What is happening with Recommendation 16?
Sometimes referred to as the Travel Rule, Recommendation 16 is being revised by FATF in a bid to standardise the information in payment messages to provide a clearer picture of who is sending and receiving money. Ultimately, this should help to prevent fraud and errors that can harm customers and slow down payments.
Fraud has emerged as a significant threat for consumers, merchants and payment service providers alike in recent years as payments have shifted online. The changes to Recommendation 16 will put in place a safety net for the international payment system by increasing the transparency of information that accompanies cross-border payments and requiring the introduction of tools that effectively protect against fraud and error.
Via the newly revised standards, the FATF is ensuring that anti-money laundering defences keep at pace with today’s reality, where many actors in the payments ecosystem, such as fintechs and digital payment platforms, are now carrying out the tasks that were once limited to incumbent, traditional banks.
FATF changes are not legislation, but firms need to treat these recommendations as a precursor to policy in the jurisdictions that they operate in. Recommendation 16 will filter down into regulatory frameworks across the world by 2030, when the FATF says that the deadline for implementation will be.
If countries that are part of FATF fail to abide by this, then they risk being subject to increased monitoring. The negative impact that this can have on economies, and for banks, on their ability to carry out correspondent banking, means that it is inevitable that countries will do their best to codify the revised Recommendation.
What are the changes to Recommendation 16:
The changes are intended to support the G20’s roadmap for making cross-border payments faster, cheaper, more transparent and more inclusive. They include:
- Clarifying responsibilities within the payment chain: The changes clarify responsibility within the payment chain for including and preserving information in payment messages, improving accuracy and guiding investigators to the right source. Under the new standard, the chain begins with the financial institution receiving the customer’s payment instruction.
- Standardised information requirements: The FATF rule will also require standard information, like name, address, and date of birth, to accompany peer-to-peer cross-border payments that are above USD/EUR 1,000. This should more clarity on who is sending and receiving money, and making suspicious transactions easier to detect, and in jurisdictions like the EU, should see an uptick in firms adopting tools such as the European Payment Council’s One Leg Out Instant Credit Transfer (OCT Inst) as a way to effectively adhere.
- Requirements to introduce tools that protect against fraud and error: The new standards are set to require financial institutions to make use of new technologies that protect against fraud and error, such as verification of recipients’ banking information, so that customers can have peace of mind that their money is going to the right place. These protocols have been introduced in jurisdictions like the UK, and are also to become EU-wide in October 2025 as part of the compliance requirements for the Instant Payments Regulation (IPR).
- Clarification on card transactions: The FATF has refined the exemption for credit, debit and prepaid cards so that it only applies to genuine purchases of goods and services, not peer-to-peer transfers. Instead of requiring issuer and acquirer details in payment messages, authorities will access this information through card network directory systems to avoid high implementation costs, which should provide clarity while keeping requirements proportionate and workable for financial institutions.
Who will the changes to Recommendation 16 affect, and what can you do now?
The rule revamp may not be fully effective until 2030, but nevertheless, payment professionals should be under no illusion that these changes will significantly impact banks and money movement businesses alike. While there will be a likely welcomed convergence of standards internationally at the end of it, this will not be without its challenges for firms.
What should create a global benchmark will also inevitably bring with it operational complexity, as firms will be all too familiar when implementing other standards like ISO 20022.
The revised FATF standards will mean new implementation challenges for payment service providers, as systems, messaging formats, and internal processes will need to adapt to capture and transmit new data requirements. Coming up to standard with these obligations is likely to mean more investment into infrastructure, something the FATF has implicitly confirmed with its requirements for new technologies to be deployed.
Meanwhile, fintechs and neobanks are likely to face issues adapting to the changes to virtual IBANs that will come with this revision. These are typically linked to a master account, meaning the account number may not directly reflect the end-customer sending or receiving funds.
The new rules will mean that payment messages must accurately show the originator and beneficiary, including names, addresses, and account numbers, and any practices that obscure the true account holder will no longer be allowed.
Implementation will also vary across jurisdictions. FATF sets global expectations, but as is already evident in the differentiation between requirements for Confirmation of Payee in the UK and Verification of Payee in the EU, countries will adopt the standards at different speeds and with local nuances.
