A payment approval workflow should turn Delegation of Authority into system-defined routing rules that assign the right approver, block self-approval, and create an audit trail before funds are released. Set scope by money-moving action and failure cost, express thresholds and authority levels in a decision table, constrain delegation, and test states, escalations, and idempotent retries before rollout.
A payment approval flow works only when policy becomes system behavior. The job is to translate Delegation of Authority into routing rules that send each request to the right approver, block conflicts, and leave an audit trail finance can verify later.
A payment approval flow defines how payments are authorized and executed before funds are released. A DOA policy defines who can approve which financial decisions. To make that enforceable, map each rule to a product role, a routing rule, and a record field.
Use one checkpoint for every rule: can the system route it automatically, and does the record show who acted and what they did? If not, you have policy prose, not an enforceable control.
You need speed and control at the same time. Bottlenecks slow payouts, but weak controls create errors and fraud risk. In practice, delays often come from unavailable approvers or reviews that stall, while manual handling raises the risk of both error and fraud. Set role boundaries explicitly. Segregation of duties should be built in, and self-approval should be blocked.
Start by deciding which money-moving actions are in scope. The control question stays the same across those flows: who can approve, under what threshold, and with what evidence?
Complexity shows up early in multi-entity operations. A design that works for one entity can break once you add entities, channels, or currencies. Verify that routing and authority rules still hold across product flows and finance systems.
This guide focuses on decision checkpoints, implementation order, and recovery steps, because policy text alone does not help if users can bypass routing limits.
Keep routing system-defined and non-bypassable. Build records that let you reconstruct events later: who acted, what action was taken, and when it happened. If your records cannot answer those questions, treat that as a design gap before rollout.
If you want a deeper dive, read How to Build an Invoice Approval Workflow for Your Platform: Roles Limits and Escalation.
Set scope by action and failure cost before you argue about dollar bands. Amount is a weak first filter because some low-value decisions are still hard to reverse once processed on high-finality rails.
Start with action types, not job titles. At minimum, list payment initiation events, template create/update events, refund-versus-cancel paths, and FX conversion or settlement actions. In practice, approval criteria are often event-based, not just amount-based.
For each action, assign a quick risk profile across four lenses: financial loss, compliance exposure, customer impact, and reversibility. Keep this lightweight so teams can apply it consistently before they start debating threshold numbers.
If an action can be irreversible once processed on a high-finality rail, route it through stricter authority levels even when the amount is small. Apply the same stricter path to FX-related actions where settlement risk is material, and keep lower-friction paths for actions that are easier to unwind.
Before you tune limits, publish one page that links each action type to the request owner and the active approver. That gives finance and engineering one reference for routing, accountability, and auditability.
Before you configure roles or limits, get finance, ops, and engineering aligned on one current evidence pack. If you configure first, you can bake policy, routing, and ownership mismatches into the build.
Start with four controlled artifacts: the current Delegation of Authority policy, the existing approval flow diagram, a role roster, and escalation contacts. For each one, confirm an owner, a version or last-approved date, and one canonical location.
| Artifact | What to verify before config | Red flag |
|---|---|---|
| Delegation of Authority policy | Current authority levels, named owners, latest approved version | Amount bands in policy do not match actual approval practice |
| Approval flow diagram | Actual decision path for each money-moving action | Diagram shows a path no one can enforce in product |
| Role roster | Named requester, approver, backup, and any separation-of-duty conflicts | Shared logins, stale managers, or missing backups |
| Escalation contacts | Primary and secondary contacts, contact method, coverage hours | Escalation goes to a queue with no accountable person |
Standardize terms before configuration. If policy, diagrams, and engineering labels use different names for the same action, you already have a control gap.
Capture baseline metrics from the current process before rollout. At minimum, track approval cycle time and exception volume. Add failed approvals by team or after-hours approvals where they are operationally relevant.
Keep metric definitions exact. If you use APQC cycle time, use the same definition: calendar days from invoice receipt until payment is transmitted. For ACH-heavy flows, log unauthorized returns as an exception signal and treat 0.5% as the Nacha unauthorized return-rate threshold.
Manual handoffs often expose the bottleneck. As one finance operations leader put it: "Our previous workflow suffered from multiple manual handoffs and communication bottlenecks that introduced delays, errors, and compliance risks at every stage."
Set the minimum approval record before rollout so each decision is reconstructable. Define the fields your team will always capture, plus the core audit-trail fields. A practical minimum set includes:
Avoid free-text-only justification. It is easy to launch and hard to audit, investigate, or reconcile later.
Use one shared source-of-truth document as the production gate, and make finance, ops, and engineering sign the same version. This is a governance control, not a universal legal requirement, and it reduces drift across docs, tickets, and code.
Include the policy reference, flow diagram, role roster, escalation ownership, metric definitions, and minimum audit-trail spec in that sign-off pack. If implementation tickets, review notes, and launch approvals point to different document versions, pause rollout.
Related: Gateway Routing for Platforms: How to Use Multiple Payment Gateways to Maximize Approval Rates.
Once the evidence pack is settled, turn it into a decision table before configuration. If a rule cannot be expressed as clear conditions, authority, and evidence in one row, it is not ready for production.
Use one row per payment decision. Keep these columns: payment type, risk tier, Approval thresholds, required Authority levels, delegation allowed, and required evidence.
| Payment type | Risk tier | Approval thresholds | Required Authority levels | Delegation allowed | Required evidence |
|---|---|---|---|---|---|
| Recurring payout to approved beneficiary on a standard rail | Low | Below your approved low-risk threshold, with no payee change and no exception flag | Structured permission tier with one authorized approver | Yes, if delegate has the same approval role and is not the requester | Request ID, beneficiary match, business context, timestamp, policy version |
| Standard non-exception payment with finance review | Medium | Oracle sample pattern: USD 5,000 and above routes to a finance approval group; routing can also vary by business unit or cost center | Finance approval group or equivalent authority tier | Yes, if Separation of Duty still holds | Amount, payment type, requester identity, business unit or cost center, supporting document, decision record |
| Exception path (wire release, manual override, held-funds release, beneficiary change) | High | Often any amount when the action is irreversible, externally settled, or outside normal policy | Two distinct authorized approvers with tighter Separation of Duty between initiator and approvers, or another documented compensating control where full segregation is not feasible | Restricted unless policy explicitly allows delegation with equivalent authority and SoD controls | Exception reason, attachments, requester context, approver identities, timestamps, acting-as context if delegated |
Use signed policy values where available. The important pattern is not just amount bands. Rules may also route by business unit, cost center, and exception type.
Do not leave conflict handling to judgment calls. Define which rule wins when amount-threshold logic and risk logic conflict. For many teams, that means routing to the stricter path in policy so low-dollar but high-risk actions, such as beneficiary changes or manual overrides, do not slip past stronger controls.
Low-risk recurring payouts can use structured permission tiers. High-risk exceptions can use a two-person rule with tighter Separation of Duty so one user cannot complete the full action alone.
Each row must map to fields your product can evaluate, such as amount, payment type, rail, business unit, cost center, exception flag, payee status, requester role, and delegation event state. If a row depends on vague labels like "sensitive" or "urgent," it is a manual instruction, not a control.
For every row in staging, run one matching case and one non-matching case. Confirm routing, approver set, evidence requirements, and SoD enforcement. For high-risk rows, confirm that the same user cannot initiate and approve the same request.
A decision table with open timing or jurisdiction issues is not ready for sign-off. Resolve these before final approval:
| Area | Open point | Details |
|---|---|---|
| SLA timing | Escalation timers by risk tier | Include owner and post-escalation delegation handling |
| Rail and provider constraints | Limits that affect routing | Faster Payments: £1 million, with provider-specific lower limits possible; Same Day ACH: $1 million per payment, three daily settlements |
| Operating-window and legal checkpoints | Fedwire timing and U.S. legal review | Fedwire business day: 9:00 p.m. ET to 7:00 p.m. ET; review Fedwire/EFTA inconsistency questions |
If a row still shows TBD for escalation owner, timing, or jurisdiction handling, keep it out of production.
You might also find this useful: Publisher Payment Thresholds: How to Set Minimum Payout Limits That Reduce Cost Per Transaction.
Use your decision table as a build spec, then map each threshold and role rule to enforceable system behavior. See the docs.
Once the decision table is stable, lock role boundaries so no one can request, approve, and benefit from the same payment action. Exceptions should route to an independent reviewer.
Define five operating roles in your design: requester, approver, delegator, delegatee, and oversight reviewer for policy exceptions. These are control labels, not mandated job titles, so each role should map to a real person or group in your access model and DOA policy.
| Role | Control note | Audit focus |
|---|---|---|
| Requester | Requests the payment action | Show who requested |
| Approver | Approves the request | Show who approved |
| Delegator | Assigns approval handling to one delegatee for a defined period | Capture start, end, and reason |
| Delegatee | Acts on behalf of the original approver during the active delegation window | Record actual actor and acting-as context |
| Oversight reviewer | Reviews policy exceptions | Show who reviewed exceptions |
For each role, record who can hold it, what actions it can take, whether delegation is allowed, and what evidence must be captured. Your audit trail should answer four questions without interpretation: who requested, who approved, whether anyone acted on behalf of someone else, and who reviewed exceptions.
If you cannot assign a named oversight reviewer for exception paths, do not move those rows to production.
Separation of duties has to live in system logic, not only in policy text. The same user cannot initiate and approve the same request. In dual-control terms, the initiator cannot approve their own work.
Check identity directly by comparing initiator ID, approver ID, and any acting-as identity used by a delegatee. If an approval resolves to the initiator, reject it and log the attempt. Where your product separates actions, also separate authorization from processing or recording and review.
In staging, verify at least:
Self-approval is only one conflict type. If a person is tied to the transaction outcome, such as self-benefit or related-party context, remove them from the decision path. Route the request to the oversight reviewer, and record the disclosure and recusal.
For manager-reporting-line conflicts, set and document your own company rule. The baseline control here is disclosure plus recusal when conflicts exist, then independent review when needed.
Capture the conflict reason, disclosed facts, recusal action, reviewer identity, and timestamps. If that record is missing, treat the approval as incomplete.
Unclear ownership leads to control drift. Set an explicit operating rule: finance owns risk policy, including authority levels, exception criteria, and conflict decisions; engineering owns enforcement, including control logic, identity checks, and logs.
This is a control-design choice, not a universal legal standard. Use it to keep policy and production aligned, and require both teams to sign the same role matrix before launch.
Need the full breakdown? Read How Platforms Automate Pre-PO Approval with Purchase Requisitions.
Delegation only holds up when it is narrow, time-bound, and easy to audit. A practical baseline is one active delegation at a time, one level only, and no re-delegation by a Delegatee.
Use a simple baseline in your DOA policy: a Delegator assigns approval handling to one Delegatee for a defined period, with one active delegation at a time for that delegator. Treat this as a practical operating pattern, not a universal product rule.
Keep delegation to one level. If User B is Delegatee for User A, User B cannot delegate onward to User C. In your logs and approval trail, always record acting-as context so reviewers can see who acted and under whose authority.
If you later enable multi-user delegation, make it an explicit exception with clear decision rules and visible audit records, not the default path.
A delegation without dates is open-ended access. Require start and end timestamps, and capture a reason for the delegation. For payment approvals, you can also add role-based pre-activation approval in your own control design, for example by finance ops, a manager, or another authority owner. This is a policy choice you define to tighten access changes, not a universal platform behavior.
At minimum, capture: Delegator, Delegatee, start, end, reason, scope, and an approval record if your policy requires one. Also test in staging that routing works during the active window and ends at the configured end time. If you use a single-active model, test that a second delegation is blocked until the first expires.
Planned delegation and emergency override should use separate paths. Use planned delegation for known absences, and a separate emergency override path for unexpected unavailability.
For emergency override, require clear records: who granted it, who received it, why normal delegation was unavailable, exact start and end, and scope. Make the override time-bound with automatic expiry, then run a post-event review.
Delegation should never reopen the door to self-approval. Prevent a Delegatee from approving their own requests, and review approvals where acting-as identity resolves to the original initiator.
Add monitoring for unusual delegation changes and route those patterns for review. Then stage absence scenarios and confirm your records still capture acting-as identity, timestamps, and expiry cleanly.
Explicit request states keep approvals operable. Operational failures often show up when handoffs, stalls, or denials happen without a clear state, owner, and trace across finance and product.
Define an internal state map for your approval request object, even if underlying tools use different labels. A practical starting point is: submitted, pending approval, approved, denied, delegated, escalated, expired, and change requested or returned.
Cover post-rejection handling, not just the happy path. In Dynamics 365 Finance, a rejection can create a new work item for the originator, so decide whether denied requests are revised and resubmitted or closed.
In your flow diagram, mark terminal versus recoverable states. Approved, denied, and expired are often terminal. Delegated and escalated are handoff states.
For each state change, define who is notified, where they see it, and what action is expected next. Dynamics 365 Finance supports notification events such as approved, rejected, delegated, escalated, and change requested. Power Automate approvals use in-product pending queues and email delivery.
Use a simple operating rule:
That keeps action prompts and system truth aligned.
Delegation is only reliable when records show both who acted and whose authority they used. Oracle documents delegation as acting on behalf of the original approver and supports displaying that relationship in the interface.
When a delegate approves or denies, record and display:
Without acting-as visibility, audit reconstruction is weaker.
Timeouts are not enough on their own. You also need clear ownership after escalation. Dynamics supports escalation when the assigned user does not act within the configured time window. Your policy should also state who owns the request after that point, whether the prior approver can still act, and which team is accountable.
If you route escalations to higher authority levels, document that routing explicitly in both policy and flow diagrams.
Run one end-to-end trace in staging from request creation to final state. Submit, delegate, exercise timeout and escalation if configured, and complete with approval or denial.
Then verify that workflow history or tracking shows request progression with key transitions, timestamps, and actors, including acting-as context where your platform exposes it. Use built-in test and history features where available. The pass condition is simple: a reviewer can reconstruct the full path from system records alone.
We covered this in detail in How to Build the Ultimate Finance Tech Stack for a Payment Platform: Tools for AP Billing Treasury and Reporting.
Finance sign-off depends on evidence, not status labels. If a control cannot produce exportable records showing who acted, when, what happened, and how the outcome ties to your books, treat that control as not ready.
Make every approval event auditable, not just the final decision. A practical minimum is actor identity, event type, timestamp, and success or failure outcome. For your control design, consider capturing delegated-authority context, policy version, and attachment references when your policy requires them.
If delegated authority is allowed, capture both the person who acted and the authority relationship they used so reviewers can explain why the action was permitted.
Use a simple checkpoint: update a request in staging and review history. Prior values should remain visible and should not be obscured.
An approval is not complete for finance until it can be traced to accounting and reconciliation evidence. Link each approval outcome to records such as request ID, payout or batch ID, posting or journal reference, settlement date, reconciliation status, and reviewer evidence.
In practice, this turns the approval flow into a finance control map. Decision, posting, and reconciliation should be traceable end to end from system records alone. That traceability supports reliable financial reporting.
Exception paths need the same rigor as successful approvals. Log manual overrides, rejections, and invalid-access or bypass-like attempts as explicit exception events, not just final states.
Capture enough exception context for review, including actor, timestamp, reason, and follow-up outcome where applicable. Incomplete exception records are weak audit evidence even when standard approvals look clean.
Retention and exportability should be defined by record class, not by one blanket rule. Separate approval events, evidence attachments, exception logs, and reconciliation artifacts, then assign retention based on the underlying record requirements.
In regulated electronic-record contexts, audit-trail documentation should be retained at least as long as the related records, and records should be reproducible in human-readable and electronic formats. In broker-dealer contexts under 17 CFR 240.17a-4, retention can be 3 years or 6 years depending on record type. The first 2 years must be easily accessible, and cash reconciliations are explicitly preserved records.
Before rollout, run an export test for finance or compliance review. If exports omit prior values or other policy-required context, fix that before sign-off.
Once audit evidence is in place, the next common failure mode is duplicate side effects. Treat every approval action and provider callback as retryable, and block any path where a retry could approve twice, release funds twice, or move a request backward.
Make every POST that changes approval or payment state idempotent: approve, deny, override, payout release, and batch release. Store enough request metadata - idempotency key, action type, request fingerprint, response, and resulting request state - so the same retry returns the same outcome, including server-error responses, instead of triggering the side effect again.
| Surface | Key limit | Validity note |
|---|---|---|
| Internal format | Keep the key within 64 characters | Bind each key to one action |
| Stripe | Up to 255 characters | Keys may be pruned after they are at least 24 hours old |
| Adyen | 64 characters | Keys stay valid for a minimum of 7 days |
For network retries of the same business action, reuse the same key. Stripe supports keys up to 255 characters and may prune them after they are at least 24 hours old. Adyen allows 64 characters and keeps keys valid for a minimum of 7 days. If you support multiple providers, keep your internal key format within 64 characters and bind each key to one action.
Deduplicate before mutation. Record the provider event ID and check whether it was already processed before updating any state. Duplicate deliveries happen, and delivery order is not guaranteed, so arrival order is not a safe proxy for current truth.
If an already processed event arrives again, return success so retries stop. Keep handlers fast as well. Braintree treats responses longer than 30 seconds as timeouts and retries them.
Use one source-of-truth state model for the approval request, then project that state into product and finance statuses so they stay aligned. Apply your existing authority logic for approval decisions, and use provider events to update execution state.
Document which external events can advance state and which should be ignored as stale. When sequence is unclear, compare event timestamps and, where needed, fetch the latest provider object so decisions follow current state, not delivery order.
Before launch, run replay tests in staging: resend the same approve call with the same idempotency key, replay the same webhook event, and send events out of order. You should still end with one approval decision, one payout release, no backward transition, and aligned product and finance statuses.
Run one recovery drill too: pause webhook processing and replay missed events. Stripe can automatically resend undelivered events for up to three days. Its Events API lists only the last 30 days, so validate your catch-up path before production traffic tests it for you.
In approval workflows, recovery usually comes down to rule clarity, delegation controls, and audit evidence quality. The fastest path is to remove ambiguity in approval logic and treat incomplete records as recovery work.
When finance, ops, and product maintain different threshold logic, routing drifts. Move approval thresholds and authority levels into one approved decision table, and make UI, API, and notification paths read from that table.
Use amount routing as one input, not the whole rule. For example, you might require pre-approval over $1000.00 and auto-act only where low-value conditions are explicitly configured, such as below USD 100. Validate requests just below, at, and just above each breakpoint, and confirm the same approver path appears everywhere.
Delegation and reassignment are not the same, and treating them as interchangeable creates control gaps. Use bounded delegation windows with start and end dates, and record when a user acted as delegate for another user.
Keep Separation of Duty safeguards active during delegation, not only during standard approvals. When a two-person approval rule applies, the second approver should still be a different authorized user. Also test out-of-office coverage end to end so delegated approvals and notifications actually reach the delegate.
If you need audit-ready approvals, records with missing context are recovery work, not finished outcomes. Capture at least what happened, when, where, and who was associated with the event, including acting-as context where delegation is involved.
Use a review cadence you can sustain. A red flag is any approval record that shows only final status without clear actor context or delegation trace.
Slow approvals can be a coverage problem, not only a threshold problem. Assign backup active approver coverage for each authority level, and set clear escalation ownership for inaction within the allotted time.
Then test vacation and inactivity scenarios. You should see escalation and notifications route to the right owner while preserving the same audit history.
This pairs well with our guide on How Independent Professionals Build a PCI-Compliant Workflow for Card Payments.
Roll out in phases, and force a real go or no-go decision before each expansion. Start with the payment paths where failure would cost the most, then expand only after pilot evidence shows the controls are holding.
Prioritize the first phase by risk exposure rather than defaulting to org chart boundaries. If higher-risk activity spans multiple teams, keep that scope intact so you can validate approvals, escalation behavior, and delegation controls where failure matters most.
Use your approved Approval thresholds and Authority levels decision table as the launch map. For the first slice, confirm that requests follow the same routing, evidence requirements, and acting-as logging, including checks around threshold breakpoints.
Avoid pilot scopes that mix low-risk routine payouts with high-risk exceptions. Mixed-risk pilots make it harder to tell whether stricter controls actually work.
Treat phase one as a canary: partial, time-limited, and evaluated before broader rollout. Define measurement rules before the first request enters the queue so results are interpretable.
Track at least:
Keep definitions explicit. Log exceptions with request ID, payment type, violated rule, approver identity, and delegation context where applicable.
If the pilot moves cash, keep reconciliation evidence audit-available and confirm affected accounts can still be reconciled at least monthly and within 30 days of receiving the statement.
Write exit criteria before the phase starts. Expansion should happen only when required deliverables exist and exit criteria are met, not because the date arrived.
A practical gate pack includes:
Approval thresholds and Authority levelsMissing evidence is a no-go.
After launch, run a regular review cycle to tune rules based on real incidents and ongoing monitoring. Use it to adjust approval permissions, delegation constraints, backup approver coverage, and any mismatch between policy and production behavior. Assign one named owner for policy updates and control effectiveness. Without clear ownership, rule drift can undermine enforcement.
Related reading: How to Build a Contractor Payment System for a Nursing or Allied Health Staffing Agency.
Use one hard rule: if a policy rule cannot be enforced in system behavior and shown in audit evidence, it is not live yet. Your first enforceable version should be narrow, testable, and tied to documented control activities.
Define scope and risk first. Start with the highest-risk payment path, not the most common one. Produce a single source-of-truth approval spec that names the action type, requester, active approver, risk factors, and required approval evidence.
Publish a threshold decision table that can be coded. For each payment type, document risk tier, threshold logic, required authority level, delegation allowance, and required evidence fields. Every row should map to an enforceable application or payment-service rule. If amount logic and risk logic conflict, resolve it using your documented risk assessment.
Assign roles and separation controls before granting access. Formally assign roles such as requester, approver, delegator, delegatee, and exception reviewer. Apply least privilege so access matches assigned tasks. Do not allow one user to both initiate and approve the same request; add two-person routing for high-risk cases where needed.
Treat delegation as a constrained exception. Define when delegation is active, why it is granted, and who approved it before it becomes active. Log actor identity and acting-as context so delegated actions are traceable. Review delegation-change logs as part of control monitoring.
Verify states, notifications, and retries in sandbox before go-live. Test the full path from submitted through approved, denied, expired, and escalated. Confirm notifications track each state change for finance and operations. For webhook-driven states, handle retries and ignore already-processed events; for payment actions, use idempotency so retries do not create duplicate effects.
Run a pilot with explicit go or no-go criteria. Limit scope, for example to one payment type and one finance owner, and define measures before launch. Keep audit-field requirements in place during the pilot so behavior matches production expectations.
Set periodic review ownership and date. Review incidents, exceptions, delegation usage, stale approvals, and evidence gaps on a recurring schedule. Keep ownership explicit across finance and engineering for policy and enforcement.
Next step: align finance and engineering on one approval spec, then implement the highest-risk payment path first. For a step-by-step walkthrough, see How to Build a Payment Sandbox for Testing Before Going Live.
After you align finance and engineering on the spec, validate your highest-risk payout path with real escalation scenarios before scaling. Talk with Gruv.
It is the defined sequence your team follows to authorize and execute a payment from intake through funds leaving the account. Delegation of authority assigns approval rights by role or position and authority type rather than by person name alone. In practice, delegation should be explicit and traceable in workflow history.
Map thresholds to explicit authority levels and assign those levels by role title or position. Keep routing rules unambiguous so routine items move cleanly and higher-risk exceptions escalate without ad hoc decisions. Each threshold row should map to an enforceable workflow rule.
Limit delegation to users who already have approval privileges for that workflow item type. Make it temporary with clear start and end dates and a recorded reason. If your policy uses a single-active model, allow one active delegation at a time and no re-delegation.
Use separation of duties so one person does not initiate, authorize, record, and reconcile the same transaction. Block self-approval in system logic, including delegated paths. Record delegation changes and delegated actions so unusual patterns can be reviewed.
At minimum, log what happened, when it happened, where it happened, the event source, and the outcome. Include identity details for the person or entity tied to the event, not only status changes. For delegated approvals, record who acted and whose authority they used.
Override amount-only routing when risk indicates stricter control is needed. Set a clear precedence rule so risk-based routing takes priority when it conflicts with amount logic. Use the stricter path for higher-risk actions.
Ethan covers payment processing, merchant accounts, and dispute-proof workflows that protect revenue without creating compliance risk.
Educational content only. Not legal, tax, or financial advice.
The hard part is not calculating a commission. It is proving you can pay the right person, in the right state, over the right rail, and explain every exception at month-end. If you cannot do that cleanly, your launch is not ready, even if the demo makes it look simple.
Step 1: **Treat cross-border e-invoicing as a data operations problem, not a PDF problem.**
Cross-border platform payments still need control-focused training because the operating environment is messy. The Financial Stability Board continues to point to the same core cross-border problems: cost, speed, access, and transparency. Enhancing cross-border payments became a G20 priority in 2020. G20 leaders endorsed targets in 2021 across wholesale, retail, and remittances, but BIS has said the end-2027 timeline is unlikely to be met. Build your team's training for that reality, not for a near-term steady state.