International ACH Transaction (IAT) By: Fran Sponsler, CRCM Date: 10/22/09   On September 18, 2009, a NACHA rule took effect that creates a new standard entry class (SEC) code for international ACH transactions, IAT.  The IAT will replace the existing cross-border ACH transaction types and will apply to both consumer (PBR) and business (CBR) transactions.  The new Rule will also require that IAT payments include specific data elements defined by the Bank Secrecy Act’s (BSA) “Travel Rule”. IAT Rules Framework The rules define an International ACH Transaction as an ACH entry that is part of a payment transaction involving a financial agency’s office that is not located in the territorial jurisdiction of the United States.  The definition of International ACH Transaction focuses on where the financial institution that handles the payment transaction (movement of the funds) is located and not where any other party to the transaction (e.g., the Originator or Receiver) is located.  The IAT rules only apply to transactions using the U.S. ACH network, not wire transfers or payments made through a financial institution’s proprietary network. IAT and OFAC (Office of Foreign Assets Control) NACHA, the association that oversees the U.S. electronics payments network, issued the changes to its operating guidelines in response to a request from OFAC. OFAC is charged with administering and enforcing U.S. economic and trade sanctions combating money laundering, narcotics trafficking, and terrorism. Penalties for failure to comply with OFAC requirements may include incarceration of employees and fines ranging from $10,000 to $10 million. Structuring the Formats to Comply with U.S. Law The information currently included within the cross-border payment formats and other ACH records does not provide sufficient information for the financial institutions and regulators to readily identify all parties to an international transaction in order to comply with OFAC-administered U.S. sanctions policies.  The new IAT format has added mandatory fields to carry the information needed for a regulatory review including the originator’s name and identification number; complete address for both originator and receiver; ISO (International Organization for Standardization) destination country code; receiving bank name, identification, qualifier, and branch country code; receiver’s name, account number and DFI (Depository Financial Institution) Identification Number; FX arrangements; payment amount; and Transaction Type Code (reason for payment). Is your financial institution ready? All U.S. financial institutions will be affected by the new rules pertaining to IAT.  Some financial institutions may require software updates, while others may have already been notified by their core processors and software providers detailing the measures they have taken to help the financial institution readily identify an IAT.  Financial institutions that originate ACH transactions are now responsible for identifying which transactions need to be IAT entries and for the OFAC screening of those entries.  Financial institutions that receive IAT transactions now need to screen the receiver and originator for each IAT entry they receive.  All financial institutions must have an established written OFAC compliance policy for handling IAT transactions and meet OFAC compliance obligations.  Financial institutions that originate ACH transactions will 1) need to educate their staff on the implications of the IAT changes, 2) educate their Originators on the obligations for Originators with the IAT rule changes, 3) determine if they have Originators that are currently originating ACH transactions that meet the definition of the IAT, and 4) establish a written OFAC compliance policy. Additional information on the rule changes, including the most recent updated Q & A on IATs can be found on NACHA’s Web site at www.nacha.org.