FATF R.15/16 · VARA · MiCA · Travel Rule

Travel Rule compliance
at the speed of AI

Know who you’re transacting with. Stop the transactions that matter. Stay ahead of every regulator — without building a compliance team from scratch.

VARA · CBUAE · MiCA ready FATF R.15/16 compliant No card required SOC 2 Type II ready
tracerule.com/demo
2,847
Processed
2,731
Passed
84
Held
32
Blocked
TR-1847-AE
AED 187,500
GSR Markets → Coinbase Inc
1
Counterparty lookup
2
Sanctions screening
3
AI risk scoring
4
Decision
✓ PASS
Live Feed
TR-1846-AE
Binance → Crypto.com
PASS
TR-1845-AE
Chainalysis → Housing
PASS
TR-1844-AE
AE → Signature
HOLD
TR-1843-AE
Riyad → STC
PASS
Covers
FATF R.15/16 CBUAE VARA MiCA FCA FinCEN MAS
AI-First Architecture

An agent that reasons,
not just rules

Traditional tools were built for a simpler era. TraceRule reads every transaction in full context, adapts to emerging risk, and delivers decisions your team can stand behind.

Why AI changes everything

Rule engines tick boxes. They don’t catch sophisticated evasion, adapt to geopolitical shifts, or navigate the grey zones of real-world crypto compliance. TraceRule was built for that.

Contextual reasoningEvery decision weighs counterparty risk, sanctions exposure, and transaction history together. Explainable, defensible, and right where rule engines guess.
Latency under 2 secondsclaude-h4.5 inference + pre-indexed VASP directory returns decisions faster than any human review
Auditable rationaleEvery decision includes a plain-English explanation ready for CBUAE / VARA regulator review
Auto-drafted SARs & STRsWhen a transaction triggers a Suspicious Activity flag, TraceRule drafts the SAR/STR report automatically
[AI] Agent - Live Decision
tx_id: TXN-2847-AE
amount: $48,200 USDT
counterparty: Huobi (HK)
fatf_status: grey-list
trisa_verified: true
sanctions_hit: false

# Agent reasoning:
# Grey-list jurisdiction + high value
# warrants enhanced due diligence.
# TRISA verified but FATF risk elevated.

decision: HOLD - EDD Required
Powered by claude-h4.5 - 1.1s
Capabilities

Everything your digital asset business needs to stay compliant — and nothing it doesn’t.

AI Decision Engine, Not a Rules List

Multi-signal reasoning across IVMS101 fields, counterparty risk, transaction history, and sanctions hits — delivering explainable PASS / HOLD / BLOCK decisions where static rule engines produce false positives or miss entirely.

Global VASP Directory

Know exactly who you’re transacting with. Live coverage of licensed VASPs globally — regulatory status, TRISA verification, and real-time enrichment included.

15-List Sanctions & PEP Screening

Every major sanctions list, screened in one call. PEP data that goes beyond the database — always current, multilingual, and never wrong on an entity that matters.

Auto-drafted SARs & STRs

Every flagged transaction automatically produces a regulator-ready SAR/STR — pre-populated with evidence, rationale, and counterparty detail. Your MLRO reviews, not rebuilds. Filing becomes a formality.

Live MLRO Dashboard

Real-time visibility across your entire compliance posture — risk trends, jurisdiction exposure, greylist alerts, and live SAR pipeline. Built for compliance leads, not data scientists.

Regulator-Ready Reports

One-click PDF reports formatted for CBUAE, VARA, and FATF submissions.

Integration

Live in one afternoon

1

Get your API key

Sign up in 60 seconds. No credit card, no sales call — just your API key and sandbox access.

2

POST a transaction

Send a transaction with originator, beneficiary, VASP, and amount. No schema wrangling — just a clean REST call./v1/transactions/screen. No schema wrangling required.

3

Get a decision in <2s

Receive PASS / HOLD / BLOCK with a risk score, per-list sanctions breakdown, and plain-English rationale — all in under 2 seconds. Fully auditable, regulator-ready.

4

Automate your workflow

Wire webhooks to your core banking or exchange platform to auto-execute compliance decisions.

The Cost of Non-Compliance

Save $280K/yr vs. building in-house

Without TraceRule - annual cost
$345,000+
MLRO (VARA-required): $120,000/yr
AML Analyst: $75,000/yr
Legal + Audit: $50,000/yr
Engineering (in-house): $200,000+
Fine exposure: $100,000-5M per violation
vs
With TraceRule Professional
$58,800/yr
Full automation included
MLRO review time: -80%
Fine risk: near zero
~6x direct ROI / 10x+ risk-adjusted
Binance: $4.3B. BitMEX: $100M. CBUAE fines: AED 100K–5M per violation. Every unscreened transaction is regulatory exposure. TraceRule's immutable audit trail, zero-miss sanctions engine, and automated SAR drafts eliminate that risk before your next examination.
BETA ACCESS

Get your API key instantly

No credit card. No sales call. 1,000 sandbox requests/month, free.

Go live today. Not six months from now.

From first VASP licence to global exchange — TraceRule gives every digital asset business enterprise-grade compliance from day one. Live in hours, not months.

Pricing

Simple, transparent pricing

FATF R.15/16 Travel Rule compliance for VASPs of every size. No hidden fees.

Starter
For early-stage VASPs. Replaces ~$150K/yr in manual compliance overhead.
$1,490
/month  ·  USD
  • Up to 10,000 TX/month
  • Real-time TRISA screening
  • VASP directory (290+ entities, 16 jurisdictions)
  • Sanctions screening — OFAC, UN, UAE MoF, EU, UK
  • Basic compliance dashboard
  • Email alerts for blocked TX
  • Monthly PDF reports
  • Community support
MOST POPULAR
Professional
For scaling VASPs. Replaces ~$300K/yr in team costs and fine exposure.
$4,900
/month  ·  USD
  • Up to 100,000 TX/month
  • AI risk scoring (claude-h4.5)
  • Full VASP directory + enrichment
  • All 15 sanctions lists + OpenSanctions PEP (1.4M+ entities)
  • Advanced analytics dashboard
  • Webhook + REST API access
  • Automated SAR/STR drafts
  • Configurable rule thresholds
  • Slack + email alerting
  • Priority support (4h SLA)
Enterprise
For large VASPs and regulated financial institutions needing custom deployment.
Custom
talk to us
  • Unlimited TX volume
  • Dedicated AI model instance
  • Custom VASP data integrations
  • On-premise or private cloud
  • White-label dashboard
  • Regulator audit export (CBUAE, FCA, FinCEN)
  • Custom rule engine
  • SSO / LDAP / SAML
  • 99.9% uptime SLA
  • Dedicated CSM
All plans in USD. 14-day free trial. No credit card required. Cancel anytime.
Annual billing saves 20% →
API v1
TraceRule API
The TraceRule API gives your platform real-time Travel Rule screening powered by an AI reasoning agent. Submit a transaction, get a PASS / HOLD / BLOCK decision with a plain-language rationale in under 2 seconds.
Base URL: https://api.tracerule.com/v1
All requests use HTTPS. The API accepts and returns JSON.
This is a preview API. Endpoints and field names are stable but may be extended. We follow semver - breaking changes are versioned.
Authentication
All API requests require a Bearer token in the Authorization header. Generate API keys from the TraceRule dashboard under Settings - API Keys.
Request header
Authorization: Bearer tr_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
API key prefixes
PrefixEnvironmentDescription
tr_live_ProductionReal screening against live TRISA network and sanctions feeds
tr_test_SandboxDeterministic test responses - safe for CI/CD pipelines
POST /v1/transactions/screen
Screen a transaction
Submit a transaction for AI-powered Travel Rule screening. The agent evaluates counterparty VASP status, TRISA attestation, sanctions exposure, jurisdiction risk, and transaction size to issue a decision in real time.
Request body
FieldTypeRequiredDescription
transaction_idstringrequiredYour internal transaction reference
amountnumberrequiredTransaction value in the asset's base unit
assetstringrequiredAsset ticker, e.g. "USDT", "BTC", "ETH"
originatorobjectrequiredOriginating customer (IVMS101 NaturalPerson or LegalPerson)
beneficiaryobjectrequiredBeneficiary customer (IVMS101 NaturalPerson or LegalPerson)
counterparty_vasp_didstringoptionalDID of the counterparty VASP if known. Skips VASP lookup.
counterparty_addressstringoptionalOn-chain wallet address of the beneficiary
directionstringoptional"outgoing" (default) or "incoming"
metadataobjectoptionalArbitrary key/value pairs passed through to webhook events
Request example
curl https://api.tracerule.com/v1/transactions/screen \ -H "Authorization: Bearer tr_live_xxxx" \ -H "Content-Type: application/json" \ -d '{ "transaction_id": "TXN-2847-AE", "amount": 48200, "asset": "USDT", "originator": { "name": "Rania Al Masri", "account_number": "acc_9182736" }, "beneficiary": { "name": "Zhang Wei", "vasp_name": "Huobi" }, "counterparty_address": "0x71C7656EC7ab88b098defB751B7401B5f6d8976F" }'
Response 200
{ "id": "tr_scr_01HXYZ123", "transaction_id": "TXN-2847-AE", "decision": "HOLD", "rationale": "Grey-list jurisdiction (HK) + high value ($48,200) warrants enhanced due diligence. TRISA verified but no EDD documentation on file. Recommend HOLD pending EDD pack.", "risk_score": 67, "flags": ["grey_list_jurisdiction", "high_value", "edd_required"], "counterparty_vasp": { "name": "Huobi Global", "did": "did:trisa:huobi.global", "trisa_verified": true, "jurisdiction": "HK", "fatf_status": "grey-list" }, "sanctions_check": { "hit": false, "lists_checked": ["OFAC-SDN", "OFAC-NonSDN", "UN", "EU-EEAS", "UK-OFSI", "UAE-MoF", "CBUAE", "MAS-SG", "HK-SCSML", "AU-DFAT", "CA-SEMA", "CH-SECO", "INTERPOL", "FATF-GREY", "OpenSanctions-PEP"] }, "pep_check": { "hit": true, "matched_name": "Tariq Al-Badawi", "pep_type": "Senior Government Official", "pep_position": "Former Deputy Minister of Finance", "pep_country": "AE", "source": "OpenSanctions PEPs", "edd_required": true }, "country_risk": { "origin_iso2": "AE", "origin_risk_tier": "elevated", "origin_fatf_status": "compliant", "dest_iso2": "SA", "combined_tier": "elevated", "requires_edd": true }, "latency_ms": 1134, "created_at": "2025-03-15T09:42:11Z" }
GET /v1/transactions/{id}
Get a screening decision
Retrieve the screening result for a previously submitted transaction by its TraceRule ID.
Request example
curl https://api.tracerule.com/v1/transactions/tr_scr_01HXYZ123 \ -H "Authorization: Bearer tr_live_xxxx"
GET /v1/transactions
List transactions
Returns a paginated list of screening decisions, newest first. Supports filtering by decision, date range, and risk score.
Query parameters
ParamTypeDescription
limitintegerNumber of results per page (default 20, max 100)
afterstringCursor for pagination (from previous response)
decisionstringFilter by decision: PASS, HOLD, or BLOCK
fromstringISO 8601 start date
tostringISO 8601 end date
Webhook events
TraceRule sends a POST request to your configured endpoint immediately after every screening decision. Each event includes the full decision payload and a signature for verification.
Signature verification: Each webhook includes a Tracerule-Signature header - an HMAC-SHA256 of the raw request body signed with your webhook secret.
transaction.passed
Transaction cleared all checks. Safe to process automatically.
transaction.held
Transaction flagged for manual review. Compliance officer action required before release.
transaction.blocked
Transaction blocked - sanctions hit or critical compliance failure. Do not process. STR draft auto-generated if SAR/STR feature enabled.
transaction.overridden
Compliance officer manually overrode a HOLD decision. Payload includes override reason and officer ID for audit trail.
Webhook payload example
{ "event": "transaction.held", "timestamp": "2025-03-15T09:42:12Z", "data": { "id": "tr_scr_01HXYZ123", "transaction_id": "TXN-2847-AE", "decision": "HOLD", "rationale": "Grey-list jurisdiction + high value warrants EDD...", "risk_score": 67 } }
POST /v1/webhooks
Register a webhook endpoint
Configure a URL to receive real-time decision events. You can subscribe to specific event types or receive all events.
Request example
curl https://api.tracerule.com/v1/webhooks \ -H "Authorization: Bearer tr_live_xxxx" \ -d '{ "url": "https://your-platform.com/webhooks/tracerule", "events": ["transaction.held", "transaction.blocked"], "description": "Production compliance queue" }'
POST /v1/sanctions/screen
Screen an entity against all watchlists
Screen an individual or legal entity against all 15 active watchlists simultaneously — OFAC SDN, OFAC Non-SDN, UN Consolidated, EU EEAS, UK OFSI, UAE MoF, CBUAE, MAS Singapore, HK SCSML, AU DFAT, CA SEMA, CH SECO, Interpol, FATF High-Risk, and OpenSanctions PEP. Returns per-list hit status, confidence score, and matched aliases.
Request body
FieldTypeRequiredDescription
namestringrequiredFull legal name of the individual or entity to screen
dobstringoptionalDate of birth (ISO 8601) — improves match precision for individuals
nationalitystringoptionalISO 3166-1 alpha-2 country code
listsarrayoptionalSubset of list IDs to check. Omit to check all 15 lists.
fuzzy_thresholdnumberoptionalName match confidence threshold 0–1 (default 0.85)
Request example
curl https://api.tracerule.com/v1/sanctions/screen \ -H "Authorization: Bearer tr_live_xxxx" \ -H "Content-Type: application/json" \ -d '{ "name": "Viktor Medvedchuk", "dob": "1954-08-07", "nationality": "UA" }'
Response 200
{ "name": "Viktor Medvedchuk", "screened_at": "2026-03-29T11:22:00Z", "overall_hit": true, "risk_level": "BLOCK", "lists_checked": 15, "hits": [ { "list": "OFAC-SDN", "confidence": 0.99, "matched_alias": "MEDVEDCHUK, Viktor Volodymyrovych" }, { "list": "EU-EEAS", "confidence": 0.99, "matched_alias": "Viktor Volodymyrovych Medvedchuk" }, { "list": "UK-OFSI", "confidence": 0.97, "matched_alias": "Viktor Medvedchuk" } ], "latency_ms": 28 }
GET /v1/sanctions/lists
List active watchlists
Returns metadata for all 15 active watchlists — entity count, last refresh timestamp, issuing authority, and jurisdiction coverage.
Request example
curl https://api.tracerule.com/v1/sanctions/lists \ -H "Authorization: Bearer tr_live_xxxx"
Error codes
TraceRule uses standard HTTP status codes. Error responses include a machine-readable code and a human-readable message.
400invalid_requestMissing or malformed fields. Check the errors array in the response.
401unauthorizedInvalid or missing API key.
402quota_exceededMonthly transaction quota reached. Upgrade your plan.
422ivms_validation_errorOriginator or beneficiary data fails IVMS101 validation. Check the fields array.
429rate_limitedToo many requests. See Retry-After header.
503screening_unavailableAI screening temporarily unavailable. Retry with exponential backoff.
Rate limits
Rate limits are applied per API key. Burst capacity allows short spikes above the sustained rate.
PlanSustainedBurstMonthly quota
Starter10 req/s30 req/s10,000 transactions
Professional100 req/s300 req/s100,000 transactions
EnterpriseCustomCustomUnlimited
All responses include X-RateLimit-Remaining and X-RateLimit-Reset headers.
Security & Compliance

Enterprise-grade security

TraceRule is built for regulated financial institutions. Every architectural decision prioritises data protection, auditability, and regulatory alignment.

Data Encryption
AES-256 at rest, TLS 1.3 in transit. All PII fields tokenised before storage.
Zero-Trust Architecture
Every API call validated. No implicit trust between services. mTLS between microservices.
Immutable Audit Log
Every decision, every API call, every access event - tamper-proof and regulator-ready.
99.9% Uptime SLA
Multi-region failover. Real-time status at status.tracerule.com. Incident response <15 min.
Certifications & Compliance
SOC 2 Type II
In progress (Q3 2026)
ISO 27001
In progress (Q4 2026)
FATF R.15/16
Aligned
CBUAE AML/CFT
Aligned
VARA Rulebook
Aligned
MiCA (EU)
Aligned
Security questions?
Contact our security team at security@tracerule.com for penetration test reports, DPA templates, or architecture reviews.