Connect ► twitter| youtube|  Log In ► Members Only  |  Corporate One Safekeeping  |  Search

ACH Topics: New year, new rules

By: Jen Kirk, AAP, EPCOR Vice President, Education



There are a significant number of changes impacting the payments industry this year. Here are three ACH topics that take effect in 2019.



Same Day ACH

Same Day ACH was introduced in 2015 and was phased into the ACH Network over three years ago. Like any new undertaking, there are details that continue to be fine-tuned. Same Day ACH is no different. Three changes are expected in the next two years:

  • Establish Additional Funds Availability Standards for ACH Credits
    Effective September 20, 2019

    To date, Same Day ACH (SDA) items made available to RDFIs throughout the day could be held until 5 pm Local Time before they were made available to account holders. Effective later this year, funds made available to RDFIs in the first SDA processing window must be made available by 1:30 pm local time. Funds from the 2nd Same Day ACH Processing window must still be made available by 5 pm local lime. And, when the new Same Day ACH processing window becomes effective in the third quarter of 2020, funds from the 3rd Same Day ACH Processing window should be made available by the end of a financial institution’s processing day.

    This new rule impacts traditional ACH transactions as well. Previously, only PPD credits had a specific time for RDFIs to make funds available. But, on September 20, 2019, ALL credits that are made available to an RDFI prior to 5 pm local time the day prior to settlement date must be made available to account holders no later than 9 am local time on the settlement date. This applies to all standard entry class codes, including B2B (Business to Business) payments.

  • Increase Same Day ACH Dollar Limit to $100,000 per Transaction
    Effective Mach 20, 2020

    While this updated ACH Rule does not need much explanation, increasing the Same Day ACH transaction limit from $25,000 to $100,000 allows for more B2B items to be processed as Same Day ACH transactions.

  • Create a Third Same Day ACH Window
    Effective September 18, 2020 (contingent on FRB Board of Governors changes necessary to support ACH Rule change)

    The third part of the Same Day ACH Rules updates adds a third window for ODFIs to submit Same Day ACH transactions. In September 2020, the ACH Rules will allow Same Day ACH transactions to be transmitted until 4:45 pm ET. Same Day ACH transactions sent in this window would be available to RDFIs by 5:30 pm ET and should be made available by the end of their processing day. Federal Reserve Bank Settlement for these transactions will be at 6 pm ET.

ACH Quality and Risk Management Topics

Also a hot topic for NACHA is risk mitigation. The following updated ACH Rules continue to ensure that as many bad ACH transactions as possible are kept out of the ACH Network:

  • Return Code for Questionable Transaction
    Effective June 21, 2019

    Currently the process for an RDFI is to return an item as R03/R04 (No Account/Unable to Locate Account or Invalid Account Number Structure) when there is an account number error, but this current process does not give RDFIs a specific means to let the ODFI know they have reason to believe the transaction is initiated under questionable circumstances. Beginning June 21, 2019, the RDFI may, but is not required, to use R17 (File Record Edit Criteria) to indicate that transaction is questionable, suspicious or anomalous in some way. When returning an item as R17 due to questionable circumstances, the RDFI must use “QUESTIONABLE” in Addenda Information field of the return.

  • Supplementing Fraud Detection Standards for WEB Debits
    Effective January 1, 2020

    In an effort to help prevent fraudulent payments from being initiated through ACH over the Internet, several years ago NACHA implemented a requirement for WEB Originators to implement a commercially reasonable transaction detection system. This ACH rule is being updated to include “account validation” as part of the commercially reasonable fraudulent transaction detection system required when originating WEB transactions. The new rule does not require how the Originator validates an account, only that they do. Account numbers collected for WEB transactions prior to January 1, 2020 will not have to be re-collected using this standard.

  • Supplementing Data Security Requirements
    Effective June 20, 2020 or June 30, 2021 (depending on size of Originator, Third-Party Sender or Third-Party Service Provider)

    In 2013 the ACH Rules were amended to require Originators, Third-Party Senders, Third-Party Services Providers, ODFIs and RDFIs to develop security measures to guard Protected ACH Data. This rule will be expanded for large Originators, Third-Party Senders and Third-Party Service Providers to specifically protect account numbers collected electronically. ACH Originators, Third-Party Senders and Third-Party Service Providers with ACH volume of 6 million transactions or greater annually must protect account numbers used in ACH origination by rendering them unreadable when stored electronically by June 30, 2020. ACH Originators, Third-Party Senders and Third-Party Services providers originating 2 million or greater annually have until June 30, 2021 to comply.

ACH Audit Changes

In an effort to ensure financial institutions, Third-Party Senders and Third-Party Service providers are auditing relevant ACH Rules requirements, a significant change will impact your 2019 ACH Rules Compliance Audit:

  • ACH Rules Compliance Audit Requirements
    Effective January 1, 2019 (applies to audits conducted by December 31, 2019)

    While this new rule does not change the requirement for financial institutions, Third-Party Senders and Third-Party Service Providers to conduct an annual ACH Rules Compliance Audit, it does make the specific audit requirements more vague. Article 1 of the ACH Rules will add the general audit requirements language that was previously in Appendix 8, like who must complete an ACH Rules Compliance Audit, the deadline to complete the Audit and retention of proof of conducting the Audit. But, Appendix 8 of the ACH Rules will be removed. ACH participants will no longer have a specific checklist for conducting ACH Rules Compliance Audits. They should take a more risk-based approach in auditing rules that are relevant to them as an ACH participant.