Getting the Financial Action Task Force’s Travel Rule Right: Delivering on Guidance
FATF has revised its Travel Rule (R16) to standardise the information accompanying cross-border P2P payments above USD/EUR 1,000, expand the use of new technologies to curb fraud, and refine the scope for the purchase of goods and services, marking an important step in modernising payment transparency. However, the practical impact of these changes depends on how jurisdictions interpret and implement the forthcoming Guidance (with broad public consultation planned for 2026 and finalisation expected by October 2026), raising inclusion concerns highlighted by CGAP. Discussions at RUSI and CGAP identify key issues: verification of a “nearest alternative” for missing addresses, risks of de-risking, data-protection challenges for smaller institutions, de-minimis threshold divergence across jurisdictions and exchange-rate volatility, and the need for harmonisation and clear signals to authorities to avoid fragmentation while supporting inclusion. The wider objective is to align FATF reform with the G20 goal of faster, cheaper, more transparent cross-border payments by 2027–2030, recognizing that progress hinges on effective guidance and industry engagement.
The Financial Action Task Force’s plans for cross-border payment transparency are welcome, but this ambition without safeguards may undermine financial system access.
In late April, the Financial Action Task Force (FATF), the global anti financial crime watchdog, brought together representatives from the private sector to discuss the implementation of changes to FATF’s Recommendation 16 (R16) and support the development of Guidance. It also announced that broader public consultation on the Guidance is expected in 2026.
The revisions to R16 (also known as the ‘Travel Rule’) were adopted almost a year ago, at FATF’s June 2025 plenary. Yet, as with many similar revisions to global standards, the real test is not the text but how it will be interpreted and implemented. FATF seems to recognise the challenge; whether it has the cure is yet to be seen.
In substance, the revisions to R16 clarify responsibilities within the payment chain: introduce standardised requirements on the information that must accompany cross-border peer-to-peer (P2P) payment messages above USD/EUR 1,000; add new requirements for institutions to make use of emerging technologies to protect against fraud and errors; and refine the scope of payments for the purchase of goods and services. Taken together, the changes are an important step in modernising payment transparency.
However, as highlighted by CGAP, elements of the revised R16 carry financial inclusion implications. Recognising this, Paragraph 2 of the revised R16 makes clear that it is not FATF’s intention ‘to impose rigid standards or to mandate a single operating process that would negatively affect the payment system or financial inclusion’. Yet, in practice the impact will depend on how jurisdictions interpret and operationalise the requirements once FATF issues its detailed guidance (expected to finalise by October 2026).
The accompanying explanatory note confirms that the guidance will address inclusion-sensitive challenges, such as the treatment of missing or partial information, concerns related to addresses in rural/remote areas and operationalisation of the de minimis thresholds. What is unclear is how these commitments will actually get reflected in the guidance.
In February, the Centre for Finance and Security at RUSI convened a roundtable to explore how guidance could better incorporate inclusion considerations, coming up with the following concrete proposals.
Verification Requirements: Calling for More Clarity
The revised R16 requires that cross-border payment messages above a de-minimis threshold include the originator’s address and the country and town name (or the nearest alternative) of the beneficiary. The ‘nearest alternative’ flexibility is welcome, especially where formal address systems are incomplete, but it also introduces unresolved issues from an inclusion perspective that guidance needs to address.
First, there is a concern that some jurisdictions may respond to the use of alternative identifiers by applying more stringent controls as a precaution, which might cause de-risking. The guidance should therefore state clearly that permitted alternative identifiers should not justify enhanced due diligence in the absence of other risk factors.
Second, FATF needs to clarify what counts as an acceptable ‘nearest alternative’. For example, where a town name does not exist, should this be interpreted as a region, state, or the country? Without clear parameters inconsistent implementation is likely.
Third and related, the guidance should explain how this ‘nearest alternative’ is to be verified and by whom. It should set out concrete examples of acceptable verification methods across different country contexts. A practical possible solution to this could involve community-based approaches. For example, in rural settings, a local authority or a recognised community representative may verify location or identity, or affidavit-based systems (such as sworn declaration made before a competent authority) could support verification where formal documentation is lacking. The guidance should not prescribe a single model, but it should clearly indicate which alternatives are acceptable.
Fourth, the requirement to transmit personally identifiable information raises concerns around data protection and storage. Frameworks such as the GDPR require the receiving institutions to handle data at equivalent levels of protection. This poses challenges for smaller institutions, such as microfinance or rural banks, which may lack the technical capacity to securely store and manage the data. The guidance should acknowledge these capacity constraints and encourage implementation options such as scheme-level pre-validation, where risks permit.
De-Minimis Threshold Needs Practical Rules
The revised R16 imposes a de-minimis threshold which requires cross border payments and value transfers above 1,000 USD/EUR to include the name and account number of both originator and beneficiary, or a unique transaction reference number. While in its explanatory note FATF acknowledges the calls for additional clarity and commits to address this in the guidance, important questions around application remain.
A key issue with the de-minimis threshold is the potential for divergence across jurisdictions. For example, in practice one jurisdiction might apply the threshold of $100 and another adopt the maximum of $1,000. This divergence then risks resulting in operational complexity and friction in payment flows. Thus, the guidance should make it clear whether a degree of harmonisation is expected and how it might be achieved.
A second challenge relates to exchange rate volatility. In jurisdictions with currency volatility, the same transaction may fall above or below the threshold within a matter of days, creating uncertainty. The guidance should consider mechanisms to address this, such as fixed reference periods or simplified threshold application methods.
More importantly, the explanatory note to R16 already recognises that where both the beneficiary and the ordering institutions participate in a pre-validation mechanism, this process can be used as a sufficient substitute for transaction level verification above the de-minimis threshold. Building on this, the guidance should make clear that, such mechanisms can be used to determine in advance what information is required for a transaction considering the de-minimis threshold. This would provide a structured way to signal expectations between institutions, reducing uncertainty.
Flexibility Should not Become Vagueness
Stepping back from the technical details, a broader concern with the guidance is that flexibility should not translate into vagueness. While at the micro level flexibility helps institutions tailor approaches to risk, at the macro level, divergences across countries might lead to fragmentation, reducing interoperability and potentially creating ‘off- switches’ between jurisdictions in cross border payments.
More fundamentally, financial inclusion and integrity are system level objectives for FATF and have been repeatedly presented as mutually reinforcing objectives. In practice, however, tensions at the micro-level are inevitable, particularly where incentives favour risk aversion and an over compliance mentality prevails. To solve this tension, the guidance should provide clear incentives and signals to national authorities on acceptable risk tolerance levels and ensure that they will not be penalised for adopting inclusion-sensitive frameworks in the mutual evaluation process.
To sum up, the next couple of years will be key for cross border payments, as financial institutions are expected to fully implement the revised R16 by 2030. What is crucial, however, is that the practical implementation of the revised R16 needs to align with the G20’s goals of enhancing cross-border payments, meaning the FATF process is not in isolation. G20 members had originally set themselves the ambitious objective of meeting most of their targets on faster, cheaper and more transparent and inclusive cross-border payments by 2027. This deadline now seems unlikely to be met according to the latest metrics. Indeed, the Financial Stability Board’s latest 2025 progress report notes that ‘misaligned AML/CFT compliance controls, inefficient implementation of capital controls, limited transparency for end-users, and interoperability challenges’ are some of the reasons why progress is lacking. In this context, much depends on the forthcoming guidance and how the industry engages with it. It should be acknowledged that the guidance (although non-binding) might be perhaps one of the last meaningful opportunities to ensure that the Travel Rule is implemented in a way that supports the broader reform for cross-border payments in an inclusion-sensitive way.
© RUSI, 2026.
The views expressed in this Commentary are the author's, and do not represent those of RUSI or any other institution.
For terms of use, see Website Terms and Conditions of Use.
Have an idea for a Commentary you'd like to write for us? Send a short pitch to [email protected] and we'll get back to you if it fits into our research interests. View full guidelines for contributors.
