A payments and compliance policy for a gig platform should define which payout flows are in scope, who can approve or hold funds, which verification and tax checks must pass before release, how exceptions are handled, and what evidence is retained. Build it as an operating document that product, finance, ops, and engineering can apply in daily payout decisions across jurisdictions.
Treat your payments compliance policy for a gig platform as an operating document, not a legal memo. If product, finance, and engineering cannot use it to decide whether a payout is released, held, reviewed, or reported, the policy is not finished.
This guide is about contractor and creator payouts handled through an app or website. That scope is deliberate. In the IRS framing of the gig economy, digital platforms match workers' services or goods with customers through apps or websites. In practice, that usually puts compliance pressure on onboarding, payout decisions, reporting, and exceptions. This is not consumer card-policy boilerplate or a general HR handbook.
You will move faster if you assemble a small evidence pack before drafting rules:
This prep is operational, not paperwork for its own sake. A written policy is not enough if your team cannot show how decisions are actually made in practice.
The goal is practical, not "instant compliance." You should leave with a draft your teams can translate into product rules, finance controls, and engineering requirements. Then you can adapt it market by market as legal review requires. If you are entering multiple jurisdictions quickly, drafting may move fast, but local exceptions can take longer.
For this guide, the policy covers contractor and creator payout flows. That includes who is paid, when they are paid, which checks must pass first, what data is collected, and what happens when something does not match. It also covers the controls around those flows, including risk-based review, tax-related data collection, and platform reporting duties.
This is where generic templates usually fail. In Europe, DAC7 places reporting obligations on platform operators and covers both cross-border and non-cross-border activity. In the United States, covered money services businesses are expected to maintain written AML programs commensurate with their risk profile. A usable policy reflects those differences instead of pretending one global paragraph is enough.
The end state is not "we have a PDF." The end state is a policy that is:
Use a simple checkpoint. For any payout type, can your team state what data is required, what risk checks apply, who can approve an exception, and what evidence is retained? If the answer is scattered across Slack threads, tickets, and tribal knowledge, you do not have an operational policy yet.
Also do not rely on onboarding alone. For covered money services businesses, AML programs must be written and commensurate with the business's risk profile, including location, size, and financial activity. That is a useful operating benchmark even beyond the legal minimum. Your controls should match real exposure, not a template.
The rest of this guide is built around that outcome. You want a policy that defines scope, maps market-specific rules, sets payout blockers versus review paths, and makes decisions defensible later.
For a step-by-step walkthrough, see How Freelancers Choose a Compliance-First Fintech Platform.
Set the boundary first, or exceptions will end up driving the policy. Before you write any rule, define which payment flows, legal entities, and systems are in scope.
Start with an explicit in-scope flow list for the payment activity you actually run, including payment reversals and any cross-border flows where applicable. Keep out-of-scope items separate, such as general HR policy or broad worker handbook language.
Then state when a Merchant of Record is used and when it is not. For each flow, name the entity responsible for processing payments and for post-transaction outcomes such as refunds or chargebacks. If your platform is not the MoR for a flow, say so directly.
Scope the full execution path, not just the app UI. Include operational systems and automated tooling involved in payout execution, approvals, reversals, and reconciliation, plus any Virtual Accounts used as sub-ledgers tied to a physical account.
If a tool can create, approve, hold, reverse, or reconcile payouts, it belongs in policy scope. Validate this by tracing one payout end to end and listing every system touched, including side tools used by finance or ops.
Define risk appetite in writing through a risk assessment mapped to products, services, customers, and geographies. Use that assessment to apply simplified measures only where risk is lower and stronger controls where risk is higher.
For higher-risk country exposure and other higher-risk scenarios identified in your assessment, require enhanced checks before release. For MSB-like models, keep this written and auditable. Controls should be commensurate with location, size, and the nature and volume of activity.
Assign named individuals, not just teams. Clear decision rights keep controls moving in normal operations and prevent delays during incidents.
Use a RACI-style map, and make each role person-specific. For each domain, name who executes day to day, who is accountable, and who approves policy changes. Senior approval and control operation can be separate jobs.
| Domain | Responsible | Accountable | Approver | Consulted |
|---|---|---|---|---|
| KYC | Ops or risk lead running verification queues | Compliance or legal owner | Policy approver named in governance doc | Product, engineering |
| KYB | Business onboarding or compliance lead | Compliance owner | Policy approver | Finance, legal |
| AML | Named operator coordinating monitoring and holds | Senior compliance owner | Senior management where your model requires it | Finance, ops, engineering |
| Tax reporting | Tax ops or finance lead | Finance owner or responsible party | Finance or executive approver | Legal, product |
Checkpoint: each row should include a primary owner, a backup, and the system or queue they monitor. If no one clearly owns W-9 collection, 1099 routing, beneficial ownership checks, or payout holds where applicable, the policy is not ready.
Pre-assign emergency authority before incidents happen. Specify who can freeze payouts, who can release after review, and who must be informed, so ops is not blocked by committee timing during a live risk event.
Run one simulation to verify the path works, such as suspicious activity at or above the $2,000 trigger floor in covered MSB scenarios, a mass KYC mismatch, or a provider outage. Confirm the escalation reaches management quickly and that the decision, timestamp, and approver are recorded.
Use executive sign-off for changes that shift risk appetite or legal position, such as AML policy changes, payout release rules, or worker-classification logic. In the U.S., classification governance should stay explicit because the 2024 final rule took effect on March 11, 2024, and a 2026 proposal is active. Classification turns on economic reality, not labels.
| Change example | Sign-off level | Grounded reason |
|---|---|---|
| AML policy changes | Executive sign-off | Shifts risk appetite or legal position |
| Payout release rules | Executive sign-off | Shifts risk appetite or legal position |
| Worker-classification logic | Executive sign-off | Classification governance should stay explicit |
| Queue routing | Operational sign-off | Lower-impact execution change |
| Reminder timing | Operational sign-off | Lower-impact execution change |
| Dashboard permissions | Operational sign-off | Lower-impact execution change |
Use operational sign-off for lower-impact execution changes, like queue routing, reminder timing, or dashboard permissions. If product can change payout gating or contractor-classification logic without legal and finance review, your control design is too easy to bypass.
Build the jurisdiction and classification matrix before drafting detailed payout clauses. Use it as the shared decision map for legal, product, finance, and engineering so controls rest on market-specific triggers, not one global assumption.
Use one default policy rule: if jurisdictions conflict, apply the stricter control outcome until legal approves a narrower local exception. Treat this as an internal risk-control choice, not a statutory mandate.
Start with market rows, then add control columns. At minimum, include United States federal, Europe at the tax layer, and city overlays such as Seattle and New York City. Track classification trigger, labor or pay overlay, tax documentation, reporting output, and payout consequence.
| Market layer | What to track | Control implication |
|---|---|---|
| United States federal | Classification posture, IRS reporting and withholding duties, W-9 or W-8BEN collection, 1099-NEC threshold | Do not release U.S. contractor payouts without tax-form logic and a classification review path |
| Europe | DAC7 scope and activity type, VAT treatment by country | Add DAC7 reporting fields and country-level VAT handling before launch, including non-cross-border activity |
| Seattle | App-based worker minimum payment rights tied to time worked and miles traveled per offer | Add city overlay logic to payout calculation and statements |
| New York City | Minimum pay rule for app-based restaurant delivery workers | Separate NYC delivery logic from general U.S. contractor logic and confirm local notices and rate handling |
Checkpoint: each row should point to a specific source document or internal policy reference. Labels like "EU tax" or "US labor" are too broad to implement safely.
For U.S. flows, keep classification live in the matrix. DOL framing uses the economic realities of the worker's relationship. The 2024 final rule took effect on March 11, 2024, and a 2026 proposed rescission is open for comment through April 28, 2026, at 11:59 ET. Treat this area as change-sensitive, not settled.
Do not hard-code assumptions like "all providers are contractors." Add a classification-signal column, for example the factors used in your review and whether local minimum pay overlays apply. IRS guidance also ties platform obligations to worker classification and reporting or withholding duties, so keep those controls connected.
Seattle and NYC should be treated as local overlays, not national defaults. Seattle's law is effective January 13, 2024 and ties minimum pay rights to time and miles. NYC announced a $21.44 per hour before-tips minimum pay rate for app-based restaurant delivery workers.
Add the fields your systems enforce at payout time: required tax form, reporting regime, required stored data, and resulting reporting or withholding output.
For U.S. payees, use W-9 to collect a correct TIN. For foreign individuals in U.S. flows, use W-8BEN to establish foreign status. For nonemployee compensation, 1099-NEC may be required, with the threshold stated as $600 and moving to $2,000 for payments made after December 31, 2025.
For Europe, keep DAC7 and VAT in separate columns. DAC7 entered into force on 1 January 2023. It applies to platform operators, including in-scope non-EU operators active in the EU, covers cross-border and non-cross-border activity, and includes categories such as personal services and sale of goods. VAT needs country-level handling because EU-wide rules are applied differently across member states.
Test one profile through each relevant row before launch. If required DAC7 data, W-9 or W-8BEN paths, or reporting fields are bypassed, the matrix is not yet connected to product behavior. For a deeper operating view, see 1099s, W-8s, and DAC7 at scale.
Once the matrix is built, decide how exceptions get approved. When rules conflict, keep the stricter path until counsel approves an exception. In practice, that may mean holding payouts, requiring more documentation, or enforcing additional reporting fields.
Do not allow silent carveouts in code or ops notes. Require an exception record with market, rationale, approver, effective date, review or expiry date, and exact product behavior change. If that record is not centralized, the matrix will not hold under expansion.
You might also find this useful: How Independent Contractors Should Use Deel for International Payments, Records, and Compliance.
First payout should be a controlled release, not an onboarding milestone. Account creation alone is not enough. Payout capability should turn on only after the required verification checks for that account profile are complete.
Write one enforceable rule: no first payout until required KYC/KYB checks are complete, and required risk checks in your setup are clear.
Avoid vague language like "users must be verified." Define pass conditions by account type. For individuals, that usually means required identity fields and any document review. For businesses, that usually includes business verification plus ownership and controller details. For U.S. legal-entity scope where applicable, tie KYB procedures to beneficial ownership requirements under [31 CFR 1010.230](https://www.ecfr.gov/current/title-31/subtitle-B/chapter-X/part-1010/subpart-B/section-1010.230) and specify where evidence is stored.
Make the checkpoint machine-readable. If your provider exposes states like requirements.currently_due and current_deadline, use them directly in gate logic. Before payout creation is possible, required items should be resolved and any stop decision should already be cleared.
Use a risk-based approach so effort lands where the exposure is higher. Set tiers with profile attributes such as location, business type, and requested capabilities, then apply proportionate controls to lower-risk paths.
Use a simple split between lower-risk and higher-risk paths:
Incremental collection can reduce onboarding friction, but only if payout gates stay strict.
A policy is only usable if it tells the team what happens when verification does not go smoothly. Requirement states can update over time, so monitoring and response must be ongoing. Document fallback actions for common cases:
| Verification issue | Required response | Grounded note |
|---|---|---|
| Incomplete onboarding | Hold payout capability; if deadlines are missed, trigger remediation | Expect payout restrictions |
| Data mismatch or document inconsistency | Route to review and request corrected data or documents | Keep payout blocked until resolved |
| Added requirements outside API-only flows | Escalate from self-serve resubmission to manual or hosted verification | Use when API-only flows cannot satisfy new requirements |
| Suspected synthetic identity | Apply an immediate hold and enhanced review | Do not rely on partial field validity |
Also define ownership for cases where risk review adds requirements your API path cannot fulfill.
For each first-payout decision, store a decision record that explains why funds were allowed or blocked. Include submitted identity or business data, requirement status at decision time, timestamp, rule or reviewer, and document outcomes.
Set a hard stop in policy: if due diligence cannot be completed, do not start or continue the relationship.
Need the full breakdown? Read How to Choose a Merchant of Record Partner for Platform Teams.
Tax operations should branch at onboarding and stay tied to year-end reporting outputs. If you collect a tax form without a clear reporting rule, the policy is incomplete.
Start with two decisions: whether the payee is treated as a US person for tax-document purposes, and whether they are paid as an individual or business. For US payees, request Form W-9 so you can capture the correct TIN for information returns. For non-US payees, route to the appropriate W-8 series form, for example Form W-8BEN where appropriate, instead of forcing a W-9 path.
| Payee case | Document path | Use in policy |
|---|---|---|
| US payee | Form W-9 | Capture the correct TIN for information returns |
| Foreign individual in U.S. flows | Form W-8BEN | Establish foreign status |
| Foreign entity | Form W-8BEN-E | Establish foreign status for foreign entities |
State exactly when collection happens, what blocks payout, and what evidence is stored. A practical minimum is form type, certification timestamp, worker country, legal name on form, and assigned reporting category. Before the first reportable payment, verify the account has one valid tax-document path, not just a generic "tax complete" status.
Map tax-document paths to filing outputs in policy, and assign tax or legal review ownership for ambiguous cases. IRS guidance for digital platforms is to classify workers correctly and meet information-reporting and withholding requirements.
Use a simple output map:
Do not hard-code one threshold permanently. Current IRS FAQ language shows $600, moving to $2,000 for payments made after December 31, 2025, for the 1099-MISC and 1099-NEC payment-reporting lines cited there. Also require a payment-channel check, because some flows are carved out to 1099-K instead of 1099-MISC or 1099-NEC.
If Europe is in scope, keep DAC7 and VAT handling in the core policy, not in a disconnected annex. DAC7 entered into force on 1 January 2023, places reporting obligations on platform operators, and includes non-Union platform operators that register and report in one EU country. Scope includes categories such as personal services and sale of goods.
For VAT checks, define VIES as the validation path and treat it correctly as a search interface over national databases. Store the queried VAT number, member state, response status, and timestamp. If VIES returns invalid, route to correction or manual review. Do not design evidence requirements around always receiving legal name or address from VIES, because data-protection limits may prevent that.
If you provide tax support, separate support workflows from payout-gating requirements. FBAR is an individual filing on FinCEN Form 114 when aggregate foreign accounts exceed $10,000, due April 15 with an automatic extension to October 15. FEIE is computed on Form 2555, and the instructions state a 2025 maximum exclusion of $130,000.
These are individual obligations, not standard payout-gating documents. Do not require FBAR filings or Form 2555 as a payout condition. If support is enabled, keep evidence narrow and private: case reason, guidance template sent, consented attachments if any, and restricted access to tax notes.
Treat exceptions as payout-state decisions, not a support appendix. If a case can delay funds, reverse funds, or trigger a reporting clock, define it in policy with five fields: class, owner, internal SLA, worker message, and payout-restart condition.
Keep the class list short and operational: payout return, payout failure, disputed classification, delayed verification, and suspicious velocity under AML. Then map each class to a concrete trigger.
Payout returns should come from rail feedback such as ACH return reason codes. Payout failures should include failures to make funds available by the promised date. Suspicious-velocity handling should cover patterns of transactions, not only single events. Disputed classification should be treated as a change trigger because worker-classification guidance was revised with an effective date of March 11, 2024.
Use one standard schema for every exception so handling stays consistent across teams.
| Exception class | Primary owner | Internal SLA | Worker message template | Restart condition |
|---|---|---|---|---|
| Payout return | Payments operations | Defined in policy | Returned payout; action needed to continue | Updated payout details validated and return reason resolved |
| Payout failure | Payments operations + provider support | Defined in policy | Payout delayed while transfer status is investigated | Funds confirmed available or payout safely reissued |
| Delayed verification | Risk/onboarding operations | Defined in policy | Additional verification required before release | Required KYC evidence approved |
| Suspicious velocity (AML) | AML investigations | Defined in policy | Temporary compliance/security review | Alert cleared or escalation completed |
| Disputed classification | Legal + policy owner + operations | Defined in policy | Classification review may affect payout handling | Decision recorded and payout logic updated if needed |
Keep internal SLAs separate from regulatory clocks. Some clocks are regime-specific, including SAR filing at 30 calendar days after initial detection, OFAC blocked-property reporting within 10 business days, and certain banking-incident notices within 36 hours after determination.
Set a clear rule in policy: repeated KYC failures or unresolved AML flags should route the account to payout hold pending review, not ad hoc manual override. This is consistent with CIP logic that contemplates cases where an account should not be opened or should be closed after failed identity-verification attempts.
Require documented resolution before release. At minimum, retain failed-attempt history, mismatch reason, reviewer record, alert history, and the hold reason tied to payout state.
Close material incidents only after a short postmortem and a control change decision. Incident handling should leave you with a better control, not just a closed ticket.
Focus the review on mechanism-level fixes: routing logic, beneficiary data quality, retry behavior, and visibility across payout states and routing. Then implement one concrete update in policy or controls, such as tighter retry rules, repeat-return alerts, clearer hold states, or routing guards against reissuing to failed destinations.
Once you define hold and restart rules, the next test is proof: can you show why a payout was released, delayed, or blocked? If your team cannot assemble that proof within 24 hours for an internal request, the policy is not operational.
Use one internal minimum pack for both automated and manual decisions. Include the request payload, decision output, reviewer identity when a human touched the case, and an immutable event timestamp. For reconstruction, log core audit-trail fields such as event type, success or failure, and event origin.
That lets you answer four questions quickly: what was requested, what the platform decided, who approved or overrode it, and when it happened. If a provider status changed the outcome, store that response with your internal decision record so investigators do not have to reconstruct it from separate systems.
A practical check is to pull one approved payout, one payout hold, and one reissued payout from a recent period. If any case depends on screenshots, chat history, or memory, your evidence pack is too thin.
Do not apply one blanket retention rule to every record. For high-risk areas, align retention and retrieval to the specific regime, especially 1099 operations, DAC7 due diligence, and classification-related payout decisions.
| Domain | What to retain | Grounded retention signal | Retrieval rule |
|---|---|---|---|
| 1099 reporting | filed return support, payer/payee data used, decision logs, correction history, reconciliations | IRS general instructions set a baseline of at least 3 years from the due date for information returns (4 years for Form 1099-C) | searchable and exportable without engineering intervention |
| DAC7 due diligence | steps taken, information collected, reportability determination, reportable period support | UK rules require 5 years; Irish guidance cites 6 years, so local implementation can differ | retrievable by seller, period, and determination status |
| Classification-related payout decisions | classification input, rule version, reviewer notes, payout impact, change date | set a policy retention period with legal sign-off based on your jurisdiction and risk posture | retrievable by worker and policy version used |
Two operating rules help. Preserve high-risk evidence in a hard-to-alter format, for example non-rewriteable or equivalent immutable logging where applicable. Also keep early-period records quickly retrievable because some regimes require records to be in an easily accessible place during the first two years.
Decision logs are not enough on their own. You also need artifacts that connect the payout event to money movement, ledger records, and the operational approval that allowed release.
For each payout batch or transfer, retain linkage data such as the transaction identifier, internal payout ID, ledger posting reference, settlement reference from the bank or provider, and any approval record tied to exceptions. For tax-sensitive flows, make sure 1099 support files trace back to payout records and reconcile with other records used for reportable income.
Treat this as an operating test. Ask someone outside the day-to-day owner to request a regulator-ready package for one payout hold, one corrected tax record, and one classification exception, with a 24-hour deadline.
If the package comes back with missing timestamps, unclear reviewer identity, or unmatched financial records, the control is not complete. Fix storage paths, naming standards, or approval capture before you treat the policy as regulator-ready.
Run this policy on both a fixed schedule and event-driven triggers. Keep a default review rhythm, but review immediately when laws, market scope, or reporting duties change.
Make each scheduled checkpoint explicit: scheduled date, named owner, and a short decision record showing what changed versus what did not. If the team cannot quickly identify the current approved version and next review date, tighten the review process.
In the United States, treat formal rulemaking as an immediate trigger. The DOL NPRM announced on 26 February 2026 is a good example. It is not a final rule, but it should still trigger review of classification-dependent controls.
A policy update is not complete until operations and engineering have shipped it. For every revision, record what changed, why, who approved it, and when operations and engineering must ship updates.
If a new policy version is marked effective but product and support controls still run on the prior version, the change is documented but not implemented.
This pairs well with our guide on How Platform Operators Should Plan PCI DSS Level and Cost.
Many failures are operational, not editorial. If a clause is not tied to an owner, a live control, and evidence, the policy is not production-ready.
For each clause, map three fields: owner, control, and evidence artifact. If a clause requires screening before payout, define the exact decision point and store evidence that includes result, reviewer or service identity, and timestamp.
Use a simple test: pick five clauses and ask for the owner plus the most recent evidence within 24 hours. If that fails, the problem is implementation, not writing.
One global rule often misses the part that actually changes payout handling. Local overlays can change pay calculations and related payout handling requirements.
Seattle's app-based worker minimum payment ordinance became effective on January 13, 2024. New York City announced a minimum pay rate of $21.44 per hour before tips for app-based restaurant delivery workers, with full phase completion announced on April 1, 2025. These are not universal across all platform models, but they matter if you operate in covered categories.
Use a jurisdiction matrix with override governance: market scope, local trigger, control impact, and exception approver.
Collecting forms is not the same as running tax operations. Form W-9 provides a correct TIN for payers that file information returns. Form W-8BEN-E establishes foreign status for foreign entities. Those inputs must flow into payer records, withholding logic where relevant, and reporting outputs.
Map forms to downstream reporting rules. Nonemployee compensation should route to Form 1099-NEC when the applicable IRS threshold is met, and Form 1099-MISC should stay reserved for its own income categories, including rents, royalties, prizes, and awards. In the EU context, DAC7 places reporting obligations on platform operators, so seller data must be usable in platform-level reporting. For a deeper operational walkthrough, see Gig Worker Tax Compliance at Scale: How Platforms Handle 1099s, W-8s, and DAC7.
A practical control is an exception report for missing TINs, form-type conflicts, and payees with payout activity but no reporting mapping.
Onboarding checks alone are not enough. CDD includes ongoing monitoring to identify and report suspicious transactions.
Tie monitoring and exception handling to payout status states, for example queued, released, returned, and under review, with clear escalation rules for each. If suspicious velocity, repeated payout returns, or unresolved identity mismatches appear, route to compliance review and consider gating release until resolution. Validate this process by sampling held or escalated payouts and confirming alert reason, reviewer, outcome, and release or closure timestamp are retrievable.
This is a common break point. Teams can prove onboarding, but not sustained monitoring.
If you want a deeper dive, read Music Royalty Tax Compliance: How Platforms Handle 1099-MISC vs. 1099-NEC for Artist Payments.
It is the written operating policy for how payouts are approved, held, reviewed, reported, and evidenced. It should map rules to owners, controls, and records so teams can make consistent decisions. If your funds flow is in scope for money transmission obligations, it should also reflect a written AML program that is risk-based and commensurate with your business.
Use dual ownership: executive accountability plus a named day-to-day operational owner. Decision rights should be clear for payout holds, releases, tax form exceptions, and jurisdiction overrides. If routine cases still require ad hoc escalation, ownership is too vague.
Review it on a fixed schedule and whenever risk, product scope, funds flow, or legal obligations change. Common triggers include entering new markets, changing payout architecture, onboarding cross-border payees who submit Form W-8BEN, or entering DAC7 scope. A policy update is not complete until operations and engineering ship the change.
Worker classification affects both labor and tax handling, so payout policy should address it directly. Keep classification signals in your jurisdiction matrix instead of assuming all providers are contractors. If a role may shift between contractor and employee treatment, split payout logic, tax-document collection, and approval rights before launch.
Retain enough evidence to reconstruct each payout decision, including the request, decision output, reviewer or service identity, timestamp, and supporting documentation. For higher-risk areas, also keep reconciliation artifacts that link the payout to ledger and settlement activity. As a baseline, BSA-required records are retained for 5 years, and OFAC-related records must be available for examination for at least 10 years after the transaction.
Centralize core principles, evidence standards, and approval structure, then localize where law changes the requirement. Use a jurisdiction matrix and local overlays for market-specific payout calculations, tax handling, and reporting duties. Keep the stricter control outcome by default until a narrower local exception is approved.
The minimum viable policy should still define scope, owners, key controls, tax-form collection, exception handling, and evidence retention. If your model may fall in AML scope, include written internal controls, staff training duties, and escalation for held payouts from day one. A practical readiness check is whether your team can quickly show the current owner and latest evidence for key policy clauses.
Avery writes for operators who care about clean books: reconciliation habits, payout workflows, and the systems that prevent month-end chaos when money crosses borders.
Educational content only. Not legal, tax, or financial advice.
The hard part is not calculating a commission. It is proving you can pay the right person, in the right state, over the right rail, and explain every exception at month-end. If you cannot do that cleanly, your launch is not ready, even if the demo makes it look simple.
Step 1: **Treat cross-border e-invoicing as a data operations problem, not a PDF problem.**
Cross-border platform payments still need control-focused training because the operating environment is messy. The Financial Stability Board continues to point to the same core cross-border problems: cost, speed, access, and transparency. Enhancing cross-border payments became a G20 priority in 2020. G20 leaders endorsed targets in 2021 across wholesale, retail, and remittances, but BIS has said the end-2027 timeline is unlikely to be met. Build your team's training for that reality, not for a near-term steady state.