FATF Travel Rule Consultation: What EU Payment Firms and CASPs Should Consider

Last updated: June 2026

A cross-border payment is held due to incomplete beneficiary information. The originator name is present, the amount is present, but the beneficiary field is a single block of free text that the receiving institution’s screening engine cannot parse into a name, a country and a town. The transfer is held, a customer complains, and an analyst spends an hour rebuilding information that should have travelled with the message in the first place. That is the exact failure the FATF travel rule exists to prevent, and the standard behind it is about to get stricter.

FATF launched a public consultation on 24 June 2026 on draft guidance to support implementation of the strengthened Recommendation 16 payment-transparency standard. Responses are due by Friday, 21 August 2026 and should be sent to FATF.Publicconsultation@fatf-gafi.org with FATF’s specified subject line for draft R.16 Guidance comments. FATF states that countries are expected to be ready to implement the changes by the end of 2030. The CSSF has separately brought the consultation to the Luxembourg market’s attention and encouraged private-sector contributions.

For EU payment service providers, electronic money institutions and crypto-asset service providers, this has direct supervisory relevance. The EU already implements the pre-June 2025 FATF payment-transparency framework through Regulation (EU) 2023/1113, which applies from 30 December 2024 and is directly applicable in all Member States. The revised FATF Recommendation 16 may differ from current EU Transfer of Funds Regulation requirements; EU firms should assess whether future EU amendments or supporting measures are needed. The consultation window is the appropriate phase for stakeholders to provide input on implementation guidance before FATF finalises it.

Related reading: FATF on stablecoins and unhosted wallets

What the FATF travel rule consultation opened, and what the response deadline is

FATF Recommendation 16 defines the global Travel Rule standard; consultations typically relate to interpretive guidance and implementation material, and scope must be confirmed against the published FATF consultation document. A consultation of this type covers the implementation guidance that sits underneath the standard, not the standard itself. A firm responding within the consultation window is shaping how supervisors and the industry are expected to apply the rule, not negotiating the rule.

That distinction drives the second point. The consultation deadline is confirmed on FATF’s official consultation page. Responses are due by Friday, 21 August 2026 and must be sent to FATF.Publicconsultation@fatf-gafi.org with the subject line “Comments of [author] on the draft R.16 Guidance.” FATF also states that countries are expected to be ready to implement the Recommendation 16 changes by the end of 2030. That 2030 horizon is not a firm-level EU compliance date; EU firms still need to track whether Regulation (EU) 2023/1113 or related EU AML measures are amended.

A common implementation issue is misunderstanding minimum versus full data requirements. Treating the consultation deadline as a compliance trigger pulls build effort forward and burns budget on a moving target, because the guidance is not final and the EU implementing law has not yet been amended. The correct reading is narrower: during the consultation window, the value of the exercise is a gap analysis and a written response. The heavy engineering belongs to a programme that lands once the guidance is final and the EU has signalled how it will transpose the change.

What has changed in the revised Recommendation 16

FATF members agreed the revised Recommendation 16 standard in June 2025. The June 2026 consultation is on draft implementation guidance, not on whether the revised standard should be adopted. The current FATF Recommendations require required and accurate originator information and required beneficiary information to accompany payments or value transfers and related messages, structured to the extent possible and retained through the payment chain.

The adopted revised standard requires payment information to be structured to the extent possible, in accordance with the established standards of the system used, such as ISO 20022. The draft guidance under consultation explains how countries and firms should implement the revised standard; it does not change the obligations in Recommendation 16. The free-text beneficiary block in the opening scenario is the implementation problem that structured-data approaches are designed to address.

The threshold mechanics also tightened conceptually. The FATF framework allows jurisdictions to apply simplified information requirements; certain limited thresholds and simplified requirements may apply under FATF implementation frameworks, with detailed application determined at jurisdiction level and under EU Regulation (EU) 2023/1113, subject to conditions defined in national implementation, under which a reduced set of data (names and an account number or transaction reference) is required, with verification triggered by suspicion of money laundering or terrorist financing. For domestic payments or value transfers, the revised FATF standard applies differentiated requirements. Below the de minimis threshold, countries may require the originator name and originator account number or unique transaction reference. Above the threshold, domestic transfers should include originator information equivalent to the cross-border above-threshold set, unless that information can be made available to the beneficiary financial institution and competent authorities by other means. The stated aim of the revised standard is to improve structured, traceable information across the payment chain, especially for cross-border above-threshold transfers.

Here is the second common error. Teams that have run a travel-rule control for years assume the requirement is satisfied by name plus account number. Under the adopted revised FATF standard, cross-border payments or value transfers above the de minimis threshold should include the name of the originator and beneficiary, relevant account numbers or a unique transaction reference, the originator address, the beneficiary country and town, the originator date of birth for natural persons, and a BIC, LEI or other unique official identifier where the originator or beneficiary is a legal person and that identifier exists.

Where the EU already stands: the recast Transfer of Funds Regulation

The EU did not wait for the revision to put the travel rule into law. Regulation (EU) 2023/1113 of 31 May 2023, on information accompanying transfers of funds and certain crypto-assets, recast the earlier Regulation (EU) 2015/847 and extended the travel rule from traditional funds transfers to transfers of crypto-assets. It also amended the Fourth Anti-Money Laundering Directive (Directive (EU) 2015/849). It applies from 30 December 2024 and is binding in its entirety and directly applicable in all Member States.

The architecture is worth knowing by article, because the build maps to it. For funds transfers, Article 4 sets the information that must accompany the payment on the payer and the payee. Article 8 governs what the payment service provider of the payee does when that information is missing or incomplete: reject the transfer, or request the missing information before or after crediting, on a risk-sensitive basis, and report a payment service provider that repeatedly fails to provide it to the competent authority responsible for monitoring anti-money laundering compliance. For crypto-asset transfers, Article 14 sets the originator and beneficiary information, Article 16 covers the beneficiary provider’s detection and verification of incoming information, and Article 17 governs what the beneficiary’s crypto-asset service provider does with a transfer that lacks complete information, namely execute, reject, return or suspend it under risk-based procedures.

One drafting nuance carries over from FATF and trips up crypto teams. The Regulation does not require the originator and beneficiary information to be physically attached to the crypto-asset transfer itself. It can be submitted in advance of, simultaneously with, or concurrently with the transfer, as long as it is available to the relevant authorities on request. That is what lets crypto-asset service providers under MiCAR use separate messaging channels or technical solutions to transmit Travel Rule information alongside blockchain transfers, in line with Regulation (EU) 2023/1113 requirements.

This is the third error worth flagging, and it is a sourcing error rather than a process one. The crypto travel rule sits in the Transfer of Funds Regulation. MiCAR (Regulation (EU) 2023/1114) governs CASP authorisation and conduct requirements, while the travel rule for crypto-asset transfers is set out in Regulation (EU) 2023/1113 (Transfer of Funds Regulation). The obligation to send originator and beneficiary information with a crypto transfer lives in the Transfer of Funds Regulation. A scoping document that cites MiCAR Article 76 as the travel-rule basis is anchored to the wrong instrument, and that error tends to surface late, when a control owner cannot trace a requirement back to its actual legal text. For the underlying customer-level obligations that feed both regimes, see our overview of AML reporting in Luxembourg.

The de minimis trap: EUR 1,000 for funds, nothing for crypto

The single most expensive misunderstanding in travel-rule scoping is the threshold. For funds transfers, the EU framework has limited, conditional thresholds. A Member State may choose not to apply the Regulation to domestic transfers to a payee account that can only be used to pay for goods or services, where the payee’s payment service provider is supervised under the AML Directive, the transfer is traceable through a unique transaction identifier, and the amount does not exceed EUR 1,000. That is a narrow carve-out, and it is a funds concept.

Under Regulation (EU) 2023/1113, crypto-asset transfers are generally subject to travel rule requirements without a general value-based de minimis threshold, subject to specific exemptions defined in the Regulation. Exemptions apply in limited cases defined under Regulation (EU) 2023/1113, including transfers where both the originator and the beneficiary are crypto-asset service providers acting on their own behalf, and person-to-person crypto-asset transfers carried out without the involvement of a crypto-asset service provider. Subject to the Regulation’s specific scope exclusions, crypto-asset transfers through a service provider carry the information requirement regardless of amount. The Regulation treats electronic money tokens as crypto-assets for these purposes (Article 2(4)), but Article 2(3) excludes certain low-risk funds or EMT transfers carried out using a payment card, electronic money instrument, mobile phone or similar device where the instrument is used exclusively to pay for goods or services and the instrument number accompanies all transfers flowing from the transaction.

Applying the EUR 1,000 logic to crypto is a recurring scoping mistake, and it produces under-collection on exactly the low-value transfers that frequently carry elevated risk. The FATF revision retains a threshold concept for wire transfers that allows reduced information requirements in certain circumstances, but that is a concept on the traditional payments side, not a green light to skip information on small crypto movements. A team that wants to see how the structured-data and payee-information themes already show up on the payments side can compare the parallel Verification of Payee obligations for Luxembourg PSPs, where the discipline of parsing a name and matching it to an account is the same muscle the travel rule now demands.

The real change for EU firms: the gap between today’s TFR and the updated standard

The reason the consultation matters to EU teams is that the recast Transfer of Funds Regulation reflects the pre-revision version of Recommendation 16. The revision may go further on several fronts that the current EU text does not fully address: structured data aligned with modern messaging practices across the chain, verification of beneficiary information and not only originator information, and the expanded field set for legal persons. Closing that distance in the EU would depend on whether and how FATF revisions are reflected in future amendments to Regulation (EU) 2023/1113 or related EU AML legislation.

The Regulation itself anticipates review. Article 37 of Regulation (EU) 2023/1113 requires the Commission to review the Regulation 12 months after the AML Regulation enters into force and to propose amendments if appropriate; to issue, by 1 July 2026, a report on risks from transfers to or from self-hosted addresses or entities not established in the Union; and to submit, by 30 June 2027, a report on the application and enforcement of the Regulation, accompanied by a legislative proposal if appropriate. That 2027 report must assess, among other points, de minimis thresholds for funds transfers and the costs and benefits of introducing de minimis thresholds for crypto-asset transfers. Those review reports are the most plausible vehicles for aligning the EU text with the revised FATF standard.

There is also an institutional shift running underneath all of this. The EU anti-money laundering package, the Anti-Money Laundering Regulation (Regulation (EU) 2024/1624), the sixth Anti-Money Laundering Directive (Directive (EU) 2024/1640) and the Regulation establishing the Anti-Money Laundering Authority (Regulation (EU) 2024/1620), moves much of the rulebook into a single directly applicable regulation and stands up AMLA as a central supervisor. Travel-rule data quality is the kind of granular, cross-border control that a centralised supervisor is well placed to test. Reporting teams should expect the evidentiary bar for travel-rule controls to rise as the package beds in. Our explainer on what the AMLR changes for obliged entities sets out that shift in more detail.

What payments and reporting teams should do before the consultation closes

The work that genuinely belongs before the deadline is analysis and a written response, not engineering. The most useful exercise is a field-by-field gap analysis: take the current originator and beneficiary data that your systems attach today under Regulation (EU) 2023/1113, and line it up against the revised Recommendation 16 field set. The gaps cluster predictably around beneficiary detail, the legal-person identifier, and whether the data is structured or free text.

From a payments-operations seat, the data-quality picture is the honest indicator of how hard the eventual build will be. A batch reconciliation of cross-border instructions against the required accompanying fields typically concentrates failures in the same places: beneficiary names entered as unstructured text, missing town or country, and legal-entity identifiers that are absent or carried inconsistently between formats. The same ISO 20022 migration that the payments side is already running is the right vehicle for these fixes, which is why folding the revised travel-rule fields into the existing message-standardisation programme produces better outcomes than spinning up a separate stream.

For crypto-asset service providers, the equivalent check is different in shape. The on-chain movement and the originator and beneficiary information travel on separate rails, so the question is whether the messaging arrangement reliably transmits the full information set before or alongside the transfer, handles a counterparty that cannot receive it, and keeps records that an authority can call on request. When firms trace samples of outbound crypto transfers end to end, the weak point is often the counterparty handshake: the receiving service provider’s solution does not interoperate cleanly, so the data is technically sent but not usable. The revised standard’s emphasis on structured, verified data raises the cost of that interoperability gap.

The consultation response itself is worth writing even for a single firm. FATF’s explanatory memorandum asks for feedback on scope and terminology, payment-chain definition, payment message data storage models, cross-border information requirements, originator-address verification, virtual account numbers, card transactions, different payment methods such as instant payments, digital wallets and mobile money, data protection and alignment checks. A response grounded in your own reconciliation data carries more weight than a general statement of support.

Frequently Asked Questions

Is the consultation response window a compliance deadline?

No. The 21 August 2026 deadline is the closing date for comments on FATF’s draft guidance for implementing the updated Recommendation 16. It is not a firm-level compliance deadline. FATF states that countries are expected to be ready to implement the Recommendation 16 changes by the end of 2030; EU firms should track whether the EU amends Regulation (EU) 2023/1113 or related AML measures to reflect the revised standard.

Does the updated FATF standard apply directly to my firm?

FATF Recommendations are international standards, not directly binding law. They take legal effect through national and EU implementation. In the EU, the travel rule is already binding through Regulation (EU) 2023/1113. The revised standard will reach EU firms once the EU amends that Regulation or its supporting measures, which is why the Regulation’s own review provisions matter.

Is the crypto travel rule in MiCAR?

No. MiCAR (Regulation (EU) 2023/1114) governs CASP authorisation and conduct requirements, while the travel rule for crypto-asset transfers is set out in Regulation (EU) 2023/1113 (Transfer of Funds Regulation), not MiCAR Article 76. The obligation to send originator and beneficiary information with a crypto-asset transfer is in the Transfer of Funds Regulation, Articles 14 to 17. Scope the build against the Transfer of Funds Regulation, not MiCAR.

Does the EUR 1,000 threshold apply to crypto-asset transfers in the EU?

No. Under Regulation (EU) 2023/1113, crypto-asset transfers are generally subject to travel rule requirements without a general value-based de minimis threshold, subject to specific exemptions defined in the Regulation. The conditional EUR 1,000 carve-out is a funds-transfer concept, not a crypto one.

What does the revised Recommendation 16 consultation address?

FATF agreed the revised Recommendation 16 standard in June 2025; the June 2026 consultation is on draft implementation guidance explaining how countries and firms should implement those requirements. The draft guidance does not change the obligations in Recommendation 16. FATF standards are technology-neutral; structured messaging formats such as ISO 20022 are implemented through payment system rulebooks and domestic regulatory frameworks rather than being mandated by FATF itself.

How does this interact with the EU AML package and AMLA?

The package, Regulation (EU) 2024/1624, Directive (EU) 2024/1640 and Regulation (EU) 2024/1620, centralises the AML rulebook and creates the Anti-Money Laundering Authority as a supervisor. It does not replace the travel rule, but it raises the supervisory bar for the data-quality controls that the travel rule depends on, so expect travel-rule evidence to be tested more rigorously over time.

What should we actually submit during the consultation window?

A response grounded in your own implementation evidence: where your current data falls short of the revised field set, what interoperability problems your messaging arrangements hit, and how realistic beneficiary-information verification is when the data originates elsewhere. Reusable gap-analysis output is more valuable than a statement of general support.

Related Articles

Key Takeaways

  • FATF launched a public consultation on 24 June 2026 on draft implementation guidance for the revised Recommendation 16 standard; responses are due by 21 August 2026. The consultation covers guidance and implementation material, not the revised standard itself.
  • The consultation response window is a comment deadline, not a compliance date. The useful pre-deadline work is a gap analysis and a written response, not a system build.
  • FATF members agreed the revised Recommendation 16 standard in June 2025; the June 2026 consultation is on draft implementation guidance. The adopted standard requires structured, accurate originator and beneficiary information to accompany payments; the draft guidance addresses implementation, not whether the standard applies. FATF standards are technology-neutral; structured messaging formats such as ISO 20022 are implemented through payment system rulebooks and domestic regulatory frameworks rather than being mandated by FATF itself.
  • The EU already implements the travel rule through Regulation (EU) 2023/1113, which applies from 30 December 2024 and is directly applicable in all Member States; alignment with the revised FATF Recommendation 16 would depend on future EU amendments to that Regulation or related AML measures.
  • The crypto travel rule sits in the Transfer of Funds Regulation (Articles 14 to 17), not in MiCAR; MiCAR (Regulation (EU) 2023/1114) governs CASP authorisation and conduct requirements, not travel-rule information-accompaniment duties.
  • Under Regulation (EU) 2023/1113, crypto-asset transfers are generally subject to travel rule requirements without a general value-based de minimis threshold, subject to specific exemptions defined in the Regulation; the conditional EUR 1,000 carve-out is a funds-transfer concept only.
  • Article 37 of Regulation (EU) 2023/1113 requires Commission reviews and reports, including a self-hosted-address risk report by 1 July 2026 and an application-and-enforcement report by 30 June 2027; those reviews are the most likely vehicles to align the EU framework with the revised standard.
  • Fold the revised field set into the existing ISO 20022 migration and, for crypto-asset service providers, stress-test the counterparty handshake rather than the transfer itself.

Sources and References

  • CSSF, public consultation by FATF by 21 August 2026 on guidance to increase payment transparency (travel rule): cssf.lu announcement
  • FATF, public consultation launched 24 June 2026 on guidance to increase payment transparency under Recommendation 16: fatf-gafi.org consultation page
  • FATF, Recommendation 16 and related publications, FATF Recommendations updated June 2026: fatf-gafi.org recommendations
  • Regulation (EU) 2023/1113 of 31 May 2023 on information accompanying transfers of funds and certain crypto-assets (recast), OJ L 150, 9.6.2023: EUR-Lex 32023R1113
  • Regulation (EU) 2023/1114 of 31 May 2023 on markets in crypto-assets (MiCAR), OJ L 150, 9.6.2023 (CASP operational framework; travel-rule obligations are in Regulation (EU) 2023/1113): EUR-Lex 32023R1114
  • Regulation (EU) 2024/1624 (Anti-Money Laundering Regulation): EUR-Lex 32024R1624
  • Directive (EU) 2024/1640 (sixth Anti-Money Laundering Directive): EUR-Lex 32024L1640
  • Regulation (EU) 2024/1620 establishing the Anti-Money Laundering Authority (AMLA): EUR-Lex 32024R1620

Why the consultation window beats the implementation deadline

It is tempting to file the FATF travel rule revision under “long-term problem” and move on. That misreads where the value sits. The standard is settled, implementation timelines will be set by individual jurisdictions once guidance is final, and the EU text that binds your firm has not yet been amended. The one thing that is live and time-limited is the chance to put implementation evidence in front of FATF during the consultation window, and to produce a gap analysis you can reuse the moment the EU opens its own process through the review provisions in Regulation (EU) 2023/1113. The build will come later and it will be large, mostly because it is really a data-quality and structured-messaging problem wearing an AML label. The cheap move now is to do the thinking, write the response, and make sure the legal-person identifier and structured beneficiary fields are already on the payments roadmap rather than waiting to be discovered in a last-minute scramble before the implementation horizon closes.

Disclaimer: The information on RegReportingDesk.com is for educational and informational purposes only. It does not constitute legal, regulatory, tax, or compliance advice. Always consult your compliance officer, legal counsel, or the relevant supervisory authority for guidance specific to your institution.

Similar Posts