The Sunrise Problem at Scale: Why R16 Makes Cross-Border Compliance Harder Before Better

The sunrise problem is not new. Since the Financial Action Task Force (FATF) extended its travel rule to virtual asset service providers (VASPs) in 2019, the challenge of asymmetric implementation has been a defining operational headache for the crypto-asset sector. Firms in jurisdictions that moved early found themselves collecting and transmitting originator and beneficiary data to counterparties that had no legal obligation to reciprocate. From an anti-money laundering (AML) perspective, the result was predictable: incomplete data, rejected transactions, and a compliance burden that fell disproportionately on those trying hardest to comply.

Yet the FATF’s revised Recommendation 16 (R16), agreed at the June 2025 Plenary, has changed the scale of this problem. The updated standard extends its reach beyond VASPs to encompass all forms of payment or value transfer. It introduces enhanced data requirements, alignment checks and structured messaging obligations that apply across the entire payment chain. The implementation deadline is the end of 2030. The sunrise problem has not been solved. It has been amplified.

The October 2025 FATF Plenary underlined the point by publishing Annex IV to the assessment methodology, setting out how compliance with the revised R16 will be evaluated in mutual evaluations. The February 2026 Plenary went further, approving two new reports for publication: one on the risks of offshore VASPs exploiting regulatory gaps, another on the emerging threats posed by stablecoins and unhosted wallets. The examination framework is being built. The threat landscape is expanding. The infrastructure to meet either is not yet in place.

The VASP experience is a warning, not a precedent

The virtual asset sector’s experience with the sunrise problem offers the broader payments industry a preview of what lies ahead. The FATF’s 2025 Targeted Update on Implementation of the FATF Standards on Virtual Assets and VASPs found that 85 of 117 surveyed jurisdictions had passed legislation implementing the travel rule for virtual assets. That figure represented progress. It also obscured the gap between legislation and enforcement. Of those 85 jurisdictions with laws on the books, 59 per cent had yet to issue supervisory findings, directives, or enforcement actions tied to travel rule compliance.

The pattern is instructive. Passing a law is not the same as operationalising it. Jurisdictions that enacted legislation often lacked the supervisory infrastructure or political will to enforce it. VASPs in compliant jurisdictions were left navigating a patchwork. The FATF’s own Best Practices on Travel Rule Supervision report, published alongside the June 2025 Targeted Update, was candid. Until all VASPs implement the travel rule, it acknowledged, those in compliant jurisdictions ‘will continue to face challenges executing all transactions in a compliant manner.’ That is a diplomatic way of describing operational paralysis.

The payments sector should study this closely. The sunrise problem the VASP sector has endured for six years is now arriving at scale.

Revised R16 raises the data bar without levelling the playing field

The revised R16 significantly increases the volume and specificity of information that must accompany cross-border payments above the USD/EUR 1,000 de minimis threshold. For individual originators, the standard now requires name, account number, address, and date of birth. For beneficiaries, it mandates name, account number, and geographic information: country and town. Where the originator or beneficiary is a legal person, a connected business identifier code, Legal Entity Identifier (LEI), or equivalent official identifier should accompany the message. Information must be structured to the extent possible, in accordance with standards such as ISO 20022. The ambition is clear. The infrastructure is not.

These are substantial requirements. They reflect a serious ambition to improve the transparency and traceability of cross-border payments. They also presuppose a level of data infrastructure, messaging capability, and supervisory alignment that does not yet exist uniformly across the FATF’s 205-member global network. The Consultative Group to Assist the Poor (CGAP) noted in its analysis of the revised standard that the FATF had introduced the first-ever requirement for beneficiary geographic information in payment messages. First-ever requirements do not implement themselves.

The revised standard permits jurisdictions to set their own de minimis thresholds up to the USD/EUR 1,000 ceiling. It does not mandate a single threshold. This means that a payment originating from a jurisdiction with no threshold will carry different data from an identical payment originating from one that applies the maximum. The asymmetry is baked in.

Five years is not as long as it sounds

The FATF set the end of 2030 as the implementation deadline. The explanatory note observed that a majority of consultation respondents agreed this was a ‘realistic deadline for implementation.’ The FATF has also indicated it will publish guidance in late 2026 on consistent implementation of the revised standard. The Project Team drafting the guidance began its work in late 2025, with formal adoption targeted for October 2026. Some elements, it noted, may require a longer timeline extending beyond 2030.

Mayer Brown, in its analysis of the 2025 revisions, observed that the FATF may identify aspects of the revised standard that require implementation timelines extending past the 2030 deadline. That is a notable caveat. Guidance in 2026. Transposition by 2030. The arithmetic is tight. If the guidance itself is not finalised until late 2026, jurisdictions will have approximately four years to transpose the requirements into national law, update supervisory frameworks, and ensure that regulated institutions have adapted their systems. For jurisdictions with advanced payment infrastructure and well-resourced regulators, this is achievable. For many others, it is ambitious.

The VASP sector offers a sobering benchmark. The travel rule for virtual assets was introduced in 2019. Six years later, 42 of the 205 jurisdictions in the FATF global network did not even respond to the 2025 survey on implementation status. Those that did not respond were treated by the FATF as having not implemented the requirements. Silence is not compliance. There is little reason to assume the broader payments sector will move faster. The February 2026 Plenary adopted mutual evaluation reports for Austria, Italy and Singapore under the new assessment methodology. Those reports will include R16 compliance assessments. The evaluation machine is already running.

Threshold divergence is the quiet accelerant

The sunrise problem is typically framed as a binary: jurisdictions that have implemented the standard versus those that have not. The reality is more granular, and more disruptive. Among jurisdictions that do implement the revised R16, divergent choices on thresholds, data fields, and verification requirements will create a secondary layer of operational friction.

Consider the threshold question alone. The EU’s Transfer of Funds Regulation applies travel rule requirements to all transfers of virtual assets, regardless of amount. The US applies a threshold of USD 3,000, three times the FATF’s recommended ceiling. The revised R16 permits jurisdictions to set any threshold up to USD/EUR 1,000. Institutions operating across these regimes must build systems capable of applying different data requirements to different payment corridors depending on the jurisdictions involved. The complexity is not theoretical. It is operational. It is daily.

Delphine Forma, Head of Policy Europe at Solidus Labs, captured this plainly in her assessment for Sumsub. The updated standards, she observed, ‘increase the burden on VASPs to navigate divergent national rules, unclear expectations, and uneven timelines.’ The same burden is now arriving for banks, payment service providers, and fintechs across the entire value transfer chain.

Interoperability remains the structural weak point

The revised R16 encourages the use of structured data formats aligned with ISO 20022, the messaging standard that is progressively replacing older formats across the global payments infrastructure. This is a constructive direction. ISO 20022 supports richer, more granular data than legacy messaging standards. Its adoption, however, is uneven. Many payment market infrastructures globally are still migrating to ISO 20022. The FATF’s own explanatory note acknowledged that requiring these infrastructures to adopt new standards immediately could be ‘disruptive.’

For the VASP sector, interoperability has been a persistent and unresolved challenge. Multiple competing protocols exist for travel rule data exchange. A VASP using one protocol cannot necessarily exchange data with a VASP using another without middleware or manual intervention. The FATF’s 2025 Targeted Update acknowledged that travel rule tools ‘have gaps or deficiencies that complicate VASPs’ compliance.’

The broader payments sector benefits from more mature messaging infrastructure, including the SWIFT network and domestic payment schemes. Yet the revised R16’s expanded data requirements, particularly the new beneficiary geographic fields and alignment checks, will require system upgrades across the chain. Intermediary institutions must be capable of passing enriched data without stripping or truncating it. Beneficiary institutions must be capable of receiving and acting on it. A chain is only as transparent as its weakest node. That node may be an intermediary. It may be a legacy system three time zones away.

The data protection tension is unresolved

The revised R16 requires institutions to collect, transmit, and in some cases verify detailed personal data across borders. This intersects directly with data protection regimes that constrain the transfer of personal information to jurisdictions without equivalent privacy safeguards. The EU’s General Data Protection Regulation (GDPR) is the most prominent example, but similar frameworks are proliferating globally.

The tension is not new, but the expanded data requirements make it more acute. Under the revised standard, an originating institution must now transmit the originator’s date of birth and address alongside name and account details. For payments to jurisdictions with weaker data protection standards, the question is stark: can the institution comply with R16 without breaching its data protection obligations? The FATF’s explanatory note acknowledged that its standards had been updated in consultation with data protection authorities. Yet the operational reconciliation between AML transparency and data privacy remains a matter for individual jurisdictions to resolve. That resolution will not be uniform. It will create yet another dimension of sunrise asymmetry.

The US compliance gap magnifies global risk

Any analysis of the sunrise problem must account for the position of the United States. The US remains rated only partially compliant with R16 by the FATF. That status is both symbolically significant and operationally consequential. The Bank Secrecy Act and the Financial Crimes Enforcement Network (FinCEN) impose data collection obligations on wire transfers above USD 3,000, but implementation for virtual assets remains uneven.

The US processes a disproportionate share of global cross-border payment traffic. Its partial compliance with R16 means that institutions in fully compliant jurisdictions will routinely encounter counterparties operating under a lighter regulatory framework. This is the sunrise problem expressed not as a developing-world challenge but as a major-economy one.

Implications for firms

For compliance teams in banks, payment service providers, and VASPs, the sunrise problem demands proactive risk management, not passive waiting. Firms should begin mapping the jurisdictional corridors that present the highest implementation asymmetry risk. Where counterparties operate in jurisdictions that have not yet transposed the revised R16 into national law, hard choices follow. Act now or adapt later. Institutions will need to determine whether to apply enhanced due diligence, restrict certain payment flows, or accept elevated residual risk with appropriate documentation.

Transaction monitoring systems will need upgrading. The expanded data fields required under the revised standard, including beneficiary country and town, originator date of birth, and legal entity identifiers, must be captured, transmitted, and validated. Systems designed for pre-2025 requirements will not be sufficient.

The FATF’s new Payment Advisory Group, established to guide implementation of the revised R16, represents an important channel for industry engagement. Firms that participate in shaping the forthcoming guidance, targeted for formal adoption in October 2026, will be better positioned than those that wait for the final text.

A standard is only as strong as its weakest jurisdiction

The revised R16 is the most ambitious overhaul of international payment transparency standards in more than a decade. Its objectives are sound. Its architecture is coherent. Its vulnerability is implementation. The FATF has set a five-year runway. History suggests it will not be enough. Not even close. The VASP sector spent six years trying to operationalise a simpler version of these requirements. The broader payments industry now confronts a more demanding version, across a wider perimeter, with the same structural obstacle: jurisdictions do not move in unison.

The sunrise problem is not a transitional inconvenience. It is a structural feature of any standard that depends on coordinated global adoption. The revised R16 will, in time, deliver a more transparent and resilient payment infrastructure. Before it does, it will create a prolonged period of fragmentation and uneven compliance exposure. Firms that treat the 2030 deadline as permission to defer will find themselves navigating a landscape where the rules differ at every border crossing.

Payment transparency that depends on every jurisdiction arriving at the same time is not transparency. It is aspiration. The distance between the two will define the compliance challenge of the next five years.

Do you know which of your payment corridors are most exposed to sunrise risk under the revised R16?

At OpusDatum, we help firms navigate the operational complexity of evolving payment transparency requirements. Our advisory and data solutions support institutions in assessing jurisdictional readiness and identifying gaps in cross-border compliance frameworks. We help compliance teams prepare for the demands of the revised R16 before the regulatory curve sharpens.

Contact us to discuss how we can support your payment transparency strategy.