Ask Sumsubers: How can the Travel Rule be applied in case of a transfer where one side is an unhosted wallet?

Piotr Antypiuk

Head of Crypto Product

Sumsub keeps getting questions from our followers about the specifics of regulatory compliance, verification, automated solutions, and everything in between. We’ve therefore decided to launch a bi-weekly Q&A series, where our legal, tech, and other experts answer your most frequently asked questions. Check out The Sumsuber and our social media every other Thursday for new answers, and don’t forget to ask about the things that interest you.

This week, our Head of Crypto Product, Piotr Antypiuk will talk about the specifics of the Travel Rule.

Follow this bi-weekly series and submit your own questions to our Instagram and LinkedIn.

How can the Travel Rule be applied in case of a transfer where one side is an unhosted wallet?

Let’s start from the basics. Unhosted wallets (often referred to as non-custodial wallets) are maintained directly by their controllers, whereas hosted wallets (custodial wallets) are controlled indirectly, often through a Virtual Asset Service Provider (VASP).

To put it bluntly, when you rely on a third party (custodian) to control your wallet, you deal with a hosted wallet. Your account on a centralized exchange (CEX) will most likely be a hosted wallet. Conversely, when you are the only person in charge of your wallet (no custodians involved), your wallet should be considered unhosted.

Financial Action Fast Force’s recommendations include collecting data on the beneficiary and the originator, assessing the risks, and taking mitigating measures. The regulatory requirements for transactions involving unhosted wallets differ by jurisdiction. Regulators highlight the key risk that unhosted wallets operate outside of VASPs and therefore outside of the regulatory regime (i.e. their beneficial ownership is often unknown), recommending that VASPs apply a risk-based approach when interacting with unhosted wallets.

For example, countries have taken the following approaches:

Collecting data about the originator and beneficiary from the client, whether they are a beneficiary or an originator (e.g., EU, UK, Gibraltar)
Applying Enhanced Due Diligence (EDD), including enhanced transaction monitoring measures (e.g., Liechtenstein, Hong Kong)
Validating control of ownership over the unhosted wallet (e.g. EU, Switzerland, Singapore, Hong Kong)

The complete list of regulatory requirements by jurisdiction can be found here.

The Travel Rule does not apply when both transaction counterparties are unhosted wallets.

Sumsub has partnered with leading Blockchain Analytics providers to assist in identifying risks associated with unhosted wallets taking part in a virtual asset transaction and conducting all relevant AML checks.

Our Travel Rule solution allows unhosted wallet controllers to securely prove they own or control the unhosted wallet using a cryptographic signature.

You can find more details on our Travel Rule solution here.