Travel rule expansion for crypto transfers: where do controls fail?

TL;DR: South Korea’s FIU wants FATF travel rule requirements extended to smaller crypto transfers after identifying smurfing tactics that split transactions to avoid identity checks and reporting thresholds, according to SumSub. The policy gap shows why threshold-based AML controls can be bypassed by transaction fragmentation and cross-border routing.

NHIMG editorial — based on content published by SumSub: South Korea seeks tighter Travel Rule requirements for crypto transfers

By the numbers:

• South Korea currently applies Travel Rule obligations to crypto transfers exceeding 1 million won (approximately $650–700).
• Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
• 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.

Questions worth separating out

Q: How should organisations detect smurfing in crypto transactions?

A: They should monitor repeated low-value transfers across the same wallets, counterparties, IP ranges, or time windows, rather than relying only on single-transaction thresholds.

Q: Why do fixed travel rule thresholds create compliance gaps?

A: Fixed thresholds create gaps because they assume risk appears only when a single transaction is large.

Q: What do AML teams get wrong about offshore crypto platforms?

A: They often treat offshore platforms as a reporting issue instead of an identity assurance issue.

Practitioner guidance

• Recalibrate alerting around transfer patterns Add pattern-level detection for repeated sub-threshold transfers across shared counterparties, shared wallets, and clustered time windows.
• Classify counterparty risk by jurisdiction and licence status Require the receiving platform’s licensing, supervision, and offshore exposure to be part of transaction approval and escalation logic.
• Extend Travel Rule governance to smaller transfers Review whether domestic policy thresholds still match the risk model, then apply enhanced due diligence to repeat small transfers that collectively resemble laundering behaviour.

What's in the full analysis

SumSub's full article covers the policy detail this post intentionally leaves for the source:

• The proposed FATF scope expansion for smaller crypto transfers and why regulators are revisiting the 1 million won threshold.
• The role of originating and receiving virtual asset service providers in sharing sender and recipient information.
• The policy implications of offshore and unregistered platforms for cross-border AML oversight.
• The broader FATF discussion context around virtual asset regulation and DeFi-related reporting.

👉 Read SumSub’s analysis of South Korea’s Travel Rule expansion proposal →

Travel rule expansion for crypto transfers: where do controls fail?

Explore further

View Full Forum →  |  NHI Foundation Course →