XRPL

Everything you need to know about XRPL compliance — XRP legal status, native features, and custody implementations.

Operating an XRPL VASP (exchange, custodian, on/off-ramp, IOU gateway, NFT marketplace, AMM front-end)? Here's the KYC / AML stack you need to assemble. XRPL has no native primitive for KYC or Travel Rule — these are provided by chain-agnostic third-party vendors.

📨 Travel Rule (FATF R.16) on XRPL

XRPL has no native VASP-to-VASP messaging (unlike some chains with a dedicated memo primitive). VASPs transferring assets between each other above the FATF threshold (typically 1,000 USD/EUR) must route through a third-party messaging vendor (Notabene, Sumsub Travel Rule). These vendors work across all XRPL assets: XRP, IOU, MPT, NFT.

🔍 Chain analytics covering XRP

The 3 main on-chain analytics vendors (Chainalysis, Elliptic, TRM Labs) have covered XRPL since 2018-2019. They trace XRP, IOU and MPT flows, provide per-address risk scoring + clustering, and power SAR/STR filings. Used by every XRPL-listed CEX (Coinbase, Kraken, Bitstamp, Uphold, GateHub).

🪪 Identity / KYC vendors

Vendors used for user onboarding: identity document verification (IDV), biometric liveness, KYB for businesses, ongoing monitoring. All chain-agnostic — what matters is their MiCA / FCA / NYDFS compliance for the markets you serve.

Sumsub🪪 Identity / KYC🚫 Sanctions / PEP📨 Travel Rule🇪🇺🇬🇧🇺🇸🇸🇬🇦🇪
sumsub.com

Focus: KYC + KYB + AML monitoring + Travel Rule under one roof. Strong in EU + emerging markets, MiCA-aligned. ~5,000 clients including major crypto exchanges.

Crypto / XRPL coverage: Chain-agnostic. Used by XRPL VASPs needing onboarding KYC + Travel Rule + monitoring in a single SDK.

👤
Onfido (Entrust)🪪 Identity / KYC🇬🇧🇪🇺🇺🇸
onfido.com

Focus: IDV + biometric verification + ongoing monitoring. Acquired by Entrust (2024). Strong in UK / EU / US fintech and crypto markets — Coinbase Europe, Revolut historic clients.

🛂
Jumio🪪 Identity / KYC🇺🇸🇪🇺🇬🇧🇸🇬
www.jumio.com

Focus: AI-powered IDV — document verification + biometric liveness + ongoing monitoring. Used by major exchanges (Bitstamp, Bitpanda, Bitso) and banks. SOC2 + ISO 27001.

🎭
Persona🪪 Identity / KYC🇺🇸🇪🇺🇬🇧
withpersona.com

Focus: No-code IDV platform with high configurability. Used by US-first fintech / crypto firms — Block (Cash App), Brex, Robinhood. Strong KYB + business-verification module.

🆔
Veriff🪪 Identity / KYC🇪🇺🇬🇧🇺🇸
www.veriff.com

Focus: IDV across 230+ countries, 11K+ document types. Estonian-base + EU MiCA-aligned. Used by Bolt, Wise, Kraken, Bitstamp.

🌐
Trulioo🪪 Identity / KYC🚫 Sanctions / PEP🇨🇦🇺🇸🇪🇺🇬🇧🇸🇬
www.trulioo.com

Focus: GlobalGateway — KYC + KYB across 195 countries via 450+ data sources. Strong in B2B verification (UBO, business registry checks). Canadian-base, served by major banks + crypto firms.

🚫 Sanctions & PEP screening

Continuous screening against consolidated lists (OFAC, EU, UN, UK HMT) + PEP detection (Politically Exposed Persons) + adverse-media. These vendors cover both end users and counterparties (KYB), independent of the underlying chain.

🏛 Typical stack of XRPL-listed CEXes

Common pattern observed at Coinbase, Kraken, Bitstamp, Uphold and GateHub: ① Identity — Sumsub or Onfido for retail KYC ② Screening — ComplyAdvantage or Refinitiv for sanctions + PEP ③ Chain analytics — Chainalysis KYT for transaction monitoring ④ Travel Rule — Notabene for inter-VASP transfers. Typical annual cost €50-250K for a Seed/Series A-scale operator.

⚖️ Licence → KYC tier mapping

Regime / LicenceExpected KYC tier
MiCA CASP (EU)Full KYC + EDD PEP + Travel Rule (TFR Reg. 2023/1113, €1,000 threshold)
AFSL (Australia)Full KYC + EDD + Travel Rule AUD 1,000 (AUSTRAC since 2024)
BitLicense + MTL (US)Full KYC + OFAC + Travel Rule USD 3,000 (FinCEN)
MAS DPT (Singapore)Full KYC + EDD + Travel Rule SGD 1,500
VARA (UAE)Full KYC + EDD + Travel Rule (FATF-equivalent)
FCA UKCryptoasset registration: KYC + AML/CTF + sanctions + Travel Rule since Sept 2023
Open the full report for your AML stack