Nacha Fraud Monitoring Phase 1 Takes Effect, Requiring Risk-Based Screening of ACH Payments

Nacha's fraud monitoring rule Phase 1 takes effect on March 20, 2026, marking one of the most significant operational compliance changes to the ACH network in recent years. The rule amendments require all Originating Depository Financial Institutions, along with non-consumer Originators, Third-Party Service Providers, and Third-Party Senders with annual ACH origination volume of six million or greater in 2023, to establish and implement risk-based processes and procedures reasonably intended to identify ACH entries initiated due to fraud.

Receiving Depository Financial Institutions are also brought within the monitoring framework for the first time. RDFIs with annual ACH receipt volume of ten million or greater in 2023 must now implement risk-based processes and procedures designed to identify credit entries initiated due to fraud. The rule allows institutions to take a risk-based approach, considering factors such as transactional velocity, anomalies including SEC code mismatches with account types, and account characteristics such as account age and average balance.

The rule also introduces new Company Entry Description field requirements. Originators must now use the value PAYROLL for all PPD credit entries that pay wages, salaries, or similar compensation, and PURCHASE for e-commerce purchase debits. These standardized descriptors are designed to improve downstream fraud detection by giving receiving institutions clearer signals about payment intent.

Phase 2, scheduled for June 19, 2026, will eliminate the volume thresholds entirely, extending the fraud monitoring mandate to all non-consumer Originators, Third-Party Service Providers, and Third-Party Senders regardless of their origination or transmission volume. At that point, every institution originating or receiving ACH payments will be required to have comparable monitoring in place.

The rule amendments are part of a broader Nacha risk management package intended to reduce the incidence of successful fraud attempts and improve the recovery of funds after frauds have occurred. Industry observers note that many smaller financial institutions are still preparing their compliance programs ahead of the Phase 2 deadline.