Share to FacebookShare to TwitterShare to LinkedIn

What is Nacha and is your business compliant?

A guide to the ACH network’s rules, why organizations should comply with them, and effective ways to do so.

October 07, 2021

Tom Sullivan Pic
Tom Sullivan

Tom is a writer at Plaid. He's passionate about the freedom that the union between financial services and technology can create.

Over $62 trillion ACH payments passed through the Automated Clearing House (ACH) network in 2020. These transactions—direct deposits, bill payments, peer-to-peer transfers, etc.—were all ultimately secured by the compliance of ACH participants to a detailed set of rules and standards as fleshed out and enforced by an organization called Nacha.

This article will provide a detailed look on what Nacha is, its rules for ACH transactions, and how businesses can best comply with them.

What does Nacha mean?

Nacha was originally NACHA, an acronym for National Automated Clearing House Association. Though the acronym is no longer in official use (they go by ‘Nacha’ instead), it shows where the organization came from and the role they fill in the ACH ecosystem.

Back in the early 1970s, regional banking associations across the US joined forces to standardize processes around the development of “automated” clearing house solutions—the digital replacements for physical clearinghouses where paper checks were once exchanged. By 1974, the American Bankers Association had centralized all of those regional groups under a national sub-division that they named NACHA.

An independent organization since 1985, Nacha is effectively a non-profit consortium tasked with:

  1. Translating federal legislation and executive rules into clear guidance for member banks and ACH network participants

  2. Enforcing those rules for all 10,000+ member banks and network participants

  3. Driving development and adoption of the ACH system

  4. Acting as a trade organization (e.g., education, advocacy, roundtables, etc.)

What’s the difference between Nacha and ACH?

The Automated Clearing House (ACH) network is the American interbank funds-transferring system run by two national operators: The Clearing House and FedACH. Nacha is the governing body that oversees the ACH network. It ensures that member banks are aware of and compliant with related federal legislation, along with promoting development and education around ACH. 

As for the operators that run the ACH network: 

  • The Clearing House (also referred to as TCH or PayCo) is itself another banking consortium, with a much smaller subset of the major US banks (currently 24). They run a system called Electronic Payments Network (EPN), which is the ACH operator for all private banks in the ACH network.

  • FedACH is part of the Federal Reserve system, performing the same function as EPN, for government accounts and entities, rather than private ones.

When an ACH transaction involves both a government account and a private account, the two operators work together to pass the corresponding data between themselves accordingly.

Nacha translates mandates from the US government into actionable rules and standards for The Clearing House and FedACH, which then operate their respective parts of the ACH network in accordance with Nacha’s guidance. Nacha also mediates between members and acts as an advocate for the ACH ecosystem to the larger financial industry.

See file name above

Stay informed. Sign up for Plaid's newsletter on the latest in financial services and tech.

Who do Nacha rules apply to?

Nacha’s rulebook is a living document that outlines binding rules for all 10,000+ members that collectively represent the overwhelming majority of retail banks and credit unions in America. The rules also extend down to all ACH network participants including payment processing partners, businesses, and even individuals that use the ACH network. 

In particular, businesses that collect payments over the ACH network have certain rules they must follow. As of 2021, businesses that originate online ACH debits must implement “‘account validation” as part of a “commercially reasonable fraudulent transaction detection system.” Essentially, this means that businesses must ensure that given account numbers are valid, the account is open, and it’s able to conduct ACH transfers—before initiating an online ACH debit. This new rule contributes to the greater goal of preventing fraud. 

The intent of Nacha’s rules is to ensure that the ACH network remains an accessible and trusted part of America’s financial infrastructure.

In Nacha’s own words:

“The Rules ensure that millions of payments occur smoothly and securely each day. The Rules direct how the ACH Network is operated, keeping it safe and efficient. The Rules standardize the roles and responsibilities of all parties using the ACH Network, ensuring that all ACH payments are handled on a level playing field.”

What are the main Nacha requirements?

The Nacha rules are a guiding framework for the ACH Network and include the basic obligations of each ACH network participant. According to Nacha, understanding the rules helps to ensure efficient payments, better risk management practices, and reduces chances of returns. 

While Nacha charges a fee for its full rulebook, the driving principles behind its rules and standards are: 

1. Forcing standardization: Work from a shared understanding of formatting, timelines, and mutual expectations.

2. Reducing fraud: Use appropriate due diligence to minimize system abuse, especially for ACH debit requests and reversals.

3. Promoting data security: Safeguard all consumer data to prevent theft, internal misuse, and/or accidental leakage.

4. Improving usability: Adopt new measures within the recommended timelines to ensure that core innovations are reliably and equally distributed to all users.

Some of the main requirements and rules that follow these principles include:

  • Member banks are prohibited from sending, receiving, or storing unencrypted information. Any necessary hard copies also have to be stored securely, with access restricted to narrowly defined legitimate business purposes. The specific details of these policies also need to be clearly documented for consumers.

  • Organizations initiating requests to the ACH network have to take reasonable steps to make sure they’ve both verified the identity of the customer being debited and gained explicit authorization. For debit transactions, businesses also need to securely store proof of authorization for at least two years. And if the amount of a recurring debit (e.g. automatic bill payments) changes, this must be communicated to payers with “appropriate notice” to give them a chance to rescind their authorization.

  • As of March 2021, organizations initiating ACH transactions over the internet (which are referred to as WEB debits) need to do what’s “commercially reasonable” to screen transactions to detect and deter fraud. At a minimum, they need to ensure that bank account details are valid before using them.

  • Originating Depository Financial Institutions (ODFIs/the bank initiating the ACH request) are responsible for ensuring that all recurring debits are cancelled promptly upon customer request; and that any changes to amounts or withdrawal dates are communicated transparently and with adequate notice.

Nacha’s 2021 account validation rule: Is your business compliant?

Why is Nacha compliance important?

In the narrow sense, Nacha compliance is important because rule-breaking orgs will likely encounter more errors and returns in their ACH transactions and could get fined by the ACH network. In the larger sense, complying with rules and standards that are intended to ensure a safe and effective ACH network is good for all who participate in the ACH ecosystem—promoting its healthy use and sustainable growth. 

There are two main drivers for staying compliant with Nacha rules and requirements: 

Avoiding Downsides

If a business continually violates Nacha’s rules and causes high error rates, their bank may fine them and potentially discontinue their business relationship. Additionally, organizations relying on outdated processes that aren’t Nacha-compliant are also less likely to complete transactions without errors and returns; or effectively screen for fraud.

Promoting Upsides 

Whenever an ACH network participant falls behind on the rules and standards, there’s going to be a resulting customer service failure. Some will be getting a worse-off deal than they ought to receive, while others might experience payment failure altogether. 

Every bad experience with the system sours perceptions of ACH, which is bad for the ACH ecosystem as a whole. In contrast, every positive experience improves the system’s reputation, which is good for both adoption and consumer satisfaction.

Are there ways to make Nacha compliance easier?

For organizations that rely on the ACH network, the best way to streamline Nacha compliance is to quickly and effectively verify account and routing numbers and whether the account is in good standing—before initiating an ACH transaction. This is a necessary step to comply with Nacha’s account verification and fraud mitigation requirements, and certain account verification methods make compliance easier and more pleasant for users than others. 

There are currently five Nacha-approved ways to verify a consumer’s banking details: Microdeposits, Manual Validation, Pre-notes, Database verification, and Instant Account Verification. 

Other than Instant Account Verification, these methods generally take multiple days to complete and require customers to provide information they likely don’t have on hand (e.g. a voided check or account and routing numbers). This causes them to be slow, error prone, and a poor user experience. 

Plaid Instant Auth enables consumers to easily and securely connect their financial accounts for ACH transactions by validating their account and routing numbers in seconds. For businesses onboarding new customers to fund accounts, transfer money, or pay bills via ACH, Instant Auth is the fastest way to do so in compliance with Nacha rules. 

Plaid Sales Team ready to help

Find out how Plaid can help your business grow

By submitting this form, I confirm that I have read and understood Plaid's Privacy Statement, and I authorize Plaid to send me sales and marketing communications at the email address provided