As of 2026, Kazakhstan has fully integrated global AML/CFT standards into its digital‑asset regulatory framework, with the Astana Financial Services Authority (AFSA) and the Law on Digital Assets underpinning enforcement. Within the Astana International Financial Centre, Virtual Asset Service Providers (VASPs) must comply with the Travel Rule — aligned with Financial Action Task Force Recommendation 15 — which mandates sharing specific counterparty data on transfers. Non‑compliance in the AIFC isn’t just a fine — it’s a licensing risk, as authorities tie Travel Rule adherence to ongoing authorization and access to Kazakh banking corridors.
The Legal Landscape: AIFC vs. Mainland Kazakhstan
Kazakhstan’s digital asset industry operates under a dualist regulatory regime, distinguishing between the AIFC, a special financial jurisdiction based on common‑law principles, and the national territory, which follows Kazakh civil-law frameworks. The Law on Digital Assets establishes the legal foundation for issuance and circulation of digital assets, and AFSA supervises licensing, AML/CFT obligations, and Travel Rule compliance within the AIFC.
VASPs generally prefer AIFC domicile to leverage regulatory clarity and participate in “pilot projects” connecting licensed digital asset platforms with Kazakhstan’s commercial banks. Meanwhile, the Financial Monitoring Agency (FMA) enforces AML/CFT obligations across the national territory, monitoring transactions, reviewing suspicious activity, and ensuring compliance with the Travel Rule.
Decoding the “Travel Rule” in the Kazakh Context
The Travel Rule stems from FATF Recommendation 15, requiring VASPs to collect and transmit essential originator and beneficiary information during digital asset transfers, extending traditional AML standards to virtual assets. In Kazakhstan, transfers above the de‑minimis threshold — approximately USD 1,000 (≈ 500,000 KZT) — must include the originator’s full name, wallet or account number, national ID, as well as the beneficiary’s name and wallet or account number.
This information must travel with the transaction, be securely stored, and be made available for regulatory review. AFSA mandates VASPs maintain internal systems and procedures to ensure that all data points are complete and auditable.
Technical Implementation & The “Sunrise Issue”
Practical compliance often involves integrating Travel Rule messaging protocols such as TRUST, Sygna, or Notabene, which allow secure exchange of required data between counterparties.
The Sunrise Issue occurs when transactions involve jurisdictions that have not yet implemented the Travel Rule. VASPs are expected to adopt a risk-based approach, either withholding transfers until the required data is available or applying enhanced due diligence to mitigate AML/CFT risk. Interactions with unhosted wallets require verification of ownership, typically via signing challenges or cryptographic proof, and these procedures must be documented for regulatory review.
Compliance Essentials for VASPs
Key compliance actions include integrating a Travel Rule messaging provider, updating internal AML/CFT policies to align with the AIFC DAA Rulebook, and training staff on counterparty due diligence. VASPs must also embed sanctions and PEP screening into transfer workflows and maintain documented procedures for interacting with unhosted wallets or managing Sunrise Issue cases.
Risks of Non‑Compliance
Failure to comply exposes VASPs to serious consequences. Regulatory authorities can impose administrative fines, suspend or revoke Digital Asset Trading Facility licenses, and block access to banking corridors. Beyond regulatory penalties, non-compliance carries reputational risk and can compromise relationships with domestic and international partners.
Conclusion & Future Outlook
Kazakhstan’s digital-asset compliance framework is evolving, with the planned rollout of the Digital Tenge expected to further automate Travel Rule adherence by 2027. The CBDC could embed originator and beneficiary information directly into transactions, streamlining AML oversight. For VASPs operating in Kazakhstan, proactive adaptation to AFSA guidance and the AIFC DAA Rulebook is critical for maintaining licenses, banking access, and market credibility.
Frequently Asked Questions
What is the Travel Rule and why does it matter for Kazakh VASPs?
The Travel Rule is part of FATF Recommendation 15. It requires VASPs to collect and transmit key originator and beneficiary information during digital asset transfers. In Kazakhstan, compliance is tied directly to licensing in the AIFC, making non-compliance both a legal and operational risk.
Which transactions are subject to the Travel Rule?
Transfers above the de‑minimis threshold — roughly USD 1,000 (≈ 500,000 KZT) — must include full originator and beneficiary details. Smaller transactions may be exempt, but VASPs must still monitor for unusual activity under AML/CFT rules.
What data must “travel” with the transaction?
Key information includes the originator’s full name, wallet/account number, national ID, as well as the beneficiary’s name and wallet/account number. This ensures traceability and regulatory oversight.
How should VASPs handle transfers to jurisdictions that haven’t implemented the Travel Rule?
VASPs should adopt a risk-based approach: either suspend transfers until the required data can be collected, or apply enhanced due diligence measures. Proper documentation and recordkeeping are critical for audit purposes.
Are unhosted (self-custody) wallets treated differently?
Yes. VASPs must verify ownership of unhosted wallets, typically via cryptographic proofs or signing challenges. These steps must be logged in internal compliance records.
What are the consequences of non-compliance?
Consequences include administrative fines, suspension or revocation of the Digital Asset Trading Facility license, and reputational damage, including loss of access to Tier‑1 banks and other financial partners.
Will the Digital Tenge impact Travel Rule compliance?
Yes. The planned rollout of Kazakhstan’s CBDC could automate Travel Rule data collection, embedding originator and beneficiary information directly in transactions and streamlining AML/CFT compliance.