Nacha Rules Resources Center
Your central hub for FAQs, timelines, and tools to confidently plan and manage compliance.
FAQ
Effective March 20, 2026 - Standardized Company Entry Descriptions
This rule change applies to all Non-consumer originators, TPSPs, and TPSs.
Standardized use of the Company Entry Description to help parties in the ACH Network identify, monitor, and count the volume of payments for specific purposes and help manage risk.
Included in the Nacha rule amendments are two newly defined Company Entry Descriptions:
PAYROLL
- Establishes a new standard description for credit Entries with a Standard Entry Class code of PPD for payment of wages, salaries, and similar types of compensation.
- The Company Entry Description must contain the word PAYROLL in the first seven (7) characters of the field.
- Entries with this description make no representation or warranty to the RDFI or to the Receiver regarding the Receiver’s employment status.
PURCHASE
- Establishes a new standard description for debit Entries with a Standard Entry Class Code of WEB for e-commerce purchases.
- The Company Entry Description field must contain the word PURCHASE.
- Improved, targeted risk mitigation and tools may be used as participants can better identify the purposes of transactions.
- For payroll, it can help support RDFI transaction monitoring and fund availability logic.
- For e-commerce purchases, it enables the identification of such transactions.
- Standardized use of data can help parties manage risk and improve ACH quality.
- Originators/Third-Party Service Providers/ODFIs for these transaction types will need to update their systems to use the required Company Entry Description(s).
- RDFIs may choose to leverage intelligence enabled by new descriptors, but they would not be required to act on these descriptions.
- The ODFI has no obligation to verify the presence or accuracy of the words “PAYROLL” or “PURCHASE” as a description of purpose.
Effective March 20, 2026 - Fraud Monitoring - Phase 1
- Non-Consumer Originators, TPSPs, and TPSs with annual ACH origination volume of 6 million or greater in 2023.
- All ODFIs.
- RDFIs with an annual ACH receipt volume of 10 million or greater in 2023.
ACH Originator Fraud Monitoring
- Requires qualified ACH Originators to establish and implement risk-based processes and procedures reasonably intended to identify ACH Entries initiated due to fraud.
- The amendment is intended to reduce the incidence of successful fraud attempts.
- Regular fraud detection monitoring can establish baselines of typical activity, making atypical activity easier to identify.
RDFI ACH Credit Fraud Monitoring
- Requires qualified RDFIs to establish and implement risk-based processes and procedures designed to identify credit Entries initiated due to fraud.
- RDFIs have a view of incoming transactions as well as account profile information and historic activity on Receivers’ accounts.
- A risk-based approach to monitoring can consider factors such as transactional velocity, anomalies (e.g., SEC Code mismatch with account type), and account characteristics (e.g., age of account, average balance, etc.). This aligns with AML monitoring practices in place today.
- Based on its monitoring of incoming credits, an RDFI may decide to return an entry or contact the ODFI to determine the validity of a transaction.
- Expanding fraud-detection responsibilities to more parties in the ACH Network provides additional opportunities to detect and prevent fraud, especially for fraud that leverages credit-push payments.
- Reducing the incidence of successful fraud and improving the quality of transactions in the ACH Network.
- Enabling RDFIs to exercise heightened scrutiny of accounts that are receiving fraudulent or potentially fraudulent transactions and improving funds recovery.
- Organizations that are not currently monitoring for fraud need to implement or update their fraud-detection processes and procedures. For those that already have a monitoring system in place for WEB Debits or Micro-Entries, the impact will be less significant.
- Receiving Depository Financial Institutions (RDFIs) must establish effective processes and procedures to identify transactions that are potentially unauthorized or authorized under false pretenses. If current systems are inadequate, RDFIs should enhance or update them, including their alerting mechanisms.
- Additionally, RDFIs may need to facilitate internal information sharing among teams responsible for monitoring transactions for suspicious activity, as well as between operations and relationship management teams. teams.teams.
Effective June 22, 2026 - Fraud Monitoring - Phase 2
- All other Non-Consumer Originators, TPSPs, and TPSs.
- All other RDFIs
- All ACH Originator Fraud Monitoring Nacha rules changes outlined in Phase 1 apply to all Non-Consumer Originators, TPSPs, and TPSs, regardless of their ACH origination volume.
- All RDFI ACH Credit Fraud Monitoring Nacha rules changes outlined in Phase 1 apply to all RDFIs, regardless of their ACH receipt volume.