Fedwire's ISO 20022 upgrade is rejecting wire transfers — what AP teams need to do now

What the Fedwire ISO 20022 migration changed

ISO 20022 is the new international standard for financial messaging — richer data fields, structured address formats, and better interoperability across payment rails. Fedwire, the Federal Reserve's real-time gross settlement system that processes large-value USD wire transfers, has migrated to this format.

The specific change causing rejections: ISO 20022 requires structured address data — separate fields for street address, city, state, and postal code — rather than a single unstructured address text block. Wire instructions that were valid under the old CHIPS/Fedwire format are being rejected if they contain an unstructured address or are missing the required address components entirely.

For AP teams, this means vendor payment records that have existed in QBO for years may now be insufficient for wire processing. The fix requires updating vendor bank details with properly structured address data — exactly the kind of mass vendor record update that fraud attacks are designed to exploit.

What to fix to stop wire rejections

For each vendor you send wires to, you need to confirm:

• Structured beneficiary address. Street address, city, state, and postal code as separate fields — not a single free-text line.
• Beneficiary bank address.The receiving bank's address must also be in structured format. This is often missing from older vendor records that only captured routing number and account number.
• BIC/SWIFT code for international wires.If you're sending cross-border wires, the ISO 20022 format requires a valid BIC in addition to account details.

Check with your ODFI or payment processor for the exact field mapping they require. Most major banks have published migration guides for their business customers.

The fraud risk hiding inside the Fedwire chaos

Here is the problem that's not getting enough attention: any time AP teams are under pressure to update vendor bank records across a portfolio, fraudsters move fast.

The attack pattern is straightforward. A fraudster monitoring business news knows that the Fedwire ISO 20022 migration is causing wire rejections. They email your firm posing as a vendor:

“Hi — we're reaching out because our bank told us our wire payment details need to be updated for the new Fedwire format. Please update our banking info to the following account. Let us know if you need anything else.”

The request is plausible. You're already updating vendor records. The email looks like it's from a known vendor. You update the record — and the next wire goes to the fraudster's account.

This is Vendor Email Compromise (VEC), and it now represents 61% of all Business Email Compromise attacks. The Fedwire migration has created the perfect cover story for it. For a full breakdown of how VEC works and why standard controls miss it, see BEC vs. VEC: what accounting firms need to know.

How to update vendor records safely

You need to update vendor bank records — but you need to do it without creating a fraud window. The protocol is simple:

The outreach angle for new cold contacts

If you're a bookkeeping firm talking to prospects this week, the Fedwire ISO 20022 migration is a natural opener. Most firms managing wires for clients are either already dealing with rejections or will be soon — and the ones who don't have automated vendor monitoring in place are doing this entire process manually, one vendor at a time, with no audit trail.

That's the moment to introduce what automated payment monitoring looks like in practice: every vendor bank change flagged automatically, every first payment to a new account reviewed before release, and a timestamped record of every check performed.