Back
Joining the GTR Network: A Guide for VASP Partners
Published on 2026-05-29
Joining the GTR Network: A Guide for VASP Partners

Joining the GTR Network: A Guide for VASP Partners

If you have spoken to anyone in crypto compliance over the last two years, you would have heard the same thing: the FATF Travel Rule is no longer theoretical. It is live in Singapore, Hong Kong, the UK, the EU under MiCA and the TFR, and a growing number of jurisdictions across Asia, the Middle East, and the Americas. Every VASP that moves value now needs a way to exchange originator and beneficiary information with other VASPs , securely and at scale.

That is what the Global Travel Rule (GTR) network is built for. This post walks through what GTR actually is, who can join, what to prepare, and what the end-to-end onboarding process looks like.

Who Can Join

GTR is built for financial institutions that offer virtual asset services, including crypto exchanges, custodians, crypto OTC desks, banks with crypto services, wallet providers, payment processors, and similar entities that originate or receive virtual asset transfers on behalf of customers.

There are two onboarding paths. Both routes give you access to the same VASP network. The choice depends on your transaction volume and engineering capacity, not your regulatory standing.

  1. The API-based solution is for VASPs with meaningful transaction volume that requires automated, real-time Travel Rule data exchange. This is the standard path for exchanges and institutional platforms.
  2. The Manual solution is for custodians, brokers, and VASPs with lower volumes that want a compliant workflow without building an integration. It runs through a web interface rather than an API.

Membership Requirements

Before onboarding begins, applicants must complete three steps:

  1. Pass GTR’s Know Your Business (KYB) review which includes screening on the entity and related parties.
  2. Pass GTR’s security assessment. See the next section for what this involves.
  3. Submit the onboarding application with all the required documentation.

What to Prepare

GTR's onboarding is a Know Your Business (KYB) process. Before you start, gather the following:

Company information: Legal entity information and trading name (e.g. Revolut EU, Bitget India or BTCTurk), country of incorporation, local registration number and certificate, registered business address, homepage URL, corporate structure, ultimate beneficial owner (UBO) information, and your current regulatory status (license details, registrations, or the framework you operate under).

Business contacts: A named contact with email and phone for both compliance and technical matters. GTR uses these to coordinate review questions and integration support thereafter.

Security questionnaire (Advanced / API Mode only): If you plan to operate in Advanced/API Mode rather than Basic Mode, you will need to complete a security questionnaire covering IT account management, storage security, operations and maintenance, and general security controls. You also have the option to skip this initially and onboard in Basic Mode, then upgrade later.

Note: Advanced Mode also requires a Penetration Test (Pentest) report dated within the last 12 months to be submitted. A Penetration Test is an authorized simulation of a cyberattack conducted by security professionals to identify and address vulnerabilities before malicious actors can exploit them.

Account setup: A valid business email is also required to create the GTR account itself, and two-factor authentication will be set up during registration. We highly recommend a shared mailbox approach (e.g. GTRAdmin@yourcompanyname.com) for this purpose.

The Onboarding Journey

  1. Register your GTR account. Sign up on the GTR website with a business email, verify the email, and configure 2FA.
  2. Pick a subscription. A free Trial Version is available, and a Professional Version is available for production use.
  3. Complete the onboarding form. This is the KYB step: company information, business contacts, and, for Advanced Mode, the security questionnaire.
  4. GTR review. The GTR team reviews your submission. This typically takes a few business days, depending on the completeness of your documentation and any follow-up questions.
  5. Configure your test environment. Once approved, you will set up four things in the GTR dashboard for the test environment: whitelist GTR's IP addresses on your server, register your callback URL so GTR can send webhooks, generate your API key, and configure your public key for PII encryption.
  6. Integrate and test. Connect to GTR's API endpoints (or use the Manual solution interface), run through the integration test cases, and verify your callback handling.
  7. Run the go-live checklist. Repeat the environment configuration for production, then complete GTR's go-live checklist to switch over via GTR's Integration Centre.
  8. Stay current. Keep your entity information, contacts, and regulatory status up to date in the dashboard, and respond to counterparty requests within the timeframes your jurisdiction requires.

Technical Setup: What Your Engineering Team Should Know

If you are taking the API route, your engineering team should be aware of the building blocks before integration:

  • A web server capable of acting as both initiator (sending API requests to GTR) and receiver (handling webhooks from GTR).
  • IP whitelisting for GTR's three production IP addresses.
  • Curve25519 key generation, encryption, and decryption. GTR provides binaries for macOS, Windows, and Linux on its GitHub.
  • mTLS certificate handling, with CSR generation and optional .p12 conversion.
  • IVMS-101 formatted payloads, which is the standard data model the Travel Rule industry has converged on.

GTR publishes demo scripts in Java, Shell, and Go, plus a multi-algorithm cryptography library and a fuzzy matching library for PII verification. A competent backend team can typically reach a working sandbox integration in a few weeks.

What Membership Gets You

GTR membership provides:

  • Direct connectivity to a growing global network of VASPs, including the majority of the world's largest exchanges.
  • Encrypted mTLS-protected data exchange where only your VASP holds the key to your own PII.
  • Multi-jurisdiction coverage from a single integration
  • Flexible counterparty solutions - manual, API, wallet verification, and out-of-network solutions - so you can cover counterparties whether they're on the network, off it, or sending to unhosted wallets.
  • Independent third-party assurance via ISO 27001, ISO 27701, and SOC 2 certifications.

Bottom Line

The Travel Rule is not going away, and "we are working on it" is no longer a regulator-friendly answer. If you are a VASP and you do not yet have a Travel Rule solution in place, the practical move is to start the GTR onboarding now so the KYB review, integration, and testing do not compress into a panic later.

Take a tour of the GTR Interactive Demo or begin your application at GTR Home, or reach out to the GTR team directly (contact@globaltravelrule.com) if you would like a walkthrough before you submit.