Brazil’s Travel Rule Era: Inside the New Compliance Reality for VASPs

In today’s interview, we sat down with Amanda Peçanha, Chief Compliance Officer at Trace Finance, to talk about the Travel Rule compliance in Brazil and what it means for VASPs and crypto platforms.

THE SUMSUBER: Thank you for joining us today, Amanda. Now that Brazil’s VASP authorization regime is in force as of February 2026, how has the implementation of the Travel Rule changed compliance expectations for local and foreign VASPs?

AMANDA: The changes to the regime that were introduced in February 2026 go beyond just the Travel Rule itself and show that regulators are working on a more structured and supervised regulatory framework for VASPs in Brazil. Within this transformation, the Travel Rule has been one of the most impactful elements in raising compliance expectations.

The Central Bank’s authorization regime, combined with Travel Rule enforcement, has served to get Brazil closer to international compliance standards. Now, it’s expected of Brazilian crypto platforms to use end-to-end transaction traceability, proper identification of originators and beneficiaries, and secure data sharing across all regulated entities that are involved in the transaction flow—including VASPs, banks, and other payment institutions.

Previously, the crypto market operated with uneven maturity levels, and it was often limited to basic KYC and transaction monitoring. Today, however, compliance is more structured and embedded into AML and CFT frameworks, and it’s treated less and less as a standalone control. Institutions are also expected to apply a refined, risk-based segmentation of counterparties and to distinguish between regulated VASPs, non-regulated entities, and self-hosted wallets more clearly.

For foreign VASPs, this regulatory shift has been more structural. It is worth noting that the market is still in a transition period: while the authorization framework came into force in February 2026, existing VASPs have until October 30, 2026 to submit their authorization requests or formalize partnerships with licensed local institutions. Brazil is moving away from an open-access model, and global players have already begun establishing local operations or forming strategic partnerships and embedding compliance into their operating models ahead of that deadline.

THE SUMSUBER: Can you describe how Brazilian VASPs currently handle Travel Rule compliance on a day-to-day basis, particularly for domestic vs. anticipated cross-border transactions?

AMANDA: Unlike before, Travel Rule compliance is now embedded directly into the transaction lifecycle. This process begins by ensuring that originator data is complete, standardized, and readily available when a transaction is initiated. After a transfer request, VASPs first identify and classify the counterparty and decide whether it’s a regulated VASP, another financial institution, or a self-hosted wallet. This classification is actually what determines how the transaction will proceed.

For transactions that involve regulated counterparties, originator and beneficiary data must be exchanged before execution. These transactions can proceed only once the minimum data requirements are met and, in some cases, after they get acknowledged by the receiving institution.

If the counterparty cannot be verified or does not meet compliance requirements, the transaction will be delayed, flagged, or blocked. Transactions involving self-hosted wallets require additional controls, such as enhanced monitoring or additional user verification. Under Resolution BCB 521, transfers to or from self-hosted wallets are subject to Brazil’s foreign exchange framework starting May 2026, adding a specific regulatory layer beyond standard monitoring.

These checks are increasingly automated and built into transaction systems because this offers better real-time validation, screening, and decision-making.

Domestically, though, operational efficiency depends on whether institutions are aligned in their Travel Rule capabilities. Cross-border transactions tend to be more predictable when dealing with jurisdictions that have already implemented similar frameworks, although the process often requires additional checks.

Overall, Travel Rule compliance now directly affects whether and how transactions are executed instead of being a back-office function.

THE SUMSUBER: In your opinion, what technical implementation challenges have VASPs encountered (such as identity verification, wallet ownership validation for self-hosted wallets, and data reporting) in adapting to Brazil’s Travel Rule?

AMANDA: The main challenges have been operational rather than conceptual, because translating clear regulatory expectations into scalable systems has proven quite complex.

One key challenge I’ve seen is upgrading identity verification. Traditional KYC processes weren’t designed for ongoing data sharing between institutions, and Travel Rule requires higher data accuracy, consistency, and standardization. This problem has forced many VASPs to remediate legacy customer data.

Wallet ownership verification, especially for self-hosted wallets, is another major issue. Without a counterparty institution, verification has to rely on methods such as proof of control or blockchain analysis, which are not fully standardized. The result of this is that these transactions are treated as higher risk.

Standardization of data and interoperability also continue to be significant hurdles because there’s no universal standard for the messaging. The differences in data formats and protocols can lead to mismatches and delays, which result in failed transactions. In addition to those, aligning local identifiers like CPF and CNPJ with international formats adds even more complexity.

Finally, institutions must make sure that data transmission, auditability, and real-time processing are secure. Building systems that support all of this has required substantial investment, especially given the need to maintain the speed and quality of the user experience.

THE SUMSUBER: Thank you for clarifying that. Now, how do foreign VASPs navigate the requirement to either establish a Brazilian entity or partner with a licensed provider to continue working in the Brazilian market? What have been the biggest hurdles for them?

AMANDA: The first approach of the two possible ones would be to establish a local regulated entity, which involves things like obtaining authorization from the Central Bank and fully aligning with Brazilian compliance requirements. It’s usually the larger players with sufficient resources that pursue this method.

The second one is forming partnerships with licensed local institutions, which allows foreign VASPs to access the market more quickly. They have to do so while leveraging local expertise in compliance, banking relationships, and regulatory expectations.

Both of these approaches require significant localization. A key challenge for them has been adapting global compliance frameworks to Brazilian requirements, such as local identifiers, reporting obligations, and regulatory engagement.

In partnership models, they need to clearly define responsibilities across onboarding, monitoring, and data sharing, which is critical in order to avoid regulatory exposure. At the same time, institutions need to find a way to balance staying compliant with user experience and operational efficiency. 

THE SUMSUBER: To what extent has the Central Bank of Brazil’s guidance (including Normative Instruction No. 704) helped to clarify obligations for Travel Rule and authorization procedures for VASPs? What gaps do you think remain currently?

AMANDA: When it comes to the Travel Rule obligations, Brazil has taken a principle-based approach by embedding Travel Rule requirements into broader AML/CFT obligations rather than treating them as a standalone rule.

The primary regulatory foundation is Resolution BCB 520/2025, which governs how VASPs operate and establishes the AML/CFT framework, including Travel Rule requirements. Normative Instruction No. 704 complements this by structuring the authorization process in two phases, with the first deadline set for October 30, 2026.

On implementation timelines, the Central Bank has adopted a phased approach under Resolution 520, with full Travel Rule compliance becoming mandatory starting February 2, 2028. This gives crypto firms time to build the necessary technological and operational readiness before the deadline.

However, gaps remain. The most significant is the lack of standardized technical frameworks for data exchange  without a mandated protocol, institutions will inevitably face interoperability challenges. Guidance on specific scenarios, such as transactions involving self-hosted wallets and non-regulated entities, is also very limited. Institutions must rely on internal risk-based approaches to fill these gaps, which often leads to inconsistent practices across the market.

Greater clarity on roles and responsibilities across transaction chains, as well as on exception handling, would help close those gaps and improve consistency.

THE SUMSUBER: Smaller exchanges and emerging crypto businesses often cite capital, compliance, and reporting burdens. How has the Travel Rule regime affected competition, innovation, and market participation for smaller VASPs?

AMANDA: It has significantly increased the cost and complexity of operating in Brazil. Compliance now requires measures such as having an advanced infrastructure, continuous monitoring, and being able to reliably exchange data.

For smaller VASPs, this creates barriers to entry and may lead to market consolidation, but it also contributes to a more secure and resilient ecosystem in which participants are better equipped to manage risk.

While higher compliance burdens can slow innovation for VASPs, they also encourage more sustainable business models that are built on strong regulatory foundations.

THE SUMSUBER: As Brazil phases in cross-border Travel Rule compliance, what do VASPs see as the biggest interoperability challenges with foreign counterparts or international standards?

AMANDA: The main challenge at the current time would be the lack of alignment in technical standards and data structures in different jurisdictions. Even compliant institutions can face difficulties when exchanging information because of differences in format and protocols.

Another prominent issue here is interoperability. Since different VASPs can operate on different communication networks, seamless data exchange can be limited and may require fallback procedures.

There is also added fragmentation when dealing with jurisdictions that have not fully implemented the Travel Rule or if they apply different interpretations. This creates uncertainty in how transactions should be handled.

Overall, the challenge is more about applying these rules consistently across a fragmented global ecosystem than it is about understanding it.

THE SUMSUBER: Finally, looking ahead, what refinements or additional guidance would you hope to see from Brazilian regulators to improve Travel Rule implementation and overall digital assets compliance?

AMANDA: The next phase should focus on technical clarity and standardization. More specifically, I would like to see the Central Bank publish defined guidance on data formats and transmission protocols, which would significantly improve interoperability. Clearer validation requirements for transactions involving self-hosted wallets and non-regulated counterparties would reduce ambiguity and inconsistency across the market. Further guidance on roles, responsibilities, and exception handling would also support more uniform implementation.

Looking at the next 12 to 18 months specifically, I expect the BCB to engage the industry in a structured dialogue, potentially through public consultations or sandbox initiatives,  to address these technical gaps before the February 2028 deadline. The priority should not be expanding the regulatory perimeter, but refining its practical application in a way that is both operationally viable and aligned with international standards such as the FATF Recommendation 16 framework.

Travel Rule compliance without the friction

Learn what to look for in a Travel Rule compliance solution with our Travel Rule Buyer's Guide

Get your copy