IRS Publication 5190 – IRS Forms, Instructions, Pubs 2026

IRS Publication 5190 – IRS Forms, Instructions, Pubs 2026 – Foreign financial institutions (FFIs), Host Country Tax Authorities (HCTAs), direct reporting NFFEs, sponsoring entities, and other FATCA participants rely on the International Data Exchange Service (IDES) to securely transmit Form 8966 data to the IRS. IRS Publication 5190 (Rev. 4-2025), titled Foreign Account Tax Compliance Act (FATCA) – International Data Exchange Services (IDES) User Guide, is the official, comprehensive manual for using this secure file-transfer system.

Download the latest PDF directly from the IRS: Publication 5190 (Rev. 4-2025).

This guide (Catalog Number 67386F) assumes familiarity with FATCA regulations, XML schemas, and basic IT processes. It provides detailed, illustrated instructions for enrollment, digital certificate management, file preparation, transmission, alerts, and reporting.

What Is FATCA and Why Does IDES Matter?

Enacted in 2010 as part of the HIRE Act, the Foreign Account Tax Compliance Act (FATCA) requires foreign financial institutions to identify and report on U.S. account holders (or face 30% withholding). IDES is the IRS’s secure, encrypted managed-file-transfer platform for submitting FATCA XML reports (new, nil, corrected, void, or amended) under FFI agreements, IGAs (Model 1 or 2), TIEAs, or other arrangements.

IDES supports both web-based (HTTPS) and SFTP access, enforces Public Key Infrastructure (PKI) encryption, and provides real-time alerts and a modern dashboard for monitoring transmissions.

Who Needs IRS Publication 5190?

Foreign Financial Institutions (depository, custodial, investment entities, certain insurers)
Direct reporting NFFEs and sponsoring entities
Trustees of trustee-documented trusts
U.S. withholding agents and territory FIs
Host Country Tax Authorities (HCTAs) under IGAs
Third-party preparers and independent software vendors (non-GIIN filers)

The guide differentiates roles for administrators (full user/certificate management) and end users (limited to metadata, alerts, and password resets).

Key Updates in Publication 5190 (Rev. 4-2025)

Updated screenshots reflecting the current IDES user interface
New IDES Dashboard (replaces the former Sentinel Dashboard) in Sections 13.1–13.6
Multi-Factor Authentication (MFA) now required for IDES Enrollment user login (Section 8.5)
Minor clarifications on file retention, alert codes, and certificate validation

The previous version dated February 2022; no newer revision exists as of February 2026.

Prerequisites Before Using IDES

You need:

A valid Global Intermediary Identification Number (GIIN) (or FATCA Entity ID/FIN for non-GIIN filers)
One digital certificate from an IRS-approved Certificate Authority
The current IRS Public Key (downloaded annually from the IDES Enrollment site)
FATCA XML Schema v2.0 (mandatory since January 16, 2017)
Supported browsers: Chrome, Edge, Firefox (latest versions) or Safari on macOS

Step 1: Obtain a Digital Certificate from an IRS-Approved CA

IDES accepts only certificates from these approved authorities (all support EV SSL unless noted):

Sectigo (formerly Comodo)
DigiCert (includes GeoTrust, Symantec, Thawte, VeriSign) – Standard & EV SSL
GoDaddy – EV SSL
GlobalSign – EV & OV SSL
IdenTrust – TrustID Server Standard SSL and FATCA Organization Certificate

Certificates must be in DER (binary X.509) or PEM (Base-64) format. Key pairs are typically valid for one year. Administrators upload the certificate during enrollment; IDES validates it against the issuing CA.

Tip: Download the latest IRS intermediate certificate bundle (updated October 2025) if you encounter chain-validation errors.

Step 2: IDES Enrollment (6-Step Official Process)

Obtain your digital certificate.
Create a user profile on the IDES Enrollment site (https://www.ides-support.com).
Validate your GIIN/FIN and upload the certificate.
Receive approval email with access instructions (or SFTP link for HCTAs).
Prepare and encrypt files.
Transmit the data package.

HCTA administrators receive pre-assigned usernames (format: 000000.00000.TA.ISO).
FI administrators start by selecting their entity type and entering the GIIN.

Administrators can add users, manage certificates, set alert preferences, create metadata files, and reset passwords. End users have more limited rights.

MFA note: Enrollment login now requires a code sent to the registered email.

Step 3: Prepare FATCA XML Reports (Detailed Encryption Process)

All reports must use FATCA XML Schema v2.0. The transmission package contains four files inside a single .zip (no extra folders, case-sensitive names):

Payload – Signed, compressed, AES-256-encrypted FATCA XML
Key file(s) – AES key/IV encrypted with the recipient’s (IRS or HCTA) 2048-bit public key
Metadata – Unencrypted FATCAEntitySenderId_Metadata.xml (Schema v2.0)
Transmission archive – UTC-timestamped .zip containing the above

Full process (detailed in Publication 5190 Section 9 and the IRS data-preparation page):

Validate XML against schema
Digitally sign (enveloping signature, SHA-256, RSA 2048)
Compress (Deflate – WinZip, 7-Zip, etc.)
Encrypt payload with AES-256-CBC (random 32-byte key + 16-byte IV)
Encrypt AES key with recipient public key (PKCS#1 v1.5)
Create metadata file
Package into final .zip

Sample test packets (Java, .NET, Unix, OpenSSL) and a complete HCTA test packet are available on IRS GitHub and as TestPacketv2.0.zip.

Model 1 Option 2 HCTAs require an extra AES key file encrypted with the HCTA’s public key.

Step 4: Transmit Files via IDES

Web UI (https://www.idesgateway.com)

SFTP (port 4022)

Use WinSCP or any RFC-compliant client (password authentication only)

Files appear in the recipient’s Inbox within minutes. Notifications and alerts are sent by email.

File retention

Inbox/Pending files available for 7 days
Download new files within 24 hours of notification
Failed files are auto-deleted

Step 5: Monitor with the New IDES Dashboard and Alerts

The updated dashboard (replaces Sentinel) lets users:

Search transmission and alert history (indefinite retention)
View status (processing, success, failed)
Export reports (CSV, Excel, PDF)
Filter by GIIN, date, or alert code

Eight alert types are configurable (system availability, transmission failed, virus detected, etc.). Full alert code list is in Appendix E of Publication 5190 and on the IRS site.

Common Issues and Troubleshooting (Appendix Tips)

Certificate chain errors → Validate against the October 2025 intermediate bundle
Transmission failures → Check Appendix C error messages and Appendix E alert codes
Metadata mismatches → Use exact GIIN/FATCA Entity ID format
Accessibility → Full JAWS/NVDA keyboard shortcuts in Appendix G

Additional Official Resources (All Current as of Late 2025)

FATCA XML Schemas & Business Rules (updated October 6, 2025)
IDES Technical FAQs
Alert Codes list
Data Preparation User Tips PDF
Digital Signatures guidance
Supported Browsers list
FATCA News & Information subscription

All links are on the official FATCA IDES Resources page.

Final Advice for FATCA Compliance

IRS Publication 5190 (Rev. 4-2025) remains the definitive, step-by-step reference for secure FATCA reporting via IDES. Always use the latest schema, test in the non-production environment first, and subscribe to the FATCA News list for schema or process changes.

Download the guide today, review the appendices, and bookmark the IDES Enrollment and Gateway sites. For technical support, contact the IDES Help Desk (24/5, excluding U.S. federal holidays) via the portal or email [email protected].

Stay compliant. Transmit securely.
For personalized advice, consult your tax advisor or FATCA compliance team. The IRS does not provide legal or tax advice through this publication.

Last verified: February 2026. Always check IRS.gov for the most current version of Publication 5190 and related schemas.