The Travel Rule for Cross-Border Payments: What Businesses Need to Know in 2026

Share this post Link copied
The Travel Rule for Cross-Border Payments: What Businesses Need to Know in 2026

TL;DR

The Travel Rule (FATF Recommendation 16) requires financial institutions and virtual asset service providers to transmit originator and beneficiary information with every qualifying cross-border transfer.Extended to virtual assets in 2019 and significantly revised in June 2025, with global implementation required by end of 2030.For any business using stablecoins for cross-border payouts, Travel Rule compliance is a baseline operational requirement.

If your business touches stablecoins in any part of its payment flow, the Travel Rule is not a theoretical compliance concept. It is an operational requirement that affects how you send and receive money. And if you think it only applies to crypto exchanges, the 2025 FATF update should change that.

What the Travel Rule Is

The Travel Rule requires that when money moves between two financial institutions or virtual asset service providers, identifying information about the sender and the recipient must travel with the payment.

Specifically, the sending institution must transmit the originator's name, account number, and address (or date of birth or national identity number). The receiving institution must have the beneficiary's name and account number. Every transfer should carry enough information for both institutions to screen for sanctions, money laundering, and fraud.

In traditional banking, this requirement has existed since the 1990s under the US Bank Secrecy Act. In 2019, FATF extended Recommendation 16 to cover virtual asset transfers, applying the same obligations to digital asset transactions for the first time.

What Changed in June 2025

On 18 June 2025, FATF agreed to a significant revision of Recommendation 16 at its June 2025 Plenary meeting. The changes are designed to increase the safety and security of cross-border payments and better detect financial crime. The revised requirements come into effect by end of 2030.

Clearer chain of responsibility

Obligations now begin with the financial institution that receives an instruction from the customer. This removes ambiguity about which entity is responsible for collecting and transmitting required information in complex multi-party payment flows.

Standardised information for peer-to-peer cross-border payments

Standardised requirements now apply for transfers above USD or EUR 1,000. Required fields include the originator's name, address, and date of birth. For legal persons, a legal entity identifier (LEI) is now required.

Verification requirements for beneficiary information

Beneficiary financial institutions must now check that information received on the intended beneficiary aligns with the account information they already hold. This is designed to fight fraud and misdirected payments and moves Confirmation of Payee from a best practice to a regulatory requirement.

Tools to protect against fraud and error

Financial institutions are now required to use technologies that protect against fraud and errors, including verification of recipients' banking information before a payment is processed.

Note: while VASPs are within scope of the revised Recommendation 16, the FATF has indicated that specific guidance for the crypto industry will follow through Recommendation 15. The 2025 revisions apply the Travel Rule to VASPs through the

tailored framework for new technologies rather than directly.

How the Travel Rule Applies by Region

Implementation varies significantly by jurisdiction. The table below reflects regulatory status across six key markets as of 2026.

Jurisdiction Threshold Regulation Self-Hosted Wallets Status
European Union No minimum threshold Regulation (EU) 2023/1113 (TFR) Enhanced due diligence above EUR 1,000 Enforced since Dec 2024
United States USD 3,000 (fiat) FinCEN Bank Secrecy Act Not yet defined Fiat enforced; VA pending
United Kingdom No minimum threshold FCA Travel Rule (MLR 2017) Risk-based approach Enforced since Sep 2023
Singapore SGD 1,500 for full data; basic data for all transfers MAS Notice PSN02 Enhanced due diligence Enforced; updated Jul 2025
Japan No minimum threshold JFSA Travel Rule Full identification required Fully enforced
Switzerland CHF 1,000 FINMA guidance under AMLA Strict verification for all amounts Fully enforced
Sources: FATF Recommendation 16, June 2025 · EUR-Lex · MAS · FCA. VA = Virtual Assets. Thresholds reflect requirements for digital asset service providers unless stated otherwise.

Why This Is Not Just a Crypto Problem

A growing number of businesses use stablecoins as part of their cross-border payment flow. A marketplace might accept USDC from a buyer in one country, convert to local currency, and pay a seller via bank transfer in another country.

In this flow there are two legs. The stablecoin leg triggers virtual asset Travel Rule requirements. The fiat leg triggers ISO 20022 transparency requirements. Both legs require originator and beneficiary data. Your compliance stack needs to handle both.

The June 2025 FATF update aligns Travel Rule standards more closely with the requirements that already apply to traditional fiat transfers. The compliance frameworks are converging.

The Practical Challenges

The sunrise problem

Your business is compliant. Your counterparty VASP operates in a jurisdiction that has not yet implemented the Travel Rule. They cannot send you the data you need. FATF best practices guidance recommends enhanced due diligence: collect what information you can independently, document your efforts, and make a risk-based decision about whether to process the transfer.

Interoperability between Travel Rule protocols

Even among compliant jurisdictions, there is no single universal protocol for exchanging Travel Rule data between VASPs. TRUST, TRISA, Shyft, and proprietary solutions each have their own approach. The FSB progress report has flagged this as a key infrastructure gap.

Self-hosted wallets

If a customer sends funds from a non-custodial wallet, there is no counterparty VASP to exchange Travel Rule data with. Jurisdictions handle this differently. The EU applies enhanced due diligence above EUR 1,000. Switzerland requires strict verification for all amounts. You need to know the rules in each corridor you operate, not just your home jurisdiction.

How Tazapay Handles Travel Rule Compliance

Tazapay supports stablecoin-funded payouts through Tazapay Canada Corp., a registered Money Services Business under FINTRAC. Travel Rule compliance is built into the payout flow: originator and beneficiary data is captured, screened against sanctions and watchlists, and transmitted with every qualifying transfer.

Conclusion

The Travel Rule is no longer a compliance footnote for crypto businesses. The June 2025 FATF revision brought clearer chain of responsibility, mandatory beneficiary verification, and standardised data requirements for peer-to-peer cross-border transfers. For any business that touches virtual assets as part of a cross-border payment flow, compliant originator and beneficiary data is a baseline operational requirement. For businesses in traditional fiat payments, the same regulatory direction applies through ISO 20022. The businesses that treat this as infrastructure work now will be better positioned than those that address it only when a payment gets delayed or a banking relationship is put under review.

Sources:

FATF: Update to Recommendation 16 on Payment Transparency, June 2025

Mayer Brown: FATF Revises AML Standards for Funds Transfers, August 2025

FATF Best Practices on Travel Rule Supervision, 2025

CGAP: The FATF Revised Travel Rule: Key Changes

EUR-Lex: Regulation (EU) 2023/1113 on information accompanying transfers of funds (TFR)

MAS Notice PSN02: AML/CFT Notice for Digital Payment Token Services, amended 30 June 2025

Share this post Link copied

Frequently Asked Questions

What is the FATF Travel Rule and who does it apply to?

The FATF Travel Rule is FATF Recommendation 16, an international anti-money laundering standard requiring financial institutions and virtual asset service providers to collect and transmit identifying information about the originator and beneficiary with every qualifying cross-border transfer. Originally adopted in 2001 for wire transfers, it was extended to virtual asset transfers in 2019 and significantly revised in June 2025. It applies to any entity in the payment chain: banks, payment service providers, money service businesses, and crypto-asset service providers in jurisdictions that have implemented the standard.

What does the FATF Travel Rule require?

The sending institution must transmit the originator's full name, account number, and physical address or date of birth or national identity number. The receiving institution must obtain the beneficiary's name and account number and, under the June 2025 revision, verify that the received beneficiary information matches its own account records. For institutional originators, a Legal Entity Identifier (LEI) is now the preferred identification method. These requirements apply to peer-to-peer cross-border transfers above USD or EUR 1,000 under the revised 2025 standard.

What changed in the FATF June 2025 Travel Rule revision?

The June 2025 revision to FATF Recommendation 16, agreed at the FATF Plenary on 18 June 2025, made four key changes. First, it clarified chain of responsibility: the payment chain now begins with the institution that receives the customer instruction. Second, it standardised data requirements for peer-to-peer cross-border transfers above USD or EUR 1,000, including name, address, date of birth, and LEI for legal persons. Third, it introduced mandatory beneficiary verification: receiving institutions must now confirm that beneficiary information matches their account records. Fourth, it required the use of fraud-prevention tools including Confirmation of Payee. Full implementation is required by end of 2030.

Does the Travel Rule apply to stablecoin transfers?

Yes. FATF Recommendation 16 was extended to virtual asset service providers in 2019, covering stablecoin transfers between regulated VASPs on the same basis as traditional wire transfers. The EU's Transfer of Funds Regulation (Regulation 2023/1113), in force since December 2024, explicitly covers crypto-asset service providers with no minimum transaction threshold. Under the June 2025 revision, virtual asset transfers remain within scope, with further VASP-specific guidance expected through Recommendation 15. For any business routing cross-border payments through stablecoin rails, both the stablecoin leg and any subsequent fiat leg carry Travel Rule and payment transparency obligations.

What is the sunrise problem in Travel Rule compliance?

The sunrise problem occurs when a business in a jurisdiction that has implemented the Travel Rule transacts with a counterparty VASP in a jurisdiction that has not yet done so. The compliant institution cannot obtain the required originator or beneficiary data from its non-compliant counterparty, creating a gap that cannot be resolved unilaterally. FATF guidance recommends enhanced due diligence in these situations: collect what information you can independently, document the compliance effort, and make a risk-based decision about whether to proceed. The FATF Best Practices on Travel Rule Supervision report found that as of 2025, approximately 73% of surveyed jurisdictions had passed or were passing Travel Rule legislation, meaning the sunrise problem remains a live operational issue for many corridors.

How do Travel Rule thresholds differ across jurisdictions?

Thresholds vary significantly. The EU and UK apply the Travel Rule to all transfers with no minimum amount. Singapore applies base requirements to all transfers, with fuller data requirements above SGD 1,500. The United States applies Travel Rule obligations to transfers of USD 3,000 or more under the Bank Secrecy Act. Japan applies it to all transfers. Switzerland applies it to transfers above CHF 1,000. Under the revised June 2025 FATF standard, standardised data requirements apply to peer-to-peer cross-border transfers above USD or EUR 1,000, but individual jurisdiction implementation timelines extend to end of 2030.

What is the difference between the FATF Travel Rule and the US BSA Travel Rule?

FATF Recommendation 16 is an international standard that countries adopt into domestic regulation. The US Bank Secrecy Act Travel Rule is the American implementation via FinCEN, applying to transmittals of funds of USD 3,000 or more. They share the same principle but differ in thresholds, scope, and specific requirements. The June 2025 FATF revisions introduced mandatory beneficiary verification and fraud-prevention tool requirements that the US BSA rules have not yet incorporated. Businesses operating in the US market should monitor FinCEN rulemaking for updates aligned with the 2025 FATF standard.

When do the June 2025 FATF changes take effect?

Countries are expected to implement the revised requirements by end of 2030. This is an extended timeline for FATF, which typically makes changes effective immediately. It reflects the significant operational changes required, particularly around beneficiary verification infrastructure and fraud-prevention tooling. Businesses and their payment providers should treat 2030 as the compliance deadline and begin technical and process alignment now, as implementing verification systems, updating onboarding flows, and coordinating with counterparties takes considerable lead time.

Related Articles

In this article