TL;DR: Cross-border Travel Rule compliance remains difficult because regulatory disparities, DeFi integration, and solution interoperability still fragment implementation, according to Sumsub’s guide with Mercuryo. The operational lesson is that compliance programmes must be designed around jurisdictional variance and partner execution, not just policy intent.
NHIMG editorial — based on content published by Sumsub: Mastering Travel Rule Compliance
Questions worth separating out
Q: How should teams implement Travel Rule compliance across multiple jurisdictions?
A: They should start with a jurisdiction-by-jurisdiction control map that covers data fields, transmission rules, thresholds, and retention obligations.
Q: Why do Travel Rule programmes become harder when partners are involved?
A: Because compliance becomes an inter-organisation workflow, not a single-firm process.
Q: What breaks when Travel Rule controls are applied globally without localisation?
A: Localised regulatory differences can make a centrally designed workflow incomplete, overly manual, or non-compliant.
Practitioner guidance
- Map jurisdiction-specific obligations Create a country-by-country matrix for data fields, thresholds, retention expectations, and exception handling so implementation teams do not assume one rule set fits all markets.
- Formalise partner control requirements Define what each counterparty must provide for message completeness, identity verification, and audit logging before integration testing begins.
- Test compliance evidence flows end to end Run transaction simulations that verify provenance, transmission, and escalation paths across all participating systems, including failure and fallback states.
What's in the full article
Sumsub's full guide covers the operational detail this post intentionally leaves for the source:
- Practical steps for aligning Travel Rule workflows with regulatory differences across countries and regions.
- Partnership patterns showing how Sumsub and Mercuryo structured compliance execution across platforms.
- Guidance on secure protocols and cross-border transparency for AML/CFT, fraud prevention, and risk mitigation.
- Discussion of regulatory sandboxes and innovation hubs that help shape implementation choices.
👉 Read Sumsub's guide on mastering Travel Rule compliance →
Travel Rule compliance across borders: where teams still struggle?
Explore further
Travel Rule compliance fails when firms treat jurisdictional consistency as a given. The article shows that global adoption is slowed less by one missing control than by uneven regulatory interpretation, operational readiness, and partner capability. That means the core problem is not policy absence but policy portability. Practitioners should treat cross-border consistency as a governance dependency, not an assumption.
A few things that frame the scale:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
- A separate finding shows only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, which reinforces how quickly trust gaps appear when identity flows cross organisational boundaries.
A question worth separating out:
Q: Which frameworks should compliance teams use to govern cross-border identity and transaction checks?
A: Teams should align programme design with the NIST Cybersecurity Framework 2.0 for governance discipline and use risk-based control mapping to support monitoring, response, and recovery. For regulated financial activity, they should also account for local AML/CFT obligations and supervisory guidance in each operating jurisdiction.
👉 Read our full editorial: Travel Rule compliance still hinges on cross-border regulatory alignment