptation by market participants, regulatory coordination, and the implementation of meaningful enforcement measures.

At Summons Abogados, we assist our clients —crypto service providers— in developing internal compliance protocols, obtaining MiCA licences, and assessing regulatory risks arising from virtual asset operations.

Logo digitalizadores 1920px fondo blanco
Scroll to Top
summons
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.