40 FATF 40 Recommendations
16

Recommendation 16 · Group D · Preventive Measures

Former: SRVII

Payment transparency (Travel Rule)

Recommendation 16 — known as the FATF Travel Rule — requires financial institutions to attach accurate originator and beneficiary information to wire transfers and crypto transactions. The information must travel with the payment across the chain and be available to receiving institutions, supervisors and law enforcement. Since 2019 it explicitly applies to virtual asset service providers (VASPs).

Who must comply?

  • Banks and payment service providers
  • Money or value transfer services (MVTS)
  • Virtual Asset Service Providers (VASPs)
  • Correspondent banks and intermediary institutions

Key requirements

  1. 1

    Originator information

    Name, account number (or unique transaction reference), and address (or national identity number, customer ID number, or date and place of birth) of the person sending the funds.

  2. 2

    Beneficiary information

    Name and account number (or unique reference) of the person receiving the funds.

  3. 3

    Information travels with the transfer

    Both sets of data must accompany the payment along the entire chain — through every intermediary institution — until it reaches the beneficiary's institution.

  4. 4

    Threshold for cross-border transfers

    Full information is required for cross-border wire transfers above USD/EUR 1,000. Below that, simplified data may apply unless suspicion arises.

  5. 5

    Virtual assets — same rules apply

    Since the 2019 update, VASPs handling virtual asset transfers must obtain, hold and transmit originator and beneficiary information equivalent to traditional wire transfers.

  6. 6

    Sanctions screening

    Receiving and intermediary institutions must screen incoming transfers against UN-listed sanctions and terrorist financing designations, and freeze assets where applicable.

Practical example

Example: USD 5,000 wire transfer Mexico → Spain

Ana sends USD 5,000 from her account at a Mexican bank to Carlos at a Spanish bank. The Mexican bank must include in the SWIFT message Ana's full name, account, and address — plus Carlos's name and account. Each correspondent bank in the chain (potentially in the US or UK) must keep this information attached. Carlos's bank must verify the data is complete, screen Ana against UN sanctions lists, and only credit the funds if everything is in order. If any field is missing or false, the receiving bank should freeze, return, or report the transaction.

How Mexico implements it

Country-specific section in Spanish — Mexican regulatory references (LFPIORPI, CNBV, SAT, UIF).

En México la Recomendación 16 se materializa en distintos instrumentos según el sector regulado:

Banca comercial (Disposiciones de Carácter General CNBV)

El Cap. III de las DCG aplicables a instituciones de crédito exige incluir nombre, domicilio, RFC/CURP y número de cuenta del ordenante en transferencias nacionales e internacionales. El umbral de identificación reforzada es 10,000 USD.

SOFOMes ENR (Art. 95 Bis LGOAAC)

Las SOFOMes deben aplicar requisitos de Travel Rule a sus operaciones de envío y pago, conservando la información completa del cliente y del beneficiario por 10 años.

Más sobre Art. 95 Bis LGOAAC

Activos virtuales (LFPIORPI Fr. XVI Art. 17)

Los proveedores habituales de intercambio de criptoactivos en México son Actividad Vulnerable XVI. Tienen obligaciones de identificación de cliente, beneficiario controlador y avisos al SAT vía SPPLD.

Software PLD para activos virtuales

Supervisión y sanciones

La CNBV supervisa entidades financieras, el SAT supervisa actividades vulnerables. Las multas por incumplimiento de requisitos de información en transferencias pueden ir de 200 a 65,000 UMA en LFPIORPI, o 10,000 a 100,000 días de salario para SOFOMes ENR.

Multas LFPIORPI vigentes

Milestones

  1. 1990

    Original Special Recommendation VII on wire transfers

  2. 2012

    Integrated as Recommendation 16 in the consolidated framework

  3. 2019

    Extended to virtual asset service providers (VASPs)

  4. 2021

    Updated guidance on Travel Rule for VASPs

  5. 2025

    October 2025 consolidated update

Related Recommendations

Other Recommendations in Group D — Preventive Measures

9 R.9 Financial institution secrecy laws 10 R.10 Customer due diligence (CDD) 11 R.11 Record keeping 12 R.12 Politically exposed persons (PEPs) 13 R.13 Correspondent banking 14 R.14 Money or value transfer services (MVTS) 15 R.15 New technologies & virtual assets 17 R.17 Reliance on third parties 18 R.18 Internal controls & foreign branches 19 R.19 Higher-risk countries 20 R.20 Suspicious transaction reports (STRs) 21 R.21 Tipping-off & confidentiality 22 R.22 DNFBPs: customer due diligence 23 R.23 DNFBPs: other measures

Official citation

FATF (2012-2025), International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation, Recommendation 16, FATF, Paris, France. Last updated October 2025.

Read the official text on fatf-gafi.org