Self Hosted Wallet

A self hosted virtual asset wallet is a wallet controlled by the payer or the payee, rather than by a custodial provider or another entity. AUSTRAC says there is a travel rule exemption for transfers to a self-hosted wallet, but that exemption does not remove the need for key collection, verification and tracing controls. AUSTRAC’s current virtual asset guidance also makes clear that the extra obligations for virtual asset transfers are part of the updated reform guidance, which was last updated on 31 March 2026.

What Is a Self Hosted Wallet in AML?

AUSTRAC’s reform materials distinguish between custodial wallets and self hosted wallets, and describe self hosted wallets as being controlled by the payer or the payee. In practical terms, that means the customer controls the wallet keys or the wallet itself, instead of a third-party provider holding that control. This distinction matters because the travel rule treatment changes depending on whether the wallet is custodial or self hosted.

The travel rule overview confirms that businesses transferring or receiving money, virtual assets or property on behalf of customers may need to collect, verify and share specific information with other businesses in the transfer. AUSTRAC also says the travel rule typically applies to virtual asset service providers, financial institutions and remittance providers.

Why the Self Hosted Wallet Matters

The self hosted wallet rules matter because they create a narrow exemption, not a full exemption from compliance. AUSTRAC states that when a transfer is to a self hosted wallet, the ordering institution does not need to pass on travel rule information to another business in the chain, but it must still collect payer information, collect the payee’s full name and verify the payer information.

The beneficiary institution has its own duties too. When it receives virtual assets from a self hosted wallet, it must obtain the payer information and tracing information, and if it does not already hold it, the payee’s full name, before making the virtual assets available to the payee. AUSTRAC also says the beneficiary institution must manage the ML/TF risk associated with receiving assets from self-hosted wallets, especially where the wallet controller is unverified or may not be licensed or registered under FATF-aligned laws.

What the Exemption Does and Does Not Do

AUSTRAC is explicit that the self hosted wallet exemption means you do not need to send travel rule information to another business in the transfer chain when the transfer is to a self hosted wallet. However, that does not mean the transfer is outside AML/CTF controls. Ordering institutions still need to collect and verify payer information, and beneficiary institutions still need the payer information and tracing information, plus the payee’s full name where it is not already held.

AUSTRAC also says ordering institutions must determine, before providing the designated service, what type of wallet is receiving the value. That includes deciding whether the destination is a custodial wallet controlled by a licensed or registered entity, a custodial wallet controlled by an unlicensed entity, or a self hosted wallet controlled by the payee. AUSTRAC says due diligence must create reasonable grounds for that conclusion, and a blockchain explorer search may be enough where the information is high confidence and otherwise reliable.

Examples of Self Hosted Wallet Transfers

A simple example is a customer moving virtual assets from a custodial wallet at a provider to their own self hosted wallet. In that scenario, the transfer goes directly to a wallet controlled by the customer, so the ordering institution applies the self hosted wallet travel rule treatment rather than the usual transfer-to-another-business model.

Another example is a business receiving virtual assets from a self hosted wallet controlled by the payer and then making them available to its customer. In that case, the beneficiary institution must still obtain the relevant payer and tracing information and, where required, the payee’s full name before it releases the assets.

A further practical example is where the business suspects the wallet is controlled by an illegally operating entity. AUSTRAC says you must not make the transfer available in that situation, so wallet classification and counterparty due diligence are not optional extras.

Legal and Regulatory References

AUSTRAC’s travel rule guidance explains the exemption for transfers to a self hosted wallet and sets out what still must be done by ordering and beneficiary institutions. The same guidance also explains the additional travel rule obligations for virtual asset transfers, including due diligence, secure information handling, and reporting involving unverified self-hosted wallets. AUSTRAC says reporting of transfers involving unverified self-hosted wallets will start on 31 March 2029 for ordering and beneficiary institutions.

The travel rule overview also confirms that the travel rule applies to transfers of value of any amount and that the obligations depend on the type of transfer. That broader framework is important because self hosted wallet transfers are only one part of a wider travel rule regime that includes ordering institutions, intermediary institutions and beneficiary institutions.

Best Practices for Self Hosted Wallet Compliance

Carry out counterparty due diligence so you can form reasonable grounds on whether the wallet is custodial or self hosted, and document what you relied on. AUSTRAC’s example of using blockchain explorer checks is useful because it shows the regulator expects evidence, not assumptions.

Design a clear process for collecting tracing information such as wallet addresses and required tags or memos, then store that information in a searchable format. That makes later review, escalation and record reconstruction much easier.

Set an escalation rule for suspected illegal operators. AUSTRAC says you must not make the transfer available where the wallet is controlled by an illegally operating entity, so teams need a clear route for blocking and escalating risky transfers.

Common Challenges

A common mistake is assuming the exemption means no data is required. AUSTRAC is clear that payer verification and key data capture still apply, even when the transfer is to a self hosted wallet.

Another challenge is inconsistent evidence of how the wallet type was determined. If your team cannot show why it concluded a wallet was self hosted, audit and review defensibility becomes much weaker.

How Tranche 2 Consultants Can Help

At Tranche 2 Consultants, we help you build the right controls for self hosted wallet transfers by focusing on wallet classification, payer verification, tracing information capture, and escalation rules for higher-risk transfers. Our support includes ML/TF Risk Assessment, Managed KYC Services, AML/CTF Program design, AML Health Check, AML Training, AML Regulatory Reporting, and AML Compliance Department Setup so your travel rule process is practical, documented and ready for AUSTRAC expectations.

Concluding Remarks

Self hosted wallets reduce reliance on intermediaries, but they also reduce transparency. AUSTRAC’s framework keeps the compliance burden focused on what can realistically be captured while still requiring strong payer verification, wallet-type due diligence and traceability. The practical takeaway is simple: the exemption changes who receives travel rule information, not the need for robust AML controls.