The UK Wire Transfer Regulation: The Problem Isn’t Just the FCA, It’s the Law Itself

The Wire Transfer Regulation (WTR) was designed to safeguard transparency in cross-border payments by requiring complete payer and payee information to accompany every transfer. Yet recent FCA data released under Freedom of Information shows that this requirement is being routinely breached. Between 2020 and mid-2025, firms reported 265 cases of payment service providers repeatedly failing to supply the necessary details such as names, addresses or account numbers.

The striking feature of these disclosures is not controversy but silence. Despite hundreds of notifications, there has been no visible supervisory follow-up, no public record of sanctions, and no wider debate about what this says for the UK’s anti-money laundering regime. The easy conclusion is that the FCA has failed to act. But perhaps the deeper flaw lies with the regulation itself.

What the Regulation Demands

The Wire Transfer Regulation was adopted at European level in 2015 and applied directly in the UK from June 2017. Its purpose was to implement FATF Recommendation 16 and ensure that every transfer carried full originator and beneficiary details. The obligations extended across the chain: payer PSPs had to transmit complete data, payee PSPs and intermediaries had to detect when information was missing or incomplete, and where a counterparty repeatedly failed, they were required to issue warnings, restrict relationships, or reject transfers and report the matter to their regulator.

The legislation also demanded that Member States create sanctions that were effective, proportionate and dissuasive, and that these be published without delay, naming the firm and setting out the breach. In other words, the framework anticipated that reports of repeat failings would not just sit in an inbox. They were meant to lead to visible consequences.

What the Wire Transfer Regulation Actually Says

• Article 8 (Payee PSPs): Where a payment service provider repeatedly fails to provide the required payer or payee information, the payee’s PSP must issue warnings and deadlines, and if the failures continue, reject future transfers or restrict or terminate the business relationship. The failure, and the steps taken, must be reported to the competent authority.

• Article 12 (Intermediary PSPs): The same obligations apply to intermediaries: repeated failures by a counterparty require warnings, possible termination, and notification to the competent authority.

• Article 17 (Sanctions Framework): Member States must lay down administrative sanctions and measures for breaches of the Regulation. These must be effective, proportionate and dissuasive. Sanctions can be applied not only to firms but also to management or individuals responsible for the breach.

• Article 19 (Publication of Sanctions): Authorities must publish sanctions “without undue delay,” including the type and nature of the breach and the identity of those responsible, unless publication would be disproportionate.

The Post-Brexit Position

When the UK left the European Union, the WTR did not fall away. Instead, it was “onshored” into domestic law as retained EU law. The Money Laundering and Transfer of Funds (Information) (Amendment) (EU Exit) Regulations 2019 made the necessary textual changes so that the framework would continue to function after exit. From 10 January 2020 the requirements of Regulation 2015/847 remained binding in the UK, now as a domestic obligation under the wider Money Laundering Regulations regime. The FCA retained its role as the competent authority for payment firms, complete with a dedicated “repeatedly failing PSP” reporting channel.

In constitutional terms the regime remains on the statute book as assimilated law under the Retained EU Law (Revocation and Reform) Act 2023, which means it can be amended or replaced, but unless and until that happens the framework is unchanged. In practice, this means that the obligations and sanctions first drafted in Brussels still form the backbone of the UK’s approach to payment transparency.

Penalties in Theory

The legal structure looks impressive on paper. A PSP that repeatedly fails to provide information should face restrictions or termination of relationships, referral to the regulator, and ultimately sanctions that are public and dissuasive. The expectation was that national supervisors would act decisively, and that the prospect of exposure would keep firms honest.

The Enforcement Gap

The FCA’s own response reveals a different reality. Of the 265 notifications received, covering 135 firms across more than 60 jurisdictions, the most common breaches were insufficient originator and beneficiary information, incomplete or missing payer addresses, and absent account numbers.

Yet the FCA says it does not hold data on whether any enforcement followed. To answer that question would require a manual trawl through individual case files, which it considers beyond its FOI obligations. The regulator has therefore admitted it cannot demonstrate whether even one sanction has resulted from the reporting process.

This exposes a flaw at the heart of the regime. The WTR assumes national regulators will act, but it provides no mechanism to ensure they do, nor to make enforcement visible across borders.

Reporting Dynamics: Peaks, Troughs & Fatigue

The reporting curve also tells a troubling story. Notifications spiked to 97 in 2021, then collapsed to just 25 in 2023, before edging back up.

Some of the variation may reflect external pressures. Pandemic disruption in 2021 pushed compliance teams into defensive over-reporting. By 2023, the opposite dynamic took hold. With no visible feedback or sanctions, firms may have concluded the effort was futile. Why continue submitting reports that disappear into a regulatory void?

The danger is that falling numbers are misread as improvement, when in fact they may indicate disengagement. At precisely the moment sanctions evasion, proliferation finance and terrorist funding risks are intensifying, the reporting system may be going quiet.

Rules Without Bite

The deeper issue is structural. The WTR is a delegated deterrent. It places obligations on PSPs but leaves enforcement entirely to national regulators. It assumes supervisors will act without mandating how or ensuring cross-border accountability.

That design flaw has produced opacity. In the UK, the FCA cannot show whether a single sanction has ever been imposed. Elsewhere, enforcement may be uneven, politicised or absent. Without credible and visible penalties, the deterrent effect evaporates. Rules without consequence are not rules at all. They are suggestions.

The Global Stakes

FATF Recommendation 16 is explicit that countries must not only legislate for complete payer and payee information but enforce it effectively. In its 2018 review the UK was praised for its legal framework but warned about weak supervisory follow-up. The latest disclosures risk confirming that weakness.

The consequences are not theoretical. Incomplete payment data has been exploited in sanctions evasion schemes, from the shadow fleet of Russian oil tankers to kleptocratic wealth transfers. Every missing name or address is a blind spot for law enforcement and an open door for illicit finance.

Conclusion: A Regulatory Void

The FCA deserves scrutiny for its inability to show results. But the deeper scandal may be the design of the regulation itself. The WTR was meant to close gaps in payment transparency. Instead, by delegating enforcement without embedding accountability, it has created a system where breaches are documented but consequences remain invisible.

Until that flaw is fixed, hundreds of notifications will continue to vanish into silence, and every trough in the reporting curve will be less a sign of progress than of absence.

These findings are part of a wider investigation into how the UK’s Wire Transfer Regulation framework has drifted from deterrence to dysfunction. In our forthcoming white paper, The UK’s Wire Transfer Regulation Framework: A System in Crisis, we bring together the full picture: data, behavioural analysis, and the legal reforms needed to restore credibility ahead of the next FATF evaluation.

Every “Missing Information” Report Tells a Story, But Is It One of Trust or Failure?

Every missing name or address weakens the system. See how WTR enforcement gaps undermine AML integrity and what a credible fix could look like. OpusDatum provides expert advisory and enabling technology for WTR compliance. Combining tailored frameworks with our WireCheck solution, we help firms meet complex regulatory obligations across all PSP roles, balancing strategic oversight with operational execution and auditability.

To find out more, explore the WTR Knowledge Hub.