Back

Isle of Man Travel Rule: What VASPs Need to Know

3 Feb, 2026

The Isle of Man’s Travel Rule (Transfer of Virtual Assets) Code 2024 came into effect on 28 October 2024. The Code falls under section 157 of the Proceeds of Crime Act 2008 and section 68 of the Terrorism and Other Crime (Financial Restrictions) Act 2014.

Understanding the Regulatory Obligations for VASPs

Scope of the Travel Rule in the Isle of Man

The Travel Rule applies to any natural or legal person that qualifies as a virtual asset service provider (VASP), or that offers VASP services or activities on behalf of another natural or legal person.

Under the regulatory framework, VASP activities include:

The exchange of virtual assets for fiat currencies;
The exchange between one or more forms of virtual assets;
The transfer of virtual assets;
The safekeeping and/or administration of virtual assets, or instruments that enable control over virtual assets;
Participation in, and the provision of, financial services related to the issuance, offer, or sale of a virtual asset.

Moreover, the Travel Rule extends to intermediary VASPs. Per Code 2024, these are service providers that facilitate the exchange, transfer, safekeeping, or administration of virtual assets for another VASP involved in a transaction, even where the intermediary does not maintain a direct business relationship with either the originator or the beneficiary.

Required Travel Rule Data

When sending assets, originator VASPs (relevant person*) must obtain, hold and submit the required Travel Rule data to their counterparty immediately and securely. This data includes:

originator’s name;
originator’s account number (unique account identifier);
beneficiary’s name;
beneficiary’s account number (unique account identifier);

Where the originator and beneficiary do not have an account number, a unique transaction identifier must be provided, along with one of the following data points:

originator’s address;
originator’s national identification number;
originator’s date and place of birth.

Code 2024 8(1) notes that when the transaction falls under EUR 1000 (de minimis transfers), the originator's address, official personal document number, and date and place of birth need not be provided.

When a single originator sends a group of transfers (a batch file transfer), the above information does not need to accompany each transfer, but must be provided once off. However, each transfer must contain the originator’s account number or unique transaction identifier.

Where the originator is a legal entity, the originator VASP must obtain and retain key identifying information, including the registered or trading name, a unique account or transaction identifier, and the registered office address or principal place of business.

*Relevant person: “a person carrying on business in the regulated sector which is included in paragraphs 2(6)(a) to (t) of Schedule 4 to the Proceeds of Crime Act 2008.”

Obligations of Beneficiary VASPs

When receiving a transaction, beneficiary VASPs must ensure that the required Travel Rule information is received and accurate, and that it is consistent with their own records. This includes the beneficiary’s name and, where applicable, their unique account identifier.

When receiving a transaction, beneficiary VASPs must ensure that effective risk-based policies and procedures are in place. These policies and procedures must identify missing, incomplete or inconsistent Travel Rule information.

How Beneficiary VASPs Must Handle Missing Travel Rule Information

In the event of missing, incomplete or inconsistent Travel Rule information, the beneficiary VASP must determine the appropriate course of action.

This includes determining:

whether a transfer should be applied to the beneficiary’s account;
the appropriate follow-up action to ensure compliance;
whether an internal disclosure is required.

Where the beneficiary is a legal entity, the beneficiary VASP must obtain and retain key identifying information, including the registered or trading name, a unique account or transaction identifier, and the registered office address or principal place of business.

Self-Hosted Wallets (Unhosted Wallets)

Self-hosted wallets fall within the Isle of Man’s Travel Rule framework.

According to Code 2024: “Where a relevant person is facilitating an unhosted wallet transfer, the relevant person must obtain from its customer (whether originator or beneficiary) the information specified in paragraph 5(2)(a) to (e).”

That is, VASPs must collect the following information from their customers:

originator’s name;
originator’s account number (unique account identifier);
beneficiary’s name;
beneficiary’s account number (unique account identifier);

Where the originator and beneficiary do not have an account number, a unique transaction identifier must be provided

Customer Due Diligence and Record Keeping

The requirement for VASPs to obtain Travel Rule data constitutes a customer due diligence measure under the AML/CFT Code.

Accordingly, paragraphs 33 to 35 of the AML/CFT Code apply to any relevant person who sends or receives a virtual asset, and any failure to comply with the requirements of paragraph 33 in relation to that information constitutes an offence under paragraph 42 of the Code.

All Travel Rule data obtained must be made available to the Isle of Man Financial Intelligence Unit upon request.

In Conclusion

The Isle of Man’s Travel Rule establishes a clear and enforceable compliance framework for VASPs, embedding Travel Rule obligations directly within the AML/CFT regime.

By treating Travel Rule data collection as a customer due diligence measure, the Code places robust expectations on both originator and beneficiary VASPs, including intermediary service providers and transactions involving self-hosted wallets.

Through defined requirements for data collection, verification, risk-based controls, recordkeeping, and regulatory access, the Isle of Man regime is designed to enhance transparency and accountability across virtual asset transfers.

21 Travel Rule and the Isle of Man’s Travel Rule

The Isle of Man Travel Rule requires VASPs to identify risk, validate counterparties, monitor transactions in real time, and demonstrate compliance to regulators and the Financial Intelligence Unit when required.

21 Analytics supports VASPs by providing blockchain intelligence and transaction monitoring tools that help institutions detect high-risk activity, assess exposure, and respond effectively to missing or inconsistent Travel Rule information. In fact, VASPs can block these types of transactions before they occur.

Moreover, with 21 Analytics’ downloadable audit log, compliance teams can produce Travel Rule data on command, quickly and easily.