Author: Spinach Spinach Talks Web3
Original link: https://mp.weixin.qq.com/s/oQXbxvb2ugxYFclJNiMz4A
Disclaimer: This article is a reprint. Readers can find more information by following the original link. If the author has any objections to the reprint format, please contact us and we will modify it to suit the author's request. This reprint is for informational purposes only and does not constitute investment advice or represent the views or positions of Wu Blockchain.
I recently read a briefing paper from the Bank for International Settlements (BIS) titled "Anti-Money Laundering Compliance for Cryptoassets." As the central bank of central banks, every BIS report serves as a bellwether for financial regulation in various countries. So, when I saw the title, my first reaction was: Finally, someone has figured out a clever way to regulate cryptocurrencies?
However, after reading the full text, I realized that this paper is not a usable solution, but in my opinion it may be more like a decent surrender.
Using academic language, the BIS euphemistically acknowledged a cruel fact: the traditional financial KYC/AML system has completely failed in the face of the decentralized crypto world.
What is their "innovative" solution?
Rate wallets, encourage users to check whether they are compliant, and perform the final check at the deposit and withdrawal points.
It's like a martial arts master who has practiced the Eighteen Dragon Subduing Palms all his life, and suddenly finds that his opponent is coming in a tank, so he suggests that everyone put up a sign at the city gate: "No Tanks Allowed."
Not to mention how high the implementation and coordination costs of scoring are, even if it is implemented, what will happen if someone puts a few poisonous substances into the high-scoring wallet account?
Encouraging users to conduct their own checks is like asking you to first check whether a dollar bill has been used to buy drugs before receiving it. It's feasible in theory, but absurd in practice.
Performing KYC/AML during the deposit and withdrawal process may be the last bit of dignity left to these traditional institutions. At least you can verify your identity and source of funds.
Why is it said that the traditional regulatory system has almost completely failed on-chain? Let’s take a look at an absurd regulatory rule that regulators around the world are still promoting: the Travel Rule.
Travel Rule: A Farce from Traditional Finance to the Crypto World
To understand the absurdity of the Travel Rule, we must first understand its past and present.
In 1996, during the dial-up era of the internet, the US Financial Crimes Enforcement Network (FinCEN) first introduced the Travel Rule as part of the Bank Secrecy Act. The requirement at the time was simple: banks processing wire transfers of $3,000 or more were required to pass the sender's information to the next financial institution.
This works well in the traditional banking system, why?
Because banks are centralized, they have complete customer information and standardized information transmission systems like SWIFT. ICBC knows everything about Zhang San, and China Construction Bank knows everything about Li Si, so exchanging information during transfers is a natural process.
But in 2019, the Financial Action Task Force (FATF) made a game-changing decision: to extend the Travel Rule to cryptocurrencies.
What is the FATF? It's an intergovernmental body established in 1989, initially to combat drug money laundering. Its 40 recommendations are considered the global gold standard for anti-money laundering. When the FATF speaks, regulators around the world listen.
On June 21, 2019, the FATF adopted an interpretative note to Recommendation 15 (INR.15) in Orlando, extending Recommendation 16 (the Travel Rule), originally applicable to wire transfers between traditional financial institutions, to the virtual asset sector. This requires virtual asset service providers (VASPs) to collect and transmit the identity information of senders and receivers when processing transactions exceeding USD/EUR 1,000, including:
Name
Account number (wallet address)
Geographic location or ID number
More details if needed
Their logic is: Since the Travel Rule has been operating in traditional finance for more than 20 years, it should be no problem in the crypto world.
The problem with this logic is that they have no idea how blockchain works.
The global chaos of travel rules
Let's take a look at the current status of Travel Rule implementation. According to the FATF's June 2025 report, 99 jurisdictions claim to have passed or are in the process of passing Travel Rule legislation. Sounds impressive, right?
But the devil is in the details. 75% of jurisdictions are still only partially compliant or non-compliant, exactly the same proportion as in April 2023 – 75% of 73 countries, zero progress.
Why is this so? Because each country has its own way of doing things.
The United States maintained the old rule from 1996: a threshold of $3,000. However, the FATF recommended $1,000, thus creating the first rift.
Singapore was one of the first countries to respond, implementing the requirement on January 28, 2020, with a threshold of 1,500 Singapore dollars. South Korea implemented it on March 25, 2022, with a threshold of 1 million won (about 821 US dollars). Japan stated that all transactions, regardless of the amount, must be subject to the requirement.
The EU is even more outrageous, delaying the implementation of the Transfer Funds Regulation (TFR) until December 30, 2024, and then saying: We will not set any threshold, and we will also have a Travel Rule even if it is 1 euro cent.
The result? A $1,500 transfer from the US to the EU. The US said it didn't need the Travel Rule, while the EU said it did. Both parties were "compliant," but the transaction was stuck.
This isn't the worst of the mess. Israel implemented its Travel Rule in 2021, with zero entry barriers, but few other countries have followed suit. Canada also has zero entry barriers, but its rules are incompatible with those of other countries.
What are the consequences of this kind of independence?
According to Notabene’s 2024 industry survey[3], despite an improvement from the previous year (down from 52% to 29%), 29% of VASPs continue to send Travel Rule information indiscriminately to all counterparties without conducting any due diligence assessment.
This "wide-net" approach actually reflects an embarrassing reality: most VASPs are just going through the motions, because there is no way to verify whether the counterparty actually uses this information and whether it is compliant.
DeFi: The Blind Spot of the Travel Rule
While regulators are still struggling with the Travel Rule of centralized exchanges, DeFi has completely circumvented this problem.
The premise of the Travel Rule is that it is implemented by VASPs (intermediaries).
I am using MetaMask to exchange tokens directly on Uniswap. Please tell me:
Is MetaMask a VASP? It's just a browser plugin
Is Uniswap a VASP? It’s just a piece of code
Are Ethereum miners VASPs? They just validate transactions
When two parties transact directly peer-to-peer, there is no intermediary to enforce the Travel Rule.
This is as absurd as asking the air to enforce the law.
Who will enforce the Travel Rule? Will the code be required to provide KYC information?
FATF’s response is that developers of DeFi protocols should be considered VASPs.
This logic is as absurd as claiming that the inventor of the TCP/IP protocol is responsible for all internet crime. Vitalik Buterin created Ethereum, so he's responsible for all illegal transactions on Ethereum? If Satoshi Nakamoto were still alive, would he be sentenced to life imprisonment?
Criminal Response: The Art of Smurfing
What do true criminals think of Travel Rule? Probably as a comedy.
Criminals use traditional smurfing tactics to circumvent the Travel Rule[4] by breaking up large transactions into smaller ones. Want to transfer $18,000? Split it into 20 $900 transactions, sent from different wallets at different times. Each transaction is below the threshold, so the Travel Rule doesn't apply.
North Korean hackers stole $1.46 billion from the ByBit exchange this year—the largest cryptocurrency heist in history. Did they use the Travel Rule? Of course not.
In 2024, the amount of cryptocurrency used for illegal activities reached tens of billions of dollars. None of these criminals were caught by the Travel Rule.
Another consequence of the Travel Rule is that it exacerbates regulatory arbitrage. Every time regulations are tightened, it's like squeezing toothpaste - you squeeze it here, and it comes out there.
Compliance costs: A costly show
The Travel Rule brings not a solution but an astronomical compliance bill.
According to estimates, the cost of implementing the Travel Rule for a medium-sized exchange includes:
Technology solution procurement: $100,000-$500,000 annual fee
System integration and transformation: one-time cost of US$500,000 to US$2 million (needs to transform the entire trading system)
Compliance team expansion: Annual salary costs range from $200,000 to $1 million (a dedicated Travel Rule compliance officer is required)
Legal consulting fees: US$100,000-500,000 annual fee (rules vary from country to country, requiring local legal support)
Audit and reporting: $50,000-$200,000 annual fee
This is just the visible cost, what about the invisible ones?
This high compliance cost is accelerating market concentration. The giants naturally support the Travel Rule—they can afford the compliance costs, while their competitors cannot. This isn't regulation; it's market cleansing through regulatory costs.
What is the biggest hidden cost? The death of innovation.
The first thing a startup team should consider is not technological innovation, but:
Does this comply with the Travel Rule?
Can we afford the compliance costs?
What should I do if I am identified as a VASP?
As a result, innovation either moves to places with less stringent regulations or is abandoned altogether. We are stifling 21st-century innovation with 19th-century thinking.
This is the truth about the Travel Rule: a useless system built at great expense, which solves nothing except increasing costs, reducing efficiency, and stifling innovation. And ordinary users are left to pay for this regulatory farce—endless forms to fill out, endless reviews to wait for, and endless fees to pay.
Participants in the supervision of the theater
Crypto regulation today is a carefully choreographed drama, with everyone having their own script:
Regulators: "Look, we're enforcing the Travel Rule! We're protecting investors!" (They know it's useless, but they need to show their political performance)
Large institutions: "We're fully compliant!" (Actually, it's just a formality, asking, "Is this your wallet?")
Small institutions: "We're working hard to comply!" (actually, they're thinking about moving to a less regulated area)
User: "I comply with the Travel Rule!" (Actually, they've already learned how to circumvent it)
Criminal: "Travel what rule?" (Continue doing what you need to do)
Recognize the reality, but don't give up thinking
Having written this, you may ask: What should we do then?
First, let's be clear: This article isn't a critique of regulation per se, but rather a reflection on the current state of affairs. Regulation is motivated by good intentions—to prevent money laundering, protect investors, and maintain financial stability. These goals are both impeccable and necessary.
What we criticize is using the wrong tools to achieve the right goals, just like using a hammer to tighten a screw - if the tool is wrong, no matter how hard you try, it will be in vain.
We need to acknowledge the fact that traditional regulatory tools have become ineffective in a decentralized world. This isn't a technical issue, but a paradigm issue. Just as you can't regulate cars the same way you regulate horse-drawn carriages, you can't regulate DeFi the same way you regulate banks.
But this doesn't mean abandoning all regulatory efforts. On the contrary, we need a new way of thinking. Good regulation should be like traffic laws—not to stop people from driving, but to make roads safer.
Perhaps what we need is not a unified global standard, but healthy competition among different jurisdictions. Regulatory innovation and technological innovation should go hand in hand, not in opposition.
This requires robust on-chain data analysis capabilities. Companies like Chainalysis have demonstrated that behavioral analysis can effectively identify suspicious transactions without requiring access to individual ID numbers. As regulatory frameworks become clearer, compliance infrastructure will become critical for the crypto industry.
What we should be calling for is not anarchy, but smarter governance. Regulators and industry players should sit down and have a sincere dialogue, understand each other's concerns, and jointly explore a regulatory path that suits the characteristics of new technologies.
After all, the real enemy is not regulation or cryptocurrency, but those who exploit technical loopholes to commit crimes. On this point, the goals of regulators and practitioners are the same.
Final Thoughts
Let’s go back to the BIS report at the beginning.
On the surface, it is proposing a solution. In reality, it is recording the end of an era - the traditional financial order's jurisdiction over crypto assets is irreversibly lost.
This is the state of crypto regulation in 2025: an expensive charade that everyone involved knows is a joke but is forced to continue.
The Travel Rule, a bank wire transfer rule from 1996, was forcibly transplanted to the crypto world in 2019. This process itself is a manifestation of regulatory inertia - putting new wine in old bottles and managing highways with traffic rules from the horse-drawn carriage era.
As Hayek said, "The road to hell is paved with good intentions." Current crypto regulation may be following this path. The original intentions are good—to prevent money laundering, protect investors, and maintain financial stability. However, the resulting implementation has increased friction, hindered innovation, and driven activity underground.
Pandora’s box has been opened, and the genie of decentralization will not go back into the bottle.
Rather than continuing this losing war, we should think about how to find balance in this new world. This requires not stricter rules, but new wisdom.
And this wisdom obviously will not come from regulators who are still using 20th-century thinking to manage 21st-century technology.
The future is not where we are going, but where we are creating it.
I just hope that when history looks back on this era, it will not record it as: humanity once had the opportunity to build a more open, transparent and efficient financial system, but it was ultimately messed up by a group of bureaucrats who didn't understand technology.
That would be a bigger joke than any regulatory failure.
