The ​NACHA Operating Rules are the foundation for every ACH payment. By defining the roles and responsibilities of financial institutions and establishing clear guidelines for each Network participant, the Rules ensure that millions of payments occur smoothly and easily each day.  These following are a brief summary of changes but are not a replacement for Rules, which are subject to change.

  January 1, 2019
  ACH RULES COMPLIANCE AUDIT REQUIREMENTS

  This rule changes the structure of the audit requirement within the Rules, but does not change the requirement to conduct a Rules compliance audit annually.

  DETAILS

This rule change modifies the Rules to provide financial institutions and third-party service providers with greater flexibility in conducting annual Rules compliance audits.  The rule does not change the requirement to conduct a Rules compliance audit annually, but rather changes the structure of the audit requirement within the Rules by consolidating requirements for the annual Rules compliance audit into one section and removing redundant material.

 
January 1, 2019
MINOR RULES TOPICS

These ballots amend the Rules to address a variety of minor topics. Minor changes to the Rules have little-to-no impact on ACH participants and no significant processing or financial impact.

DETAILS

ACH Operator Edits
This change aligns the Rules with current ACH Operator file editing practices.

Clarification on TEL Authorization Requirement
This change makes clear that the general rules governing the form of authorization for all consumer entries apply to TEL entries. This rule also incorporates a reference to consumer account within the general rules for TEL entries.

Clarification of RDFI Obligation to Return Credit Entry Declined by Receiver
This change clarifies the specific conditions under which an RDFI is excused from its obligation to return a credit entry. It also modifies the language to refer to an entry being “declined” (rather than “refused”) by the Receiver.

Editorial Clarification on Reinitiation of Return Entries
This editorial change clarifies the existing intent that reinitiation is limited to 2 times.

Editorial Clarification on RDFI Liability Upon Receipt of a Written Demand for Payment
This editorial clarification makes clear that an RDFI may return a Written Demand for Payment only if it was not properly originated by the ODFI.

 

June 21, 2019

RETURN FOR QUESTIONABLE TRANSACTION

This change to the Nacha Operating Rules will enhance quality and improve risk management within the ACH Network by allowing RDFIs to indicate within a return that the original transaction was questionable or part of anomalous activity.

DETAILS

RDFIs may but are not required to use return reason code R17 to indicate that the RDFI believes the entry was initiated under questionable circumstances. RDFIs electing to use R17 for this purpose will use the description “QUESTIONABLE” in the Addenda Information field of the return. An R17 in conjunction with this description enables these returns to be differentiated from returns for routine account number errors.

September 20, 2019

PROVIDING FASTER FUNDS AVAILABILITY

This Rule increases the speed of funds availability for certain Same Day ACH and next-day ACH credits.

DETAILS

Establishes additional funds availability standards for ACH credits

  • Funds from Same Day ACH credits processed in the existing, first processing window will be made available by 1:30 p.m. in the RDFI's local time

  • Funds from non-Same Day ACH credits will be available by 9:00 a.m. RDFI's local time on the Settlement Date, if the credits were available to the RDFI by 5:00 p.m. local time on the previous day (i.e., apply the existing “PPD rule” to all ACH credits)


March 20, 2020
INCREASING THE SAME DAY ACH DOLLAR LIMIT

This new rule increases the Same Day ACH per-transaction dollar limit to $100,000 and will become effective on March 20, 2020.

DETAILS

Increases the per-transaction dollar limit for Same Day ACH transactions to $100,000

  • Currently, Same Day ACH transactions are limited to $25,000 per transaction

  • While the current limit covers approximately 98% of ACH transactions, there are many use cases for which a higher dollar limit will better enable end users to utilize Same Day ACH.  For example, a higher transaction limit would better enable:

    • B2B payments, in which only approximately 89% of transactions are currently eligible

    • Claim payments, which are often for larger dollar amounts and are time sensitive in nature

    • Reversals for a larger pool of transactions, including all Same Day ACH transactions

April 1, 2020
DIFFERENTIATING UNAUTHORIZED RETURN REASONS

This rule better differentiates among types of unauthorized return reasons for consumer debits. This differentiation will give ODFIs and their Originators clearer and better information when a customer claims that an error occurred with an authorized payment, as opposed to when a customer claims there was no authorization for a payment. ODFIs and their Originators should be able to react differently to claims of errors, and potentially could avoid taking more significant action with respect to such claims.

DETAILS

The rule re-purposes an existing, little-used return reason code (R11) that will be used when a receiving customer claims that there was an error with an otherwise authorized payment. Currently, return reason code R10 is used a catch-all for various types of underlying unauthorized return reasons, including some for which a valid authorization exists, such as a debit on the wrong date or for the wrong amount. In these types of cases, a return of the debit still should be made, but the Originator and its customer (the Receiver) might both benefit from a correction of the error rather than the termination of the origination authorization. The use of a distinct return reason code (R11) enables a return that conveys this new meaning of “error” rather than “no authorization.”

Effective date: Phase 1 – April 1, 2020; effective date Phase 2 – April 1, 2021

 

June 30, 2020

SUPPLEMENTING DATA SECURITY REQUIREMENTS

This change to the Nacha Operating Rules will enhance quality and improve risk management within the ACH Network by supplementing the existing account information security requirements for large-volume Originators and Third-Parties. This change will be implemented in two phases.

DETAILS

The existing ACH Security Framework including its data protection requirements will be supplemented to explicitly require large, non-FI Originators, Third-Party Service Providers (TPSPs) and Third-Party Senders (TPSs) to protect deposit account information by rendering it unreadable when it is stored electronically.

Implementation begins with the largest Originators and TPSPs (including TPSs) and initially applies to those with ACH volume of 6 million transactions or greater annually. A second phase applies to those with ACH volume of 2 million transactions or greater annually.

 

July 1, 2020

ACH CONTACT REGISTRATION

REQUEST FOR COMMENT - RESPONSES DUE BY FRIDAY, AUGUST 23, 2019

Nacha is issuing this Request for Comment to obtain industry feedback on a proposal to create an industry resource for financial institutions to be able to more easily connect with other financial institutions about ACH operations, exceptions and risk management.

DETAILS

All ACH financial institutions would register contact information for ACH operations and risk/fraud

The contact information would be available for other registered ACH participating financial institutions, Payments Associations, and Nacha

  • For use in ACH-related system outages, erroneous payments, duplicates, reversals, fraudulent payments, etc., or potentially other uses within scope (e.g., proper contact for letters of indemnity)

  • Use of the information would be limited to these purposes

Registration information would be required to be updated within 45 days after any change, and verified on an annual basis

Nacha would provide this registry resource as a tool for inter-FI communication for issues relating to ACH operations and fraud/risk management

  • The registry would be accessed via the existing Risk Management Portal

  • Authorized users would use the secure Portal to access registered contact information

  • There would not be a charge to FIs to register or use the contact information

Risk Management Portal security

  • The Portal is a hosted solution built with security and business continuity in mind, including physical security, encryption, user authorization and authentication processes, and auditing to verify satisfaction of privacy and security requirements

  • Data is encrypted while in transit to Nacha and remains encrypted while it is at rest

  • Compliance of the underlying cloud platform with key industry standards is certified by the cloud service provider

 
 
March 19, 2021
SUPPLEMENTING FRAUD DETECTION STANDARDS FOR WEB DEBITS

The effective date for an upcoming change in the Nacha Operating Rules is being extended by the Nacha Board of Directors. The WEB Debit Account Validation Rule now takes effect March 19, 2021, rather than Jan. 1, 2020. The rule was originally approved by Nacha members in November 2018. The Nacha Board of Directors approved the extension in effective date to allow for additional time, education and guidance to be provided to the industry. 

DETAILS

Currently, ACH Originators of WEB debit entries are required to use a “commercially reasonable fraudulent transaction detection system” to screen WEB debits for fraud. This existing screening requirement will be supplemented to make it explicit that “account validation” is part of a “commercially reasonable fraudulent transaction detection system.” The supplemental requirement applies to the first use of an account number, or changes to the account number.

March 19, 2021

EXPANDING SAME DAY ACH

This new rule expands access to Same Day ACH by allowing Same Day ACH transactions to be submitted to the ACH Network for an additional two hours every business day. The new Same Day ACH processing window will go into effect on March 19, 2021.

DETAILS

Creates a third Same Day ACH processing window that expands Same Day ACH availability by 2 hours

  • Currently, the latest that an ODFI can submit files of Same Day ACH transactions to an ACH Operator is 2:45 p.m. ET (11:45 a.m. PT)
  • The new window will allow Same Day ACH files to be submitted until 4:45 p.m. ET (1:45 p.m. PT), providing greater access for all ODFIs and their customers
  • The timing of this new processing window is intended to balance the desire to expand access to Same Day ACH through extended hours with the need to minimize impacts on financial institutions’ end-of-day operations and the re-opening of the next banking day
September 2017:  Same Day ACH Debits

The National Automated Clearing House Association (NACHA), the organization that governs the ACH network, will implement a rule change that allows the initiation of Same Day ACH debit payments of $25,000 or less, with funds available to the receiver by the end of the receiving financial institution’s processing day. Same Day ACH will be available for debits starting September 15, 2017. All ACH transaction types are eligible, except for International ACH Transactions (IATs).

NACHA’S Same Day ACH rollout began in September 2016 with the introduction of Same Day ACH for credit entries. Starting in 2018, receiving financial institutions must make Same Day ACH transactions funds available to the receiver by 5:00 pm local time

September 2017:  Third Party Sender Registry

The Third Party Sender registry is being created to improve the overall quality of the ACH Network and promote appropriate due diligence among Originating Depository Financial Institutions (ODFIs) processing for Third-Party Senders (TPS).

The new rule will require all ODFIs to register their TPS customers with NACHA, providing the following information regarding each TPS for which the ODFI provides ACH services. 

  • TPS Name
  • TPS Location (City, State)
  • Routing Number
  • Company ID(s)

After the initial registration, NACHA may request supplemental information about a TPS regarding any potential risk event. A risk event is defined as “cases in which NACHA believes that a TPS in the ACH network poses an escalated risk of (i) financial loss to one or more Participating (Depository Financial Institutions) DFIs, Receivers or Originators, (ii) violation of the (NACHA) Rules or Applicable Law, or (iii) excessive returns.”

For additional information regarding these rule changes, or to request a copy or access to the latest ACH Rules from PNC, please contact your Treasury Management representative.

October 2016:  Unauthorized Entry Fee

To improve the overall quality of the ACH Network by reducing returns, NACHA is implementing a rule that applies to ACH debit transactions that are returned as “unauthorized” by the Receiver.

The rule introduces a fee of $4.50, assessed to the originating financial institution, for each ACH debit transaction that is returned as unauthorized. The fee will be passed to the receiving financial institution to compensate them for expenses related to servicing and returning the transaction for their customer. The rule applies to the following return reason codes:

  • R05 – Unauthorized Debit to Consumer Account Using Corporate SEC Code
  • R07 – Authorization Revoked by Customer
  • R10 – Customer Advised Unauthorized, Improper, Ineligible or Incomplete Transaction
  • R29 – Corporate Customer Advises Unauthorized
  • R51 – Item Related to RCK Entry is Ineligible or RCK Entry is Improper

The fees for unauthorized debit returns as of October 3, 2016 would be applied to debits originated as early as August 1, 2016.  NACHA will evaluate the fee amount every three years.

Please Note: The fee is not applicable to International ACH Transactions (IATs).

September 2016:  Same Day ACH

The rule will enable the option to initiate same day ACH payments through new ACH Network functionality. This option is in addition to the existing ACH network processing capabilities. The rule will be implemented over three phases with Phase 1 beginning on September 23, 2016.

Phase 1 will support ACH credits only. All transaction types are eligible (except International ACH Transactions (IATs)) up to $25,000 per transaction. All receiving financial institutions must be able to receive same day ACH payments and make funds available to the receiver by the end of the receiving financial institution’s processing day in Phase 1.

There is an additional fee to originate Same Day ACH entries and no additional fee to receive Same Day ACH entries.

September 2015:  Return Rate Changes

1.  Current monthly unauthorized debit return rate threshold reduced from 1% to 5%.  Your total number of ACH debit returns with Unauthorized Return Reason Codes should not exceed 0.5% of your total ACH debits originated.  Should you exceed the stated threshold, we may contact you to inquire on the reason for the high return rate. The following Return Reason Codes are considered unauthorized reason codes:

R05 - Unauthorized Debit to Consumer Account Using Corporate SEC Code
R07 - Authorization Revoked by Customer
R10 - Customer Advises Not Authorized
R29 - Corporate Customer Advises Not Authorized
R51 - Item is Ineligible

2.  Established monthly ACH debit administrative return rate threshold of 3%.  Your total number of ACH debit returns with Administrative Return Reason Codes should not exceed 3% of your total ACH debits originated.  Should you exceed the stated threshold, we may contact you to inquire on the reason for the high return rate. 

The following Return Reason Codes are considered Administrative Return Reason Codes:

R02 - Account Closed
R03 - No Acct/Unable to Locate Acct
R04 - Invalid Account Number

3.  Established monthly overall ACH debit return rate threshold of 15%.  Your total number of ACH debit returns for all Return Reason Codes should not exceed 15% of your total ACH debits originated.  Should you exceed the stated threshold, we may contact you to inquire on the reason for the high return rate.  All ACH debit returns regardless of Return Reason Code for all Standard Entry Class codes except RCK (Re-presented Check Entries) are considered for this calculation.

4.  Re-initiation of ACH debits required to contain "Retry Pymt" in the Company Entry Eescription field.  If ACH debits that are returned unpaid with R01 – Insufficient Funds or R09 – Uncollected Funds Return Reason Codes and are subsequently re-presented for payment, the description “RETRY PYMT” is required to be included in the Company Entry Description field. If you currently originate debit re-presented files, you are required to update the Company Entry Description prior to submitting. Not updating the Company Entry Description may result in the RDFI returning the transaction with an R10 - Customer Advises Unauthorized, Improper, or Ineligible Return Reason Code.  If you have selected PNC’s “ACH Auto Debit Re-presentment” service feature, no action is required from you.  PNC will automatically change your Company Entry Description to include “RETRY PYMT.”

March 2015:  Removal of Notification of Change and Rule Changes Related to Dishonored Returns

1.  Removal of Notification of Change - CO4 Change Code.  Previously, Receiving Depository Financial Institutions (RDFIs) would send a Notification of Change – C04 to request a correction to the Receiver’s name on future ACH transactions. This sometimes created challenges for Originators, ODFIs and RDFIs. An example was when the Biller (Originator) could not make the requested name change due to contractual or other reasons while the Original Depository Financial Institution faced NACHA violations for not updating the name. To eliminate this risk the C04 code will be removed as a valid change code.

Impact to ODFIs / Originators

If you are an ACH Originator and the Receiver’s name on the ACH transaction and Receiver’s name at the RDFI do not match, rely on contracts and records to properly identify the name of the Receiver being credited or debited, without relying on a Notification of Change (NOC) from the RDFI

Impact to RDFIs

When the RDFI discovers a name mismatch, choose one of the following courses of action:

  • Post the Entry based solely on account number.
  • Return the Entry as R03.
  • Assist the Receiver by communicating directly with the ODFI/Originator.
2. Dishonored Returns and Contested Dishonored Returns Related to an Unintended Credit to a Receiver.  There are two new return codes to assist Originators, ODFIs, and RDFIs to rectify situations in which the reversal process resulted in, or didn’t resolve unintended credit to the Receiver.

Originators and ODFIs can use the new R62 (Return of Erroneous Debit or Reversing Debit) only in the following situations:

  • When a debit Erroneous Entry and a subsequent credit Reversing Entry are both transmitted to the Receiver’s account, but the erroneous debit is returned while the reversing credit is posted and made available to the Receiver.
  • When a credit Erroneous Entry and a subsequent debit Reversing Entry are both transmitted to the Receiver’s account, but the reversing debit is returned while the erroneous credit is posted and made available to the Receiver.

If you are an ACH Originator, you can request that your ODFI dishonor a return in order to correct and resolve an erroneous or unintended credit to a Receiver.

In addition, ensure that R62 is only used when the associated credit entry (the Reversal or the erroneous credit) was not also returned by the RDFI.

RDFI’s can use the new Contested Dishonor R77 (Non-Acceptance of R62 Dishonored Return) if either of the following situations exist.

  • the RDFI returned both the erroneous entry and the reversal entry to the ODFI
  • the RDFI was unable to recover the funds from the Receiver
January 2015:  Return Fee Entry Formatting Clarification

Consumers that received an electronic Return Entry fee posted to their account often times could not link the return fee to an authorized transaction at a merchant. The NACHA rule change clarifies that the Individual Name field in the PPD Return Entry Fee transaction is used to link the fee to the original authorized ARC, BOC, or POP transaction that was returned unpaid. The Individual ID field could contain the Receiver’s name, reference number, identification number or code of the merchant to identify the customer. This change should have no impact on ACH participants as it recognizes current best practice regarding the formatting of fees for check conversion entries.