TL;DR: Compliance and transparency have improved since 2019 under the FATF Travel Rule, according to SumSub’s whitepaper, but technical fragmentation, uneven enforcement, and regulatory gaps still limit its impact, leaving full transparency only partially realised. The remaining issue is not policy intent but operational consistency across jurisdictions and providers.
NHIMG editorial — based on content published by Sumsub: The Travel Rule Whitepaper
Questions worth separating out
Q: How should compliance teams handle Travel Rule obligations across multiple jurisdictions?
A: They should build a jurisdiction-by-jurisdiction control map that records which identity fields, verification steps, and evidence standards apply in each region.
Q: When does Travel Rule compliance fail in practice?
A: It fails when firms assume policy adoption is enough and do not verify whether identity data can actually be exchanged, validated, and retained across counterparties.
Q: What do teams get wrong about Travel Rule implementation?
A: They often focus on producing a policy answer instead of proving operational consistency.
Practitioner guidance
- Map jurisdictional implementation variance Document how Travel Rule obligations differ across the jurisdictions you operate in, then identify where local interpretations create gaps in evidence collection, message handling, or counterparty verification.
- Test interoperability before production rollout Validate end-to-end transfer messaging between counterparties, including field completeness, format compatibility, and exception handling, before treating a Travel Rule integration as operationally ready.
- Raise identity data quality thresholds Define minimum quality checks for originator and beneficiary data so incomplete, inconsistent, or unverifiable records do not pass as compliant transaction evidence.
What's in the full report
Sumsub's full whitepaper covers the operational detail this post intentionally leaves for the source:
- Kat Cloud's direct observations on where Travel Rule implementation breaks down in real customer environments
- Practical policy recommendations for strengthening transparency across the crypto compliance workflow
- A closer look at how the Travel Rule affects broader crypto ecosystem operations and not just isolated transfer checks
- The whitepaper's framing of implementation gaps that persist more than five years after introduction
👉 Read Sumsub's whitepaper on whether the Travel Rule has delivered transparency →
Travel Rule transparency: what compliance teams still need to fix?
Explore further
Travel Rule compliance is an interoperability problem before it is a legal problem. The whitepaper shows that partial transparency persists because firms cannot consistently exchange, interpret, and act on identity data across fragmented systems. That makes the control uneven even where policy intent is clear. Practitioners should treat the control surface as a multi-party data exchange problem, not a static reporting obligation.
A few things that frame the scale:
- The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap, according to The State of Secrets in AppSec.
A question worth separating out:
Q: How do organisations know whether Travel Rule controls are working?
A: They should measure successful data exchange rates, exception volumes, reconciliation quality, and the proportion of transactions that can be traced end to end without manual repair. If those signals are weak, the control is not producing real transparency even if the policy exists.
👉 Read our full editorial: Travel Rule transparency is still only partially realised