SWIFT global payments innovation has fundamentally changed the information requirements for cross-border payments. Universal confirmation tracking — where the UETR unique end-to-end transaction reference follows a payment through every correspondent in the chain — is now mandatory for all gpi member banks. The ISO 20022 migration for SWIFT's high-value payment corridors (CBPR+) is underway, adding structured data requirements that expose weaknesses in legacy correspondent banking platforms. And FATF Recommendation 16 travel rule obligations for international wire transfers create parallel requirements that interact with gpi in ways that most compliance teams have not fully mapped.
What gpi Actually Requires of Correspondent Banks
SWIFT gpi membership requires correspondent banks to comply with the gpi service rulebook, which establishes obligations around speed (same-day processing in the currency's business hours), transparency (pass fee information through rather than deducting unannounced), and tracking (confirm receipt and processing of every payment with a SWIFT gpi confirmation message). The technical implementation requires that banks update the gpi tracker with a confirmation message within a defined window of receiving and processing each payment instruction. Banks that receive gpi-tagged payments and process them on legacy systems that cannot generate gpi tracker updates are in breach of the rulebook obligations they accepted upon joining the network.
gpi is not optional. As of November 2020, all SWIFT member banks are required to receive gpi payments even if they are not full gpi members. The practical effect is that every correspondent bank is now operating within the gpi framework whether or not they have invested in the technical infrastructure to do so properly. Deficient implementations show up in the tracker as payments that were received but never confirmed, creating service quality complaints and reputational consequences with correspondent relationships.
The ISO 20022 Data Quality Problem
The migration from SWIFT MT messages to ISO 20022 MX messages is creating a data quality crisis in correspondent banking. MT103 messages carry remittance information in an unstructured free-text field — account numbers, addresses, and purpose codes are embedded in a single field with no enforced format. ISO 20022 MX messages require structured data: addresses must be in defined address fields, party names must be in name fields, and purpose codes must use defined code lists. When a payment originates from a bank that has migrated to MX but passes through a correspondent that has not, the structured data may be truncated or corrupted in the translation. The recipient receives a degraded message that fails sanctions screening fuzzy matching because the address information is incomplete.
For compliance purposes, this is not a formatting problem — it is a screening problem. OFAC and other sanctions authorities do not accept data quality issues as a defence for screening failures. Correspondent banks must either ensure that the data quality of incoming payments is sufficient to support accurate screening, or apply enhanced manual review to payments where the data quality is insufficient. The latter approach does not scale; the former requires engaging with originating banks about their data quality standards.
Travel Rule Integration with gpi
FATF Recommendation 16 requires that financial institutions include originator and beneficiary information with every international wire transfer above the $3,000 threshold (US) or equivalent. The information requirements overlap substantially with gpi tracking data, but they are not identical: travel rule requires specific data fields (originator name, account number, address; beneficiary name and account number) that must be verified against the institution's records, while gpi tracking requirements focus on processing confirmation and fee transparency. Banks that conflate travel rule compliance with gpi compliance are creating gaps: gpi tracker data is process data, not verified customer data in the sense that FinCEN requires.
Sanctions Screening in the Correspondent Chain
A payment moving through a three-correspondent chain may be screened against the SDN list four times: at origination, at each correspondent, and at the final beneficiary bank. Each screening is independent and must be conducted on the information available to that institution at the time of processing. The gpi transparency requirements mean that the full payment chain — including all intermediary banks — is visible in the gpi tracker. OFAC can, and does, examine screening practices at every point in the chain. Correspondent banks that rely on the originating bank's screening without conducting their own independent review of the available information are taking a sanctions compliance risk that gpi transparency makes more visible, not less.
EU AI Act: What CTOs Actually Need to Do Before August 2026
DORA Is Live. Here's What 'Operational Resilience' Means for Your Codebase
FedRAMP Rev 5: What Changed and Why Most Current ATO Holders Are Already Non-Compliant
The engineering behind this article is available as a service.
We have done this work — not advised on it, not reviewed documentation about it. If the problem in this article is your problem, the first call is with a senior engineer who has solved it.