Summary of Recent and Upcoming NACHA Operating Rule Changes

 

ACH Rules Compliance Audit Requirements

The language changes become effective on January 1, 2019 to apply to audits required to be conducted by December 31, 2019.

This Rule modifies the following areas of the NACHA Operating Rules:

  • Article One, Subsection 1.2.2 (Audits of Rules Compliance) – consolidates the core audit requirements described within Appendix Eight under the general obligation of participating DFIs and third-party service providers/senders to conduct an audit
  • Appendix Eight (Rule Compliance Audit Requirements) – eliminates the current language contained within Appendix Eight; combines relevant provisions with the general audit obligation required under Article One, Subsection 1.2.2

This rule change modifies the Rules to provide financial institutions and third-party service providers with greater flexibility in conducting annual Rules compliance audits.  The rule does not change the requirement to conduct a Rules compliance audit annually, but rather changes the structure of the audit requirement within the Rules by consolidating requirements for the annual Rules compliance audit into one section and removing redundant material. For ODFIs with no Third-Party Sender customers, the Rule will require the ODFI to acknowledge this in a statement to NACHA. NACHA will provide a simple means through the registry to make such a statement.


Minor Rule Changes

These minor changes become effective January 1, 2019.

Minor changes to the Rules have little-to-no impact on ACH participants and no significant processing or financial impact.

These changes modify the following areas of the NACHA Operating Rules:

  • ACH Operator Edits – changes requested by an ACH Operator to reflect existing file editing practices, primarily related to duplicate file detection and customer notification (Appendix Two, Part 2.1, Part 2.2, Part 2.3, Part 2.4, Part 2.5, Appendix Three, Subpart 3.2.1)
  • TEL Authorization – clarifies that general authorization requirements apply to authorization of TEL entries, and that TEL entries are to consumer accounts; no change to intent (Article Two, Subsection 2.5.15.1, Subsection 2.5.15.2)
  • Credit refused by Receiver – reflects existing practices regarding circumstances under which an RDFI is, or is not, obligated to return a credit entry that has been declined by a Receiver (Article Three, Subsection 3.8.3.2)
  • Reinitiation – clarifies language that reinitiation is limited to two times; no change to intent (Article Two, Subsection 2.12.4.1)
  • Reclamations – clarifies language regarding conditions under which an RDFI may return a Reclamation Entry or reject a Written Demand for Payments; no change to intent (Article Three, Subsection 3.6.2)
  • ACH Operator Edits
    This change aligns the Rules with current ACH Operator file editing practices.


Detailed Information:


Clarification on TEL Authorization Requirement
This change makes clear that the general rules governing the form of authorization for all consumer entries apply to TEL entries. This rule also incorporates a reference to consumer account within the general rules for TEL entries.

Clarification of RDFI Obligation to Return Credit Entry Declined by Receiver
This change clarifies the specific conditions under which an RDFI is excused from its obligation to return a credit entry. It also modifies the language to refer to an entry being “declined” (rather than “refused”) by the Receiver.

Editorial Clarification on Reinitiation of Return Entries
This editorial change clarifies the existing intent that reinitiation is limited to 2 times.

Editorial Clarification on RDFI Liability Upon Receipt of a Written Demand for Payment
This editorial clarification makes clear that an RDFI may return a Written Demand for Payment only if it was not properly originated by the ODFI.


Return for Questionable Transaction


The following changes to the NACHA Operating Rules will become effective on June 21, 2019. 

This Rule modifies the following areas of the NACHA Operating Rules

  • Appendix Three, Subpart 3.2.2 Glossary of Data Elements (Addenda Information) to address proper formatting within the Addenda Information field when using R17 to return a questionable transaction.
  • Appendix Four, Part 4.2 (Table of Return Reason Codes) to include using R17 for Entry with Invalid Account Number Initiated under Questionable Circumstances.

RDFIs may but are not required to use return reason code R17 to indicate that the RDFI believes the entry was initiated under questionable circumstances. RDFIs electing to use R17 for this purpose will use the description “QUESTIONABLE” in the Addenda Information field of the return. An R17 in conjunction with this description enables these returns to be differentiated from returns for routine account number errors.


Providing Faster Funds Availability


The following changes to the NACHA Operating Rules will become effective on September 20, 2019. 

This Rule modifies the following areas of the NACHA Operating Rules

  • Article Three, Subsection 3.3.1 General Rule for Availability of Credit Entries to Receivers
  • Article Three, Subsection 3.3.1.1 Availability of Credits that are Not Same Day Entries
  • Article Three, Subsection 3.3.1.2 Availability of Credits that are Same Day Entries


Establishes additional funds availability standards for ACH credits

  • Funds from Same Day ACH credits processed in the existing, first processing window will be made available by 1:30 p.m. in the RDFI's local time
  • Funds from non-Same Day ACH credits will be available by 9:00 a.m. RDFI's local time on the Settlement Date, if the credits were available to the RDFI by 5:00 p.m. local time on the previous day (i.e., apply the existing “PPD rule” to all ACH credits)

Effective January 1, 2020

Supplementing Fraud Detection Standards for WEB Debits

The following changes to the NACHA Operating Rules will become effective on January 1, 2020. 

This Rule modifies the following areas of the NACHA Operating Rules:

  • Article Two, Subsection 2.5.17.4 (Additional ODFI Warranties for Debit WEB Entries) to make explicit that a fraudulent transaction detection system must, at a minimum, validate the account to be debited.

Currently, ACH Originators of WEB debit entries are required to use a “commercially reasonable fraudulent transaction detection system” to screen WEB debits for fraud. This existing screening requirement will be supplemented to make it explicit that “account validation” is part of a “commercially reasonable fraudulent transaction detection system.” The supplemental requirement applies to the first use of an account number, or changes to the account number.

Potential Impacts:

  • Possible re-tooling of ACH Originators’ fraud detection systems ◦Or implementation of a system for Originators who currently do not perform any fraud detection for WEB debits
    • These impacts could increase the cost of originating WEB debits for some parties
  • RDFIs could receive a greater volume of ACH prenotifications, micro-transactions, or other account validation requests ◦Some could be in lieu of receiving live-dollar transactions initially