NACHA Rules

Effective 9/29/17, Valley National Bank, as an Originating Depository Financial Institution (ODFI), is required to register with NACHA its Third-Party Senders and any Nested Third-Party Senders.

The Registration process will provide NACHA with an improved scope of the population of Third Party Senders. The quality of the ACH Network can be enhanced with a Registration process that provides consistent customer due diligence among the ODFIs.

Initial basic information that is furnished includes: corporate name, principal business location, routing number, and company identification number. If NACHA seeks additional information, we are required to comply with the request.

When NACHA believes that a Third-Party Sender (or Nester) poses an escalated risk, additional information may be required and requested from the bank. NACHA would request such information when they believe there is a risk of:

• Financial loss to one or more Participating DFI’s, Receivers, or Originators
• Violation of the Rules or applicable laws
• Excessive Returns

2021 ACH Holiday Schedule
2022 ACH Holiday Schedule

2019 - January: ACH Rules Compliance Audit Requirements Consolidated in Article One
Previously the general obligation for participating DFIs (Depository Financial Institutions) and certain Third-Party Service Providers (TPSPs) and Third-Party Senders (TPSs) to conduct an audit was within Article One, Section 1.2.2. and the details pertaining to the audit obligations were located within Appendix Eight (Rule Compliance Audit Requirements) of the Rules.  Effective January 1, 2019, the requirement to conduct an annual compliance audit is consolidated within Article One of the Rules.  The prescribed list of topics that had been in Appendix Eight previously in the Rules is now part of the Guidelines as guidance. 

 
2019 - June: RDFIs (Receiving Depository Financial Institutions) have Option to Return for Questionable Transaction
Effective June 21, 2019, this change allows RDFIs, but it is not required of RDFIs, to indicate within a return that the original transaction was questionable or part of anomalous activity. RDFIs electing to return under this circumstance would use R17 as the return reason code and would indicate “QUESTIONABLE” in the Addenda information field.
 

2019 - September: Providing Faster Funds Availability for Same Day and Next Day ACH Credits
Effective September 20, 2019, this new rule increases the speed of funds availability for certain Same Day ACH and next-day ACH credits.  There are two changes with this rule, first, funds from Same Day ACH credits processed in the existing, first processing window will be made available to receivers by 1:30 p.m. RDFI local time.  Secondly, funds from non-Same Day ACH credits will be available by 9:00 a.m. RDFI local time on the settlement day, if the RDFI had them by 5:00 p.m. on the previous day.  This applies the existing “PPD rule” to all ACH credits.
 

March – Same Day ACH per Transaction Increases to $100,000
Effective on March 20, 2020, the per-transaction dollar limit for Same Day ACH transactions will increase from $25,000 to $100,000.


April – New R11 Will Differentiate Unauthorized Return Reasons
Effective on April 1, 2020, the Rule to better differentiate unauthorized return reasons goes into effect. Up until this time, return reason R10 with the description of “Unauthorized” has been a catch-all for various types of ACH debit returns including those when the originator has made an error. R11, a re-purposed reason will going forward have the description of “Customer Advises Entry Not In Accordance with the Terms of the Authorization”. R11 will be used to return an ACH entry when a receiving financial institution receives a claim from their account holder that the ACH entry has an error such as the wrong date or the incorrect amount. R11 will have the same 60-day extended return time frame and requirement for a Written Statement as with R10 and the sender of the ACH debit will not be required to obtain a new authorization if the error is corrected. R11 returns will be covered by the Unauthorized Entry Return Rate reporting requirement as with R10 returns. The Unauthorized Entry Fee for R11 returns will take effect on April 1, 2021.

March - Supplementing Fraud Detection Standards for WEB Debits
Effective on March 19, 2021, the rule change is intended to enhance quality and improve risk management within the ACH Network by supplementing the fraud detection standard for Internet-initiated (WEB) debits. ACH originators of WEB debit entries have always been required to use a “commercially reasonable fraudulent transaction detection system” to screen WEB debits for fraud. The existing screening requirement is supplemented by this change to make it explicit that “account validation” is part of a “commercially reasonable fraudulent detection system”. The supplement requirement would apply to the first use of an account number or changes to the existing account. 


March – Expanding Same Day ACH to Later Deadline
The effective date of a new, third Same Day ACH processing window is March 19, 2021. RDFIs must make funds available for SDA credits in this new SDA processing window no later than the end of its processing day.
 

April-R11 Returns
Effective April 1, 2021, the existing Unauthorized Entry Fee will be applied to R11 Returns.


June-Limits on Warranty Claims
This rule limits the length of time in which an RDFI will be permitted to make a claim against the ODFI’s authorization warranty.  The Rule is effective June 30, 2021.

For an entry to a consumer account, there are two time periods.

• The Rule will cover the first 95 calendar days from the Settlement Date of the first unauthorized entry
• If outside the first 95 days, then two years from Settlement Date of the entry
  • This allows for “extenuating circumstances” in which the consumer is delayed in reporting an error

For an entry to a non-consumer account, the time limit will be one year from the Settlement Date of the entry.


June-Reversals and Enforcement
This rule has two focal points:

• Deter and prevent the improper use of Reversals
• Improve enforcement capabilities for egregious violations of the Rules

While the Enforcement Rule is effective January 2, 2021, the Reversals Rule is effective June 30, 2021.

Rule expands and identifies permissible reasons for a Reversal to include a “Wrong Date” error. 

• Reverse a debit that was for a date earlier than intended by the Originator
• Reverse a credit that was for a later date than intended by the Originator
• Reversal information must be identical to the original entry for Company ID, SEC Code, and Amount fields

When is the origination of a Reversal Improper?

• Cannot initiate reversal because an Originator or Third-Party Sender failed to provide funding for the original entry or file
• Cannot initiate reversal of entry or file beyond the time period permitted by the Rules
  • Must be sent to the Operator within five Banking Days after Settlement Date of the Erroneous File

Rule permits the RDFI to return an Improper Reversal, using

• R11 for Consumer Accounts with 60 day return upon receiving a consumer claim
• R17 for Non-Consumer Accounts with a two-day return timeframe

For Enforcement of the Rule, an Egregious Violation is defined as:

• Willful or reckless action
• Involves at least 500 entries or multiple entries in the aggregate amount of at least $ 500,000

The ACH Rules Enforcement Panel determines if violation is egregious and to classify as a Class 2 or Class 3 Rules Violation.  The sanction for a Class 3 violation can be up to $ 500,000 per occurrence and a directive to the ODFI to suspend the Originator or Third-Party Sender.  NACHA to report Class 3 Rules violations to the ACH Operator and industry Regulators.


June – Supplementing Data Security Requirements for Large Originators, Third-Party Service Providers (TPSPs) and Third-Party Senders (TPSs)
The Supplementing Data Security Requirements originally scheduled for a June 2020 implementation has been moved to a June 2021 implementation. 
 
Effective on June 30, 2021, this change to the Rules is intended to enhance quality and improve risk management within the ACH Network by supplementing the existing account information security requirements for large-volume Originators and Third Parties. Participants are required to protect deposit account information collected for or used in creating ACH transactions by rendering it unreadable when it is stored electronically. 

This change will be implemented in two phases:

• The rule initially applies to ACH originators, TPSPs and TPSs with ACH volume of 6 million transactions or greater annually. An ACH originator, TPSP or TPS that originated 6 million or more ACH transactions in calendar year 2019 would need to be compliant by June 30, 2021.
• The second phase would apply to ACH originators, TPSPs and TPSs with ACH volume of 2 million transactions or greater annually in the 2020 calendar year and compliance is required by June 30, 2022.

September 17, 2021-Meaningful Modernization Purpose

• Improve and simplify the ACH user experience
• Facilitate the adoption of new technologies and channels for the authorization and initiation of ACH payments

Standing Authorization Definition

• An advance authorization by a consumer of future debits at various intervals
• Future debits may be initiated by the consumer through further action, distinct from recurring entries which require no further action and occur at regular intervals

Standing Authorization Details

• May be obtained in written or oral form
  • Allows for new methods and channels to make use of verbal interactions and voice-related technologies
• Payments initiated will be defined as Subsequent Entries
  • Entries may be initiated in any manner identified in the Standing Authorization
• Allows Originators flexibility in the use of SEC codes for individual Subsequent Entries
  • Originator can use TEL or WEB codes for Subsequent Entries when initiated by the phone or Internet/Wireless Network
    • Regardless of how the Standing Authorization was obtained

NOTE: (Exception) An Originator that obtains the Receiver’s Standing Authorization as an Oral Authorization via a telephone call, or via the Internet or a Wireless Network, may not identify a Subsequent Entry using the PPD Standard Entry Class Code.

• Payment Type Code will become optionable for TEL and WEB
  • S for Single Entry
  • R for Recurring Entry
  • ST for Standing Authorization
• Discretionary Data Field will be used for PPD entries
  • S for Single Entry
  • R for Recurring Entry
  • ST for Standing Authorization

NOTE:  Existing Authorizations are not impacted by the new changes; HOWEVER, new authorizations or updates to existing authorizations must conform to the revised minimum standards for consumer debit authorizations.
 
Requirements and Retention Periods for Oral Authorization
Standing Authorizations Orally Obtained, the Originator responsibilities include

• (a) make an audio recording of the Oral Authorization or provide the Receiver with written notice confirming the Oral Authorization prior to the settlement of the first Subsequent Entry; and
• (b) retain the original or duplicate audio recording of the Oral Authorization, or the original or copy of the written notice confirming the Oral Authorization, for two years from the termination or revocation of the Standing Authorization