On March 18, Nacha, the organization that governs the ACH network, announced that its members approved a new set of rules aimed at reducing the incidence of frauds, such as business email compromise (BEC), that exploit credit-push payments. These rules establish a base level of ACH payment monitoring for all parties in the ACH Network, excluding consumers. While these rules do not alter the liability for ACH payments, they do, for the first time, assign a defined role to receiving depository financial institutions (RDFIs) in monitoring the ACH payments they receive.
The first amendment becomes effective October 1, 2024 and does the following:
- Allows an RDFI to use return reason code R17 to return an entry that it thinks is fraudulent.
- Expands the use of request for return (R06) for the originating depository financial institution (ODFI) to request a return from the RDFI for any reason.
- Provides RDFIs with an additional exemption from the funds availability requirements to include credit entries that the RDFI suspects are originated under false pretenses.
- Provides that a written statement of unauthorized debit (WSUD) may be signed and dated by the receiver on or after the date on which the entry is presented to the receiver (either by posting to the account or by notice of a pending transaction), even if the debit has not yet been posted to the account.
- Requires the RDFI to return a consumer debit that has been claimed to be unauthorized by the opening of the sixth banking day following the completion of its review of the consumer’s signed WSUD.
The second phase of amendments becomes effective on March 20, 2026.
The Gold Book will be updated accordingly as the compliance date(s) approaches.
Article originally appeared on Banking Spectrum (https://www.bankingspectrum.com/).
See website for complete article licensing information.