As part of our commitment to keeping our ACH origination customers (“Originators”) informed of ACH rule changes, we are providing the following summary of upcoming changes to the National Automated Clearinghouse Association ("NACHA") Operating Rules (“Rules”).
These rule changes are intended to improve risk management in the ACH network for all parties. Your organization may not be directly affected by all of them. This summary highlights impacts on the most common types of corporate origination services but is not a substitute for a full compliance review.
1. Origination Fraud Monitoring
- Phase 1 – Effective March 20, 2026, for all ODFIs, Originators, Third-Party Service Providers, and Third-Party Senders with ACH volume greater than 6 million in 2023.
- Phase 2 – Effective June 19, 2026, for all ODFIs, Originators, Third-Party Service Providers, and Third-Party Senders.
Summary
All origination-side participants must implement risk-based processes to identify fraudulently originated ACH entries.
Details
Currently, Originators are only required to monitor WEB debit entries. The new rule extends fraud monitoring requirements to all entries, aiming to detect and prevent fraud schemes such as business email compromise and fake invoices.
Impact
Originators should assess their existing fraud prevention tools (such as anomaly detection or flagging systems) and make updates as needed to comply with these new requirements.
2. RDFI Fraud Monitoring
- Phase 1 – Effective March 20, 2026, for all RDFIs with ACH receipt volume greater than 10 million in 2023.
- Phase 2 – Effective June 19, 2026, for all RDFIs.
Summary
RDFIs (Receiving Depository Financial Institutions) will be required to have processes to review received credit entries and identify potential fraud.
Details
Each RDFI may determine how to meet this requirement based on its operational environment. The rule does not mandate reviewing every entry.
Originator and Third-Party Sender Impact
This rule, along with expanded use of the R17 return reason code and funds availability exceptions, will likely increase the return of fraudulent entries—reducing potential losses for Originators, Third-Party Senders, and ODFIs.
3. Company Entry Descriptions
Both changes take effect no later than March 20, 2026, but Originators may adopt them sooner.
Summary
The Rules will require specific company entry descriptions for payroll entries and online purchases.
Details
- Use “PAYROLL” for PPD credits related to wages, salaries, and other compensation.
- Use “PURCHASE” for e-commerce debit entries authorized by consumers for online purchases of goods.
Originator and Third-Party Sender Impact
Originators must review and, if necessary, update their company entry descriptions in ACH files to meet these standards. Standardized descriptions will enhance fraud monitoring and compliance processes.
Ongoing Guidance
The ACH Network and Nacha Operating Rules continue to evolve to meet the needs of businesses, governments, and consumers initiating over $50 trillion in transactions annually.
Additional guidance will be provided as the implementation dates approach.
.svg)
