Blog article
See all stories »

If You Are a CASP or Own Unhosted Crypto Wallet - You Should Read This!

Before we deep dive into the problem - let me introduce a few topics.

About hosted crypto wallets

A hosted wallet, also known as a custodial wallet, is a type of cryptocurrency wallet where the private keys of the wallet are managed by a third-party service provider, rather than being controlled directly by the wallet owner. When it comes to performing transactions on a blockchain, a hosted wallet works by allowing the wallet owner to initiate a transaction through the wallet's interface.

Once the transaction is initiated, the wallet service provider takes care of the rest of the process, including broadcasting the transaction to the network, verifying its authenticity, and ensuring that the appropriate amount of cryptocurrency is transferred from the wallet owner's address to the recipient's address. This is done by using the service provider's nodes on the blockchain network to handle the transaction processing.

Hosted wallets are generally user-friendly and easy to use, making them a popular choice for beginners and those who prefer a simpler interface. However, it's important to note that because the private keys are controlled by the service provider, there is a degree of trust required in the provider to ensure the security of the funds held in the wallet. Additionally, users may not have full control over their funds, and the service provider may have certain restrictions or fees associated with using their wallet service.

About unhosted crypto wallet

An unhosted crypto wallet, also known as a non-custodial wallet or a self-custody wallet, is a type of cryptocurrency wallet where the private keys are fully controlled by the wallet owner, rather than being managed by a third-party service provider. In other words, an unhosted wallet allows the user to have full control over their cryptocurrency holdings, as they are the only ones who have access to their private keys. Unhosted wallets can come in different forms, such as software wallets or hardware wallets. Software wallets can be downloaded and installed on a desktop or mobile device, while hardware wallets are physical devices that are designed to securely store private keys offline.

Since unhosted wallets do not rely on a third-party service provider, they are generally considered to be more secure than hosted wallets. However, they may be more complex to use, and users must take responsibility for securing their private keys, as losing access to these keys can result in the loss of their cryptocurrency holdings.

Unhosted wallets have become increasingly popular among cryptocurrency enthusiasts who prioritize security and control over their funds. However, they may not be the best option for beginners or those who are not comfortable with managing their private keys.

VASPs or CASPs – service providers.

The FATF’s terms virtual asset service provider or VASP are used more commonly outside the European Union (EU), while crypto asset service provider or CASP have been adopted within the EU region. 

Transfer of Funds Regulation (TFR) and Travel Rule

The European Commission made a significant move to combat money laundering and terrorism financing with an ambitious package of legislative proposals presented on July 20, 2021. The package aims to strengthen the EU's anti-money laundering and countering terrorism financing (AML/CFT) rules.

The package includes various measures to improve the EU's AML/CTF framework, including the revision of the Transfer of Funds Regulation to make it possible to trace transfers of crypto-assets by imposing Travel Rule requirements on CASPs. 

The revision of the Transfer of Funds Regulation was finally approved by the European Parliament plenary today (April 20, 2023).

Five key TFR takeaways:

 #1 Travel Rule comes into effect for all EU VASPs in January 2025

What are VASPs expected to do when transacting with non-obligated entities (such as unhosted wallets)?

Obtain the originator and beneficiary information from the VASP's customer when sending or receiving a virtual asset transfer to an unhosted wallet because there is no other VASP from which to obtain the information. Since there is no other VASP from which to obtain the information when transacting with unhosted wallets, VASPs will need to collect the information from both sides of the transaction. It is important to mention that this recommendation may only apply to transactions above $1,000/EUR, but this might vary depending on how different jurisdictions implement it. 

To be compliant, VASPs need to collect all the necessary Travel Rule information (names, account numbers or wallet addresses, addresses or IDs, DOBs, POBs, etc.) without compromising user experience.

#2 Zero Exceptions:

Travel Rule obligations apply to all transactions, regardless of amount or location - inside or outside the Union.

EU CASPs will be required to comply with Travel Rule obligations in every transaction, regardless of its amount. 

 Required originator and beneficiary customer information in the European Union. 

#3 First-party transactions with self-hosted wallets over 1,000 euros require wallet ownership verification.

In line with FATF recommendations, transactions with self-hosted wallers fall within the scope of the revised Transfer of Funds Regulation . 

When transacting with self-hosted wallets, European CASPs must collect the required originator and beneficiary information and comply with the following additional wallet verification obligations for transactions exceeding 1,000 Euros:

When sending a transfer exceeding EUR 1,000 to a self-hosted wallet, the originator VASP is required to verify if that wallet is owned or controlled by the originator customer;

When receiving a transfer exceeding EUR 1,000 from a self-hosted wallet, the beneficiary VASP must verify that the beneficiary customer owns or controls the originating wallet. 

​​This means wallet ownership verification requirements apply to first-party transactions to/from self-hosted wallets exceeding EUR 1,000. 

#4 Due diligence measures for non-EU entities must adhere to correspondent banking standards.

In its Updated Guidance for VAs and VASPs (October 2021), FATF makes it clear that counterparty due diligence to engage in Travel Rule flows is distinct from the due diligence required to establish correspondent banking relationships :

The nature of CASPs' relationships for transacting and sharing Travel Rule information is distinct from correspondent banking relationships and, hence, could justify a different - and more limited - scope of counterparty due diligence obligations to apply. 

However, the revised Transfer of Funds Regulation goes in a different direction: citing the “ongoing and repetitive" nature of the relationships between domestic CASPs and foreign VASPs to transact, the TFR deems these relationships as a type of correspondent relationship subject to enhanced due diligence measures.

#5 CASPs are required to fulfill Travel Rule obligations before transacting

Travel Rule compliance needs to be performed pre-transaction. This is particularly important given the specific characteristics of virtual asset transactions: settlement is immediate and irreversible; hence, only pre-transaction actions can effectively mitigate risk. 

According to the revised TFR, originator CASPs are required to transmit information to the beneficiary CASP before sending the corresponding crypto transaction. In turn, Beneficiary CASPs need to ensure that the required information was received before making funds available to the end customer. 

How unhosted wallets can be brought into compliance with the FATF travel rule?

The Financial Action Task Force (FATF) Travel Rule requires virtual asset service providers (VASPs) to collect and transmit certain information about their customers and the transactions they process. This information includes the name and address of the sender and receiver of the transaction, as well as the originator's account number and the beneficiary's account number. This rule applies to all VASPs, including those that operate unhosted wallets.

To bring unhosted wallets into compliance with the FATF Travel Rule, one approach is to use a third-party service provider that specializes in compliance with the rule. These providers can act as intermediaries between unhosted wallet users and VASPs, collecting and transmitting the required information on behalf of the wallet users. This allows unhosted wallet users to continue using their wallets while still complying with the rule.

Another approach is for unhosted wallet users to manually collect and transmit the required information themselves. This could involve using a standardized format for the information and ensuring that the information is transmitted securely to the VASP involved in the transaction. This approach may be more complex and time-consuming, but it allows unhosted wallet users to maintain full control over their wallet and their transactions.

It's worth noting that compliance with the FATF Travel Rule is an ongoing process, and VASPs and unhosted wallet users alike must remain vigilant to ensure that they are meeting the requirements of the rule as they evolve.

How TRIO will bring your unhosted wallet into compliance.

The number of unhosted wallet users in 2022 was 84 million.  Now, if you are the proud owner of an unhosted wallet, you got a big problem! To continue using your wallet with Crypto-Asset Service Providers you must get out of your anonymity and provide CASPs with Identity info, each time you interact with them (sending or receiving cryptocurrency). The following procedure will allow you to convert your useless anonymous account into a useful named account.

  1. Export your private key from the existing (empty) wallet address.
  2. Import this private key into the named TRIO wallet. An imported address will be created.
  3. TRIO system will automatically pair your Identity with this imported address. Logout fromTRIO
  4. Log in and check the imported address is paired. You may delete it now (you will not use it here).

You may return to your unhosted wallet and now your identity is paired.  From now on each time your CASP wants to know your Identity – he will prompt you. You will follow this privacy-preserving procedure, where you provide consent for sharing your PII.

You can continue using it with all the different options you are used to! For example, you may buy or sell ETH to a Crypto exchange using your unhosted wallet.

But since you are also a TRIO user – you may transfer ETH to or from your TRIO account and enjoy all the benefits of alternative payments, using  Pay with TRIO



Comments: (0)

Eli Talmor

Eli Talmor



Member since

23 Nov 2016



Blog posts




This post is from a series of posts in the group:

Blockchain in Banking and Financial Services

This group is to share any information related to enterprise wide Blockchain technology adaption in different Banking Financial Services sub-domains.

See all

Now hiring