Explore 2026 Nacha rule changes

Treasury Management

Understand how Nacha updates affect you

The National Automated Clearing House Association, known as Nacha, will implement several rule updates in 2026 that will impact all participants in the ACH network.

The upcoming changes are intended to reduce the incidence of fraud and improve the recovery of funds after fraud has occurred by enlisting the assistance of  participants in the ACH network, including:

  • ACH client originators
  • Originating depository institutions (ODFIs)
  • Receiving financial institutions (RDFIs)
  • Third-party senders (TPSs) and third-party service providers (TPSPs).

More resources explaining the 2026 Nacha rule changes

 

Nacha is the governing body that oversees the ACH network in the United States. This network provides the foundation for millions of electronic transactions that occur each day.

Nacha periodically updates the Operating Rules to reflect the evolving needs of the ACH Network and to strengthen its security and efficiency. The upcoming 2026 changes are specifically designed to reduce the occurrence of fraudulent transactions and enhance the ability to recover funds in the event of fraud.

  • Effective March 20, and June 22, 2026 – Fraud monitoring by originators, TPS providers, TPSs, and ODFIs
    • All parties, including ACH clients, are required to establish risk-based processes and procedures that are reasonably intended to identify entries that are suspected of being unauthorized or sent under false pretenses.
    • These processes and procedures do not require the screening of every ACH transaction individually, and the screening is not required to be performed in advance of the processing of each entry. However, the new rules clearly stipulate that failure to have some type of risk-based monitoring in place would be unacceptable.
    • The rules change will take place in two phases. Phase 1 of this rule will become effective March 20, 2026, and will apply to all ODFIs, and to any non-consumer originators, TPSs, and TPS providers whose ACH origination or transmission volume exceeded 6 million transactions in 2023.
      Phase 2 will apply to all other ODFIs, non-Consumer Originators, TPSs, and TPS Providers on June 22, 2026.
  • Effective March 20, 2026 – Standard company entry description – PAYROLL
    • FACH originators and TPSs must include the word “PAYROLL” in the Company Entry Description field for all Prearranged Payment Deposit (PPD) credit payroll batches.
    • ODFIs and RDFIs are under no obligation to confirm the employment of that term or to verify that it is being used properly.
  • Effective March 20, 2026 – Standard Company Entry Description – PURCHASE
    • The ACH client must include the word “PURCHASE” in the Company Entry Description field when the batch includes e-commerce web debit purchases.
  • Implement risk-based controls: Establish and maintain risk-based processes and procedures appropriate to the role each party plays in the handling of ACH entries (i.e. ODFI, ACH Originator, TPS, TPSP). These controls should be reasonably designed to identify entries that may be unauthorized or authorized under false pretenses.
  • Conduct regular reviews: Review these processes and procedures at least annually and update them as necessary to address emerging threats and evolving fraud risks.
  • If you are a third-party sender, your policies and procedures will likely be reviewed as part of your annual audit for compliance with the Nacha rules.

Please note: Failure to have some type of risk-based monitoring in place is considered unacceptable. A finding of noncompliance could be a rules violation for which the entity may be subject to penalties, including significant fines.

Related Insights

View more