In just 30 days, on September 18th, the new International ACH format – IAT – and accompanying NACHA rule changes go into effect. This is the most significant change to the ACH network in decades, affecting corporate payment initiators, financial institutions of all sizes, financial software companies, and payment service providers. The new rules have been a huge nightmare for banks and their system providers, but will open the door to greater use of ACH for cross-border transactions. Attn: payment managers, this could be a big opportunity!
If you are not sure how IAT affects you and your company, read on.
IAT was supposed to go into effect back in March but the deadline was extended so that banks, their customers, and solution providers had sufficient time to make the necessary technology and process changes. Every bank on the ACH network (thousands!) had to modify its systems and procedures, regardless of whether it generated ACH International transactions on behalf of its customers, because it could be a receiver of IAT transactions. This effort has consumed the banking industry for the last year; despite many other distractions (will my bank still exist when the IAT deadline comes?). Today, just weeks away from the deadline, I remain skeptical that all corporate ACH initiators and their software providers are ready, despite an aggressive communication and education campaign by NACHA, the Federal Reserve, and EPN.
What is IAT? Why is NACHA making this change?
IAT affects all International ACH transactions that flow through the US ACH network, regardless of currency or country. The NACHA rule change both redefines what an International transaction is and creates a new International ACH transaction format.
NACHA implemented IAT in order to meet the demand for more efficient and accurate Office of Foreign Assets Control (OFAC) review to support national security and foreign policy restrictions on money movement (more on OFAC below). Today, many transactions initiated overseas are introduced to the US ACH network by correspondent banks in the US as domestic transactions, making it difficult to identify them for screening. In addition, the current ACH transaction formats do not include sufficient information to properly screen International transactions, let alone automate screening. Back in 2004 NACHA began working with OFAC to define new International ACH transaction rules and develop a new ACH format IAT with sufficient information to identify all the parties to a transaction.
The rules governing IAT have evolved since the new transaction type was announced, in response to new guidance from OFAC and requests for clarification from corporate originators, financial institutions, and technology providers. As a result, keeping up with IAT has been a particular challenge. This post attempts to summarize the key themes, but beware, there are many details and interpretation nuances. Tread carefully!
International ACH Redefined
The previous NACHA definition of “International ACH” relied on whether or not the originator or receiver of the ACH transaction was outside the United States. Under the new rules, a transaction is classified as International (and must therefore use the IAT format) if the financial institution moving the funds is located overseas.
From NACHA’s IAT Executive Summary:
The change will define an International ACH Transaction as an ACH entry that is part of a payment transaction involving a financial agency’s office that is not located in the territorial jurisdiction of the United States. Specifically, an office of a financial agency is involved in the payment transaction if it:
- holds an account that is credited or debited as part of a payment transaction; or
- receives funds directly from a Person [or organization] or makes payment directly to a Person [or organization] as part of a payment transaction; or
- serves as an intermediary in the settlement of any part of a payment transaction.
The definition of International ACH Transaction focuses on where the financial institution that handles the payment transaction (movement of the funds) is located and not where any other party to the transaction (e.g., the Originator or Receiver) is located.
After September 18, the current cross border ACH transactions, CBR (corporate cross-border) and PBR (consumer cross-border), will no longer be used. However, returns of transactions originated before the deadline are allowed in CBR/PBR format until December 31st. Many transactions that are currently non-International ACH transactions such as PPD (pre-arranged bill payment or direct deposit), CCD (cash concentration or disbursement), WEB (web initiated), or TEL (telephone initiated), etc. will now have to be formatted as IAT transactions if they fall under the new International ACH definition.
Initially I was alarmed that quarterly and annual NACHA transaction statistics (an important industry measurement of electronic payment adoption) would be jeopardized. But, no worries, the IAT format includes a field where the underlying ACH transaction code is passed along. Presumably NACHA will report statistics as they always did, but will also now report on IATs in total and broken down by the underlying transaction code to indicate the payment type/channel. (Right, NACHA? Please!)
What is OFAC?
About OFAC and OFAC screening (from OFAC):
The Office of Foreign Assets Control (OFAC) of the US Department of the Treasury administers and enforces economic and trade sanctions based on US foreign policy and national security goals against targeted foreign countries, terrorists, international narcotics traffickers, and those engaged in activities related to the proliferation of weapons of mass destruction. OFAC acts under Presidential wartime and national emergency powers, as well as authority granted by specific legislation, to impose controls on transactions and freeze foreign assets under US jurisdiction.
“Specially Designated Nationals” or “SDNs” are individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Their assets are blocked and U.S. persons are generally prohibited from dealing with them.
More on OFAC rules here:
Nothing has changed in terms of OFAC compliance rules, the IAT change only affects ACH transaction formats and the definition of what an international ACH transaction is. Note that although specific individuals and countries are identified as suspect by OFAC, that is not what makes an ACH transaction IAT eligible.
New IAT Format and Data Requirements
IAT ensures that International ACH transactions include complete information in accordance with the Bank Secrecy Act “Travel Rule” that requires financial institutions to pass specific information about parties to a transaction from one financial institution to another. The Travel Rule applies to transactions greater than $3,000, but the information is useful for broader OFAC review requirements that apply to all International transactions, regardless of dollar value.
The new IAT format is synchronized with wire transaction data requirements and is designed to be mapped to transaction formats used globally, such as SWIFT and ISO 20022. All IAT transactions must include the following mandatory addenda data elements:
- Payment amount
- Name and physical address of the originator
- Name and physical address of the receiver (beneficiary)
- Account number of the receiver
- Identity of the receiver’s bank
- Correspondent bank’s name, Bank ID number and Bank Branch Country Code
- Reason for the payment (the transaction type code)
In addition, as the transaction flows from correspondent bank to correspondent bank, each bank adds its own information in an addenda record. There is space for a maximum of five correspondent bank records.
There is also room for two optional remittance data addenda records of 80 characters each, but only if the number of correspondent banks does not exceed three. (The combined total number of correspondent bank addenda and remittance addenda cannot exceed five.) This particular component pleases me; regular readers know that I am an avid B2B e-payment evangelizer.
The IAT transaction format also includes an optional OFAC screening flag. This enables payment network participants or third parties that handle the transaction to indicate whether or not OFAC screening has identified a potential “hit” or potentially illegal transaction.
The new format will make it much, much easier for banks to automate OFAC screening. And, for those that want to outsource the screening, both the Federal Reserve (in its capacity as a Gateway Operator, i.e. FedACH International services) and EPN are providing OFAC screening services.
However, the new format does pose some processing challenges. IAT returns must include all seven of the mandatory addenda data, plus an additional data element explaining why the transaction is being returned. This involves changes to exception processing procedures and systems at financial institutions of all sizes.
Which Payment Participants Are Obligated to Perform OFAC Screening?
According to the Federal Reserve ALL financial institutions, both originating and receiving IAT transactions must perform OFAC screening:
All depository financial institutions, whether originating or receiving, are responsible for OFAC compliance. Likewise, OFAC compliance applies to third-party service providers, including processors and correspondent/respondent banks. Although a financial institution might contract with a third-party provider to do the actual OFAC review of the transactions, OFAC rules clearly indicate that a financial institution cannot contract away its liability for OFAC compliance.
According to the Federal Reserve the receiving financial institution is ultimately responsible:
Ultimately, the receiving financial institution bears all responsibility for OFAC compliance. Although the gateway operator will perform inbound screening on inbound IAT items and populate the necessary fields, the receiving financial institution is still required to perform the necessary due diligence on IAT items in order to properly comply with OFAC obligations.
Fines and penalties levied by OFAC range from $10,000 to $10 million, depending on which sanctions program is violated. It is assumed that Financial Institutions will pass the fines on to corporate or individual customers that originate the transactions.
I am a corporate, does IAT impact me?
Yes. Corporations are also required to comply with OFAC screening and are subject to the same fines and penalties. Your ACH origination contract with your bank includes warranties that hold you, as an ACH originator, responsible for complying with OFAC sanctions. As a corporate International ACH transaction originator, it is likely that your employees or vendors will have to provide more detailed information in order to receive funds from your company via a foreign bank. In turn, your company will have to modify procedures and systems in order to pass the required information to your bank in the appropriate format.
If you are unsure whether IAT is relevant to your business ask yourself these questions:
- Is your company a subsidiary of a multi-national company?
- Does your company have foreign subsidiaries?
- Does your company buy or sell to organizations or individuals outside the territorial jurisdiction of the United States?
- Does your company send payroll, pension or benefit payments via the ACH Network to individuals that have permanent resident addresses outside the territorial jurisdiction of the United States?
If you answered yes to any of these questions and have not already discussed IAT with your banker, do so immediately.
How many International ACH transactions are there?
No one knows for sure how many International ACH transactions there really are – not NACHA, not OFAC, not the Federal Reserve. We won’t know until after September 18th.
However, industry estimates vary from 1.2 million to 40 million annual IAT transactions (e.g. transactions initiated by an overseas bank, through the Unites States ACH network, under the new rules). I have been told that the six largest EPN member banks are estimating 25 million IAT transactions per year. (Note that these are off-the-cuff estimates, by industry insiders, and not published officially anywhere!)
One Fed Reserve survey (conducted in Fall 2007) indicates that of 554 respondents, 41% anticipate a 15-25% annual growth in cross-border ACH. Adoption of the new IAT rules & format were cited as a major driver of growth.
The new IAT format will usher in a wide range of International payment products and services from banks, supporting the increasing number of businesses large and small with global trading partners, and the increase in person-to-person remittance payments from one country to another. The Federal Reserve, in conjunction with the NACHA IAT initiative, is working toward ACH interoperability with Europe/SEPA, in partnership with Equens SE, and with Panama, in partnership with ACH Directo. Countries in key regions, such as Asia, are targeted next. At Glenbrook, we’re monitoring the evolution of those partnerships and ACH International interoperability and will provide updates here at Payments Views.
International ACH is not intended to replace Wire transfers, but is meant to be an alternative to check payments for non-urgent, low dollar transactions to and from foreign countries. I for one will be very interested in tracking IAT vs. wire volume, particularly once wires incorporate remittance data next year.
While IAT will enable banks of all sizes to originate International transactions, enabling both P2P remittance transfer services as well as business-to-business trade payments, as payments industry insiders well know, the ACH network has provided fertile ground for payment innovation by non-banks. Glenbrook anticipates that IAT will open the floodgates for increased cross-border transaction services by banks and non-banks alike.
And of course, Glenbrook can help you evaluate IAT opportunities.