Screening & checksIntermediate

Crypto AML and the Travel Rule, explained

How anti-money-laundering rules apply to crypto: why crypto firms are regulated, the Travel Rule for transfers, the EU's MiCA regime and its July 2026 deadline, stablecoin scrutiny, and what crypto due diligence involves.

Last reviewed 30 June 20266 min read

Crypto is no longer a regulatory grey zone. Cryptoasset businesses are firmly inside the anti-money-laundering perimeter, and 2026 is a pivotal year: the EU's comprehensive crypto regime reaches a hard deadline, and the "Travel Rule" — long standard in banking — now applies to crypto transfers. If you deal with crypto firms, or are one, the AML expectations are concrete and enforced.

Why crypto is regulated

Pseudonymity, speed and borderlessness made crypto attractive for laundering, so regulators brought it inside the AML perimeter. Globally, FATF treats "virtual asset service providers" (VASPs) like other financial institutions. In the UK, cryptoasset businesses must register with the FCA for AML supervision and comply with the Money Laundering Regulations — the same CDD, screening, monitoring and reporting duties as other regulated firms.

The Travel Rule

In traditional banking, identifying information about the payer and payee must accompany a transfer. The Travel Rule extends this to crypto: when a crypto transfer is made between firms, originator and beneficiary information must travel with it.

What
  • Originating firm collects sender + recipient detailssends them with the transfer
  • Beneficiary firm receives the detailsscreens and checks them
  • Either side spots a problemapplies AML measures before completing

MiCA and the 1 July 2026 deadline

The EU's Markets in Crypto-Assets Regulation (MiCA) is the most comprehensive crypto framework yet. Per ESMA, it requires crypto-asset service providers (CASPs) to be authorised to serve EU clients.

1 Jul 2026
the deadline for CASPs relying on transitional arrangements to be MiCA-authorised
4
the regulatory layers in 2026: MiCA, Travel Rule/TFR, AMLA supervision, the AML Regulation
2027
when the EU's Anti-Money Laundering Regulation begins to apply

After the MiCA transitional period ends on 1 July 2026, providing crypto-asset services to EU clients without authorisation is a breach. The EU's new AML authority, AMLA, will directly supervise the largest cross-border crypto firms.

Stablecoins under the microscope

Stablecoins — crypto designed to hold a steady value — attract extra scrutiny because of their payment-like use. Issuers face requirements on reserve management, redemption rights and liquidity. For AML, the concern is the same as any fast, scalable value-transfer mechanism: it must not become a frictionless laundering rail.

What crypto due diligence involves

Crypto
  1. Register and authorise
    Be (or deal with) a properly registered/authorised firm.
  2. KYC the customer
    Identify and verify customers as in any regulated relationship.
  3. Screen
    Check customers against sanctions, PEP and adverse-media sources.
  4. Apply the Travel Rule
    Ensure originator/beneficiary information accompanies transfers.
  5. Use chain analytics
    Assess wallet/transaction risk, including exposure to illicit sources.
  6. Monitor and report
    Watch for suspicious patterns and file SARs where needed.
Knowledge checkCrypto AML: quick check1 / 5

Five questions on crypto compliance in 2026.

What does the Travel Rule require for crypto transfers?

Where Probitas fits

Crypto AML still rests on knowing who you are dealing with. A Probitas check screens individuals and companies — including those behind a crypto business — against sanctions, PEP and adverse media sources, anchored to the public record. It complements chain-analytics tooling by covering the human and corporate layer; the crypto-specific controls and reporting remain yours.

Crypto

Is cryptocurrency regulated for anti-money laundering?

Yes. Cryptoasset businesses are inside the AML perimeter. In the UK they must register with the FCA for AML supervision and comply with the Money Laundering Regulations, and globally FATF treats virtual asset service providers like other financial institutions.

What is the crypto Travel Rule?

A requirement that identifying information about the sender and recipient accompanies a crypto transfer between firms, mirroring the long-standing rule for wire transfers. It lets firms screen and assess transfers for AML risk.

What is MiCA and why does July 2026 matter?

MiCA is the EU's Markets in Crypto-Assets Regulation. 1 July 2026 is the deadline for crypto-asset service providers relying on transitional arrangements to be authorised; after that, serving EU clients without authorisation breaches EU law.

How are self-hosted wallets treated under the Travel Rule?

They are the main challenge, because there is no regulated firm on the other side to exchange information with. Firms apply additional, risk-based measures to transfers involving self-hosted wallets.

Do the usual AML steps still apply to crypto?

Yes. Customer due diligence, sanctions and PEP screening, transaction monitoring and suspicious-activity reporting all apply. Crypto adds specific mechanics like the Travel Rule and blockchain analytics on top of these fundamentals.

Sources

This guide is written from primary sources. Each is linked below; claims in the text link to the specific reference they rely on.

  1. GOV.UK — Cryptoasset firms: registering with the FCA for AML supervision
  2. FATF — Virtual assets and virtual asset service providers
  3. ESMA — Markets in Crypto-Assets Regulation (MiCA)
  4. The Money Laundering Regulations 2017 (legislation.gov.uk)

Continue reading