At 8:47 p.m. on a Friday, a payment instruction arrives for approval. The customer is known. The destination account looks familiar. The narrative field says “invoice settlement.”
In a batch world, you would have time. You could pause, review, call someone, and decide. In an instant payments world, you have seconds. If you hesitate, the customer experience breaks. If you approve the wrong transaction, the loss is immediate.
That is the real shift happening in North America right now. The rails are getting faster, and the amounts moving on them are getting bigger. Risk and compliance teams need to make decisions at the same speed as the payment.
The scale shift is already visible in the United States
The Clearing House operates the RTP network, an instant payments system in the United States. In 2024, payment value on the network reached 246 billion dollars, and volume reached 343 million transactions. The Clearing House also reported that 42% of transactions took place overnight, on weekends, or on holidays. That detail matters because it signals a structural change. Instant payments are not a business hours product.
In 2025, the story moved from “instant is convenient” to “instant is moving serious money.” In the second quarter of 2025, the RTP network processed 481 billion dollars, and transaction volume exceeded 107 million payments. The Clearing House linked that growth to larger payments and pointed to the network’s 10 million dollar transaction limit that was introduced in February 2025.
The Federal Reserve’s FedNow Service is also expanding. In its 2025 Year in Review infographic, the FedNow program reported 1,600 participating financial institutions across all 50 states and nearly 30,000 transactions per day. The same infographic highlights an increased network transaction limit of 10 million dollars, plus capabilities such as APIs, an exception resolution service, and tools aimed at scam defense and risk mitigation.
Separate Federal Reserve documentation also notes that the FedNow Service had a 1 million dollar maximum transaction value limit, and that effective November 2025 this limit would be increased to 10 million dollars.
Taken together, these signals are clear. Instant payments in the United States are growing and shifting into higher value use cases. That changes what “good controls” look like.
Canada is on a similar path, with timing that matters for readiness
Canada’s Real Time Rail, often referred to as RTR, is expected to launch through milestones across 2026 and 2027, and is positioned as a system that supports instant payments any time, any day, with richer data and real time confirmation. The same overview emphasizes ISO 20022 as the messaging standard for those data rich payments.
There is debate in Canada about pace, governance, and outcomes. For example, a CIGI commentary published in December 2025 argues that Canada’s prolonged delays are costly, and it cites expectations of industry facing testing by early 2026 and a full implementation in late 2026 or early 2027. That is an opinionated critique, but it is useful as a reminder that timelines can move and that institutions should avoid waiting for a perfect “go live” date before building capabilities.
Why instant payments change the risk problem
A common mistake is to treat instant payments as a faster version of an existing rail. That is not correct. Instant payments change the decision conditions.
First, the time to decide collapses.
Batch processing gave you time to detect anomalies and stop settlement. Instant payments are designed to settle quickly with immediate availability. That means a control that relies on long review windows is not a control. It is an after action report.
Second, higher limits change the fraud and compliance exposure.
When a rail supports payments in the millions, the target profile changes. Attackers have a strong incentive to focus on fewer, larger transactions. Social engineering also becomes more damaging because one compromised approval can move a meaningful amount. The RTP network itself has linked higher value growth to the increased 10 million dollar limit and cited use cases such as real estate transactions and portfolio transfers.
Third, the operating day becomes continuous.
If a large portion of activity happens outside normal business hours, a risk program that “closes” is taking on a blind spot. The RTP network’s own reported off hours share makes this concrete, not theoretical.
Fourth, data quality improves, but only if you use it.
North American rails are moving toward richer structured data. ISO 20022 is part of that shift. The United States has also made ISO 20022 real for large value payments: the SEC stated that the Fedwire Funds Service would transition to ISO 20022 on July 14, 2025, with the prior format retired the day before.
More data does not automatically reduce risk. It only helps if your monitoring, screening, and investigation workflows can interpret and act on it quickly.
A practical playbook for real time controls
This is not a call for more alerts. Most institutions already have too many alerts. The goal is faster, better decisions with fewer false positives.
-
Segment by use case, not just by amount
A payroll file, a treasury movement, a marketplace payout, and a real estate related payment all behave differently. If you apply one generic threshold and one generic rule set to every instant payment, you will either block legitimate activity or miss the pattern that matters. Build separate policies for clearly defined use cases, then tune them with real data.
-
Treat beneficiary changes as high risk moments
The most expensive instant payment failures often start with a change in destination. New payees, modified payee details, and first time transfers should be treated as a separate risk category. The right controls here are simple in concept: step up verification, slow down only the risky events, and create clear customer facing messaging that makes security feel like protection, not friction.
-
Build fast negative signals, not slow positive proofs
Many control programs aim to “prove” a payment is safe. That takes time. In instant payments, the more scalable approach is to identify strong reasons to stop or challenge a payment. Examples include unusual device patterns, sudden changes in timing, inconsistent beneficiary history, and irregular payment purpose descriptions. The point is to concentrate human review on the small set of payments that look wrong, not to review everything.
-
Use network and participant signals where possible
FedNow’s own Year in Review points to network intelligence, exception resolution, and scam defenses as part of the direction of travel. The important idea is collaboration and shared context. When a rail supports structured messaging and network level tools, it creates new options for identifying and resolving suspicious scenarios.
-
Design for exceptions as a normal workflow
Instant payments create a higher volume of operational edge cases: mistaken payments, scam claims, and reconciliation issues. Teams that treat exceptions as rare events will struggle. Treat them as a product requirement. Define clear steps for investigation, communications, and escalation. Ensure you can act quickly even outside normal hours.
-
Measure speed and precision, not just loss rate
Loss rate matters, but it is a lagging indicator. In instant payments, you also need to measure time to decision, false positive rate, time to contain anomalies, and the operational load created by controls. A control that is “accurate” but slow is not fit for instant payments.
The leadership question for 2026
The most important question is not “Do we support instant payments?” Many institutions already do, or will soon.
The question is whether your control program is built for the environment the rails are creating: higher value use cases, continuous availability, and faster finality.
The institutions that get this right will not win because they are the fastest. They will win because they are the safest at speed.
