As expected, 2026 is shaping up to be a year of more big changes for North American banks. On one hand, financial institutions are still working through major programs already in motion, including ISO 20022 compliance and Payments Canada modernization. On the other hand, they are facing an uptick in fraud threats (especially AI) while keeping pace with fast-moving regulatory response around digital assets like stablecoins.
It all adds up to a year where banks must keep one eye on compliance timelines and the other on the shifts reshaping how money moves. The themes are familiar, but the sense of urgency is rising (or should be).
Nacha 2026: Combatting a Range of Growing Threats
Foremost on many commercial banking agendas is compliance with the new Nacha Enhanced Fraud Monitoring Rules, requiring risk-based monitoring in support of a more proactive approach to combatting account takeover (ATO) and related threats.
Phase I, with an effective date of March 20, 2026, targets Originating Depository Financial Institutions (ODFIs), high-volume Receiving Depository Financial Institutions (RDFIs), and certain other large originators.
Phase II, effective June 19, 2026, expands these requirements to all remaining RDFIs.
Nacha accommodates a technology-neutral approach to fraud detection for ACH transaction monitoring, supporting velocity- and anomaly-based monitoring, among other methods. In addition to originating institutions, RDFIs also face new requirements and possess new authority to monitor inbound funds and delay availability where appropriate.
A March 20 deadline brings Nacha’s new Company Entry Description (CED) requirements for “payroll” and e-commerce “purchase” transactions, designed to fight payroll redirection fraud and unauthorized digital purchases, respectively. These aren’t new Entry Class Codes per se, but rather specific tags now required in the description fields of related transactions.
In an effort to accelerate funds availability, Nacha is eliminating the 5pm deadline the day before the settlement date for non-Same-Day ACH transactions. The idea is to provide files to RDFIs while keeping the requirement that funds for all standard credits are available for withdrawal by 9am on the settlement date.
IAT Contact Registration is another Nacha requirement that financial institutions (FIs) are tracking even now for a January 1, 2027, deadline. Participating FIs must register a range of contact information for personnel managing the 120+ million International ACH Transactions (IAT) originated each year, verify this information annually, and provide updates within 45 days of any changes.
Other IAT-related changes coming in March of 2027 include an optional date of birth field, and the ability to send IAT transactions to non-bank foreign financial agencies such as third-party senders, along with supporting data field expansion for related transactions.
GENIUS Act Regulations: The Fight to Own Digital Payments
Given the current U.S. administration’s focus on innovation, banks are also keenly awaiting rules and regulations related to last year’s GENIUS Act, which are expected by July 2026.
As the Act moves toward full implementation in January of 2027, many leading banks are actively exploring growth opportunities associated with the stablecoin promise of a payment alternative fully secured by cash and other assets, rather than by government guarantee, as well as the competitive threats payment stablecoins are likely to introduce from non-bank financial institutions.
Borrowing heavily from the framework used to govern existing cash deposits, the GENIUS Act itself contains familiar regulatory strictures governing permitted issuers, including bank subsidiaries and federally qualified non-banks. These include keeping 100% reserve requirements in cash or highly liquid assets, meeting AML/Fraud compliance requirements, and rolling out robust consumer protections.
Details that banking associations and their members will be monitoring closely as regulations emerge include the extent to which platforms may offer rewards that could threaten bank deposits. This could shift competitive dynamics by enabling the emergence of new players such as retailers and financial platforms in the dawning stablecoin era.
Payments Canada: An Ongoing Journey North of the Border
The multi-year modernization of systems and rules which Canada launched in 2016 continues apace, with key deadlines both this year and next.
Payments Canada is built around a comprehensive, long-term vision and modernization roadmap to deliver faster, more data-rich payments with greater cross-border convenience, among other goals.
In the context of ongoing ISO 20022 adoption milestones across payment rails including high-value payments system Lynx, banks are focused on the Real-Time Rail (RTR) instant payment system now being tested. It’s expected to roll out in phases later this year.
Beyond Compliance
While regulatory change is nothing new for banks, themes taking shape in 2026 point to bigger changes (and more of them) than in the recent past. Fraud threats are getting sharper. New payment types are going mainstream, and modernized payment systems are finally nearing completion after years of planning. This calls for new ways of strategizing.
For banks and NBFIs across North America, the opportunity this year is to treat changes as more than just another set of deadlines. Together they signal a moment to strengthen fraud defenses, improve customer experience, and participate in a payments ecosystem that looks far more open, instant, and data rich. FIs that get ahead of the shift are likely to be in the strongest position when the next wave of innovation hits.