ACH Rules to Remember in 2023

ACH Rules to Remember in 2023

After several years of changes and moves to modernize the ACH process, 2023 is proving to be a much quieter season when it comes to ACH Rules updates. And while there may be other big payment solutions on the horizon – FedNow Service, anyone? – ACH is still one of the most popular forms of monetary transactions today.

With that in mind, I think a quick refresher on the most recent ACH Rules and a look into any changes for 2023 is a good idea. Don’t you agree? That must be why you’re taking the time to read this article, after all, so let’s jump in!

Past Rules to Remember

In 2021, Nacha introduced the Meaningful Modernization Rules as a way to update and, well, modernize the authorization of ACH transactions. With these Rules, we welcomed the policies on Standing Authorization, Oral Authorization, Other Authorization Proposals, Alternative to Proof of Authorization and Written Statements of Unauthorized Debit (WSUD) via Electronic or Oral Methods.

Then, in 2022, we saw the following updates to the Rules:

March 18, 2022 – Increase in the limit of Same Day ACH transactions from $100,000 per entry to $1 million per entry. This rule change also allowed for additional Same Day ACH use cases for business to business (B2B) payments, insurance claims and disaster assistance payments, as well as reversals.

September 30, 2022 – Clarification on third-party sender roles and responsibilities. This explicitly defined “Nested Third-Party Senders” as a third-party sender that has an agreement with another third-party sender to act on behalf of an originator, but without a direct agreement with the Originating Depository Financial Institution (ODFI). Essentially, these senders are middlemen between the originator and another third-party sender before reaching the ODFI.

The new rule updated the existing Third-Party Sender registration to identify whether a Third-Party Sender has nested Third-Party Sender relationships. Updated registrations are still being accepted and must be completed by March 31, 2023.

In addition, this change laid out specific guidelines for how Nested Third-Party Senders can participate in the transaction process, stating that an Origination Agreement must be present between the Nested Senders and the Third-Party Senders. In the Agreement, both parties must meet certain minimum requirements, which you can find in Nacha’s Third-Party Sender Rules.

Finally, it stated that Third-Party Senders (regardless of status as Nested or not), are required to complete a risk assessment and implement a risk management program that includes, at a minimum, monitoring the origination and return activity of its originators or its Nested Third-Party Senders across multiple settlement dates; enforcing restrictions on the types of entries that may be originated; and enforcing the exposure limit by the Third-Party Sender or ODFI.

September 16, 2022 – Phase One of Micro-Entries. Micro-Entries are essentially test transactions that move small amounts of money – less than $1.00 – for the purposes of confirming the validity of a Receiver account. After several cases of Micro-Entries mishandling, this new Rule introduced standardized practices and formatting for utilizing Micro-Entries, including descriptions and company names to make the entry identifiable, amounts of corresponding credit and debits involved in the entries and ODFI warranty applications.

New Rules for 2023

Again, there isn’t as much new activity slated for this year as there have been in previous ones. In fact, as of now, there is only one Rules update on the schedule for 2023: Micro-Entries Phase Two.

With an effective date of March 17, 2023, Phase Two of Micro-Entries is centered around the security of these test transactions and fighting against potential fraud. The Rule states: An Originator of Micro-Entries must conduct commercially reasonable fraud detection on its use of Micro-Entries, including monitoring of forward and return volumes of Micro-Entries.

The purpose of using commercially reasonable fraud detection is to help minimize the incidence of fraud schemes that make use of Micro-Entries. By monitoring forward and return volumes, credit unions can establish a baseline of normal activity, which will then allow for the detection of anomalous activity.

Other Non-Rules Items of Note in 2023

In addition to Phase Two of Micro-Entries, there are a couple of other important items to note for 2023:

Network Administration Fees
Nacha’s board of directors has approved and announced ACH Network Administration fees. Ok, so it’s not exactly a Rule, but it’s good information to know. Here is the fee schedule:

Nacha Risk Management Framework
Nacha is working on a new risk management framework to aid in the era of credit-push fraud. Some scenarios where credit unions might see this could include business email compromise, vendor and payroll impersonation fraud and account takeover fraud.

While in the past their strategies have focused primarily on unauthorized debits, the new framework is set to identify current fraud threats that result in credit-push payments through the ACH Network and other payment rails, highlight significant challenges that credit-push fraud scenarios present and pinpoint opportunities to improve fraud detection and prevention, as well as aid in the recovery of funds.

As such, the new framework has three main objectives and three areas of focus:

Main Objectives

Areas of Focus

Increase awareness of fraud schemes that utilize credit-push payments

Define the role of receiving account-holding institution

Reduce the incidence of successful fraud attempts

Enable and provide information sharing among financial institutions

Improve the recovery of funds after fraud has occurred

Expand and improve end-user awareness and education

Additional Electronic Funds Transfer News

Beyond the ACH Rules updates and other ACH-related news, there are some additional pieces of information surrounding electronic funds transfer (EFT) updates that will be important in the coming year, particularly in reference to the FedNow Service. Here is a quick rundown:

  • Regulation J – this regulation provides the legal framework for depository institutions to collect checks and other items and to settle balances through the Federal Reserve System. The regulation also specifies terms and conditions under which Federal Reserve Banks will process funds transfers via Fedwire. This includes a new Subpart C, which details funds transfers through the FedNow Service.
  • Operating Circular 8 – In anticipation of the FedNow Service launch, Operating Circular 8 outlines the terms and conditions for funds transfers made through the service. The circular references the accompanying FedNow Service Operating Procedures, which provide operational details on key topics such as participant and service availability expectations, connection profiles, fraud mitigation and reporting and ISO® 20022 messaging used within the FedNow Service.

Well, there you have it, the ACH Rules to remember in 2023. Keep this information at the ready and be alert for any other announcements that pop up throughout the year. You never know what could come down the pike!

Jessica serves as director of education for Macha/PAR. She joined the Macha/PAR team in November of 2021. In this role, Jessica is responsible for providing payment education to Macha/PAR’s member financial institutions. Her areas of expertise include ACH, wire transfer, payments risk, faster payments and government payments. Jessica has worked in the financial industry since 2004. She has held roles in branch and back-office operations, BSA/AML, EFT and product management. Jessica obtained her Accredited ACH Professional (AAP) accreditation in 2019 and her Accredited Payments Risk Professional (APRP) accreditation in 2022.