Custodial Wallet – Key AML Compliance Overview
- Meaning: A custodial virtual asset wallet is a wallet where the virtual assets are held under the control of an entity, rather than being controlled directly by the payer or payee. AUSTRAC guidance contrasts custodial wallets with self hosted wallets.
- Why it matters: Under the travel rule reforms, ordering and beneficiary institutions must carry out due diligence to determine whether a wallet involved in a transfer is custodial or self hosted, and in some cases whether the custodial wallet is controlled by an entity that should be licensed or registered under laws giving effect to FATF recommendations.
- Operational impact: Wallet classification affects what information must be collected, verified, transmitted, and whether you are permitted to complete the transfer in certain scenarios. AUSTRAC
A custodial virtual asset wallet is a wallet where the virtual assets are controlled by an entity, rather than being controlled directly by the payer or payee. AUSTRAC contrasts custodial wallets with self hosted wallets and requires businesses involved in virtual asset transfers to determine, on reasonable grounds, which type of wallet is involved. That classification affects what information must move with the transfer and whether the transfer can proceed in some cases.
A custodial wallet also matters because AUSTRAC’s travel rule guidance says beneficiary institutions must consider whether the entity controlling the wallet is required to be licensed or registered under laws giving effect to FATF recommendations, and in some cases they must not make the virtual asset available to the payee.
What Is a Custodial Wallet in AML?
In AUSTRAC’s travel rule reform guidance, a custodial wallet sits opposite a self hosted wallet. The key distinction is control: the wallet is controlled by a provider or another entity, not directly by the customer. AUSTRAC says businesses transferring virtual assets must determine whether both the sending and receiving wallets are custodial or self hosted, and then apply the relevant controls based on that decision.
That decision is not just technical. It is a compliance control. AUSTRAC’s virtual asset guidance says separate travel rule obligations apply to transfers of value involving virtual assets, and VASPs must be ready for those obligations from the reform commencement framework.
Why the Custodial Wallet Classification Matters
The custodial wallet label affects the whole transfer process. For ordering institutions, AUSTRAC says you generally need to collect payer information, verify the payer information, and collect the payee’s full name and tracing information for virtual asset transfers into a payee’s custodial wallet. For beneficiary institutions, AUSTRAC says they generally must receive the required travel rule information before making transferred virtual assets available.
This classification also matters because AUSTRAC expects due diligence to establish reasonable grounds about whether a wallet is custodial or self hosted. In some cases, a blockchain explorer check may be enough if the information is reliable and high confidence. Where the wallet controller appears to be required to be licensed or registered but is not, AUSTRAC says the transfer must not be made available to the payee.
Custodial Wallet Examples
A common example is when a customer holds crypto in an exchange account and instructs the exchange to transfer the assets to another exchange wallet. In that case, the exchange wallets are custodial.
Another example is when a customer transfers assets from an exchange wallet to a wallet they control themselves. The first wallet is custodial, and the second is self hosted. AUSTRAC uses this contrast to show that classification depends on who controls the wallet, not just where the assets are sitting.
Legal and Regulatory References for Custodial Wallets
AUSTRAC’s guidance on additional travel rule obligations when transferring virtual assets is the main reference point for custodial-wallet classification, due diligence and transfer controls. The guidance also connects custodial-wallet treatment to the broader travel rule framework for virtual asset transfers.
The travel rule overview and the beneficiary institution guidance together show that VASPs and other reporting entities must collect and verify the right information before value is made available. The same framework also explains that the travel rule applies to non-incidental transfers of virtual assets, whether domestic or international.
Best Practices for Custodial Wallet Compliance
Create a wallet classification procedure. Staff and systems should know how to distinguish custodial from self hosted wallets, what evidence is acceptable, and who approves the final classification. AUSTRAC’s examples show that blockchain explorer evidence may be useful where it provides reasonable grounds.
Embed decision rules. Your process should state what happens when the wallet controller appears to be required to be licensed or registered but is not. AUSTRAC is clear that you must not make the virtual asset transfer available to the payee in that scenario.
Keep records that prove the decision. Store the evidence, the checks performed and the rationale for the classification. That makes audit review and supervisory review far easier, especially where the wallet type is disputed later.
Common Challenges
One common issue is assuming “exchange equals custodial” without retaining any evidence. AUSTRAC’s framework expects reasonable grounds, not assumptions, so the conclusion should be supported by the checks you performed.
Another challenge is inconsistent handling of destination tags or memos. For custodial-wallet transfers, AUSTRAC says tracing information can include a wallet address and any destination tag or memo needed to identify the payee’s virtual asset holdings, so weak data handling can undermine traceability.
How Tranche 2 Consultants Can Help
At Tranche 2 Consultants, we help businesses manage the compliance risks linked to custodial wallet transfers by building practical controls around wallet due diligence, counterparty assessment, tracing information, and travel rule data handling. Our team can support your AML/CTF Program, ML/TF Risk Assessment, KYC remediation, AML Health Check, and AML Training so your custodial wallet processes are consistent, defensible, and aligned with AUSTRAC expectations for virtual asset transfers.
Concluding Remarks
For travel rule readiness, custodial wallet is not just a technical label. It is a control decision that affects whether you can proceed, what information must be captured, and whether additional licensing or registration checks are needed. Strong wallet classification is one of the most important ways to keep virtual asset transfers traceable and defensible.
“Bookmakers sit at a natural convergence point for cash, speed and anonymity. AUSTRAC’s focus reflects the reality that wagering platforms can be misused as value transfer mechanisms if risk controls are not actively applied.”
FAQs on Custodial Wallet
Do we have to check whether the custodial wallet controller is properly regulated overseas?
AUSTRAC says beneficiary institutions must have policies describing due diligence for custodial wallets, including whether the person controlling the wallet is required to be licensed or registered under laws giving effect to FATF recommendations.
Can we complete a transfer if the custodial wallet controller should be registered but is not?
No. AUSTRAC says you must not make the virtual asset transfer available to the payee in that scenario.
What information is usually needed for a custodial wallet transfer?
For virtual asset transfers into a payee’s custodial wallet, AUSTRAC says the transfer message should include information such as the virtual asset wallet address and any destination tag or memo that allows the beneficiary institution to identify the payee’s virtual asset holdings.
Strengthen Your Virtual Asset Controls
Turn custodial-wallet obligations into clear workflows across classification, verification and record keeping.
