10 Lessons We Learned at the Nacha Smarter Faster Payment Conference

Last week, Nacha held its Smarter Faster Payments Conference in Miami, a significant event for over 1,800 bankers and vendors. With 142 presentations and panels, the content was tailored to the needs of every bank interested in payments. The major themes of fraud, artificial intelligence (AI), expansion of instant payments, open banking, and regulation were particularly relevant to your roles as executives, risk managers, compliance officers, and technology leaders. The ACH channel, of course, was center stage, but there was also much discussion about banks transitioning from receive to send on the FedNow network. With our team of eight members at the conference, we were able to provide comprehensive coverage and distill the ten most essential insights for you. Give us 12 minutes and 36 seconds of reading time, and we will distill 106.5 hours of conference time to not only the big ideas that will impact the strategic plan at your bank but the ideas that will keep you at the forefront of banking.

10. How Banks Can Better Work with Law Enforcement

Less than 0.5% of financial crimes are reported, and only a fraction of those have enough evidence or rise to the level of materiality to prosecute. Filing a suspicious activity report (SAR) is just one of many actions. Establishing training and communication now and being ready to contact local, state, and federal agencies when needed is critical in addition to filing a SAR.

Each type of financial crime has a specific profile. Unfortunately, most banks don’t gather fraud data across payment channels or track “pre-crime events.” These pre-crime events including emails, SMS, logins, website clicks, social media, banker conversations, and call center inquiries. By taking a “fusion” approach, banks can combine the record of these events at the bank and customer levels with the money movement and account information. Artificial intelligence and machine learning (ML) can help bankers uncover connections and quickly highlight known patterns like those listed on the left side of the graphic below.

Artificial intelligence (AI) has emerged as a powerful tool in the fight against financial crimes. Its ability to detect and uncover money laundering and fraud at scale, including those perpetrated by organized crime, terror financing, and nation-state actors, is unparalleled. By amalgamating data from a single bank with that from multiple banks, law enforcement can unearth larger patterns of illegal activity.

Packaging the raw data, insights, data visualization, and factual narrative of the potential crime can help law enforcement better understand the crime and make them more likely to prosecute. The key is to focus on the elements of the crime, the players, the “structure” of the crime, and how criminals try to conceal their movements.

9. Regulation and Legal Topics in Payments

This Nacha conference nailed the balance between product, regulatory and legal risk. Nacha saw three strong presentations covering various legal aspects of payments.

Ellen Berge and Andrew Bigart presented a fantastic comprehensive overview of the “hot” legal topics bankers must be aware of in payments. These include personal financial data rights under the Consumer Financial Protection Act ( CFPA ) Section 1033, the added payment regulation for non-banks (giving banks an advantage), the need for banks to have better third-party risk management for vendors and partners, the need for banks to have better data and management around For Beneficial Owner (FBO) accounts, and managing the “merchant of record” (MoR) model when it comes to high-risk customers (i.e., timeshare companies, crypto firms, multi-level marketing, credit repair, dating services, telemarketing, tech support companies, etc.).

The session also covered the new Georgia “merchant acquirer limited purpose bank” (MALPB) charter, which has the potential to be popular among fintechs wanting bank powers. This charter will give banks more competition in payments.

The session also covered the new regulatory trend around fees, surcharges, and “drip” pricing, where pricing isn’t fully disclosed upfront. More states require greater disclosure and control over what banks and card processors can charge. For example, the new Consumer Financial Protection Bureau (CFPB ) overdraft loan rule is expected to be enacted and go into effect in late 2025. The rule would require disclosure of interest rates and fees on overdraft loans, thus closing the current loophole in overdraft loans from the Truth in Lending Act. Non-sufficient funds (NSF) fees and credit card late fees are also under pressure and are expected to be curtailed.

The law firm of Sidley Austin held a session on the CFPB’s uniqueness. They said that assuming a second Biden term, the agency would continue to focus on major banks, non-banks, and repeat offenders in both categories. Look for the CFPB to focus on tech firms regarding the abovementioned fees and how fee agreements are structured between e-commerce companies and digital wallet providers/payment apps.

Interestingly, they highlighted the World Acceptance case, in which the CFPB put them under an Order, and World Acceptance challenged the CFPB’s authority. The CFPB then made its reasoning public, further damaging World Acceptance’s reputation.

As a side note, we appreciate the chart below from Nacha, Alston & Bird, and the Consumer Federation of America, which listed a handy guide to the rules that apply to which payment channel

8. The Impact of ISO 20022 and the FDX Standards

Over a dozen sessions discussed the ramifications and timeline for banks to comply with the ISO 20022 language protocols (our in-depth dive HERE) that will be the global standard for payments, securities, collateral, and trade finance. A common global banking language where banks can communicate using the same business model, syntax, and format will allow banks to gain significant efficiencies. The ability for payment messages to carry more data and that this data will follow a standardized structure will allow better interoperability of payment, fraud, collateral, and core systems.

One material forthcoming impact will be efficiency improvement in payments. The ISO 20022 standard, which will be the global standard for payments, securities, collateral, and trade finance, will increase payment accuracy and delivery while reducing fraud. More standardized information should dramatically limit potential fraud associated with channels like wires and instant payments. In addition, the standardized language will allow more applications to handle low-level or no code when working with payments. This means faster new product creation and greater features in products, paving the way for exciting advancements in the payments industry.

One interesting point that will be lost on many banks is that ISO 20022 is more of a framework than a static standard. That is, it is not a one-time project. Because the Fed, banks, and others will be adding and modifying ISO 20022 to make it more robust and to handle a more significant number of products, banks using the protocol need to architect their systems to be able to handle change. This is one reason why banks that are planning to use multiple data translation tools or multiple vendors to handle translations will continue to struggle. The better move is to make sure your significant systems become natively ISO 20022 compliant. After all, “Payments are not an island.”

What ISO 20022 is for global payments, the Financial Data Exchange (FDX) is for consumer financial data. Banks with open banking ambitions should adopt this language standard to increase interoperability, efficiency, security, and customer experience. Screen scraping data quickly becomes passe, and the state-of-the-art is leveraging APIs to better integrate.

The FDX library touches deposits, cards, consumer loans, investments, insurance, small businesses, tax reporting, fraud, treasury, and payroll. Like ISO 20022, converting to the FDX standard is not a project but an ongoing process. Right now, banks are struggling to comply over the next five years with CFPB 1033, which mandates more openness in consumer data. Every bank would be wise to adopt FDX during this process to optimize the effort.

7. Quantum Computing

Quantum computing was the surprised topic at Nacha that no one thought they needed until after the session. While a supercomputer relies on a 0 or 1 in a binary state to represent data, a quantum computer has that data in an infinite number of states based on probabilities. That means that quantum computers can process problems simultaneously at scale. Quantum computing has proven to be able to crack our asymmetric form of public key encryption. While it would take today’s computers a million years to break the current state-of-the-art 2048-bit RSA encryption, it is estimated that a quantum computer will be able to do it in hours by 2030. As such, the National Security Agency (NSA) is calling for banks to be compliant by 2030.

It is likely that regulators will soon ask banks to come up with a plan. Step one of the plan is to get educated, and this session presented an overview of the risks and opportunities of quantum computing. In addition to information security, we learned how quantum computing may help banks examine risk surfaces throughout the bank, forecast profitability, and manage general risks.

6. Fraud Risk Mitigation

Fraud was the single largest topic at Nacha. F5 and Q2 gave an excellent presentation on how bankers are using AI to pull even with fraudsters. Their point is that fraud problems are data problems and that every click tells a story. They had excellent examples ranking client-side data that banks can use to help detect fraud (and provide evidence), such as how detecting the copy and pasting of usernames and passwords into a banking app is often part of a fraud attempt. Additionally, they presented that since bots are often a prelude to fraud, how banks can detect bots early.

 

TD Bank and the FBI had an interesting presentation that reviewed some case studies around payment fraud and highlighted the ease with which criminals can purchase their wares off Telegram. For $2,500, bad guys can get a mailbox key to steal checks, a check washing kit, advice on software, and their own illegal business.

One overriding concept we want to drive home with payment fraud is that it is generally a business. While one-off crimes do occur, usually, bad actors are in crime for the business of crime. If banks make it harder for criminals to make money, they will move on to other areas.

5. Instant Payments at Nacha

Thsi Nacha conference was all about instant payments. With almost 800 banks on FedNow and almost a year of operations, an interesting set of statistics is emerging on what the instant payment rails look like. Real-time Payments (RTP) and FedNow are expected to exceed 13B payments annually by 2027.

Banks are reporting higher than planned receipt and send volumes. Interestingly, some banks report that up to 45% of the payment volume occurs outside traditional business hours.

On the consumer side, an Axway survey last year showed that 56% of consumers think having the ability to send and receive an instant payment is “very important.” A Datos study that was discussed showed that 52% of small businesses are asking for faster payments, and 42% would like more education about selecting the correct type of payment.

Replacing checks, wires, and card transactions with instant payment rails was a hot topic at the conference. Zepto and Glenbrook covered the Australian experience where banks have been active on instant payments since 2018, and next to debit cards, it is the fastest-growing payment segment. It is interesting to note that because of the popularity of instant payments and debit cards, checks and cash are rapidly declining, so much so that checks are expected to be phased out of the banking system by 2030 (below).

 

Another part of this instant payment growth is from the pay-by-bank trend, which cannibalizes the card rails and makes it easier and cheaper to make a payment. According to Finextra, pay-by-bank is up 479% from the $57B in volume from last year. This growth will be further supported as open banking proliferates, as it has in India and Brazil.

Some of the use cases for pay-by-bank are below.

For bankers that have not experienced the ease of pay-by-bank, Banked: (the company) has produced an exciting demo that can be accessed HERE.

On the commercial side of the payment equation, corporate treasury loves the option, with most citing lower cost, increased payment efficiency, better cash flow control, the 24/7 nature of the platform, and the ability to get instant payment confirmation.

Many banks discussed a familiar path from starting with receive, working on send now, getting ready for a request for payment next year, and then focusing on automation plus using the instant payment rails for embedded finance.

Truist stepped through a use case, and when you hear the treasurer of their clients gushing about wanting instant payments done for them, it’s clear what a competitive weapon the product is.

As a side note for this section, if we could vote for a “favorite graphic of the conference,” our favorite would be EY’s presentation showing funds availability, settlement time, and data richness of all the popular payment channels.

4. Identity, Authorization, Authentication and Account Validation

Believe it or not, some banks still do not use multifactor authentication (MFA). In the age of bots, cyber threats, generative AI, deepfakes, and the rise of fraud, banks need to devote more resources to identity and authorization. Adams and Reese drove home the point that the courts place a heavy weight on banks following the FFIEC guidance regarding customer validation and authentication. The latest guidance from 2021 is clear on the use of MFA.

Fraud starts and stops with validating identity. There was lots of discussion around handling identity for commercial accounts, who has the power to act—the business or the individual, and how banks should connect the two (i.e., what the proper delegation of authority looks like). A couple of sessions looked at the liability created for banks due to credential sharing and the fraudulent transfer of authority resulting in fraudulent wire instructions.

For fraud, there are several generalized solutions that banks should consider working into their strategic planning. One is the tokenization of personal information on the bank’s systems. Another frequently discussed initiative at Nacha is the federation of identity across the bank. This initiative is abstracting identity data and workflow from each product and centralizing the tokenized data. Identity would then be “served up” by an application to various processes within the bank such as the core system, payments application or new account processing.

3. Embedded Banking at Nacha

Another major trend at Nacha was the discussion around embedded banking to also include discussions around integrated payables and automated payments. Embedded Banking is integrating commercial customer’s enterprise accounting and management reporting systems (ERP) with the bank’s treasury and instant payment capabilities. It was ranked “important” or “very important” by 90% of Datos surveyed corporate clients. Through embedded banking, banks can help support their customer’s efforts with cash management, collections, liquidity management, supply chain finance, lending, and international services.

Two overlooked aspects of embedded banking are the reduction of fraud and the increase in customer retention that comes with embedded banking. As such, any bank interested in treasury management should consider having an embedded banking initiative in their strategic plan due to the material boost in both the customer experience and the return on investment.

2. Making Your Bank Real Time

Lots of the buzz at this Nacha conference was about how payments are becoming more “real-time” even outside the instant payment rails. The big news is the recently proposed change in service (HERE) by the Federal Reserve, moving wires to a 22/7/365 operating period. In a similar move, Nacha is considering adding a fourth processing window for Same Day ACH that will go to 7 p.m. Pacific Time.

Banks were aflutter about how they would handle this from a staffing and processing perspective. Many East Coast-based banks contemplated how they would deal with this, particularly given that it is past their core’s posting window for same-day credit.

Finally, Accenture and SouthState discussed the ramifications of what a real-time bank looks like and how the concept of 24/7/365 needs to be woven into the very fiber of banking as “banking hours” disappear. This means that IT support, operations support, call center support, sales, onboarding, fees, interest charges, and management oversight all need to change.

We highlighted that banks should spend more resources figuring out what they want the total experience to be, including the customer and employee experience, from a real-time perspective. Deciding how to present a request for payments (RFP) to the customer or how you want the operational support process to look at midnight is critical to any real-time initiative.

In the same fashion, banks should decide what their modern core path looks like and also work backward from there. Banks that already have a modern core or will have a modern core in the next two years will have very different answers to some of these real-time questions than other banks that may be ten years away from a modern, real-time core.

1. Fed Customer Directory

Finally, the biggest buzz of at Nacha was the rumor (that was not denied by FedNow officials) that the Federal Reserve is getting closer to introducing the much anticipated “Service Directory” to allow a consolidated view of every customer and every participating bank on FedNow. This means that FedNow participating banks will be able to look up another bank’s customer to request or send a payment using a mobile number or email address. If true, this directory would allow banks to better compete with Zelle, Venmo, Paypal, CashApp, and other P2P and B2C payment applications.

On the other side of the coin, it seems the rumors of interoperability between FedNow and The Clearing House will likely not happen any time soon.

The Turning Point in AI at Conferences

Interestingly, Nacha was the first conference we have attended where gen AI took its rightful place. Instead of a separate presentation on AI where a presenter talks about what a large language model is, AI was woven throughout the conference. Just as we no longer need “digital transformation” presentations, we have finally reached the point where the basic generative AI information is pedantic.

That said, one gen AI highlight was JP Morgan Chase’s interesting Treasury Chatbot demo, which was driven by gen AI. The bot is able to answer questions about cash positions, supplier management, payment tracking, exchange rates, and fraud. The interesting part here is that it leverages all the ISO 20022 data from the instant payment rails, so treasurers cannot only get reports instantly but also reports and graphics that utilize the robust data sets.

Putting This Into Action

In terms of content, Nacha and AFP are two of the best payment conferences to attend if you are interested in learning about payments. Go to Money 2020 for networking, go to AFP to sell, and get into the mind of the corporate treasurer, but go to Nacha if you want to see how other banks are tackling the latest problems. When it comes to payments, Nacha is one of our favorites for its balance of learning, innovation, risk, networking and fun.