Bundled but Not Exempt: Why Net Settlement Is R16’s Hidden Compliance Test

When the Financial Action Task Force (FATF) published its revised Recommendation 16 (R16) in June 2025, the headlines focused on expanded data requirements and the extension of travel rule obligations to the broader payments sector. The 2030 deadline dominated the discussion. One of the most operationally significant clarifications received far less attention: the FATF confirmed that net settlement arrangements and bundled transactions need not be unbundled by intermediary financial institutions. Yet this apparent concession comes with a condition most firms have not yet confronted. The underlying individual transactions must remain fully compliant with R16 throughout the payment chain. The exemption is narrow; the obligation it preserves is not.

The concession that is not a concession

The revised Interpretive Note to Recommendation 16 (INR.16) states that financial institution-to-financial institution transfers and settlements do not require accompanying originator and beneficiary data, provided both the originator and beneficiary are financial institutions. The FATF’s Explanatory Note reinforces this point: a bank conducting net settlement on behalf of other institutions will have no obligations under R16 regarding that settlement, so long as the underlying customer transactions have already been processed in compliance with the standard. This matters because net settlement is not an edge case; it is the architecture through which a vast proportion of cross-border payments are settled.

The distinction is critical. The settlement layer is exempt. The instruction layer is not. Every individual payment that feeds into a net settlement must carry the required originator and beneficiary information as it moves along the payment chain, from the ordering financial institution through any intermediaries to the beneficiary institution. The fact that those payments are subsequently aggregated into a net position for settlement does not relieve any party of its transparency obligations at the point of instruction.

Bundled payments expose a deeper traceability gap

The challenge becomes more acute when the discussion shifts from net settlement between banks to bundled payments involving non-bank payment service providers. In money remittance, the pattern is common: a money service business may collect hundreds of individual customer payment instructions in one country and transmit them as a single bundled payment through a correspondent banking chain. The funds are disbursed in another country. The intermediary banks in that chain see one large transfer; they do not see the individual customers behind it.

The Wolfsberg Group’s Payment Transparency Standards, published in October 2023, and the supplementary Roles and Responsibilities guidance issued in February 2025, document this structural reality in detail. Intermediary payment service providers in bundled flows have limited visibility over end-to-end payment data. The Group’s position is clear: intermediaries should not be expected to unbundle payments, nor should they be held accountable for compliance obligations that belong to the entity initiating the flow.

The FATF’s revised R16 aligns with this position in principle. It does not require unbundling. But it does require that the originating institution ensures all required data accompanies the underlying individual transactions; it also requires that beneficiary institutions verify alignment between the information received and the identity of the recipient. The significance lies not in the unbundling exemption itself, but in the distributed compliance model it implies.

The gap is operational. For intermediaries processing bundled payments, the question is no longer whether they must unbundle. It is whether they can demonstrate that the underlying transactions were compliant at the point of origination and that they had effective, risk-based procedures for detecting incomplete or meaningless data. The Wolfsberg Group’s consultation response to the FATF raised this concern explicitly: banks facilitating payment flows for non-bank payment service providers have limited visibility into underlying flows, especially in bundled systems.

ISO 20022 raises expectations without resolving ambiguity

The timing of the revised R16 is not coincidental. It arrives alongside the global migration to ISO 20022, the structured messaging standard that promises richer, more granular data in cross-border payment messages. Swift’s coexistence period for legacy MT messages ended in November 2025; from January 2026, institutions still relying on contingency processing face additional charges. By November 2026, unstructured postal addresses will no longer be accepted in Swift’s CBPR+ messages. The payment infrastructure is, in theory, becoming capable of carrying the data that R16 demands.

In theory. The reality for bundled and net-settled transactions is more complicated. ISO 20022 enables structured data transmission within individual payment instruction messages, but it does not resolve how originator and beneficiary data for hundreds of underlying transactions within a bundled flow should be carried, stored and retrieved. The FATF’s Explanatory Note acknowledges that such information must be included in instructions sent from an originating institution to a beneficiary institution, including through any intermediary, to enable disbursement. It does not specify the mechanism. The gap is significant.

This is where the distance between standard-setting and operational implementation becomes most visible. A payment service provider originating a bundled cross-border remittance may hold all the required customer data internally. But the correspondent bank processing the bundled transfer may receive only a single pacs.008 message with the remittance firm as the debtor and the disbursement bank as the creditor; the individual customer data travels through a separate channel, often proprietary to the remitter. Whether that arrangement satisfies R16 is a question the forthcoming FATF guidance will need to address directly.

The screening obligation does not disappear at the netting layer

A common misunderstanding in the industry is that if net settlements are exempt from R16 data requirements, they are also exempt from sanctions screening. This is incorrect. Sanctions obligations are distinct from payment transparency obligations; a financial institution conducting net settlement remains bound by applicable sanctions regimes regardless of its position in the payment chain. The R16 exemption relates to the information that must accompany the settlement message. It does not create a carve-out from the obligation to screen.

The practical difficulty is that screening a net settlement message is of limited value when it contains only the names of two settling institutions and an aggregated amount. Effective sanctions screening requires access to underlying transaction data; for intermediaries in bundled flows, that data may not be present in the payment message they receive. The revised R16 does not resolve this tension. It assumes screening occurs at the right points: at the ordering institution, which holds the originator data, and at the beneficiary institution, which holds the beneficiary data.

Intermediaries screen what they have. They are expected to maintain proportionate, risk-based procedures for identifying manifestly incomplete or meaningless data. But for an intermediary processing a bundled payment from a licensed remittance provider, the question of what constitutes ‘manifestly incomplete’ information is far from straightforward. The standard offers no definition; the governance of that judgement falls entirely to the institution.

The EBA has moved first, but the framework remains incomplete

The European Banking Authority (EBA) provides the most developed supervisory framework for these obligations. Its Travel Rule Guidelines, published in July 2024 under European Union (EU) Regulation 2023/1113, have applied since 30 December 2024. The Guidelines specify the information that must accompany transfers of funds, the steps that payment service providers must take to detect missing data and the procedures for managing deficient payments. Crucially, the EBA confirmed that intermediaries are not expected to unbundle. This aligns with both the Wolfsberg Group’s position and the FATF’s revised R16.

Yet the EBA Guidelines were drafted before the revised R16 was finalised. The enhanced data requirements introduced by the FATF in June 2025 go beyond what the current EU Transfer of Funds Regulation requires: beneficiary geographic information, date of birth for individual originators and the Legal Entity Identifier for legal persons are all new additions. The EU will need to update its legislative framework to align with the revised standard. Until that alignment occurs, firms operating across EU and non-EU jurisdictions face overlapping but non-identical obligations.

The FATF’s Guidance Project Team began its formal drafting work in late 2025, drawing on both public and private sector experts. A public-private Payment Advisory Group has been established to support implementation, and an outreach event for the private sector is planned for April 2026. Adoption of the guidance is expected around October 2026. That guidance will need to address net settlement and bundled transactions with operational specificity, not merely confirm the principle.

Firms are building for the wrong compliance model

The risk for financial institutions is that they interpret the net settlement exemption as a simplification. It is not; it is an escalation of complexity. The exemption means that compliance obligations do not sit at the settlement layer. It does not mean they sit nowhere. They sit with the ordering institution, the beneficiary institution and, to a risk-based extent, with every intermediary in the payment chain.

For many correspondent banks, the answer to whether their compliance architectures reflect this is almost certainly no. Transaction monitoring systems are typically configured to screen payment messages as received. If the payment message is a single bundled transfer from a licensed payment service provider, the screening may capture the PSP’s name, its Business Identifier Code and the aggregated amount; it will not capture the names of the underlying originators and beneficiaries. The bank may rely on contractual assurances from its respondent that the underlying transactions have been screened. That reliance may be commercially reasonable. It is not, by itself, a demonstration of control effectiveness.

Alan Ketley of the Wolfsberg Group identified this tension directly during the R16 consultations: if intermediaries are required to unbundle payments, there will be cost implications for users along with potential delays. The FATF heard this concern. It chose not to require unbundling. But the alternative is a distributed compliance model where each participant in the chain is responsible for its own segment; that model demands a level of operational coordination and data-sharing infrastructure that the industry has not yet built.

The compliance gap sits at the instruction layer, not the settlement layer

Firms processing or facilitating bundled or net-settled cross-border payments should reassess their compliance frameworks against three specific dimensions. First, the data architecture: can the firm trace individual underlying transactions within a bundled flow from origination to disbursement, even if those transactions are not present in the settlement message? Second, the screening model: does the firm screen at the instruction layer where originator and beneficiary data is available, or does it screen aggregated settlement messages that lack granular customer information? Third, the contractual framework: do agreements with respondent institutions articulate clearly where R16 compliance obligations sit at each point in the chain?

The FATF’s forthcoming guidance will provide greater specificity. But firms that wait for the guidance before acting will find themselves reconfiguring systems under time pressure. The 2030 deadline may appear distant; it is not. The February 2026 FATF Plenary has already adopted mutual evaluation reports for Austria, Italy and Singapore under the new assessment methodology, which includes Annex IV provisions for assessing R16 compliance. The evaluation cycle is running.

Traceability is the obligation that survives every exemption

The revised R16 did the industry a favour by confirming that net settlements need not be unbundled. It did not, as some appear to believe, create a compliance-free zone at the settlement layer. The obligation to ensure that accurate, structured originator and beneficiary data accompanies every individual customer transaction throughout the payment chain remains intact; it applies regardless of whether those transactions are subsequently aggregated for settlement purposes.

The compliance challenge is not that the standard is unclear. It is that the infrastructure to meet it does not exist at scale. Bundled payment architectures were designed for efficiency, not transparency; correspondent banking relationships were built on trust, not granular data exchange. The revised R16 asks the industry to reconcile these realities within a framework that is both operationally viable and regulatorily defensible.

If firms build for that standard now, they will be ready when the evaluation cycle reaches them. If they do not, the exemption they relied upon will offer no protection; no compliance position built on incomplete traceability is credible. Net settlement is a mechanism. Traceability is the standard. The FATF has made clear which one takes precedence.

Can you demonstrate R16 compliance across every layer of your payment chain?

At OpusDatum, we help financial institutions and payment service providers assess their exposure to the compliance challenges created by the revised FATF R16, including the operational implications of net settlement, bundled transactions and distributed compliance obligations across complex payment chains.

 Contact us to discuss how we can support your readiness. Visit opusdatum.com or reach out to our advisory team directly.