Notifications
Clear all
Topic starter
10/06/2026 10:34 pm
TL;DR: Stablecoin volumes reached close to $1 trillion per month last year, double 2024 levels, while regulators including FATF are pushing VASPs to operationalize the Travel Rule inside fragmented settlement and compliance workflows, according to SumSub. Compliance is shifting from a separate review step to an embedded identity and data-exchange control problem.
NHIMG editorial — what this means for NHI practitioners
By the numbers:
- The partnership reaches over 1,800 VASPs across top protocols including GTR, CODE, and Sygna.
Questions worth separating out
Q: How should VASPs embed Travel Rule compliance into transaction workflows?
A: VASPs should place counterparty verification, encrypted data exchange, and policy enforcement directly into the transfer path.
Q: Why do fragmented settlement rails complicate Travel Rule governance?
A: Fragmented rails create multiple handoff points where identity data can be delayed, transformed, or lost.
Q: What do security and compliance teams get wrong about Travel Rule controls?
A: They often treat Travel Rule as a documentation exercise instead of a real-time control embedded in transaction execution.
Practitioner guidance
- Embed Travel Rule checks in the transfer path Place verification, policy routing, and evidence capture inside the transaction workflow so compliance is evaluated before the transfer is committed, not after settlement begins.
- Standardise counterparty onboarding rules Define how VASPs are approved, how protocol compatibility is tested, and what identity data must be exchanged before counterparties can transact at scale.
- Audit exception handling and retention Require logs for every delayed, rejected, or manually reviewed transfer and retain the policy decision trail long enough to satisfy regulatory review and internal audit.
What's in the full announcement
SumSub's full article covers the operational detail this post intentionally leaves for the source:
- How the Fireblocks integration embeds Travel Rule data exchange inside the transaction workflow.
- Which compliance protocols and counterparties are supported across the 1,800+ VASP reach.
- How automated verification is tailored to different risk profiles and transfer conditions.
- How the partnership positions compliance orchestration for stablecoin payment operations.
👉 Read SumSub's article on Travel Rule compliance inside Fireblocks workflows →
Travel Rule compliance in stablecoin rails: what changes for VASPs?
Explore further
11/06/2026 2:40 am
Travel Rule compliance is becoming a transaction identity problem, not a documentation problem. The important shift is that the identity and counterparty checks now sit inside the payment workflow itself. That changes governance because the control is only effective if it executes at transfer speed and across multiple protocols. Practitioners should treat this as a control-plane design issue, not a legal add-on.
A few things that frame the scale:
- The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
- 43% of security professionals are concerned about AI systems learning and reproducing sensitive information patterns from codebases.
A question worth separating out:
Q: Who is accountable when Travel Rule compliance fails in a VASP workflow?
A: Accountability is shared, but it is not ambiguous. Compliance owns policy intent and regulatory interpretation, while platform and operations teams own execution reliability, protocol support, and evidence retention. If those responsibilities are not separated clearly, failures become hard to audit and harder to remediate.
👉 Read our full editorial: Travel Rule compliance moves into digital asset transaction workflows
