Understanding Nacha’s New IAT Definition: What It Means for AML and OFAC Compliance

Have you been hearing the buzz about Nacha’s new definition for International ACH Transactions (IATs)? If you haven’t, I recommend reading Caitlyn’s recent blog, which offers a helpful overview of the Nacha changes. If you’re already familiar with the updates from a processing standpoint, you might now be asking: What does this mean from a BSA/AML and OFAC perspective?

Nacha has recently updated the definition of an IAT and introduced new requirements for additional information to be included on IAT files. These updates will have significant implications for how financial institutions monitor, classify, and report cross-border transactions.

What’s Changing in the IAT Definition

An IAT now includes transfers from “financial agencies” instead of just “foreign banks.” This change aims to reduce misclassification of international transactions and extend coverage beyond traditional banks.

The term financial agencies includes a broader range of entities such as:

• Third-Party Senders (TPSPs)
• ODFIs and RDFIs
• Any entity authorized by applicable legal requirements to provide financial asset accounts or conduct the business of issuing payment instruments or transferring funds for third parties

This expanded definition captures money services businesses (MSBs), fintech platforms, and foreign remittance providers that are not chartered as banks, ensuring a more accurate and inclusive classification of international transactions.

New Data Requirements and Transparency Enhancements

As part of the rule change, IATs must now include an optional Date of Birth (DOB) field for both the sender and receiver. This will support more accurate OFAC screening and help clear alerts more efficiently.

In addition, Nacha has introduced new codes and qualifiers within IAT data fields to provide greater context about the originating or receiving entity — including a new “other” type for flexibility.

These updates align Nacha’s rules with OFAC obligations and Financial Action Task Force (FATF) recommendations, making compliance more straightforward and international transactions more transparent. The enhanced information supports the BSA’s “Travel Rule,” which requires specific data to be collected and transmitted with certain types of transactions to combat money laundering and terrorist financing.

BSA/AML and OFAC Implications

Because IATs now include transactions processed by non-bank foreign financial agencies, financial institutions can expect new due-diligence and monitoring triggers. This may increase the number of AML alerts generated but will also provide richer data for investigations — a trade-off that ultimately strengthens compliance.

As the FFIEC has noted, “ACH has grown markedly over the last several years,” increasing both transaction volumes and the risks associated with them. IATs present particular challenges for AML teams, including:

• Weak or inconsistent AML regulations in counterpart countries
• Limited transparency around counterparties and fund flows
• Difficulty determining the true source or destination of funds
• Challenges obtaining sufficient information for CDD/EDD reviews

In many cases, U.S. AML teams may find it difficult — or even impossible — to gather additional details from foreign financial institutions, particularly those not subject to similar regulations or information-sharing programs such as 314(b).

Mitigating the Risks of IAT Processing

To manage these heightened risks, banks should strengthen review and monitoring processes for IATs. Key considerations include:

• A clear understanding of the customer’s typical transaction types and volumes
• Strong CIP, CDD, and EDD practices
• Verifying whether the customer has been appropriately vetted for IAT activity
• Reviewing previous SAR filings or investigations for relevant patterns
• Conducting thorough OFAC screening on all related parties in the transaction

These practices help ensure that institutions can identify anomalies, detect suspicious behavior, and maintain compliance with both ACH and AML regulations.

Preparing for Implementation (2026–2028)

The updated IAT rules will take effect beginning September 18, 2026, with phased implementation dates through March 2028. Financial institutions should begin preparing now by:

• Confirming that vendors and processors are updating systems to support the new data elements
• Ensuring automated monitoring systems can read and act on new fields
• Updating policies, procedures, and training programs to reflect the expanded IAT scope
• Coordinating with AML and operations teams to align monitoring and reporting

By proactively addressing these areas, institutions can reduce the operational burden of implementation and turn these changes into an opportunity to enhance their AML programs.

Turning Compliance into an Advantage

Although these updates will roll out over time, acting early can transform them from a regulatory hurdle into a strategic advantage. Enhanced IAT data supports greater transparency, cross-border traceability, and ultimately, a stronger AML posture that protects both your institution and the U.S. financial system.

How NPG Can Help

At NEACH Payments Group (NPG), we help financial institutions strengthen their ACH and AML programs ahead of regulatory change. From ACH risk assessments and compliance audits to sanctions workflow reviews and AML training, our team provides practical, actionable guidance to keep your institution on the road to compliance.

If your institution is ready to assess its preparedness for Nacha’s new IAT rules — or needs support updating AML programs, processes, or risk assessments — NPG can help you navigate every step.