In a bid to combat the rising tide of fraudulent activities plaguing financial transactions, particularly those involving credit-push payments, members of Nacha have voted to implement a set of groundbreaking rules. These rules aim to stem the tide of scams like business email compromise (BEC) by establishing a robust framework for monitoring ACH payments within the ACH Network.
Fraudulent activities, such as BEC, vendor impersonation, and payroll impersonation, have been on the rise, leading to significant financial losses for businesses and individuals alike. According to the FBI's Internet Crime Complaint Center's 2023 annual report, BEC complaints alone totaled a staggering $2.9 billion in reported losses. The sheer prevalence of these scams underscores the urgent need for decisive action to protect the integrity of financial transactions.
Recognizing the severity of the situation, Nacha has taken proactive steps to address the issue. The newly approved rules mark a significant milestone in the fight against fraud, empowering financial institutions to play a more active role in detecting and preventing fraudulent transactions.
Jane Larimer, President and CEO of Nacha, emphasized the collective responsibility of all participants in the ACH Network to combat fraud. "All participants in the ACH Network have a part to play in reducing the incidence of fraud, and recovering when fraud has occurred," said Larimer. "I applaud Nacha’s members for taking this important step of self-governance."
Key provisions of the new rules include the establishment of a baseline level of ACH payment monitoring for all parties involved in the ACH Network, except consumers. While the rules do not shift liability for ACH payments, they do introduce a significant change by assigning a defined monitoring role to receiving financial institutions (RDFIs) for the first time.
The impetus for these new rules came in late 2022 when Nacha released its "Risk Management Framework for the Era of Credit-Push Fraud." This strategic framework expanded the focus of fraud detection and prevention to include fraudulent activities utilizing credit-push payments, such as ACH credits.
Furthermore, the rules follow the flow of credit-push payments, facilitating the detection of fraud from the point of origination to the point of receipt at an RDFI account. In cases where fraud is detected, the rules empower originating financial institutions (ODFIs) to request the return of payments, RDFIs to delay funds availability to examine payments more closely, and RDFIs to return suspicious transactions proactively.
An additional rule introduced by Nacha aims to streamline transaction monitoring by RDFIs by standardizing transaction descriptions for ACH credits used in payroll payments. While these rules specifically apply to ACH payments, their principles and techniques are broadly applicable to all types of credit-push payments.
While some of the new rules are effective as of October 1 of this year, the rule amendments related to fraud montirong become effective on March 20, 2026 and are part of a larger Risk management package. If you have any questions about these new rule requirements and how they might impact your operations, our trusted NPG advisors can help. Simply reach out to info@neachgroup.com.