2021 Nacha ACH Rules: What's Changing?

2021 Nacha ACH Rules: What's Changing?

There are many words that could be used to describe the last year. One that comes to mind is the word “change.” There were TONS of changes in 2020 and there are definitely more ahead for 2021. But this post is going to focus on one thing...the operations and rules of ACH. Keep reading to find out more about the Nacha ACH rule changes that will be coming down the road.

What’s changing in 2021?

So what rule changes are slated to happen in 2021? There are six major changes happening over the course of the year ahead. Two will take effect in the spring, three in the summer and one in the fall. Let’s take a look!

Supplementing WEB Debit Fraud Detection Standards Rule

Effective Date: March 19, 2021

For ACH debits authorized by consumers via the internet, there is currently a rule to ensure that there are “reasonable” fraud standards in place through the use of a detection system. In 2018, Nacha members approved the WEB Debit Account Validation Rule, which requires account validation to be part of a commercially reasonable fraudulent transaction detection system and must be used on first use of the account or any account changes. This rule went into effect on January 1, 2020, but an extension was granted for financial institutions to make all the necessary adjustments for compliance.

Expansion of Same Day ACH Deadline Rule

Effective Date: March 19, 2021

Beginning on March 19, 2021, Same Day ACH transactions can be submitted for an additional two hours during a given business day. The eligible processing window will expand from 2:45 p.m. ET to 4:45 p.m. ET. The hope of this rule change is to provide more time for submitting Same Day ACH transactions, while creating minimal impact to end-of-day processing activities for financial institutions.

Additional Data Security Requirements Rule

Effective Date: June 30, 2021

We all know of the Rule on Supplementing Data Security Requirements. This is a two-phased approach that was introduced to implement increased security measures for large, non-financial institution originators, third-party senders and third-party service providers by making deposit account information indecipherable when stored electronically. The first phase will go into effect on June 30, 2021, and will require the aforementioned providers with ACH volumes equal to or exceeding six million transactions a year to implement the process of making deposit account information unreadable.

Phase two will occur in 2022, and will impact large, non-financial institution originators, third-party senders and third-party service providers with ACH volumes of two million or greater transactions in a year. (We’ll be sure to post a reminder about this next year!)

Limitation on Authorization Warranty Claims Rule

Effective Date: June 30, 2021

This new rule puts a limit on the amount of time a receiving depository financial institution (RDFI) can make a claim against the originating depository financial institution (ODFI) for authorization warranty. There are two categories of accounts that impact the length of time for authorization warranty claims: non-consumer accounts and consumer accounts.

For non-consumer accounts, the length of time to submit a warranty claim for RDFIs will be one year from the entry’s settlement date.

For consumer accounts, there are more considerations and more limitations. We’ll call them tier one and tier two for the sake of clarity.

  • Tier one: the first 95 days after the settlement date of the first unauthorized entry. According to Nacha, “This period covers the time period in Regulation E in which an RDFI may be liable to a consumer for errors for 60 days from the transmittal of an account statement that shows the first error.”
  • Tier two: If a claim cannot be made within the first 95 days, the limit extends to two years from the entry’s settlement date. According to Nacha, “This period exceeds the one-year Statute of Limitations in the Electronic Funds Transfer Act (covering Regulation E claims), which runs from the date of the occurrence of the violation, which may be later than the settlement date of the transaction.” Tier two also accounts for circumstances where consumer reporting is delayed.

Reversals and Enforcement Rules

Effective Date: June 30, 2021

These are two separate rules that seek to minimize the improper use of reversals and their effects on the ACH process. Let’s dive deep into the first rule –reversals.

Reversals Rule

This rule spells out what is considered to be an improper use of reversals for ACH transactions, exceptions for reversals classified as “wrong date” and the required formatting for reversals.

For improper use of a reversal, there will be specific return reasons that will be permissible once the rule is in place. These include return codes R11 (within 60 days of receiving a consumer claim), R17 for non-consumer accounts only (within two days) and R17 if the financial institution identifies an improper reversal without a consumer claim (within two days).

With the extension of the “wrong date” exceptions, institutions may submit a reversal if a debit entry was dated earlier or later than the originator intended.

Also as part of this rule, the formatting requirements for reversals will mirror those for reinitiated entries. Just to reiterate, the Company ID, SEC Code and Amount fields must match the original entry exactly. However, additional fields can be edited (within reason) for simplified processing.

Enforcement Rule

Under the new enforcement rule, egregious reversal violations and assignment of Class 2 and Class 3 violations will be addressed. According to Nacha, an egregious violation is characterized as “a willful or reckless action” and one that “involves at least 500 entries, or involves multiple entries in the aggregate amount of at least $500,000.”

Meaningful Modernization Rule

Effective Date: September 17, 2021

This rule will address different types of authorization meant to reduce barriers and burdens to ACH processing, as well as provide clarity in transactions and encourage the adoption of new forms of technology for a simplified process. Here are the types of authorization that will be part of the Meaningful Modernization rule, per Nacha:

  • Standing Authorization – an advance authorization from a consumer for future debits
  • Oral Authorization – an authorization method for consumer debits that is received via phone call
  • Modifications for flexibility, clarity and consistency of acceptable authorization methods
  • Alternative to Proof of Authorization – permission to accept returns as an alternative to providing proof of authorization
  • Written Statement of Unauthorized Debit – this states that RDFIs can accept a written statement of unauthorized debits (WSUD) from a consumer via both electronic and oral means. In addition, consumers can confirm a WSUD with an electronic signature.

Those are the rule changes – now what?

So, wow, that’s a lot of information! But it’s all for the purpose of simplifying and securing the ACH process for credit unions and other financial institutions. If you want to look even further into the upcoming ACH rule changes for 2021, I will be hosting several webinars this month, which I encourage you to register for at www.vfccu.org. They do tend to fill up quickly, though. If you are unable to attend the live webinars, Vizo Financial will be providing a recording following the final session. You’ll be able to find that on Vizo Financial's Webinar Recordings page, under the Payments tab. And, of course, you can view upcoming rule changes by visiting Nacha's site directly.

There are lots of resources at your disposal to help you prepare and make any necessary changes for compliance with the 2021 rule changes, including the ones above PLUS our experts here at Vizo Financial. Feel free to reach out to us if you’d like to discuss the changes or have any questions. Just email marketing@vfccu.org and we’ll be happy to help!