No Exceptions: Why ‘Same Activity, Same Risk, Same Rules’ on Wire Transfer Regulations Demands Action Now

In an era where financial services are increasingly unbundled, digitised, and decentralised, the FATF’s call for functional consistency in anti-financial crime regulation has never been more relevant. Its mantra of “same activity, same risk, same rules”, particularly as it relates to Recommendation 16 (the so-called Travel Rule), sets a clear expectation: entities performing equivalent financial functions must be held to equivalent compliance standards, regardless of the technology or platform used.

For the UK financial sector, this principle is more than a rhetorical device. It signals a fundamental shift towards activity-based regulation at a time when criminals are exploiting fragmentation in the payments ecosystem to launder money, move illicit assets, and evade sanctions. As payments become faster, more mobile, and increasingly digital, the case for levelling the regulatory playing field across all payment channels has become urgent and unavoidable.

Understanding the FATF Travel Rule & Its Evolution

The FATF Travel Rule requires that information on the originator and beneficiary of wire transfers be collected and transmitted alongside the transaction. Originally developed for traditional correspondent banking, it has since been expanded to apply to virtual asset service providers (VASPs) in recognition of the growing role that cryptocurrency plays in global value transfers.

At the heart of this recommendation lies a principle that transcends legal form: regulatory obligations should attach to financial activity, not merely to institutional category. As the UK seeks to maintain its global leadership in both innovation and financial integrity, the challenge lies in ensuring that regulatory frameworks keep pace with the rapidly evolving nature of payments.

Why the 'Same Rules' Principle Matters for UK Payment Channels

The UK is home to a sophisticated and diverse payments landscape, ranging from traditional bank transfers and real-time payment systems to digital wallets, fintech platforms, and blockchain-based solutions. Yet regulatory oversight has not kept uniform pace across all these channels. This creates a regulatory asymmetry that bad actors can exploit. Money launderers, terrorist financiers, and sanctions evaders often migrate to less regulated platforms, using a patchwork of systems to layer and obscure the movement of illicit funds. The only effective defence is a risk-aligned, channel-agnostic regulatory approach.

Payment Channels That Should Fall Under the Same Rules

• Traditional Wire Transfers

These are the most heavily regulated and already fall squarely within the scope of the Travel Rule, with strong compliance expectations around customer due diligence, record-keeping, and originator/beneficiary data transmission. SWIFT and correspondent banking networks are well-embedded in regulatory frameworks, but legacy systems can still be used to layer transactions and obscure audit trails.

• Instant Payment Systems (e.g. SEPA Instant, Faster Payments, FedNow)

  The rapid adoption of real-time payment systems has created new challenges for AML and CFT compliance. Instant payments increase the speed of funds movement, reducing the window for transaction monitoring and risk assessment. Regulators are increasingly recognising the need to apply the same data requirements and monitoring standards to these systems as traditional wires.

  
  

• Card-Based Payments (e.g. Visa, Mastercard)

  Although primarily used for consumer purchases rather than large-scale value transfers, prepaid cards and anonymous reloadable instruments have historically been exploited for illicit finance. Where these instruments are used in cross-border transfers or resemble stored value products, they should fall within the same regulatory perimeter as other payment methods.

  
  

• Digital Wallets & Mobile Money (e.g. PayPal, Apple Pay, M-Pesa)

  These platforms functionally replicate the services of bank accounts and payment processors. In regions with limited banking infrastructure, mobile money has enabled financial inclusion but also created vulnerabilities for terrorist financing and informal value transfer. Regulation should align with the “same activity” principle and require due diligence, transaction reporting, and suspicious activity monitoring.

  
  

• Cryptocurrency & Virtual Asset Transfers

  Virtual asset service providers (VASPs) are now explicitly subject to the Travel Rule. However, enforcement varies widely by jurisdiction. The FATF has emphasised that crypto exchanges, wallet providers, and DeFi protocols that facilitate transfers should all be treated equivalently to financial institutions when they perform the same functions.

  
  

• Closed-Loop & In-App Payment Systems (e.g. gaming platforms, e-commerce wallets)

  These are often overlooked in AML and CTF frameworks despite facilitating real economic activity. Criminal actors have used gift cards, virtual currencies, and online game tokens to launder money. As these platforms increasingly allow for peer-to-peer transfers or cash-out options, regulators should assess whether their risk levels merit inclusion under equivalent AML and CTF rules.

  
  

• Buy Now, Pay Later (BNPL) Services

  While BNPL is credit-focused, many of these providers now offer wallet and payment services, particularly in the e-commerce sector. If used to facilitate value transfers or withdrawals, such channels may warrant risk-based regulatory oversight.

Practical Challenges & Opportunities for UK Regulators

• Redefining the Regulatory Perimeter

To apply the Travel Rule consistently, the UK must transition from entity-based to activity-based supervision. This shift would likely require targeted amendments to the Money Laundering Regulations (MLRs) and closer coordination between the FCA, HM Treasury, and relevant industry stakeholders. A more holistic approach is needed to capture all forms of value transfer, regardless of the institution involved, and ensure supervisory oversight aligns with risk rather than business model.

• Technical Infrastructure & Data Standards

Effective compliance with the Travel Rule depends on secure and interoperable messaging standards. Traditional financial institutions benefit from established protocols such as those developed by SWIFT. In contrast, the cryptoasset sector remains fragmented, relying on evolving solutions like the InterVASP Messaging Standard (IVMS101) and the Travel Rule Information Sharing Alliance (TRISA). The UK should support the development of technology-neutral, scalable standards that enable consistent implementation across both traditional and emerging payment channels.

• Cross-Border Coordination & Data Privacy

Ensuring compatibility with FATF-compliant jurisdictions is vital for effective cross-border information sharing. At the same time, the UK must navigate the requirements of UK GDPR, particularly when personal data on originators and beneficiaries is exchanged internationally. Regulatory guidance will be critical to help firms reconcile anti-money laundering obligations with data privacy laws, especially in the context of global transfers involving digital assets.

• Risk-Based Supervision & Proportionality

Not all payment channels present the same level of financial crime risk. UK regulators must maintain a risk-based and proportionate approach, applying enhanced due diligence measures to high-risk scenarios such as cross-border crypto transfers while avoiding unnecessary compliance burdens for lower-risk domestic platforms. This principle is essential to encouraging innovation while preserving system integrity.

• Implications for the UK Financial Sector

The extension of the “same rules” principle across all value transfer channels will demand significant changes from financial institutions, fintechs, and payment service providers. Firms will need to:

• Review and upgrade their systems to ensure Travel Rule compliance across all applicable channels.

• Invest in screening tools capable of handling real-time and cross-platform transactions.

• Establish robust governance structures to identify and mitigate channel-specific risks.

• Enhance due diligence and transaction monitoring procedures, particularly for digital-first services.

In addition, firms must prepare for increased regulatory scrutiny in areas such as transaction traceability, data integrity, and customer transparency. These expectations will only grow as HM Treasury continues to align the UK’s AML regime with updated FATF standards.

Conclusion: Closing the Loopholes on Wire Transfer Regulation

The FATF’s principle of “same activity, same risk, same rules” is more than just a regulatory mantra. It provides a clear framework for safeguarding the UK’s financial system amid the proliferation of new payment technologies. As payment methods continue to diversify and converge, regulatory oversight must follow suit. The UK must bring all value transfer mechanisms within the AML perimeter, align supervision with risk, and implement the safeguards required by Recommendation 16.

This is not only achievable but vital to staying ahead of criminal innovation. By addressing regulatory blind spots and promoting consistency across financial channels, the UK can reinforce its reputation as a global leader in both financial innovation and financial crime compliance.

Are You Prepared For the Amended FATF Recommendation 16?

To explore these issues in greater depth and understand how your organisation can prepare, download our white paper on wire transfer regulation compliance under the evolving UK AML regime.

Additionally, discover how WireCheck can help you assess your institution’s readiness for Recommendation 16.