Banner Bank 2024 ACH Rule Amendments Summary and General Origination Information
As part of our commitment to keeping our ACH origination clients informed of ACH rule changes, we are providing you a summary of recently or soon-to-be implemented Nacha Operating Rules (“Rules”). The rules below are intended to improve Risk Management in the Network for all parties, and your organization may not be directly affected by some or all of these changes. This summary details the impacts of these rule changes on the most common types of corporate origination services, but is not intended to replace the detailed analysis needed to determine the impact these changes have on your specific organization.
1. Minor Rules Topics
Effective June 21, 2024
Summary
There will be several minor rule changes to address minor issues.
Details
- The definition of “Originator” will now identify the Originator as “the party authorized by the Receiver to credit or debit the Receiver’s account at the RDFI.”
- Originators will now have the discretion to make changes when they receive a Notification of Change (“NOC”) of any single entry.
- Nacha’s security requirements will now clearly state they apply to Originators exceeding more than two million entries annually. Originators that cross that threshold for the first time must comply with the Rules by June 30 of the following year.
- The Rules will clearly state Originators are allowed to use prenotifications to revalidate accounts, even if they have already transmitted entries to the Receiver’s account.
- The Rules previously used the term “subsequent entry,” which is now a term with a specific definition in the Rules in some instances. The Rules will no longer use the term except for instances where it meets the new definition.
Impact
These rule changes will have little or no impact on your organization.
2. Minor Risk Management Topics
Effective October 1, 2024
Summary
Several rule updates will attempt to codify common industry practices and address minor network issues.
Details
- The Rules will allow RDFIs to use the R17 return reason code to return entries that they identify as potentially fraudulent. RDFIs are not responsible for detecting fraudulent entries, but this change will give RDFIs directions for action when they do so, which may improve the return of fraudulent entries.
- ODFIs will be able to request RDFIs return entries for any reason and require RDFIs to respond to the ODFI within 10 banking days. This will also help recover fraudulent entries and provide greater visibility into the request status. However, RDFIs will not be required to comply with the return request.
- RDFIs will have additional exceptions to delay posting funds to Receiver accounts if they reasonably suspect a received entry is fraudulent. There may be instances in which Receivers experience a delay in their deposits as the RDFI investigates an issue.
- RDFIs will be able to return a fraudulent debit entry prior to the settlement date. Originators may receive returns quicker in these instances, although the volume will likely be low.
- The Rules will require RDFIs to return debits by the sixth banking day after the RDFI reviews a Receiver’s WSUD. This will have little impact but may enable quicker return of fraudulent entries.
Impact
These will likely have little impact on your organization but may lead to small changes.
3. Origination Fraud Monitoring
Phase 1 – Effective March 20, 2026, for all ODFIs, Originators, Third-Party Service Providers, and Third-Party Senders with ACH volume greater than 6 million in 2023
Phase 2 – Effective June 19, 2026, all ODFIs, Originators, Third-Party Services Providers, and Third-Party Senders
Note: Banner Bank does not currently support Third-Party Senders
Summary
This rule will require all parties on the origination side of entries to have risk-based processes to identify fraudulently originated ACH entries.
Details
The Rules do not currently require Originators to have fraud monitoring processes, except for WEB debit entries. This rule will have requirements for all entries with the goal of detecting and preventing fraud from scams such as business email compromise and fake invoices.
Impact
Originators may already have processes such as anomaly detection or other “flags” that detect and prevent fraudulent entries. Each organization will need to review its processes and procedures to determine if it needs to make updates to meet these new requirements.
4. RDFI Fraud Monitoring
Phase 1 – Effective March 20, 2026, all RDFIs with ACH receipt volume greater than 10 million in 2023
Phase 2 – Effective June 19, 2026, all RDFIs
Summary
This rule will require RDFIs to have processes to review received credit entries to identify potential fraud.
Details
The Rules will not prescribe how RDFIs review entries and will not require RDFIs to review each entry; each RDFI will determine how to comply with this requirement based on its environment.
Originator and Third-Party Sender Impact
This rule, along with the additional exception for funds availability and use of the R17 return reason code, will likely result in more returns of fraudulent entries, reducing losses for Originators, Third-Party Senders, and ODFIs.
5. Company Entry Descriptions
March 20, 2026
Summary
The Rules will require specific company entry descriptions for payroll entries and online purchases of goods.
Details
Originators will be required to use the description “PAYROLL” for PPD credits to pay wages, salaries, and other compensation.
Originators will be required to use the description “PURCHASE” for e-commerce purchases, which will be defined as “a debit entry authorized by a consumer Receiver for the online purchase of goods”
Originator and Third-Party Sender Impact
Originators will need to review the company entry descriptions they use in ACH files and ensure they update these descriptions as required by the Rules. These standardized descriptions will help improve processes to monitor entries for potential fraud. Originators can begin using this description anytime, but must comply with the requirements by the implementation date.
The ACH Network and Nacha Operating Rules continue to evolve to meet the needs of businesses, governments, and consumers who use the network to initiate over $50 trillion in transaction value each year. We encourage clients originating ACH transactions to obtain a copy of the Nacha Operations Rules and Guidelines at www.nacha.org. Also referred to as the “Rules,” this publication serves as the definitive source of information governing the exchange and settlement of funds transferred electronically through the ACH network and details your company’s responsibilities as an ACH Originator.
Questions/Support
Navigating the Nacha Rules can be challenging, so we are here to assist with solutions to help your company better utilize the ACH Network. We recommend discussing your questions with your treasury management consultant, or contact our Treasury Management Support team at 877-856-7933 or treasurymanagement@bannerbank.com (7 a.m. to 6 p.m. PT weekdays).