Sumsub keeps getting questions from our followers about the specifics of regulatory compliance, verification, automated solutions, and everything in between. We’ve therefore decided to launch a monthly Q&A series, where our legal, tech, and other experts answer your most frequently asked questions. Check out The Sumsuber and our social media for new answers, and don’t forget to ask about the things that interest you.
This week’s focus is on Travel Rule compliance, and Anastasia Sakharova, Head of Fintech Compliance at Sumsub, will shed light on whether the Travel Rule applies to decentralized platforms, gambling platforms, or on/off-ramp services.
Follow this monthly series and submit your own questions to our LinkedIn.
The short answer here is: it depends. And it has a lot to do with the complexity behind the Travel Rule itself. As with most regulations, the devil is in the details.
According to the Financial Action Task Force (FATF), the Travel Rule applies to Virtual Asset Service Providers (VASPs) and other obliged entities when they conduct transfers of virtual assets on behalf of customers. FATF defines a VASP not by what a company calls itself, but by what it does. If a business facilitates exchange, transfer, custody, or other financial services involving virtual assets, then it may be subject to the Travel Rule—even if it doesn’t fit the traditional mold.
In DeFi platforms, FATF draws a line between the software (which is not a VASP) and the people behind it—developers, governance bodies, or any entity exercising control. If those individuals or groups play an active role in managing transfers, custody, or other regulated activities, they can indeed fall under the scope of a “VASP”—to which the Travel Rule applies. This functional approach is echoed in the EU’s MiCA regulation, reinforcing the idea that compliance hinges on control and activity—not structure or branding.
For on/off-ramp platforms, the situation also varies. If a platform merely facilitates fiat-to-crypto (or vice versa) conversion without transferring assets outside its own system, the Travel Rule might not apply, or will apply only partially. But if it moves assets to or from other VASPs or unhosted wallets on behalf of users, it likely crosses the threshold into Travel Rule territory.
Gambling platforms require especially careful consideration. FATF guidance notes that Designated Non-Financial Businesses and Professions (DNFBPs)—like gaming sites—must comply with VASP obligations if they engage in virtual asset activities. However, if a platform simply converts deposits into in-game tokens without transfers, the Travel Rule may not apply. And if it offers custody services directly or via VASP, or facilitates withdrawals to third-party wallets, then the Travel Rule compliance may be obligatory.
So, the application of the Travel Rule totally depends on the platform’s actual functions, the level of control exercised, and how assets are handled—not on the label it uses to describe itself.
I would put it this way: in crypto compliance, labels don’t matter—functions do. Regulators constantly refine their frameworks, and enforcement ramps up. So it’s important that platforms, developers, and compliance teams alike understand where they truly sit within the regulatory landscape.
Anastasia Sakharova
Head of Fintech Compliance at Sumsub
