Nacha has advanced a series of rule amendments aimed at tightening clarity, improving compliance, streamlining cross-border flows, and strengthening the network’s ability to deal with risk. Below is a tour of the major changes, a breakdown of their implications, and some practical tips for adapting. These updates affect both RDFIs and ODFIS.
1. Revised Definition of IAT Entries
Effective date: September 18, 2026 Nacha
What’s changing
Nacha is replacing its existing definition of IAT (International ACH Transaction) with new, more precise language. Under the revised definition, an IAT is:
“an Entry that is the U.S. ACH network component of an international payment transaction. … an international payment transaction is a transfer of funds or monetary value that (a) originates with, transits through, or is delivered to an account at an office of a financial agency located outside of the U.S., or (b) otherwise is received from a sender or delivered to a receiver … via a facility of a financial agency located outside of the U.S.”
A few key clarifications:
- The scope explicitly includes transactions that originate, transit, or deliver funds across international boundaries via foreign financial agencies.
- The new language abandons more narrow or technical qualifiers (like “foreign bank”) in favor of a more general concept of a financial agency.
- Importantly, the definition now clarifies that an IAT Entry cannot be a Same Day Entry.
Why this change matters
- Greater clarity and consistency: Many originators, third-party senders (TPSPs), ODFIs, and RDFIs have found the prior IAT definition ambiguous in edge or evolving use cases (e.g. hybrid or pass-through flows). This rewrite aims to reduce misclassification.
- Onboarding & due diligence shifts: Some flows that were previously considered domestic may now fall under IAT classification, triggering more stringent compliance, monitoring, or onboarding requirements.
- Operational and volume impact: Banks may see shifts in IAT volume (either upward or downward) as participants reinterpret what “counts” as IAT under the new definition. RDFIs may see fewer mis-tagged IAT entries.
- Contractual, system, and procedural updates: Because the definition is structural, affected parties will need to review agreements, compliance policies, internal logic in systems, error handling routines, and reporting.
In short: this is a foundational change. It doesn’t just tweak a footnote — it reshapes what counts as international activity in the ACH space.
2. Registration of IAT Contacts in the ACH Contact Registry
Effective date: January 1, 2027 Nacha
What’s changing
Nacha will require every Participating DFI to register IAT-handling contact information in the ACH Contact Registry. Specifically:
- Provide name, title, email address, and telephone number for at least one primary and one secondary contact for IAT responsibilities. Or, alternatively, department-level contact info (email and working telephone) is acceptable.
- Phone and email must be real, monitored during normal business hours.
- This requirement is in addition to existing obligations to register contacts for ACH operations and fraud/risk. The new rule extends Section 1.14 (Participating DFI Contact Registration) to explicitly include IAT contact roles.
- The contact info must be kept up to date (changes within 45 days) and verified annually, consistent with existing registry governance.
Why this change matters
- Faster exception resolution and coordination: When an RDFI or ODFI needs to reach the counterparty on an IAT issue, the registry will provide a clear, authoritative point of contact, reducing delays or misdirected inquiries.
- Internal alignment: DFIs will need to identify (or designate) roles or teams responsible for IAT processing, coordinate across risk/compliance/operations, and ensure those roles are captured in registry.
- Process and governance overhead: Although the change is incremental, institutions must ensure their internal workflows incorporate maintaining this contact information (e.g. when people or roles change).
- For originators, third parties, and counterpart banks, the improved transparency may make coordination easier and reduce friction in cross-border exception handling.
In effect, this is a relatively low-friction enhancement to “know who to call” in IAT situations — but it does require diligence and governance discipline on the part of DFIs.
3. International ACH Transactions (IAT) — Data Enhancements
Effective date: March 19, 2027 Nacha
This bundle of changes strengthens the data posture of IAT entries by mandating two enhancements:
a) Optional Date of Birth (DoB) field for natural persons
- The rule permits (but does not require) including the Date of Birth for sender and receiver (if a natural person) in IAT entries.
- Nacha notes that DoB is often one of the most requested data elements when RDFIs manually review compliance screening exceptions. Having it embedded in the IAT entry reduces the need for external inquiry.
- The DoB data will be subject to existing ACH data security and privacy rules.
- This change aligns with evolving global standards: e.g., the FATF’s (Financial Action Task Force) updated recommendation on cross-border payments.
b) Support for Non-Bank Foreign Financial Agencies
- The rule extends the allowed classifications and identifiers within IAT entries so that a foreign participant need not be a traditional bank. The term “financial agency” is used more generically.
- New codes and qualifiers will allow “non-bank foreign financial agency” as a receiving or originating entity type. Existing fields (such as branch country code, identification qualifiers, etc.) will be expanded to accommodate these “other” types.
- This does not change the requirement that all inbound IATs must still be delivered to domestic RDFIs; it's about more accurately describing cross-border sources/destinations.
Why this matters
- Reduced inquiries and faster exception resolution: Embedding DoB when available reduces the back-and-forth when RDFIs try to validate identity matches.
- Better compliance and screening: The additional data element helps in sanctions, KYC/AML, and counterparty screening — because more identity data is carried in-band.
- Expanded reach and inclusion: Allowing non-bank foreign financial agencies broadens the types of counterparties that can be more seamlessly integrated into ACH flows (though uptake depends on institution strategy).
- Implementation cost and sensitivity: Systems must be revised to parse and transmit the new optional fields. Institutions need to assess privacy/security policies for handling DoB data. Training and procedures will need updating.
Because these changes affect data formats, parsing logic, exception workflows, etc., ACH operators, originators, and receiving banks will want to work in advance to test and validate support — even if they choose not to populate DoB routinely.
4. New Return Reason Code for Sanctions Compliance Obligations
Effective date: March 17, 2028 Nacha
What’s changing
- Nacha is introducing a new return reason code “R90” specifically to capture returns mandated by an RDFI’s sanctions compliance obligation.
- The existing R16 code is currently used for “Account Frozen / Entry Returned per OFAC instruction.” But that code conflates multiple underlying legal or operational rationales.
- Under the new rule, R16 will be stripped back to cover “Account Frozen” (i.e. legal or court-mandated holds) and R90 will cover returns made because of sanctions compliance determination.
- The rule also defines a shorter return timeframe for R90 returns: an RDFI must return the entry within two banking days of determining it must be returned to comply with sanctions obligations.
Why this matters
- Greater precision in compliance handling: With R90, RDFIs can clearly signal that a return is done for sanctions compliance — differentiating it from other compliance or legal reasons. This clarity can reduce ambiguity for the ODFI or originator downstream.
- Faster response obligations: Because the return window is shorter, participants must have workflows and monitoring systems capable of detecting compliance-based return decisions promptly.
- Operational and policy updates: ODFIs and originators will need to interpret R90 returns properly — in some cases this may trigger enhanced due diligence, investigation of originators or receivers, or blocking further activity.
- Coordination with sanctions programs: This change signals that the ACH Network recognizes sanctions-related decisions as core to network integrity, and elevates the importance of embedding sanctions compliance in ACH operations.
In practice, this change forces participants to sharpen their sanctions-monitoring systems and workflows, and to treat ACH-based sanction returns as a first-class class of event.
Key Takeaways
These rule changes (spanning 2026 to 2028) constitute a cohesive push by Nacha to:
- strengthen clarity (redefining IAT, clarifying return codes)
- enhance data transparency and compliance (DoB, non-bank foreign counterparties)
- improve operational coordination and response (contact registration, return windows)
Partnering for Readiness
As these rules roll out between 2026 and 2028, financial institutions and third-party participants have a crucial window to evaluate systems, policies, and partner readiness. The most successful institutions won’t treat these changes as compliance checkboxes—they’ll use them as catalysts to strengthen governance, data integrity, and cross-border transparency across their entire payments ecosystem.
At NEACH Payments Group (NPG), we’re helping institutions prepare for this next phase of Nacha rule evolution. Whether through ACH risk assessments, compliance audits, originator reviews, or training on IAT classification and sanctions workflows, our advisors translate regulatory changes into practical, actionable steps.
If your institution is ready to assess its readiness for these rule changes—or wants guidance on updating ACH procedures, system mapping, or compliance frameworks—NPG can help you move from awareness to implementation.
Be on the lookout for educational webinars from NEACH New England Automated Clearing House to learn more about these new changes.
📩 Learn more about our ACH Risk and Compliance Services at neachpaymentsgroup.com, or reach out to our advisory team to discuss readiness planning.