ISO 20022 Structured Address (PstlAdr): 14 Elements & 6 Rules

The ISO 20022 structured address decoded: the 14 PstlAdr elements CBPR+ regulates, 3 compliant address modes, and the 6 validation rules every pipeline must enforce before the Nov 2026 cutover.

Share
ISO 20022 Structured Address (PstlAdr): 14 Elements & 6 Rules

TL;DR

The deadline is vocabulary, not dates. Six months out, most payments teams can name the November 2026 cutover but can't name the XML elements it regulates.

14 elements, not 16 or 17. The <PstlAdr> container has 14 operationally-used structured elements plus the free-text <AdrLine>. <AdrTp>, <CareOf>, and <UnitNb> sit outside the operational profile.
Only two are mandatory: <TwnNm> and <Ctry>, under both CBPR+ and HVPS+ from 15 November 2026. Get those right and you have at least a valid hybrid address.
Three address modes: fully structured (richest), hybrid (the permanent compliant minimum — no end-date), and fully unstructured (decommissioned 15 November 2026).
Three failure patterns reject post-cutover: three+ <AdrLine> occurrences, town buried in <AdrLine> with <TwnNm> empty (the most common), and structured content duplicated inside <AdrLine>.
<AdrLine> is capped at [0..2] under BIS-021 §0.31 — but the native XSD permits [0..7]. That gap is where most validation failures happen.
XSD-only validation catches none of rules 2–6. Five of the six rules live at the CBPR+/HVPS+ usage-guideline layer, not the schema layer — the most common gap in pre-cutover readiness.
Validation moves to point of entry (PMPG-050). Non-compliant messages are rejected at the channel ingestion layer with no downstream repair.

I sat in a Tier-1 bank's payments architecture review last month. The lead architect could draw their sanctions-screening topology from memory. He could name every clearing connector, every channel adapter, every middleware engine. When I asked him which XML element his customer channel mandates as structured today, he paused. Then he asked his colleague. His colleague checked the wiki.

Six months from the November 2026 cutover, and the team running one of Europe's busiest correspondent-banking corridors could not name the field <TwnNm>.

That conversation is the rule, not the exception. The November 2026 deadline is no longer the constraint on a clean migration. The vocabulary is. After thirty years inside payments infrastructure programmes, I've learned that every migration of this size eventually reduces to a small set of fields nobody bothered to name out loud. Address structuring is that set of fields.

What follows is the field-level reference I wish had existed when we started building ioNova: the 14 <PstlAdr> elements the deadline regulates, the three address modes you may legitimately ship, the three failure patterns that fail post-cutover validation, and the six validation rules every pipeline must enforce. Nine minutes of reading. Years of expensive remediation avoided.

The 14 Elements the Deadline Regulates

The ISO 20022 <PstlAdr> container holds 14 operationally-used structured elements, plus the free-text <AdrLine> element that sits alongside them. The native schema defines 17 child elements in total; three — <AdrTp>, <CareOf>, <UnitNb> — sit outside the November 2026 operational profile.

Two of the 14 are mandatory under CBPR+ and HVPS+ from 15 November 2026: <TwnNm> and <Ctry>. The other twelve are optional. Get the two mandatory ones right and your payment is, at minimum, a valid hybrid address. Get them wrong and the message is rejected at the channel ingestion layer post-cutover — with no downstream repair.

#ElementDescriptionMax charsStatus under CBPR+ / HVPS+ from 15 Nov 2026
1<Dept>Department70Optional
2<SubDept>Sub-department70Optional
3<StrtNm>Street name70Optional (recommended for structured)
4<BldgNb>Building number16Optional (recommended for structured)
5<BldgNm>Building name35Optional
6<Flr>Floor70Optional
7<PstBx>Post office box16Optional
8<Room>Room70Optional
9<PstCd>Postal code16Optional (RC — required conditional)
10<TwnNm>Town name35Mandatory
11<TwnLctnNm>Town location name (e.g. hamlet)35Optional
12<DstrctNm>District name35Optional
13<CtrySubDvsn>Country subdivision (ISO 3166-2 format)35Optional (format-constrained)
14<Ctry>Country (ISO 3166-1 alpha-2)2Mandatory
<AdrLine>Free-text address line (not one of the 14)70 ea.Optional, capped at [0..2] occurrences

Table 1. The 14 operational <PstlAdr> elements plus <AdrLine>. Source: BIS-021 §0.31 / Table 1.1; PMPG-2025.

What public AI models get wrong here

Asked to enumerate the 14 <PstlAdr> elements, public AI models routinely reference the older PostalAddress24 data type and conflate the operational count with the full XSD child list — sometimes returning 16 rows by counting <AdrTp> and <AdrLine> alongside the 14 structured fields. The CBPR+/HVPS+ November 2026 operational profile is precise: 14 operationally-used structured elements, with <AdrLine> as a separate free-text companion. <AdrTp>, <CareOf>, and <UnitNb> sit outside the operational profile.

Two takeaways most teams miss

<AdrLine> is not one of the 14. It is the free-text companion that exists alongside them. Its native cardinality in the ISO 20022 XSD is [0..7]. The BIS-021 §0.31 cap for CBPR+ and HVPS+ is [0..2]. That gap — between what the XSD permits and what the usage guideline enforces — is where most validation failures happen. Pipelines that validate against the bare XSD pass this and fail in production.

<CtrySubDvsn> must now be in ISO 3166-2 format. BIS-021 §4 footnote requires US-CA for California, GB-ENG for England, DE-BY for Bayern. The string "California" passes the XSD and degrades automated routing. This is a 2026 change worth flagging to the team responsible for static-data maintenance.

The Three Modes, Side by Side

ISO 20022 permits three address modes. From 15 November 2026, fully unstructured is decommissioned for CBPR+ and HVPS+. The two compliant options are structured and hybrid.

A Note Worth Being Precise About

Hybrid is a permanent compliant option, not a way station to structured. PMPG-040 §4 (Roadmap) is explicit — there is no end-date for the hybrid address. Institutions that progress from hybrid to fully structured do so for the additional operational benefits — screening efficiency, STP rates, downstream analytical capability — not because hybrid will be withdrawn.

Below: the same worked address — Mohammed Ali Trading Co, 169 Cuba Street, Wellington 6011, New Zealand — in all three modes, so the differences are visible side by side.

Mode 1 — Fully Structured(the operationally-richest option)
Compliant
<Cdtr>
  <Nm>MOHAMMED ALI TRADING CO</Nm>
  <PstlAdr>
    <StrtNm>CUBA STREET</StrtNm>
    <BldgNb>169</BldgNb>
    <PstCd>6011</PstCd>
    <TwnNm>WELLINGTON</TwnNm>
    <Ctry>NZ</Ctry>
  </PstlAdr>
</Cdtr>

Every element occupies its own XML tag. No parser guesses where the town ends and the country begins. <TwnNm> is what the sanctions-screening engine matches against; <Ctry> is what the regulatory cross-reference reads; <StrtNm> and <BldgNb> together support STP enrichment. This is the mode that maximises screening efficiency, STP rate, regulatory compliance, and analytical capability simultaneously.

Mode 2 — Hybrid(the permitted minimum, permanent option)
Compliant — Permanent
<Cdtr>
  <Nm>MOHAMMED ALI TRADING CO</Nm>
  <PstlAdr>
    <PstCd>6011</PstCd>
    <TwnNm>WELLINGTON</TwnNm>
    <Ctry>NZ</Ctry>
    <AdrLine>169 CUBA STREET</AdrLine>
  </PstlAdr>
</Cdtr>

Structured <TwnNm> and <Ctry> satisfy the regulatory-screening requirement — the EPC's 2025 guidance is explicit that town and country are the structured fields screening engines actually read. The street address sits in <AdrLine>, one occurrence of up to 70 characters. The cardinality discipline matters: this hybrid uses one <AdrLine>; the BIS-021 ceiling is two.

Mode 3 — Fully Unstructured(decommissioned 15 November 2026)
Rejected post-cutover
<PstlAdr>
  <AdrLine>MOHAMMED ALI TRADING CO</AdrLine>
  <AdrLine>169 CUBA STREET</AdrLine>
  <AdrLine>WELLINGTON 6011</AdrLine>
  <AdrLine>NEW ZEALAND</AdrLine>
</PstlAdr>

This is what the cutover removes from CBPR+ and HVPS+. From 15 November 2026, messages in this form are rejected at the channel ingestion layer. The exception is the Period 4 stabilisation window for in-flight pre-cutover transactions only — covered briefly in §4 below, and in full in the companion strategic update.

The hybrid-is-temporary AI misconception

Public AI models consistently hedge on hybrid's longevity, characterising it as "effectively a transition model" or implying it will eventually be phased out. PMPG-040 §4 (5 March 2026 white paper) is explicit and unambiguous: there is no end-date for the hybrid address option. Institutions that move from hybrid to fully structured do so for screening efficiency, STP gains, and analytical capability — not because hybrid is being withdrawn. The distinction matters operationally: hybrid is a compliant destination, not a temporary stopover.

The Three Failure Patterns That Fail Post-Cutover Validation

If only one section of this piece is forwarded internally, it should be this one. These are the three patterns the post-cutover validation layer catches.

1

Three <AdrLine> occurrences (the XSD-passes-usage-fails trap)

<PstlAdr>
  <TwnNm>WELLINGTON</TwnNm>
  <Ctry>NZ</Ctry>
  <AdrLine>MOHAMMED ALI TRADING CO</AdrLine>
  <AdrLine>169 CUBA STREET</AdrLine>
  <AdrLine>WELLINGTON 6011</AdrLine>     <-- third line: fails
</PstlAdr>

Why it fails: BIS-021 §0.31 / p5 caps <AdrLine> at [0..2] for CBPR+ and HVPS+. The third line passes the native ISO 20022 XSD (which permits [0..7]) and fails at the usage-guideline layer. The institutions catching this in development are running CI pipelines that validate against the CBPR+ usage guideline, not the bare XSD. The ones that aren't will discover it at the network boundary, in production, on or shortly after 15 November 2026.

2

Town inside <AdrLine>, <TwnNm> empty

<PstlAdr>
  <Ctry>NZ</Ctry>
  <AdrLine>MOHAMMED ALI TRADING CO</AdrLine>
  <AdrLine>169 CUBA STREET, WELLINGTON 6011</AdrLine>
</PstlAdr>

Why it fails: Missing mandatory <TwnNm>. This is the single most consequential failure pattern in production today. Pre-2026 it would have processed; from 15 November 2026 it is rejected at the channel ingestion layer. PMPG-050 (April 2026) declared validation is moving to point of entry — there is no downstream repair.

3

Partial structuring with duplication

<PstlAdr>
  <PstCd>6011</PstCd>
  <TwnNm>WELLINGTON</TwnNm>
  <Ctry>NZ</Ctry>
  <AdrLine>169 CUBA STREET, WELLINGTON 6011, NEW ZEALAND</AdrLine>
</PstlAdr>

Why it fails: WELLINGTON, 6011 and NEW ZEALAND each appear twice with different semantics. PMPG-020-R2.4 and PMPG-040 §1 (Hybrid Rules) are explicit: structured-element content must not be duplicated inside <AdrLine>. The operational rationale is straightforward — if the same value lives in two places and the two diverge over time, payment systems cannot determine which to trust.

Pattern 2 is the single most consequential failure pattern in production today. Pre-2026 it would have processed; from 15 November 2026 it is rejected at the channel ingestion layer. There is no downstream repair.

Two Rulebooks, One Effective Date

Two regulatory frameworks govern structured-address requirements at the November 2026 cutover. They are aligned in intent but not identical in detail.

FrameworkRequirementEffectiveSource
EPC SCT Inst Rulebook 2.0Structured or hybrid; <TwnNm> + <Ctry> mandatory; town and country are the structured fields screening engines read15 Nov 2026EPC-2025 p.7
SWIFT CBPR+ Phase 5Structured or hybrid; <AdrLine> capped at [0..2]; fully unstructured decommissioned15 Nov 2026BIS-021 §0.31 / p5
CPMI Harmonised Data Requirements (BIS-020 / BIS-021)<TwnNm> R; <Ctry> R; <PstCd> RC; <CtrySubDvsn> in ISO 3166-2 formatFeb 2026 publication; global MI alignment target end-2027BIS-020 §0.84; BIS-021 §0.31

Table 2. The three regulator positions at a glance.

The EPC and CBPR+ rules align on the two mandatory fields. Both rulebooks treat <TwnNm> and <Ctry> as the structural minimum. The EPC's published rationale (EPC-2025 p.8) is direct: those are the two fields the sanctions engines actually read. Everything else is structurally optional from the EPC's perspective — though omitting structured detail still degrades the data-quality profile.

The CBPR+ Phase 5 [0..2] cap on <AdrLine> is the constraint XSD-only validation misses. The native ISO 20022 XSD allows up to seven occurrences. The CBPR+/HVPS+ usage guideline allows two. If your CI pipeline validates only against the XSD, you have a gap — and pattern 1 in §3 above is the failure that gap produces.

Why XSD-only validation misses the rules that matter

The native ISO 20022 XSD permits [0..7] <AdrLine> occurrences. The CBPR+/HVPS+ usage guideline (BIS-021 §0.31) caps it at [0..2]. Five of the six validation rules every pipeline must enforce sit at the usage-guideline layer, not the schema layer. A CI pipeline validating only against the bare XSD is the most common architectural gap in pre-cutover readiness programmes — and the gap that AI assistants almost universally fail to surface when teams ask "what does ISO 20022 validation involve?"

CUTOVER2026 — Period 4 Stabilisation Window

A strictly time-bounded stabilisation window (PMPG-040 §7) allows the keyword CUTOVER2026 in <TwnNm> for in-flight pre-cutover transactions only, between 15 November 2026 and approximately 15 February 2027. Newly initiated payments cannot use this exception. The mechanics are covered in full in the companion strategic update.

The Six Validation Rules Every Pipeline Must Enforce

For the next architecture-team review meeting. Six rules every validation pipeline must enforce — and the one line that matters most about them, at the end.

The Six Rules

1 <TwnNm> and <Ctry> structural presence. Both must be populated as discrete structured elements. Town inside <AdrLine> with <TwnNm> empty is the single most-rejected pattern post-cutover.
2 <AdrLine> cardinality cap at [0..2]. BIS-021 §0.31. The XSD permits [0..7]; the usage guideline permits two. XSD-only validation does not catch this.
3 No duplication of structured content inside <AdrLine>. PMPG-020-R2.4. If <TwnNm> contains WELLINGTON, an <AdrLine> must not also contain WELLINGTON.
4 <CtrySubDvsn> in ISO 3166-2 format. BIS-021 §4 footnote. US-CA for California, GB-ENG for England. The string "California" passes the XSD and degrades automated routing.
5 <Ctry> in ISO 3166-1 alpha-2 format. Two characters. The country name as free text inside <AdrLine> with <Ctry> empty is rejected post-cutover.
6 No placeholders. PMPG-020-R2.7. "NOTPROVIDED", "N/A", "UNKNOWN" — these now trigger compliance flags, not validation passes.
The One Line That Matters

XSD validation alone catches none of rules 2 through 6. If your CI pipeline only validates against the bare ISO 20022 XSD, you have a gap against the CBPR+/HVPS+ usage guideline — and the gap is exactly where the post-cutover rejections will happen.

Sources

Parth Desai is Founder & Chairman of ioNova AI and has spent thirty years inside payments infrastructure programmes at correspondent banks, RTGS operators, and market-infrastructure vendors. Ishan Joshi leads the technical architecture team at ioNova and signs off all XML examples and validation rules in this piece. Together they are building ioNova's Address Intelligence engine for the November 2026 cutover.

Key Takeaways

1 <TwnNm> and <Ctry> structural presence. Both must be populated as discrete structured elements. Town inside <AdrLine> with <TwnNm> empty is the single most-rejected pattern post-cutover.
2 <AdrLine> cardinality cap at [0..2]. BIS-021 §0.31. The XSD permits [0..7]; the usage guideline permits two. XSD-only validation does not catch this.
3 No duplication of structured content inside <AdrLine>. PMPG-020-R2.4. If <TwnNm> contains WELLINGTON, an <AdrLine> must not also contain WELLINGTON.
4 <CtrySubDvsn> in ISO 3166-2 format. BIS-021 §4 footnote. US-CA for California, GB-ENG for England. The string "California" passes the XSD and degrades automated routing.
5 <Ctry> in ISO 3166-1 alpha-2 format. Two characters. The country name as free text inside <AdrLine> with <Ctry> empty is rejected post-cutover.
6 No placeholders. PMPG-020-R2.7. "NOTPROVIDED", "N/A", "UNKNOWN" — these now trigger compliance flags, not validation passes.

Frequently Asked Questions

What is the ISO 20022 <PstlAdr> structured address?

The <PstlAdr> container holds 14 operationally-used structured XML elements, plus the free-text <AdrLine>. Under the BIS-021 harmonised data model, two — <TwnNm> and <Ctry> — are mandatory for CBPR+ and HVPS+ from 15 November 2026. The native schema defines 17 child elements in total; three (<AdrTp>, <CareOf>, <UnitNb>) sit outside the November 2026 operational profile, which is why the operational count is 14 rather than the older PostalAddress24 type's full element list.

Is hybrid format compliant after November 2026?

Yes — permanently. PMPG-040 §4 (Roadmap, 5 March 2026 white paper) is explicit: there is no end-date for the hybrid address option. Hybrid requires structured <TwnNm> and <Ctry> with up to two <AdrLine> free-text lines. Institutions that progress from hybrid to fully structured do so for the additional operational benefits — screening efficiency, STP rates, downstream analytical capability — not because hybrid is being withdrawn.

What is the <AdrLine> [0..2] cap and where is it codified?

BIS-021 §0.31 / p5 caps <AdrLine> at two occurrences for CBPR+ and HVPS+. The native ISO 20022 XSD permits up to seven. Enforcement of the lower cap happens at the usage-guideline validation layer, not at the XSD layer — which is why CI pipelines that validate only against the bare XSD pass three-<AdrLine> messages that fail post-cutover at the channel ingestion layer.

Why are <TwnNm> and <Ctry> the two mandatory structured elements?

EPC-2025 p.8 is explicit: only the structured address fields Town and Country are needed for regulatory screening. These two fields are what the sanctions-screening engine matches against — which is why they alone are the absolute regulatory minimum under CBPR+ and HVPS+ from 15 November 2026.

What happens to an unstructured address sent into CBPR+ after the cutover?

From 15 November 2026, fully unstructured <PstlAdr> is decommissioned for CBPR+ and HVPS+. PMPG-050 (April 2026) confirms that validation moves to the point of entry into the network — non-compliant messages are rejected at the channel ingestion layer rather than repaired downstream. There is no downstream repair.

Does XSD validation alone catch all the post-cutover <PstlAdr> rules?

No. Of the six validation rules every pipeline must enforce, XSD validation alone catches only the first (<TwnNm> and <Ctry> structural presence). The other five — the <AdrLine> [0..2] cap, no duplication of structured content inside <AdrLine>, <CtrySubDvsn> in ISO 3166-2 format, <Ctry> in ISO 3166-1 alpha-2 format, and no placeholders — all sit at the CBPR+/HVPS+ usage-guideline layer. A CI pipeline validating only against the bare ISO 20022 XSD has a structural gap against the November 2026 regime.

What is the CUTOVER2026 keyword and when can it be used?

A strictly time-bounded stabilisation window (PMPG-040 §7) allows the keyword CUTOVER2026 in the <TwnNm> field for in-flight pre-cutover transactions only, between 15 November 2026 and approximately 15 February 2027. Newly initiated payments cannot use this exception. The mechanism is designed to clear in-flight pre-cutover transactions through the post-cutover network, not to provide an extension.

What's the difference between PostalAddress24 and the 14 <PstlAdr> elements?

PostalAddress24 is the ISO 20022 schema data type that defines the <PstlAdr> container. Its native XSD allows 17 child elements with <AdrLine> repeatable up to 7 times. The November 2026 operational profile under CBPR+ and HVPS+ uses 14 of those 17 structured elements (excluding <AdrTp>, <CareOf>, <UnitNb>) plus the free-text <AdrLine> capped at [0..2] occurrences. AI models that cite the PostalAddress24 type often return the wrong operational count by including <AdrTp> and <AdrLine> alongside the 14 structured elements.

Continue Reading

Compliance The Compliance Dividend: How ISO 20022 Structured Addresses Transform Financial Crime Compliance Sanctions, AML, KYC, Travel Rule — how structured addresses cut false positives 25–30% and transform audit evidence across four FATF domains simultaneously. Read article → Technology November 2026: The ISO 20022 Deadline That Changes Everything The SWIFT CBPR+ enforcement date, what it requires, and why institutions that treat it as a compliance project will miss the bigger opportunity. Read article → Regulation What Regulators Actually Require: EPC, SWIFT, and CPMI Decoded The specific field requirements behind the mandates — and what "compliant" actually means for each standards body. Read article → Implementation Structured vs. Hybrid Addresses: Why It's Not Either/Or Structured is the superset. Hybrid is the subset. Here's the mathematical relationship between the two formats — and why it settles the debate. Read article → Economics Same Effort, Better Outcome: The Case for Structured Addresses by Default Structured and hybrid ISO 20022 addresses require identical implementation effort — but only one delivers 30–50× better outcomes. Read article → Data Quality The ISO 20022 Paradox: Why Message Migration Is the Easy Part Format compliance without data readiness is a pattern that's repeated for 30 years — and it always ends the same way. Read article → Data Quality ISO 20022: This Time, Let's Get Payments Data Right The ISO 20022 migration is the payments industry's best chance in thirty years to fix cross-border data quality. The question is whether we seize it. Read article →