EFT Batch Processing & Corporate Payroll
Route thousands of simultaneous payroll direct deposits, vendor disbursements, and pre-authorized debits through the CPA 005 standard EFT network — fully managed within BMO Online Banking for Business.
The Architecture of High-Volume Domestic Payments
Electronic Funds Transfer, governed in Canada by the Canadian Payments Association's Standard 005 (CPA 005) specification, is the foundational infrastructure through which virtually every domestic direct deposit and pre-authorized debit in Canada is settled. When your employees receive their biweekly payroll, when your recurring insurance premium is collected from your operating account, when you remit net HST to Canada Revenue Agency — these transactions all traverse the EFT network, ultimately settling through the Automated Clearing Settlement System (ACSS) operated by Payments Canada.
What distinguishes the corporate EFT experience from individual banking is scale and control. A retail customer sending an e-Transfer initiates a single transaction. A Canadian corporation processing payroll may simultaneously execute 2,000, 5,000, or 50,000 individual direct credit entries — each targeted to a specific employee's bank account at BMO, RBC, Scotiabank, TD, CIBC, or any one of 80+ participating Canadian financial institutions. Each entry specifies an exact dollar amount, a target transit-institution-account combination, a business day value date, and an 18-character payment reference field that feeds back into the corporation's payroll reconciliation software.
The BMO Business Online Banking platform provides the corporate payment engine for generating, validating, and transmitting these CPA 005 batch files. Corporations interact with the system through three distinct modalities: browser-based direct entry for lower-volume programs, file upload via secure SFTP for mid-volume environments, and fully automated Host-to-Host (H2H) integration for enterprises whose payroll or ERP systems generate CPA files directly.
Payroll Processing — From HR Data to Employee Account
The payroll direct deposit workflow begins in the corporation's Human Resources Information System (HRIS) or payroll software — whether that is ADP Workforce Now, Ceridian Dayforce, SAP SuccessFactors, or an in-house system. The payroll team finalizes gross-to-net calculations, applies CRA statutory deductions (CPP, EI, federal and provincial income tax), captures any voluntary deductions for group benefits, RRSP contributions, or union dues, and arrives at the net payable amount for each employee.
This payroll output is exported from the HRIS as a CPA 005 EFT file. The file contains a series of Direct Credit (Type D) records — one per employee — each specifying: the employee's bank transit number, financial institution number, account number, the net deposit amount formatted as a 10-digit integer (in cents), and a cross-reference number that the payroll team uses to reconcile the disbursement against individual payroll calculations. The file also contains a Type A header (identifying the originating company and intended value date) and a Type Z trailer (containing batch control totals for reconciliation).
This file is uploaded to the BMO Business Online Banking portal no later than 11:59 PM on the business day preceding the intended payroll value date (commonly referred to as "T-1," or "T minus one day"). Upon upload, the BMO payment engine performs a multi-stage validation sequence: the CPA 005 file format is checked for structural compliance; transit and institution numbers are validated against the current Canadian Payments Association routing directory; batch hash totals are verified; and the originating account is checked for sufficient available funds, including any pre-established credit facility availability that may supplement the operating balance on payroll disbursement dates.
Pre-Authorized Debits — Collection Programs at Scale
The EFT network's Pre-Authorized Debit (PAD) capability is the engine that powers Canada's subscription economy. Insurance premium collection, mortgage payment processing, utility billing, SaaS subscription renewal, gym membership dues — all of these operate through PAD programs administered by originating companies through their business banking partner.
The regulatory framework for PAD programs in Canada is governed by Payments Canada Rule H1, which mandates strict consumer protections: the originator must possess a signed PAD Agreement from each debtor prior to initiating any debit; the agreement must specify the debit amount (or methodology for calculating it), the frequency, the account to be debited, and the business reason for the arrangement. Personal PAD agreements carry a 10-business-day pre-notification requirement for the first debit; Business PAD agreements are typically subject to a 3-business-day notice period.
BMO Business Online Banking provides the infrastructure for maintaining these PAD records digitally, associating each active PAD mandate with an expiry date, amendment history, and a unique reference number that appears on the collected individual's bank statement — a regulatory requirement that allows the debtor to trace the collection back to the originating agreement. The system also enforces mandate validation prior to any debit item submission: if an active PAD mandate cannot be located in the system for a given account, the debit is automatically blocked from the batch file, preventing unauthorized collection — a risk that carries significant regulatory sanction under PCMLTFA.
Return Item Processing & NSF Management
No high-volume payment program operates without a percentage of return items. In EFT terminology, a "return" occurs when a credit or debit cannot be processed by the receiving financial institution. For direct credits (payroll), the most common return reason is an Account Not Found (ANF) exception — the employee has closed their bank account or changed institutions without notifying payroll administration. For pre-authorized debits, the dominant return reason is Not Sufficient Funds (NSF), where the debtor's account balance was inadequate on the settlement date.
BMO Business Online Banking delivers return files on a T+1 cycle — the business day following the original value date. These return files conform to CPA 005 Type D record format, each containing the original payment's cross-reference number, the specific return reason code (standardized by Payments Canada), and the returned amount. The BMO portal's return management module maps each return item back to the originating payment record, enabling the payroll, accounts receivable, or accounts payable team to action each exception with full context.
For corporations with contractual obligations to reattempt failed pre-authorized debits, BMO's system supports re-presentment within the windows permitted by Payments Canada rules. The platform tracks the number of attempts per debit mandate, enforces the maximum permissible reattempts (typically 3 within 30 days for personal PAD), and automatically flags mandates requiring administrator intervention — such as those where NSF returns have occurred more than twice consecutively, which typically indicates the underlying PAD agreement may need to be renegotiated.
Host-to-Host Integration & Automated File Exchange
For enterprises processing payroll across multiple legal entities, or running daily vendor disbursement programs exceeding several hundred transactions, the browser-based manual upload workflow creates operational overhead disproportionate to the task. BMO's Host-to-Host (H2H) EFT capability eliminates the human in this loop entirely. The corporation's ERP or payroll system is configured to automatically push CPA 005 files to BMO's secure SFTP server at a predetermined schedule — no human interaction required for the file submission step.
The H2H connection is established through a mutually authenticated SSH session, using RSA-4096 key pairs generated during the initial technical onboarding. The corporation's system administrator holds the private key; BMO holds the corresponding public key. Each SFTP session is authenticated by this key exchange, eliminating the password-based authentication weaknesses that have historically enabled unauthorized file submissions. File naming conventions agreed upon during onboarding trigger automated routing rules within BMO's payment engine — a file placed in the /outgoing/payroll/ directory triggers the payroll processing workflow; one in /outgoing/pad-debit/ triggers the PAD submission workflow.
Even in a fully automated H2H environment, BMO's dual-authorization principle is not bypassed. The H2H system supports a "release-authorization" configuration, where the file submission from the ERP system populates the payment batch in the BMO portal, but a designated Checker must still perform a final authentication step through the BMO business login before ACSS submission. Alternatively, for enterprises with mature internal governance controls, a "straight-through" H2H model is available under enhanced bilateral agreements, where BMO accepts the cryptographically signed file from a hardened ERP system as sufficient authorization. Each configuration is assessed and negotiated with the BMO Cash Management Structuring Team.
EFT Reconciliation & Bank Statement Integration
The downstream reconciliation burden associated with high-volume EFT programs was historically a significant operational friction point. Matching 3,000 payroll credits on the bank statement against 3,000 payroll records in the HRIS required either manual effort or complex middleware. BMO Business Online Banking resolves this through machine-readable statement delivery alongside daily EFT settlement reports.
The portal delivers BAI2-format electronic bank statements, a structured data format that all major enterprise accounting systems (SAP, Oracle Fusion, NetSuite, QuickBooks Enterprise) can ingest directly. Each EFT credit or debit line in the BAI2 statement carries the original cross-reference number assigned at payment submission — the bridge that enables the ERP system to auto-match the transaction, reducing accounts payable and payroll reconciliation from a multi-hour manual activity to an automated process requiring only exception review.
Compliance: Payments Canada Rules & OSFI Expectations
As an originating financial institution for EFT transactions submitted by corporate clients, BMO holds compliance obligations under Payments Canada's Rule H1 (Pre-Authorized Debits) and Rule D2 (Return Item Procedures). Corporates accessing EFT services through the BMO Business Online Banking portal operate under an EFT Origination Agreement, which explicitly describes the corporation's obligations as an EFT originator — including the duty to obtain and retain PAD mandates, the obligation to notify debtors of changes to PAD debit amounts within specified notice periods, and the requirements surrounding PAD cancellation processing.
For corporate clients in federally regulated industries — banks, trust companies, insurance companies operating under OSFI oversight — additional requirements apply. OSFI's Guideline E-21 (Operational Risk and Resilience) requires that critical payment processes maintain documented recovery time objectives (RTOs) and recovery point objectives (RPOs). BMO's H2H EFT infrastructure is designed with N+1 redundancy across dual geographically separate data centers, with automated failover ensuring that no single hardware or facility failure can disrupt payment processing continuity. This architectural resilience is extended to corporate clients through the BMO Business Online Banking Service Level Agreement.
Related Payment Services
EFT batch processing integrates naturally with other treasury capabilities. Cross-border supplier payments require SWIFT wire transfers. Intercompany cash concentration leverages zero-balance sweeping. Fraud exposure on domestic EFT programs is mitigated through Positive Pay controls.