How Do New Zealand’s Wire Transfer Regulations Stack Up Against the EU & UK Frameworks?

As financial crime risks evolve, jurisdictions around the world are refining their wire transfer regulations. Three key frameworks are shaping the international compliance landscape today: New Zealand’s Anti-Money Laundering & Countering Financing of Terrorism Amendment Bill 2024, the European Union’s Regulation (EU) 2023/1113, and the UK's Money Laundering, Terrorist Financing & Transfer of Funds (Information on the Payer) Regulations 2017 (amended in 2019, 2022 and 2023). Whilst all are grounded in the FATF’s Recommendation 16 (more commonly known as the Travel Rule) their implementation, enforcement intensity, and treatment of digital assets differ substantially.

This comparative analysis offers a deep dive into how these three regimes approach wire transfer compliance, highlighting the practical implications for anti-financial crime professionals managing cross-border operations.

Three Jurisdictions, One Global Standard

The FATF Travel Rule requires financial institutions to include accurate originator and beneficiary information with wire transfers and to ensure this information remains with the transfer throughout the payment chain. This foundational principle aims to mitigate the use of electronic fund transfers for money laundering, terrorist financing, and proliferation-related activity.

All three jurisdictions - New Zealand, the EU, and the UK - have updated or reinforced their frameworks to reflect these expectations. However, each region has made distinct choices in terms of how the rule is scoped, applied, and enforced. Understanding these differences is crucial for firms operating in or dealing with counterparties across multiple regions.

Scope of Application & Regulatory Coverage

In New Zealand, the updated AML/CFT Act mandates that all international wire transfers involving reporting entities include complete originator and beneficiary details, regardless of the amount. Domestic transactions are only caught where suspicion of criminal activity arises. Designated non-financial businesses and professions (DNFBPs) such as law firms, accountancy practices, and conveyancers are exempt from being treated as ordering or intermediary institutions when operating trust accounts. However, they are still required to submit prescribed transaction reports (PTRs) for international transfers of NZD $1,000 or more.

The European Union, under Regulation (EU) 2023/1113, casts a wider net. The regulation applies to both domestic and cross-border wire transfers and introduces harmonised compliance standards across all 27 Member States. It covers payment service providers (PSPs) and, notably, crypto-asset service providers (CASPs), applying the same rules to both fiat and digital assets. All transfers above €1,000 must include full, verified originator and beneficiary information.

The United Kingdom’s MLRs (2017 and 2019) cover both domestic and international wire transfers by PSPs and also extend obligations to cryptoasset firms registered with the Financial Conduct Authority (FCA). The UK applies the £1,000 threshold for verification and data obligations and has explicitly adopted the FATF’s stance on Travel Rule compliance in the cryptoasset sector, even when dealing with jurisdictions that have not yet implemented similar rules.

Treatment of Crypto-Asset Transfers Under Wire Transfer Regulations

A major point of divergence among the three regimes is how cryptoasset transfers are addressed.

In New Zealand, crypto remains outside the scope of wire transfer rules. Virtual asset service providers (VASPs) are subject to AML/CFT regulation as reporting entities but are not currently bound by Travel Rule-equivalent obligations. Guidance is evolving, and regulatory focus remains high, with the Department of Internal Affairs actively consulting on digital asset oversight.

The EU stands out globally as the first major jurisdiction to fully integrate crypto into its wire transfer regime. Regulation (EU) 2023/1113 mandates that CASPs collect and verify full originator and beneficiary details, even for transfers to or from unhosted wallets (i.e., wallets not held by another CASP). Information must be transmitted using structured message formats, and CASPs must monitor and store transaction data, much like traditional PSPs.

The UK has taken a middle-ground approach. While cryptoasset firms are not integrated into the same rulebook as fiat payments, they are bound by the same Travel Rule expectations, per MLR 2017. The FCA has issued specific guidance requiring firms to comply with Travel Rule standards, including for cross-border crypto transfers even if the receiving party operates in a non-compliant jurisdiction. Where this is the case, UK firms must conduct a risk assessment and consider alternative steps (such as delaying or rejecting a transaction) if sufficient information cannot be obtained.

Information Requirements & Format Standards

Across all three frameworks, ordering institutions are required to include:

• Full name of the originator and beneficiary

• Account number or a unique transaction reference

• Physical address, national ID number, customer number, or date and place of birth (depending on the framework and risk level)

In New Zealand, verification of the originator’s identity is only required if suspicion arises. There is no mandatory format for how information must be transmitted, allowing for flexibility depending on technical constraints.

The EU enforces stricter rules. All transfers over €1,000 must include verified data, and information must be formatted in compliance with ISO 20022 XML messaging standards. This level of precision enables effective tracing and reduces the risk of data loss through intermediary institutions.

In the UK, MLR 2017 maintains structured but flexible transmission rules. Whilst there is no mandatory data format, firms must ensure that the information required is complete and accurate, and transmitted securely. Guidance encourages PSPs to adopt common messaging standards, but this remains a best practice rather than a legal requirement.

Intermediary & Beneficiary Institution Duties

In all three regimes, intermediary institutions must ensure that data is retained and transferred properly. The EU is most prescriptive: intermediary PSPs and CASPs must immediately reject or suspend any transfer missing required data and report the incident to the relevant authorities.

The UK requires PSPs and cryptoasset businesses to implement adequate internal controls to ensure data remains with the transfer, is recorded accurately, and is available for review by supervisory authorities. Intermediaries must assess whether to reject or report incomplete transfers based on their risk-based approach.

In New Zealand, intermediary and beneficiary institutions have more discretion. They must retain data when technically feasible and use a risk-based framework to assess whether to process or flag transactions missing required information.

Wire Transfer Regulation Reporting & Record-Keeping

New Zealand remains one of the few jurisdictions with a mandatory reporting threshold regime outside of SARs. PTRs must be submitted for all international wire transfers of NZD $1,000 or more. These reports are filed through the goAML platform managed by the New Zealand Police Financial Intelligence Unit and must be submitted within 10 working days. SARs remain mandatory for suspicious activity, regardless of amount.

The EU and UK regimes rely primarily on SARs, with no standalone PTR model. However, both regions mandate record retention of at least five years, with the expectation that firms implement monitoring systems capable of identifying unusual behaviour linked to wire transfers especially those involving high-risk geographies or PEPs.

Operational Implications for Compliance Teams

For compliance professionals, the key challenge lies in managing multiple overlapping frameworks without compromising efficiency or consistency. Firms operating across these jurisdictions must calibrate their transaction monitoring rules, customer due diligence procedures, and reporting mechanisms to accommodate jurisdictional nuances.

This includes:

• Adjusting identity verification thresholds (e.g., €1,000 in the EU vs discretionary in NZ).

• Managing different data formatting requirements (e.g., ISO 20022 in the EU).

• Aligning SAR, PTR, and Travel Rule obligations.

• Developing crypto Travel Rule solutions that function across both compliant and non-compliant jurisdictions.

Compliance teams should also engage technology functions early when implementing cross-border wire transfer controls, particularly when upgrading legacy systems to accommodate structured messaging, automated filtering, or real-time alerts.

Conclusion: A Multi-Layered Landscape for Wire Transfer Regulation Compliance

While New Zealand, the EU, and the UK are aligned in principle under the FATF’s Travel Rule, their frameworks diverge in execution. The EU leads in crypto integration and technical specificity, the UK strikes a balance between enforcement and implementation flexibility, and New Zealand maintains a principles-based, risk-focused model anchored by threshold-based reporting.

For firms that process cross-border transactions or operate under multiple AML regimes, the key is strategic alignment: choosing to implement the strictest overlapping standard as the default while allowing for jurisdiction-specific exceptions where legally permitted.

Want to go deeper?

Download our white paper on wire transfer regulation compliance in the UK to explore how core principles of the Travel Rule are implemented and enforced. Whilst focused on the UK, the insights are highly applicable across the EU and other FATF-aligned jurisdictions.

Also, check out WireCheck our next-generation compliance tool that simplifies wire transfer regulation compliance, data validation, and Travel Rule alignment in real-time.