Make Sure Your CU Is Ready for NACHA Change

Given the digital, information-laden age in which we live, it is odd that so many electronic fund transfers are still carried out via data message strings that contain very little information. After all, businesses today are so data savvy they can predict consumers' spending habits even before they make purchases based on the historical data collected about them.

The time has come for financial institutions to be able to track data that identifies payment processing to enable readily available information if, for instance, a payment investigation scenario comes up.

The International ACH Transaction (IAT) rules from NACHA — the electronic payments association — contain some of the most important changes on the horizon for U.S. anti-money laundering (AML) efforts. NACHA is mandating all U.S. financial institutions and other organizations sending and receiving IATs incorporate additional remittance data identifying both the sender and recipient. This mandate also includes FIs that conduct domestic transactions only or do not process ACH payments.

The rule, which becomes effective on Sept. 18, was made in response to a request by the U.S. Office of Foreign Assets (OFAC) and the Financial Action Task Force (FATF) to change the ACH requirements and rules for cross-border payments. The purpose of the IAT rule is to enable financial institutions to identify international ACH payments, and perform due- diligence as required by OFAC.

Common wisdom in the financial industry correctly held that OFAC compliance was only effective or necessary for the international activities of U.S. financial institutions. AML policies were, likewise, hard to apply since most of those international payments contained little data that investigators, using the latest screening technology, could uncover.

However, the coming IAT requirements force a change to that thinking, because instead of just originating and beneficiary account and bank numbers, organizations will now be required to include all the ancillary information that makes a payment fully understood and available for further investigation.

The question for all organizations covered by the IAT requirements, however, is will they be prepared to comply with the new IAT rule when the implementation deadline arrives? NACHA decided to move the deadline after a survey conducted by the Federal Reserve Banks, which works with NACHA in the ACH network, showed a number of financial institutions and payment processors would not be in compliance with the new rule by the original IAT implementation date. Smaller banks in particular seemed to be surprised or unaware of the upcoming change. Originally, NACHA set the implementation deadline date for March 20, 2009. NACHA later extended the deadline six months to Sept. 18, 2009.

With fines that can range from $11,000 to $1,000,000 per violation for non-compliance with the IAT measures, which are applicable to any organization able to receive ACH payments whether or not it uses the IAT format, financial institutions and corporations need to quickly prepare to comply with the new standards to protect themselves from the expense and embarrassment the penalties would bring. While payment processing and screening are typically the jurisdiction of large financial institutions, IAT payments do not necessarily fall into that category. Often, even the larger financial institutions have not screened ACH payments because there was no requirement formally mandating they take such action.

With the larger volumes of cross-border payments and the accompanying mass of data to screen from their numerous business lines and financial activities, FIs require screening processes that meet the IAT compliance standards and are efficient.

For many corporations, complying with the upcoming IAT standards may be challenging. According to recent survey results, only 28% of those surveyed consider themselves knowledgeable about their organizations roles and responsibilities associated with sending and receiving IAT items

Perhaps one reason why corporations have limited knowledge about IAT compliance stems from their reliance on banks to assist them with screening of the often high volume of incoming and outgoing cross-border payments they make. In addition to their high number of daily cross-border payments, corporations are also concerned about the payroll payments they send cross-border to compensate their overseas employees. With this great amount of information, like the FIs, corporations require an efficient process for the screening of their vendors and payroll files which meets the IAT compliance standards as well.

Regardless of their challenges, when the new IAT requirements go live, financial institutions and other payment processing organizations of all sizes covered by the rule will have to adhere to those guidelines.

While there are challenges for organizations to adapt to the new message type, many of them have initiated programs to ensure they comply. A search of the Internet under the term "IAT readiness" for example, produces a slew of documents and Web pages from credit unions, banks and other payment processing entities on their efforts to meet the IAT requirements.

This Friday, will not pass unnoticed for scores of U.S. financial institutions.

Hugh Jones is president of Accuity and NRS and currently leads these global businesses. He can be reached at hugh.jones@accuitysolutions.com.