Skip to content
Contact us
Solutions/Travel Rule compliance

Travel Rule compliance without transmitting raw PII to counterparty VASPs

T3 Verify satisfies FATF Travel Rule disclosure requirements through verifiable credential exchange. Originator and beneficiary data is shared as cryptographic proofs rather than data files.

The problem

The Travel Rule requires sharing information. Accumulating it creates the problem.

Every qualifying transaction under FATF Travel Rule triggers a data transfer between VASPs. The prevailing approach transmits raw PII — creating a GDPR exposure, a residency issue, and a breach vector at every transfer.

Raw PII transfer creates liability at every VASP in the chain

When originator and beneficiary data is transmitted as a data file, the receiving VASP becomes a holder of that customer's personal information, inheriting all the GDPR, residency, and breach obligations that entails.

No standard protocol: bilateral agreements don't scale

Current Travel Rule compliance relies on bilateral data-sharing agreements, proprietary protocol memberships (TRISA, OpenVASP), or ad-hoc disclosure. None of these scale to the size of the global VASP ecosystem.

Wallet-level KYC doesn't exist at transaction time

Most VASPs run KYC at account onboarding, not at the wallet level. When a transaction triggers Travel Rule requirements, a real-time KYC look-up is needed, adding latency to a system built for speed.

The solution

Cross-border compliance without cross-border data

Satisfy Travel Rule without transmitting PII files

T3 credentials carry originator and beneficiary claims as cryptographic proofs. The receiving VASP verifies the proof, confirming identity and compliance status, without receiving a raw data file to store, secure, and manage.

No new GDPR exposure at the point of disclosure

Credential exchange doesn't create a new PII-holding event at the receiving VASP. The proof confirms what the regulation requires; the underlying personal data stays with the issuing institution.

Works across all FATF jurisdictions without bilateral agreements

T3 credentials use W3C Verifiable Credentials and OpenID for VCs. Any VASP can accept them without a bilateral data-sharing agreement, proprietary Travel Rule protocol membership, or custom integration.

Wallet-bound credentials available at transaction time

KYC/AML credentials anchored to wallets at creation are available for Travel Rule presentation the moment a transaction requires them, with no real-time KYC look-up and no latency at the point of transfer.

Features

The tools that power Travel Rule compliance

T3 Verify packages and verifies Travel Rule credentials. T3 Identity anchors KYC to wallets at creation.

Originator and beneficiary data as verifiable proofs

T3 Verify packages originator and beneficiary KYC data as W3C Verifiable Credentials. Receiving VASPs verify the proofs against the issuing VASP's public key, confirming compliance status without receiving the raw personal data.

Built for FATF compliance

VASP-grade Travel Rule infrastructure

FATF Travel Rule-aligned credential structure

T3 credentials carry the originator and beneficiary fields required by FATF Travel Rule, with IVMS101-compatible claims encoded in the W3C VC data model for portable, verifiable exchange between VASPs.

W3C Verifiable Credentials

Any VASP running OpenID for VCs or a W3C DID-compatible verification layer can accept T3 Travel Rule credentials with no TRISA, OpenVASP, or other proprietary protocol membership required.

Quantum-resistant signing

Travel Rule credentials are signed using FIPS 204 post-quantum cryptography. Compliance records remain cryptographically valid against future threats targeting financial transaction data.

For developers

Integrate Travel Rule credential exchange into your VASP infrastructure

T3 wraps your existing transaction monitoring stack. Submit originator and beneficiary data; receive a Travel Rule-compliant credential proof without building bilateral VASP integrations.

Security & compliance

Built for institutions that operate across regulated jurisdictions

We take security seriously and have implemented robust measures to protect your data.

AICPA SOC 2 certificationSOC 2 Type 1SOC 2 Type 2ISO27001GDPR ready
T3 credentials are designed to carry the information required by FATF Travel Rule and are compatible with IVMS101 data standards. Whether a T3-based disclosure satisfies a specific jurisdiction's implementation depends on local regulatory guidance. T3 is designed to align with FATF standards and major jurisdiction implementations including MAS, FINTRAC, and EU AMLR.
No. Any VASP running OpenID for VCs or a W3C DID-compatible verification layer can verify T3 Travel Rule credentials. Acceptance requires no bilateral agreement, no proprietary protocol membership, and no integration with T3's network.
Wallet-bound credentials are pre-issued at the time of onboarding. When a transaction triggers Travel Rule requirements, the credential is available immediately with no real-time KYC look-up required and no latency at the point of transfer.
If a VASP revokes a wallet credential, for example following a SAR filing or KYC expiry, revocation propagates immediately. Future presentations of that credential return invalid. Prior completed transactions are unaffected.
Ready to build

Travel Rule compliance — without the PII transfer problem

Talk to our team about verifiable credential-based Travel Rule disclosure for your VASP.