Nacha Rules Changes
2021 Nacha Rules Updates
June – Supplementing Data Security Requirements for Large Originators, Third-Party Service Providers (TPSPs) and Third-Party Senders (TPSs)
Effective on June 30, 2021, this change to the Rules is intended to enhance quality and improve risk management within the ACH Network by supplementing the existing account information security requirements for large-volume Originators and Third-Parties. Participants are required to protect deposit account information collected for or used in creating ACH transactions by rendering it unreadable when it is stored electronically.
This change will be implemented in two phases:
- The rule initially applies to ACH originators, TPSPs and TPSs with ACH volume of 6 million transactions or greater annually. An ACH originator, TPSP or TPS that originated 6 million or more ACH transactions in calendar year 2019 would need to be compliant by June 30, 2021.
- The second phase would apply to ACH originators, TPSPs and TPSs with ACH volume of 2 million transactions or greater annually in the 2020 calendar year and compliance is required by June 30, 2022.
June – Limitation on Warranty Claims
Effective June 30, 2021, this change to the Rules limits the length of time in which an RDFI is permitted to make a claim against the ODFI's authorization warranty
- For an entry to a non-consumer account, the time limit is one year from the settlement date of the entry. This is similar to the one-year rule in UCC4-406 that applies to checks charged to accounts.
- For an entry to a consumer account, the limit covers two time periods. Two years from the settlement date of the ACH entry. This period exceeds the one-year in the EFT Act (Regulation E).
June – Reversals
Effective June 30, 2021, this Rule change addresses improper uses of reversal and provides for enforcement capabilities in the event of egregious violations of the Rules. The Rule also spells out that beyond the current use of 'REVERSAL' in the ACH batch description field, the format of the reversal must be identical to the original entry including the amount. Originators are allowed flexibility to accommodate minor variations in the batch header Company Name field for tracking purposes. The RDFI is permitted to return of an improper REVERSAL using return code R11 for consumer accounts and R17 for non-consumer accounts and expands returns to be permissible due to 'wrong date'.
September – Meaningful Modernization
Effective September 17, 2021, this is a grouping of five Rules, which:
- Explicitly define the use of standing authorization for consumer ACH debits. Standing Authorization is a new term defined by Nacha as an advance authorization by a consumer of future debits at various intervals. Under a Standing Authorization, future debits can be initiated by some further action of the consumer for a one-time entry that is separate from the recurring entries. A Standing Authorization can be obtained from the consumer either orally or in writing and the one-time entry or entries initiated by the further action are known as 'Subsequent Entries'. Individual subsequent ACH entries can be initiated in any manner as identified in the Standing Authorization.
- Define and allow for oral authorization of consumer ACH debits beyond telephone calls.
- Clarify and provide greater consistency of ACH authorization standards across payment initiation channels.
- Reduce the administrative burden of providing proof of authorization.
- Better facilitate the use of electronic and oral written statement of Unauthorized Debit
Previously Published Nacha Rules Updates
2021 - March: Supplementing Fraud Detection Standards for WEB Debits
Effective on March 19, 2021, the rule change is intended to enhance quality and improve risk management within the ACH Network by supplementing the fraud detection standard for Internet-initiated (WEB) debits. ACH originators of WEB debit entries have always been required to use a “commercially reasonable fraudulent transaction detection system” to screen WEB debits for fraud. The existing screening requirement is supplemented by this change to make it explicit that “account validation” is part of a “commercially reasonable fraudulent detection system”. The supplement requirement would apply to the first use of an account number or changes to the existing account.
2021 - March: Expanding Same Day ACH to Later Deadline
The effective date of a new, third Same Day ACH processing window is March 19, 2021. RDFIs must make funds available for SDA credits in this new SDA processing window no later than the end of its processing day.
2020 - June: Supplementing Data Security Requirements for Large Originators, Third-Party Service Providers (TPSPs) and Third-Party Senders (TPSs)
The Supplementing Data Security Requirements originally scheduled for a June 2020 implementation has been moved to a June 2021 implementation.
2020 - April: New R11 Will Differentiate Unauthorized Return Reasons
Effective on April 1, 2020, the Rule to better differentiate unauthorized return reasons goes into effect. Up until this time, return reason R10 with the description of “Unauthorized” has been a catch-all for various types of ACH debit returns including those when the originator has made an error. R11, a re-purposed reason will going forward have the description of “Customer Advises Entry Not In Accordance with the Terms of the Authorization”. R11 will be used to return an ACH entry when a receiving financial institution receives a claim from their account holder that the ACH entry has an error such as the wrong date or the incorrect amount. R11 will have the same 60-day extended return time frame and requirement for a Written Statement as with R10 and the sender of the ACH debit will not be required to obtain a new authorization if the error is corrected. R11 returns will be covered by the Unauthorized Entry Return Rate reporting requirement as with R10 returns. The Unauthorized Entry Fee for R11 returns will take effect on April 1, 2021.
2020 - March: Same Day ACH per Transaction Increases to $100,000
Effective on March 20, 2020, the per-transaction dollar limit for Same Day ACH transactions will increase from $25,000 to $100,000. Both Same Day ACH credits and Same Day ACH debits will be eligible for same day processing up to $100,000 per transaction.
2019 - September: Providing Faster Funds Availability for Same Day and Next Day ACH Credits
Effective September 20, 2019, this new rule increases the speed of funds availability for certain Same Day ACH and next-day ACH credits. There are two changes with this rule, first, funds from Same Day ACH credits processed in the existing, first processing window will be made available to receivers by 1:30 p.m. RDFI local time. Secondly, funds from non-Same Day ACH credits will be available by 9:00 a.m. RDFI local time on the settlement day, if the RDFI had them by 5:00 p.m. on the previous day. This applies the existing “PPD rule” to all ACH credits.
2019 - June: RDFIs (Receiving Depository Financial Institutions) have Option to Return for Questionable Transaction
Effective June 21, 2019, this change allows RDFIs, but it is not required of RDFIs, to indicate within a return that the original transaction was questionable or part of anomalous activity. RDFIs electing to return under this circumstance would use R17 as the return reason code and would indicate “QUESTIONABLE” in the Addenda information field.
2019 - January: ACH Rules Compliance Audit Requirements Consolidated in Article One
Previously the general obligation for participating DFIs (Depository Financial Institutions) and certain Third-Party Service Providers (TPSPs) and Third-Party Senders (TPSs) to conduct an audit was within Article One, Section 1.2.2. and the details pertaining to the audit obligations were located within Appendix Eight (Rule Compliance Audit Requirements) of the Rules. Effective January 1, 2019, the requirement to conduct an annual compliance audit is consolidated within Article One of the Rules. The prescribed list of topics that had been in Appendix Eight previously in the Rules is now part of the Guidelines as guidance.
2018 - March: Same Day ACH Phase 3
Effective March 16, 2019, the final phase of the initial Same Day ACH implements the rule that funds availability for Same Day ACH credits is by 5:00 p.m. local time of the receiving financial institution.
2017 - September: Same Day ACH Debits
2017 - September: Third Party Sender Registry
2016 - October: Unauthorized Entry Fee
2016 - September: Same Day ACH
2015 - September: Return Rate Changes
2015 - March: Removal of Notification of Change and Rule Changes Related to Dishonored Returns
2015 - January: Return Fee Entry Formatting Clarification
2014 - September: Prenote Waiting Period Change and B2B Authorization Records
2014 - March: Person-to-Person Payments via ACH
2013 - September: ACH Security Framework
2013 - September: Healthcare Payments via ACH
2013 - September: Stop Payments - Effective Period of Stop Period to Non-Consumer Account
2013 - March: IAT Modifications and Refinements
2012 - September: IAT Modifications and Refinements
2012 - March: Expansion of ARC Application and IAT Modifications and Refinements
2012 - January: Corporate Account Takeover - Availability Exception Option
2011 - September: Enhancements to ACH Applications and New Rule Requirements
2010 - March: Consumer Debit Authorizations and Stop Payments
Important Legal Disclosures & Information
Bank deposit, treasury management and lending products and services, and investment and wealth management, and fiduciary services are provided by PNC Bank, National Association, a wholly-owned subsidiary of PNC and Member FDIC. Lending and leasing products and services, including card services and merchant services, as well as certain other banking products and services, may require credit approval.
Read a summary of privacy rights for California residents which outlines the types of information we collect, and how and why we use that information.
