risk intelligence Insights

Nacha’s new rules: are you ready?

Risk Intelligence

The National Automated Clearing House Association (Nacha) will be implementing a range of rule changes to strengthen fraud prevention measures related to ACH transactions. It is crucial that industry participants are fully aware of all upcoming changes. Moreover, with effective dates confirmed, organisations are encouraged to start preparing now.

  • In response to surging fraud and financial crime, Nacha will be implementing new rules to strengthen fraud prevention measures related to ACH transactions.
  • Structured planning and preparation are vital to fully understand and adapt to the new rules.
  • Timeframes are tight and forward planning is essential.

Payment fraud and the ACH network

Nacha is the administrator of the ACH Network, the US payment system covering direct deposits and direct payments. The network processes substantial volumes and value each year, but surging financial crime – much of it relating to payments fraud – is creating a headache for organisations.

The statistics are eye-wateringly high. A staggering 80% of organisations were victims of payments fraud in 2023, a 15% rise over the previous year.[1]  Moreover, ACH is the payment method most often targeted in BEC (business e-mail compromise).[2]

In March, Nacha approved a set of rules aimed at tackling rising fraud. The key objective of the new rules is to lower the success rate of attempted fraudulent activities. Amongst other changes, fraud detection responsibilities will be expanded across more ACH Network participants. 

It is crucial that all impacted payments industry players are aware of the implications of these upcoming changes, and further that they take action to prepare ahead of the imminent implementation dates. Forward planning is essential.

The new rules: a snapshot 

The proposed amendments have staggered effective dates ranging from October 2024 until June 2026, meaning that the preparation timeframe is tight. Here we focus specifically on the impact of Fraud Monitoring – Phase 1, outlined in the table below:

Dates Effective Dates for Rule Amendments
October 1, 2024
  • Codifying expanded use of return reason code R17 
  • Expanded use of ODFI request for retunr/R06 
  • Additional funds availability exceptions (for RDFIs) 
  • Timing of written statement of unauthorised debit - RFDI must promptly return unauthorised debit
March 20, 2026
  • Fraud Monitoring - Phase 1 
    • All ODFIs - Originators, TPSP/TPSs with 2023 ACH origination volume of 6 million or greater 
  • ACH credit monitoring - Phase 1 
    • RDFIs with 2023 ACH receipt volume of greater than 10 million 
  • New company entr descriptions - PAYROLL  and PURCHASE
June 19, 2026
  • Fraud Monitoring - Phase 2 
    • All other (non- consumser) originaor and TPSP/TPSs 
  • ACH credit monitoring - Phase 2 
    • All other RDFIs

Four key areas of change include:

  • Fraud monitoring

This rule requires each Originator, ODFI, Third-Party Service Provider, and Third-Party Sender to establish and implement risk-based processes and procedures intended to identify ACH entries initiated due to fraud.

  • Risk-based processes and procedures – new language

New rule language has been introduced around fraud monitoring. This relates to establishing and implementing risk-based processes and procedures intended to identify Entries that are suspected of being unauthorized or authorized under False Pretenses.

  • Credit monitoring 

The rule amendment requires RDFIs to establish and implement risk-based processes and procedures intended to identify credit ACH entries initiated due to fraud. 

  • False Pretenses  – new language

The inducement of a payment by a Person misrepresenting that Person’s identity or the ownership of an account credited. This definition covers common fraud scenarios such as Business Email Compromise (BEC), vendor impersonation, payroll impersonation, account take over and others.

Preparing for change: a four-step plan

As a Nacha Preferred Partner for Compliance and Risk and Fraud Prevention, LSEG Risk Intelligence has created a Preparation Playbook to help you assess your current capabilities and determine the steps you need to take to ensure your organization is ready for the new Nacha rules.

  • Review your current capabilities

The first step is to review your current capabilities in the context of the customer life cycle. It is necessary, for example, to understand how fraudsters sneak into the environment, look at what your fraud rates are, consider your ACH return rates and assess the fraud detection systems you currently have in place. This can help you identify gaps.

  • Examine the customer lifecycle

Secondly, take a closer look to help identify potential fraud across the three key areas of the customer lifecycle: identity and onboarding, payments and disbursements and change management events. Your solutions must allow you to trust the identity, trust the account and trust the interaction.

  •  Identify areas for improvement in fraud detection

Next, look at where you might need to develop or enhance your fraud detection tools, processes and procedures. Understand what enhancements to existing processes are needed to comply with the new rules.

  •  Identify new technology or partners needed

Finally, consider the new technology solutions or partners you might need to work with going forward. We recommend having a partner that “can come in and consult with you, share with you what they are seeing in the industry, and help you understand fraud trends from a risk perspective.”

Adopting a holistic fraud prevention strategy that identifies and mitigates potential fraud across the customer life cycle is essential – and choosing the right partner to achieve this is vital.

Access our webinar to hear from Nacha and LSEG Risk Intelligence experts discuss the new amendments, as well as provide our four-step preparation plan here.

Compliance with Nacha rules is not always straightforward. Discover how our account verification solutions can help you reduce payments risk and ensure compliance with evolving Nacha rules. Learn more.

Read more about

Stay updated

Subscribe to an email recap from:

Legal Disclaimer

Republication or redistribution of LSE Group content is prohibited without our prior written consent. 

The content of this publication is for informational purposes only and has no legal effect, does not form part of any contract, does not, and does not seek to constitute advice of any nature and no reliance should be placed upon statements contained herein. Whilst reasonable efforts have been taken to ensure that the contents of this publication are accurate and reliable, LSE Group does not guarantee that this document is free from errors or omissions; therefore, you may not rely upon the content of this document under any circumstances and you should seek your own independent legal, investment, tax and other advice. Neither We nor our affiliates shall be liable for any errors, inaccuracies or delays in the publication or any other content, or for any actions taken by you in reliance thereon.

Copyright © 2024 London Stock Exchange Group. All rights reserved.