News & Media

As an originator, it is important you understand if, and how, changes to the NACHA Operating Rules and Guideline affect your business.

The upcoming rule amendment will expand the current rules to require each non-consumer originator, Third-Party Sender, and Third-Party Service Provider to establish, implement and annually review risk-based processes and procedures intended to identify ACH entries initiated due to fraud across all transaction types and SEC codes. 

When will this be implemented?

• Phase 2 is effective June 19, 2026: Applies to all non-consumer ACH originators, Third-Party Senders, and Third-Party Service Providers.

Resources: 

• For additional information on the NACHA Operating Rules and Guidelines, you can purchase your own copy here.

What you need to do:

The 2026 Nacha rule requires ACH network participants to implement risk-based processes to identify fraudulent outgoing ACH entries and monitor entries that are unauthorized or initiated under false pretenses.

• Originators are required to establish and implement risk-based fraud detection processes and procedures and review them annually to reasonably identify entries suspected of being unauthorized under false pretenses and address evolving fraud risks.
• While the Rule does not state how you must comply, it does make it clear that doing nothing is no longer acceptable.

What does False Pretenses mean?

• False Pretenses refers to the act of inducing a payment through misrepresentation of a person’s identity, their authority or association with another person, or the ownership of an account to be credited. When thinking about False Pretenses, consider business email compromise or cases involving impersonation of a payee. However, it’s important to note this term does not cover scams like puppy fraud, event ticket fraud, or issues related to inferior goods or services. These are not addressed under the Rules.

Business Email Compromise is a prime example of False Pretenses. This involves a fraudulent email appearing to come from a trusted vendor, claiming their payment details have changed. The Originator updates the information and processes the payment, only to discover days later that the request was not from the legitimate vendor.

What can you do as an ACH originator to prepare?

Consider these areas for evaluation and discussion within your business:

1. Process and Fraud Monitoring Evaluation: Review your current fraud monitoring capabilities and processes. Are there gaps or any areas you can improve?
   
   
2. Customer/Vendor verification protocols: Use Know Your Customer (KYC) validation during onboarding.
   
   
3. Change control procedures: When account information changes, make sure procedures are in place to conduct callbacks to known numbers to ensure the change came from an authorized party and not a fraudster.
   
   
4. Technology assessment: What technology can you implement to screen when initiating WEB debits or when using Micro-Entries?
   
   
5. Team preparation: Plan to educate members of your team on new Nacha requirements and compliance culture.
   
   
6. Vendor review: Review your vendor and partner agreements' to be sure they are aligned with new requirements.
   
   
7. Ongoing compliance strategy: Establish regular review processes for your business.

The examples listed above highlight only a portion of the available tools that can enhance fraud monitoring. The specific approach will differ for each participant, since business models and operational environments vary widely.

We’re Right Where You Need Us

Our commercial team knows that running a business means balancing cash flow, people and payments all at the same time. When things move fast, you need a banking partner that takes the time to understand how your business works and build a solution designed to last. Find your banker today.