Across the globe, compliance requirements for payments are creating significant work for companies, at least for those that are working to be in compliance. In the US, changes for the low-value payment network (Nacha) have two key dates, including one that has already passed, that impact every company that originates ACH transactions.

The changes being brought about by ISO 20022 standardization have impacted banks and fintech providers who serve banks, Swift, and central bank payment rails. This impacts many companies in every country. There are three dates for payment readiness in 2026: 20-March; 22-June; 14-November. The first two relate to ACH activity and the third to payments using the ISO 20022 standards.

There are three critical dates for payment readiness in 2026: 20-March; 22-June; 14-November. Two relate to ACH activity and the third to payments using the ISO 20022 standards.

ACH Compliance (Low Value Payments in the United States). Changes with compliance for ACH transactions (direct deposit of payroll, direct payments, direct debits) are impacting all non-consumer originators of ACH transactions. From the nearby chart, two activities stand out:

• Company Entry Descriptions. Transactions related to two types of activity need to include either “PAYROLL” or “PURCHASE” in the company entry description. This requires either a table or system change when creating these files.
  • This went into effect 20-March-2026 for all originating companies. A company with payroll or accounts payable transactions settling by ACH has to comply with these new requirements.
• Fraud Monitoring. Fraud impacts every payment rail, and these rails are fighting back by requiring every company using their rail to perform certain functions (e.g., cards: PCI-DSS 2004; Swift: Swift-CSP 2017). Now, Nacha requires all companies to put fraud monitoring in place to cover unauthorized transactions or transactions that were authorized under false pretenses (e.g., social engineering). There are requirements of documentation, monitoring controls, exception handling and escalation, and an annual review. This, in essence, covers every business that has ACH transactions. This is in the process of being implemented in two phases:
  • High volume: 20-Mar-2026
  • All other companies: 22-June2026

ISO 20022 Readiness (SEPA Payments, Wire Payments US, CHAPS UK, etc.). Most systems that manage payments at central banks and messaging services (referred to as payment infrastructure by bank payment professionals) have been converted to natively run ISO 20022. The need for more detailed information for better processing and compliance is placing demands outside the banking infrastructure and onto corporations and fintechs that service them. The need for better clarity of individual fields of data and reason codes is expanding and increasingly essential for settlement to occur.

A growing number of countries receiving payments cross-border, and sometimes within country, require payment categorization. Others require more detailed address information handled separately. This can range from building number to floor, town/city, and country designations. The use of large reference fields that contain data that is unstructured either slows processes down or will cause a payment to reject.

• Structured Information: City/Town, Country. On 14-November this year, payments passing through various systems (FED Wire, Chips, CHAPS) will need to have data in either a hybrid or structured format. For example, the city-town and country information will need to be sent as separate fields for the payment to be processed. While sending payments using ISO 20022 via XML (e.g., pain.001 format) may appear to meet the requirement, that isn’t necessarily the case. The correct information needs to be sent in a detailed manner with the correct tags. Many companies are finding out that some relevant payee master data is either not accurate or not included in their payment system, meaning some data remediation is needed for those payees to be paid electronically.

“Too many companies are not in compliance with Nacha requirements for company entry descriptions already, and that majority of firms are expected to become non-compliant for fraud monitoring on June 23rd,” stated Craig Jeffery, managing partner of Strategic Treasurer. Furthermore, given the level of changes needed for ISO 20022 readiness, “significant work needs to be done by many companies in order to be prepared by November,” Paul Galloway, senior advisor at Strategic Treasurer, added.