Recent & Upcoming NACHA Rules Changes

Business Online Banking

The NACHA Operating Rules provide the foundation for every ACH payment, ensuring that millions of transactions are processed accurately and efficiently each day. Machias Savings Bank is committed to keeping you informed of recent and upcoming updates to these rules so your business can remain compliant and protected.

NACHA Rule Changes for 2026

Each year, NACHA (National Automated Clearing House Association) introduces new rules designed to enhance the ACH Network and strengthen requirements related to ACH entries. Below is a summary of the key changes taking effect in 2026.

Important NACHA Rule Changes for 2026 — Action Required

NACHA has announced rule amendments effective in 2026 that affect fraud monitoring, standard transaction descriptions, and Originator responsibilities. Please review these changes carefully to ensure compliance when originating ACH transactions through Machias Savings Bank.

ACH/NACHA Rule Updates

1. Fraud Monitoring Requirements

Currently, Originators are required to use a “commercially reasonable” fraud detection system only when initiating WEB debit entries or Micro‑Entries.

Beginning in 2026, NACHA will expand this requirement:

• Phase 1 – March 20, 2026
  Applies to entities with 2023 ACH origination volume of 6 million or more.
• Phase 2 – June 19, 2026
  Applies to all other non-Consumer Originators, Third-Party Service Providers, and Third-Party Senders

Under the updated rule, these parties must implement and annually review risk‑based fraud monitoring procedures designed to identify fraudulent ACH entries across all SEC codes.

2. Standardized Company Entry Descriptions

To improve transparency and risk management across the ACH Network, NACHA is introducing two standardized Company Entry Descriptions.

Effective March 20, 2026:

• Use PAYROLL for all wage, salary, and compensation‑related PPD credits.
• Use PURCHASE for e‑commerce WEB debits, defined as consumer‑authorized online purchases of goods (including recurring transactions initially authorized online).

Originator Responsibilities — Are Your Processes Up to Date?

As an ACH Originator with Machias Savings Bank, you are responsible for ensuring your internal processes follow NACHA requirements, including:

• Obtaining and retaining proper authorizations (for two years after revocation).
• Providing authorizations to Machias Savings Bank upon request.
• Sending entries on the correct settlement date.
• Notifying payees appropriately when changing dates or transaction amounts.
• Making required corrections within three banking days of receiving a Notice of Correction.
• Screening payees against OFAC lists.
• Protecting banking information used to originate ACH files.
• Complying with the Digital Banking Agreement regarding system security.
• Ensuring the Company Name field identifies your business clearly and consistently.

Understanding ACH Fraud Risks

ACH origination fraud continues to rise, affecting financial institutions and Originators. In a common fraud scheme, criminals gain access to an Originator’s system using compromised login credentials and submit unauthorized ACH credits to fraudulent accounts. By the time fraud is detected, funds are often unrecoverable.

To help protect your business:

• Ensure all computers used to access Machias Savings Bank’s Business Online Banking platform are regularly updated, including firewalls, antivirus, anti‑malware, and anti‑spam protection.
• Consider dedicating one computer solely for ACH activity, with no email or internet browsing enabled.
• Maintain strict security over all User IDs, passwords, and authentication devices.
• Educate staff on proper password hygiene and separation of duties.
• Conduct periodic internal risk assessments to evaluate your ACH controls and security posture.

If you have questions about ACH risk management or your responsibilities as an ACH Originator, please contact us.

Thank you for your continued partnership and commitment to maintaining a secure ACH Network.