Legichain

The Travel Rule Sunrise Problem and Practical Workarounds

The operational anatomy of uneven Travel Rule adoption across jurisdictions, and the fallback strategies that work in production.

Legichain Team 9 min read 26 May 2026

The sunrise problem is the operational gap created by uneven global adoption of the FATF Travel Rule. While one jurisdiction enforces Recommendation 16 in full, another may still be drafting primary legislation; that asymmetry directly affects which VASPs can transmit and receive Travel Rule data. This article covers the anatomy of the problem, real-world gap rates, and the three main fallback strategies.

What the problem is

The metaphor: the sun is rising — it is morning for some, still night for others. As soon as FATF publishes a recommendation, jurisdictions cannot all implement simultaneously; legislation, secondary regulation and supervision rollouts move at different speeds in different countries. The same applies to VASPs: one exchange may have a modern Travel Rule stack while its counterparty still keeps records on a spreadsheet.

The result: the originating VASP produces a valid IVMS 101 message, but the beneficiary VASP has no infrastructure to receive or process it. The data "falls on the floor." From a regulator's perspective the originating VASP did what it could, but the transfer is not, in practice, Travel Rule compliant.

Why it persists

Four structural reasons:

  1. Jurisdictional pace: FATF has nearly 200 member jurisdictions; each has its own legislative and regulatory cycle. EU TFR went live December 2024; UK MLR amendment September 2023; Turkey's KVHS draft regulation is still in process; most of Latin America and Africa have not started.
  2. Unlicensed VASPs: Some smaller exchanges are not licensed in any jurisdiction — they claim no compliance obligation to any regulator. FATF Mutual Evaluation pressure reaches them slowly.
  3. Protocol fragmentation: VASP A may speak TRP while VASP B speaks Sygna. Both technically do Travel Rule, but interoperability is missing.
  4. Self-custody wallets: When the customer transfers to a non-VASP self-custody wallet, there is no clear message recipient. EU TFR requires beneficial owner verification on unhosted transfers above €1,000 — an additional operational burden.

Gap rates — Real-world numbers

Consider a typical mid-sized European exchange:

The exchange processes ~50,000 outbound + inbound transfers per month. Of these, ~70% are VASP-to-VASP, ~30% to self-custody wallets. Breakdown of the counterparty VASP mix:

  • EU exchanges (Germany, Netherlands, Estonia): ~25% — post-TFR, essentially all Travel Rule compliant.
  • UK exchanges: ~10% — post MLR 2017 amendment, compliant.
  • US exchanges: ~15% — under FinCEN pressure, most compliant.
  • Asian exchanges (Japan, Singapore, Hong Kong): ~15% — high compliance (Japan was an early adopter).
  • Other (Latin America, Middle East, Africa, eastern Europe, unregulated offshore): ~35% — where most of the sunrise gap sits.

In numbers: ~600 distinct counterparty VASPs per month, of which ~30–40% are in the sunrise gap. So 10,000–15,000 of those 50,000 transfers go to counterparties that cannot acknowledge Travel Rule data.

Three main fallback strategies

Strategy 1: Strict reject policy

What: If the counterparty VASP cannot accept the Travel Rule message, reject the transfer outright.

Pro: Safest from a regulator's perspective; zero compliance gap.

Con: Customer attrition is severe. Rejecting 30–40% of transfers is not sustainable competitively — customers migrate to less strict exchanges.

Who uses this: A few very large exchanges (Coinbase-class, operators with close regulator relationships). Most cannot afford it.

Strategy 2: Hold + message retention

What: Generate the IVMS 101 message, retain it on your side. Wait for the counterparty to acquire capability, or apply restricted amounts. Retroactively transmit when the counterparty signals capability.

Pro: Customer experience minimally affected (hours rather than rejection); regulator sees data integrity.

Con: High operational complexity — counterparty capability must be continuously monitored. Manual workload accumulates.

Who uses this: The majority of mid-to-large exchanges; especially dominant post-TFR.

Strategy 3: Risk-based dynamic policy

What: Apply different policies based on transfer risk. Low-amount + low-risk customer → retain; high-amount or high-risk customer → reject; medium → manual review.

Pro: Best balance — optimizes UX and compliance risk in parallel.

Con: Policy engine complexity; requires risk scoring infrastructure.

Who uses this: Mature compliance operations. Legichain's Travel Rule module supports this approach by default.

Policy design — Practical checklist

Questions to answer when designing a sunrise fallback policy:

  1. Threshold: Below what transfer amount do you auto-retain? Above what amount do you trigger manual review?
  2. Risk scoring: How do you score counterparty VASP risk — jurisdictional risk rating (FATF grey/black list), license status, on-chain behavioral history?
  3. Retention period: How long do you hold a retained message? 30 days? 90 days? 1 year?
  4. Customer communication: What do you tell the customer during a transfer hold? Transparency matters.
  5. Escalation: When does compliance review manually?
  6. Regulator reporting: Which metrics are reported on what cadence?

Near-term trend — How the gap narrows

Reasonable forecasts for 2025–2027:

  • EU: Already full scope (€0 threshold). All CASPs licensed and compliant by 2026.
  • UK: MLR 2017 amendment fully effective. FCA enforcement intensifying.
  • US: FinCEN pressure ongoing; SEC crypto disputes are unrelated to the AML side which is well established.
  • Asia: Singapore, Japan, Hong Kong fully compliant. China off-limits. India uncertain.
  • Turkey: KVHS licensing process settles 2025–2026; licensed exchanges automatically come into Travel Rule compliance.
  • Other: Latin America and Middle East moving slowly; Africa largely behind.

Forecast: by end-2027 the sunrise gap could fall to 10–15%, but reaching zero is not realistic in the foreseeable future.

Frequently Asked Questions

Can we defer Travel Rule integration because of the sunrise problem?

Practical answer: no. Even transfers caught in the sunrise gap require an audit trail on your side; meanwhile your transfers with compliant counterparties (EU, UK, US) grow steadily. A "wait until everyone is ready" stance gets reported as a compliance gap during license renewal or examination. Modern infrastructure is designed for sunrise fallback already — deferring integration increases rather than reduces risk.

How do we monitor counterparty VASP compliance status?

Three sources: (1) directory services (Notabene, Sumsub, your own internal directories) — show which protocols a VASP supports and the last update timestamp; (2) regulator lists (FCA registered list, EBA CASP list) — verify license status; (3) practical test traffic — sending real messages to verify capability. A mature Travel Rule stack combines these three automatically.

Is there sanctions risk for transfers in the sunrise gap?

No direct sanctions risk (Travel Rule non-compliance does not itself implicate sanctions lists), but indirect risk is high: most flagged sanctioned wallets transit through exchanges in sunrise gap jurisdictions. Sunrise gap transfers therefore tend to overlap with high on-chain risk transfers. Our blockchain AML guide covers this parallel.

After EU TFR, are transfers with EU exchanges still in the sunrise gap?

No — all CASPs operating in the EU must be fully compliant with the €0 threshold from December 2024. Transfers to or from EU CASPs are not in the sunrise gap. However, when an EU CASP transfers to a VASP outside the EU, the counterparty may still be in the gap — so the gap is relational, not strictly geographic.

How Legichain helps

The sunrise problem cannot be solved with static infrastructure — it needs a dynamic policy engine. Legichain's Travel Rule module bundles counterparty capability checks, dynamic fallback policy (reject/retain/risk-based), counterparty VASP risk scoring and audit trail under a single layer. Policy rules are in a YAML/UI format compliance teams can modify — no code deployment required. Templates are pre-built for EU TFR, UK MLR and the emerging Turkish KVHS scenarios. Details at /en/travel-rule.

Next steps

Legichain Team· Compliance editorial

Written by Legichain's compliance editorial team — regulated-financial-services veterans who built and integrated AML platforms for banks and crypto exchanges across EMEA.

Related reading

You may also like

travel-rule

What Is a VASP? Definition, Categories, Obligations

FATF's 2018 VASP definition is the foundational concept in global crypto regulation. This article covers the formal definition, the five activity categories, the AML/KYC and Travel Rule obligations that follow, the EU's CASP equivalent under MiCA, and the practical scope analysis for exchanges, custodians and OTC desks.

Read article
travel-rule

Travel Rule by Jurisdiction: EU vs UK vs Turkey

Travel Rule is a global standard, but implementation varies by jurisdiction — sometimes in ways that feel small but matter operationally. This guide compares the EU's TFR (€0 threshold, December 2024), the UK's MLR 2017 amendment (£1,000 threshold, September 2023), and Turkey's emerging KVHS framework. A decision-hub article for VASPs operating across all three markets.

Read article
travel-rule

FATF Travel Rule: The Definitive Guide for VASPs

The Travel Rule — FATF Recommendation 16 adapted to virtual asset transfers — mandates that originator and beneficiary data accompany crypto transfers between VASPs. This guide covers scope, the IVMS 101 data standard, the sunrise problem, jurisdictional differences (EU, UK, Turkey), and an 8-step implementation architecture for crypto exchanges, custodians and licensed VASPs in EU/UK markets.

Read article

Be screen-ready in an afternoon.

Spin up a free workspace, paste your first API key into a curl, ship a verified onboarding flow before your next stand-up.

Start freeBook 30 min with sales