Same Rules, Different Worlds: Why R16 Fails the Payments Systems That Need It Most

On 18 June 2025, the Financial Action Task Force (FATF) adopted its revised Recommendation 16 (R16) at the Plenary in Strasbourg. The consultation process had drawn more than 300 responses from financial institutions, regulators, civil society organisations and international bodies. The reform was ambitious in scope: a modernisation of the global payment transparency standard first conceived in the aftermath of the September 2001 attacks, recalibrated to reflect the realities of a digitised, borderless financial system. Its guiding principle was elegantly simple: same activity, same risk, same rules. Yet the principle, for all its symmetry, conceals a structural problem that the compliance community has been slow to confront. The payment systems that have done most to extend financial access across the developing world were not built on the infrastructure that R16 assumes. They were built against it.

The revised standard sits within a broader programme of FATF reform. The February 2025 amendments to Recommendation 1 replaced the term ‘commensurate’ with ‘proportionate’ and require countries to allow and encourage simplified due diligence in lower-risk scenarios. The updated financial inclusion guidance, adopted at the same June 2025 Plenary, explicitly recognises financial exclusion as a systemic risk to the integrity of the financial system. These are meaningful shifts.

The contradiction, however, is not one of intent. It is one of design. A standard built to promote inclusion across all payment channels still assumes an infrastructure that much of the world does not use.

The standard assumes an architecture that much of the world does not use

The original Travel Rule was designed around the mechanics of correspondent banking. Its logic presumed a structured, intermediated payment chain in which originator and beneficiary data would be collected at onboarding, attached to a Society for Worldwide Interbank Financial Telecommunication (SWIFT) message, and carried intact through a series of institutional handoffs. For two decades, this was sufficient. The revised R16 retains this foundational architecture while extending its reach, now requiring standardised data fields for all cross-border peer-to-peer payments above 1,000 US dollars or euros: the originator’s name, address and date of birth; the beneficiary’s name and, where available, account number.

These requirements are operationally coherent for SWIFT-based correspondent banking and for ISO 20022-enabled payment systems in developed markets. For much of the world, they are not. Mobile money services such as M-Pesa in Kenya, bKash in Bangladesh and GCash in the Philippines were engineered for minimal infrastructure, simplified onboarding and tiered identity verification. Brazil’s Pix system processes instant payments at a velocity that presupposes automated, interface-driven compliance. India’s Unified Payments Interface (UPI) , which processed over 16 billion transactions in a single month in 2024, was designed for frictionless, low-value transfers between individuals.

The significance lies not in the ambition of the revised standard, but in the assumption embedded within it: that the world’s payment infrastructure looks like SWIFT. Increasingly, it does not. The systems that now carry the greatest volume of person-to-person cross-border value were built for speed and accessibility, not for structured data carriage.

Data enrichment at speed is a problem R16 has deferred, not solved

The revised R16 introduces a requirement that the FATF itself acknowledges will demand further work: the application of enhanced data fields to instant and real-time payment systems. In an explanatory note published alongside the revised standard, the FATF committed to conducting further work ‘as a priority’ on the risks and controls applicable to different payment mechanisms, including instant payments. This concession is significant. It signals that the standard was adopted before its implications for the fastest-growing payment channels in the world were fully resolved.

The operational challenge is concrete. A cross-border M-Pesa remittance between Nairobi and Kampala settles in seconds. The sender may have onboarded with a national identification number and a mobile telephone number, not a verified residential address or a date-of-birth record authenticated against a government database. The World Bank estimates that 850 million people worldwide lack access to formal identification; four billion lack a structured address.

In practice, the distinction between domestic and cross-border is increasingly artificial. Remittance corridors in East Africa, the Philippines and the Indian subcontinent blur the line between domestic mobile money transfers and cross-border value movements. A compliance framework that applies enhanced data obligations only at the point where a transaction crosses a national boundary creates a regulatory cliff edge that neither the technology nor the user experience was designed to accommodate. The FATF’s response has been to emphasise proportionality. Whether that amounts to operational guidance or merely aspiration is the central question.

Proportionality without specification is aspiration, not architecture

The FATF has taken meaningful steps to embed financial inclusion within its broader standards framework. This is not in dispute. The revised financial inclusion guidance calls on supervisors to review whether institutions are over-complying due to an incomplete understanding of the risks they face. Crucially, it identifies exclusion not merely as a social concern but as a vulnerability that undermines the very system the standards are designed to protect.

Yet welcome principles do not resolve the operational tension at the heart of the revised Travel Rule. Proportionality tells jurisdictions to calibrate controls to risk. It does not tell them how to do so when the payment infrastructure in question was designed for speed and simplicity, not for structured data carriage. The Consultative Group to Assist the Poor (CGAP) and the World Bank raised precisely this concern during both rounds of public consultation, noting that public and private sector views diverge significantly on the available risk control measures for different payment mechanisms. The FATF acknowledged this divergence. It did not resolve it.

The consequence is predictable. Jurisdictions with strong supervisory capacity and mature digital identity infrastructure will implement the revised standard with relative ease. Jurisdictions without these foundations face a choice: invest in compliance infrastructure their payment systems were not designed to support, or risk falling behind in mutual evaluations.

The compliance asymmetry that drives de-risking

The relationship between enhanced compliance standards and de-risking is well documented. The revised R16 risks deepening it. When global correspondent banks cannot verify that counterparty institutions in developing markets are meeting the enhanced data requirements, the commercial calculus is straightforward: withdraw, restrict, or reprice. The Bank for International Settlements (IBS) and the Financial Stability Board (FSB) have both noted the contraction of correspondent banking relationships in the regions that can least afford to lose them.

More telling than the standard itself is the enforcement gap that surrounds it. The FATF’s 2025 Targeted Update on the implementation of standards for virtual asset service providers (VASPs) reported that only 42 per cent of jurisdictions with Travel Rule legislation have taken enforcement action. Fifteen per cent have not begun drafting. This creates what the compliance community terms the ‘sunrise problem’: a prolonged period during which institutions in compliant jurisdictions must decide how to handle transactions with counterparts in markets that have not yet implemented the revised standard.

For emerging market operators, this is not theoretical. It is the mechanism by which compliance asymmetry translates into exclusion from the global payment system. The FATF’s new Payment Advisory Group, announced as part of the implementation roadmap, is tasked with guiding the transition to full compliance by 2030, but whether it will address the specific operational challenges of non-SWIFT payment architectures remains to be seen.

Compliance planning cannot wait for guidance that has not yet been written

For payment service providers (PSPs), VASPs and banks with cross-border remittance exposure, the revised R16 demands immediate strategic attention. The direction of travel is clear. Firms operating systems built on simplified onboarding or tiered identity verification must assess now whether their data collection frameworks can support the structured fields the standard prescribes. Where the answer is no, the question becomes one of sequencing: which workflow redesigns are achievable before the compliance clock runs, and which require guidance that only the Payment Advisory Group and national supervisors can provide.

Active engagement with the FATF’s Payment Advisory Group and with national supervisors is essential. The window for shaping how proportionality is operationalised is narrow. The FATF’s October 2025 Plenary published Annex IV to the assessment methodology, setting out how compliance with the revised R16 will be evaluated. The assessment framework now exists. The operational specification does not.

The worlds are different; the rules must account for that

The principle of same activity, same risk, same rules is a necessary corrective to a regulatory landscape that has long tolerated asymmetry between traditional and emerging payment channels. Its logic is sound; its application is premature. A standard that demands equivalent data transparency from a SWIFT correspondent banking transfer and a mobile money remittance processed on a basic handset in rural East Africa is not technology-neutral; it is architecture-blind. If the FATF’s implementation framework accounts for the structural differences in how value moves across the developing world, the revised R16 may yet deliver on its promise of safer, faster, cheaper and more inclusive cross-border payments. If it does not, the standard will have solved one problem by deepening another: extending transparency across systems that serve the connected while further isolating those that serve the excluded.

Is your payment architecture ready for the operational demands of the revised Travel Rule?

At OpusDatum, we work with financial institutions, PSPs and VASPs to build WTR compliance frameworks that are proportionate, risk-sensitive and operationally realistic. Our advisory practice spans the full scope of wire transfer regulation, from FATF Recommendation 16 implementation to cross-border data carriage strategy, helping firms translate evolving standards into controls that work in practice.

Contact us to discuss how we can support your WTR compliance strategy.