21 Analytics logo
Request a Demo
Bermuda Travel Rule Inner Blog Image (1)
Back Button Icon
Back

The Bermuda Travel Rule: What VASPs Need to Know

16 Jul, 2025

Bermuda has established a comprehensive regulatory framework for Digital Asset Businesses, aligning with global anti-money laundering and counter-terrorist financing standards. 

Under the Proceeds of Crime (Anti-Money Laundering and Anti-Terrorist Financing) Regulations (POCR) and the Digital Asset Business Act (DABA), entities providing digital asset services are treated as payment service providers (PSPs) and must comply with the Travel Rule

Bermuda’s Travel Rule requires regulated financial institutions to ensure transparency in fund transfers by collecting and sharing specific customer information, applying a robust risk-based approach, and implementing enhanced due diligence measures for higher-risk transactions.

Understanding the Regulatory Obligations for Virtual Asset Service Providers

Scope of the Travel Rule in Bermuda

“Any Regulated Financial Institution (RFI) including an RFI conducting Digital Asset Business (DAB), that provides services for the transfer of digital assets (virtual assets), money transmission, or other transfer of funds, is a payment service provider (PSP) engaging in a wire transfer and is subject to the rules for wire transfers set forth in POCR Regulations 21 through 31A and Chapter 8: Wire Transfers”.  

[Annex VIII.148 Sector-Specific Guidance Notes (SSGN) for Digital Asset Business]

In other words, any person or entity that offers any of the following activities to the public is subject to the Travel Rule: 

  • Issuing, selling, or redeeming digital assets, which includes assisting with coin/token design or ICO administration, but excludes issuing solely to fund one’s own operations.

  • Operating as a payment service provider: Businesses transferring funds using digital assets are considered payment service providers.

  • Operating a digital asset exchange, which is classified as a marketplace for issuing, distributing, converting, or trading digital assets for other digital assets or fiat currency.

  • Providing digital asset trust services, which include acting as a fiduciary, agent, or trustee to manage or administer digital assets on behalf of others.

  • Providing custodial wallet services, defined as the storing or maintaining clients’ digital assets or wallets (not merely developing wallet software).

  • Operating a digital asset derivative exchange, defined as platforms for issuing, trading, or clearing digital asset derivatives such as options, swaps, or futures.

  • Operating as a digital asset services vendor, which includes those authorised to transact digital assets on behalf of others, hold power of attorney, act as market makers, or administer digital asset benchmarks.

Compliance Obligations for VASPs

Regulated Financial Institutions (RFIs) conducting Digital Asset Business (DAB) in Bermuda must apply a risk-based approach to identify, assess, and mitigate money laundering (ML) and terrorist financing (TF) risks. 

Risk assessments must be documented, regularly updated, approved by senior management, and made available to authorities. Moreover, factors such as business nature, scale, complexity, target markets, jurisdictions of operation, higher-risk customers, products, services, delivery channels, transactions, internal audit findings, and national ML/TF risk assessments must be considered. 

Before launching new products or services, DABs must evaluate associated risks to determine appropriate customer due diligence (CDD), monitoring, reporting, and mitigation measures. RFIs must define acceptable and unacceptable risk levels, ensuring they have the expertise and capacity to manage high-risk clients or products, which may only be accepted if adequate controls are in place. 

Disclosure and reporting obligations require informing clients of material risks, including AML self-assessments, client risk ratings, product details, and client numbers by risk category in annual returns, and providing a risk appetite statement in licence applications. 

Mitigation measures include enhanced CDD, usage or geographic limits, ongoing monitoring and blockchain analysis, robust record-keeping, and strong due diligence for multi-party products or services. 

Required Travel Rule Data 

To comply with Bermuda’s implementation of the Travel Rule and fulfil AML obligations, the following details must be exchanged:

  • Originator’s name

  • Originator’s account number

  • Originator’s address, or their national identity number, customer identification number, or date and place of birth (if the originator is a natural person)

  • Beneficiary’s name

  • Beneficiary’s account number

Substitutions of this information are allowed only in limited, justified cases and must be documented. 

For transfers under USD 1000 with no business relationship, RFIs must collect originator identity details. In this instance, verification is recommended but not mandatory.

Enhanced due diligence is required for higher-risk transfers, such as those involving:

  • high-risk jurisdictions, 

  • sanctioned persons, 

  • non-face-to-face customers, 

  • non-Bermuda correspondent banks, 

  • PEPs, or 

  • unusual transaction patterns.

If required information is missing, incomplete, or meaningless, the originator VASP must reject the transfer, request the missing data, or file an internal suspicious activity report (SAR).

[POCR Regulations 21–31A and Chapter 8 on wire transfers]

Self-hosted Wallets 

Self-hosted wallets do not currently fall under the scope of Bermuda’s Travel Rule. 

In Conclusion

By adopting Bermuda’s Travel Rule requirements, VASPs and other RFIs strengthen the integrity of digital asset transactions while reducing exposure to financial crime.

With clear obligations regarding customer due diligence, transaction monitoring, and information sharing, Bermuda’s framework enables responsible innovation in the digital asset sector, ensuring that financial transparency keeps pace with technological progress.

21 Travel Rule and the Bermuda Travel Rule

21 Travel Rule offers Bermuda VASPs seamless compliance. The platform automates secure data exchange between counterparties, ensuring originator and beneficiary details are transmitted accurately and in line with POCR Regulations 21–31A. This reduces manual compliance burdens, mitigates errors, and accelerates transaction processing. 

With built-in support for enhanced due diligence, blockchain analytics, and interoperability with global VASP networks, 21 Analytics helps Bermuda firms demonstrate strong AML/CTF controls, build trust with regulators and banking partners, and position themselves competitively in the evolving digital asset ecosystem.

Find out more about 21 Travel Rule - request a demo. 

Further Reading 

2021 Guidance Notes for AML/ATF Regulated Financial Institutions on Anti-Money Laundering and Anti-Terrorist Financing: Annex VIII, Sector-Specific Guidance Notes (SSGN) for Digital Asset Business

Bermuda Monetary Authority: Digital Asset Business

The Digital Asset Business Act 2018

Proceeds of Crime (Anti-money Laundering and Anti-terrorist Financing Supervision and Enforcement) Act 2008

Bermuda Travel Rule Summary

Written by:
About Nicole
Nicole Giani
Content & Social Media Manager

LinkedIn

With an Honours in English Linguistics, Nicole started her career as an educator before transitioning to education management and curriculum development.  Thereafter, she moved to crypto writing - uniting her passion for education with crypto to educate the ecosystem on the Travel Rule.

Copy
Link Icon
Back Button Icon
Back
Copy
Link Icon

Related Posts

US Travel Rule Blog Image
12/08/2025

The US Travel Rule: What VASPs Need to Know

Read More
South Africa Travel Rule Blog Image
06/05/2025

South Africa’s Travel Rule: What VASPs Need to Know

Read More
New Zealand Travel Rule Blog Image
26/02/2025

New Zealand’s Travel Rule: What VASPs Need to Know

Read More
21 Analytics offers Software Solutions for Virtual Asset Service Providers.
Privacy Policy      Press
Poststrasse 22, Zug, Switzerland     |     info@21analytics.ch
Cookies are used to collect information about how you interact with our website and allow us to remember you. We use this information in order to improve and customize your browsing experience and for analytics and metrics about our visitors both on this website and other media. To find out more about the cookies we use, see our Privacy Policy.
Accept