Why is this happening? Because every country is doing its own thing.
The United States maintained the old rule from 1996: a $3,000 threshold. However, FATF recommends $1,000, creating the first split.
Singapore was one of the earliest countries to respond, implementing it on January 28, 2020, with a threshold of 1,500 Singapore dollars. South Korea implemented it on March 25, 2022, with a threshold of 1 million Korean won (about $821). Japan says all transactions must be reported, regardless of amount.
The EU is even more extreme, delaying the implementation of the Transfer of Funds Regulation (TFR) until December 30, 2024, and then saying: we have no threshold, even 1 euro cent must follow the Travel Rule.
What's the result? A $1,500 transfer from the US to the EU, where the US says the Travel Rule is not required, but the EU says it must be applied. Both are "compliant", but the transaction is stuck.
This is not even the most chaotic situation. Israel implemented the Travel Rule in 2021 with zero threshold, but almost no other country connects with it. Canada also has a zero threshold, but its rules are incompatible with other countries.
What is the result of this fragmented approach?
According to Notabene's 2024 industry survey [3], although improved from the previous year (from 52% to 29%), 29% of VASPs continue to indiscriminately send Travel Rule information to all counterparties without any due diligence assessment.
This "wide net" approach actually reflects an awkward reality: most VASPs are just going through the motions, as there is no way to verify whether counterparties actually use this information or are compliant.
DeFi: The Blind Spot of Travel Rule
While regulators are still struggling with the Travel Rule for centralized exchanges, DeFi has completely bypassed this issue.
The premise of the Travel Rule is that a VASP (intermediary) will enforce it.
If I exchange coins directly on Uniswap using MetaMask, then:
Is MetaMask a VASP? It's just a browser plugin
Is Uniswap a VASP? It's just a piece of code
Are Ethereum miners VASPs? They just validate transactions
When parties transact directly point-to-point, there is no intermediary to enforce the Travel Rule.
This is as absurd as asking air to enforce laws.
Who is the Travel Rule supposed to require to act? Ask code to provide KYC information?
FATF's response is that DeFi protocol developers should be considered VASPs.
The absurdity of this logic is equivalent to saying that the inventors of TCP/IP protocol should be responsible for all internet crimes. Because Vitalik Buterin created Ethereum, should he be responsible for all illegal transactions on Ethereum? If Satoshi Nakamoto were still alive, would he be sentenced to life imprisonment?
Criminals' Response: The Art of Smurfing
How do real criminals view the Travel Rule? Probably as a comedy.
Criminals use traditional Smurfing tactics to circumvent the Travel Rule [4], splitting large transactions into smaller ones. Want to transfer $18,000? Split it into 20 transactions of $900, sent from different wallets at different times. Each transaction is below the threshold, so the Travel Rule doesn't apply.
North Korean hackers stole $1.46 billion from Bybit exchange this year - the largest crypto theft in history. Did they use the Travel Rule? Of course not.
In 2024, billions of dollars in cryptocurrencies were used for illegal activities. None of these criminals were caught by the Travel Rule.
Another consequence of the Travel Rule is increased regulatory arbitrage, where each tightening of regulation is like squeezing toothpaste - when you squeeze here, it pops out somewhere else.
Compliance Costs: An Expensive Performance
The Travel Rule brings not solutions, but astronomical compliance bills.
According to estimates, the cost of implementing the Travel Rule for a medium-sized exchange includes:
Technical solution procurement: Annual fee of $100,000-$500,000
System integration transformation: One-time $500,000-$2 million (requires entire trading system overhaul)
Compliance team expansion: Annual salary cost of $200,000-$1 million (requires dedicated Travel Rule compliance officers)
Legal consulting fees: Annual fee of $100,000-$500,000 (different rules in each country require local legal support)
Auditing and reporting: Annual fee of $50,000-$200,000
These are just the visible costs. What about the invisible ones?
These high compliance costs are accelerating market concentration. Giants naturally support the Travel Rule - they can afford compliance costs, while competitors cannot. This is not regulation, this is market cleansing through regulatory costs.
What is the biggest hidden cost? The death of innovation.
A startup team's first considerations are no longer technical innovation, but:
Does this comply with the Travel Rule?
Can we afford compliance costs?
What if we're deemed a VASP?
The result is that innovation either moves to more lenient regulatory environments or is simply abandoned. We are killing 21st-century innovation with 19th-century thinking.
This is the truth of the Travel Rule: spending massive resources to build a useless system that solves nothing except increasing costs, reducing efficiency, and stifling innovation. And ordinary users must pay for this regulatory farce - endless forms, endless audits, endless fees.
Participants in the Regulatory Theater
Current crypto regulation is a carefully choreographed drama where everyone has their own script:
Regulators: "Look, we're implementing the Travel Rule! We're protecting investors!" (Actually knowing it's useless, but needing performance metrics)
Large institutions: "We're fully compliant!" (Actually just going through the motions, asking "Is this your wallet?")
Small institutions: "We're working on compliance!" (Actually thinking about how to move to more lenient regulatory environments)
Users: "I'm cooperating with the Travel Rule!" (Actually already learned how to bypass it)
Criminals: "Travel what Rule?" (Continuing business as usual)
Recognize Reality, But Don't Stop Thinking
By this point, you might ask: So what should we do?
First, let's be clear: this article is not criticizing regulation itself, but pointing out the current situation. The intent of regulation is good - preventing money laundering, protecting investors, maintaining financial stability. These goals are beyond reproach and indeed necessary.
We criticize using the wrong tools to achieve the right goals, like using a hammer to turn a screw - the wrong tool makes efforts futile.
We need to acknowledge a fact: in a decentralized world, traditional regulatory tools have become ineffective. This is not a technical issue, but a normalization problem. Just as you can't manage cars with horse-drawn carriage methods, you can't manage DeFi with bank management methods.
But this doesn't mean abandoning all regulatory efforts. On the contrary, we need new ways of thinking. Good regulation should be like traffic rules - not preventing people from driving, but making the road safer.
Perhaps what we need is not a globally unified standard, but healthy competition among different jurisdictions. Regulatory innovation and technological innovation should proceed in parallel, not in opposition.
This requires strong on-chain data analysis capabilities. Companies like Chainalysis have proven that through behavioral analysis, suspicious transactions can be effectively identified without knowing everyone's identity number. In the future, as the regulatory framework gradually becomes clear, compliance infrastructure will become a key infrastructure for the crypto industry.
What we should call for is not anarchism, but smarter governance. Regulators and practitioners should sit down and have sincere dialogues, understand each other's concerns, and jointly explore regulatory paths suitable for the characteristics of new technologies.
After all, the real enemy is neither regulation nor cryptocurrencies, but those who use technological loopholes to commit crimes. On this point, the goals of regulators and practitioners are consistent.
In Conclusion
Back to the BIS report at the beginning.
On the surface, it is proposing solutions. In reality, it is documenting the end of an era - the jurisdiction of traditional financial order over crypto assets is irreversibly slipping away.
This is the state of crypto regulation in 2025: an expensive game that all participants know is a joke, but must continue to perform.
From the bank wire transfer rule in 1996 to being forcibly transplanted into the crypto world in 2019, the Travel Rule itself is a manifestation of regulatory inertia - using old bottles to hold new wine, managing highways with carriage-era traffic regulations.
As Hayek said: "The road to hell is paved with good intentions." Current crypto regulation might be such a road. The initial intention is good - preventing money laundering, protecting investors, maintaining financial stability. But the result of implementation is increasing friction, hindering innovation, and pushing activities underground.
Pandora's box has been opened, and the decentralized genie will not return to the bottle.
Instead of continuing this doomed war, it is better to think about how to find balance in the new world. What is needed is not stricter rules, but entirely new wisdom.
And this wisdom will obviously not come from regulatory agencies still managing 21st-century technologies with 20th-century thinking.
The future is not a place we go to, but a place we are creating.
We only hope that when history looks back on this era, it will not record it as: Humans once had the opportunity to establish a more open, transparent, and efficient financial system, but ultimately it was ruined by a group of technologically ignorant bureaucrats.
That would be a bigger joke than any regulatory failure.
[1]https://www.bis.org/publ/bisbull111.htm
[4]https://www.merklescience.com/blog/fatfs-travel-rule-and-its-impact-on-vasps
