What is Nacha and is your business compliant?
A guide to the ACH network’s rules, why organizations should comply with them, and effective ways to do so.
October 07, 2021
Tom is a fintech industry writer who creates whitepapers and articles for Plaid. His work has been featured in publications like Forbes, Fortune, and Inc. He's passionate about the freedom that the union between financial services and technology can create.
Over $62 trillion ACH payments passed through the Automated Clearing House (ACH) network in 2020. These transactions—direct deposits, bill payments, peer-to-peer transfers, etc.—were all ultimately secured by the compliance of ACH participants to a detailed set of rules and standards as fleshed out and enforced by an organization called Nacha.
This article will provide a detailed look on what Nacha is, its rules for ACH transactions, and how businesses can best comply with them.
What does Nacha mean?
Nacha was originally NACHA, an acronym for National Automated Clearing House Association. Though the acronym is no longer in official use (they go by ‘Nacha’ instead), it shows where the organization came from and the role they fill in the ACH ecosystem.
Back in the early 1970s, regional banking associations across the US joined forces to standardize processes around the development of “automated” clearing house solutions—the digital replacements for physical clearinghouses where paper checks were once exchanged. By 1974, the American Bankers Association had centralized all of those regional groups under a national sub-division that they named NACHA.
An independent organization since 1985, Nacha is effectively a non-profit consortium tasked with:
Setting the operating rules and guidance for member banks and ACH network participants
Enforcing those rules for all 10,000+ member banks and network participants
Driving development and adoption of the ACH system
Acting as a trade organization (e.g., education, advocacy, roundtables, etc.)
What’s the difference between Nacha and ACH?
The Automated Clearing House (ACH) network is the American interbank funds-transferring system run by two national operators: The Clearing House and FedACH. Nacha is the governing body that oversees the ACH network. It ensures that member banks are aware of and compliant with the Nacha rules, along with promoting development and education around ACH.
As for the operators that run the ACH network:
The Clearing House (also referred to as TCH or PayCo) is itself another banking consortium, with a much smaller subset of the major US banks (currently 24). They run a system called Electronic Payments Network (EPN), which is one of two ACH operators in the country.
FedACH is part of the Federal Reserve system, performing the same function as EPN.
Nacha makes Rules for the ACH network, while The Clearing House and FedACH operate their respective parts of the ACH network in accordance with Nacha’s rules. Nacha also mediates between members and acts as an advocate for the ACH ecosystem to the larger financial industry.
→ Ready for seamless ACH payments? Plaid Auth provides instant bank account authentication when users connect with their bank account credentials.
A Modern Guide to ACH
How to add ACH to your platform and reduce losses and risks
Who do Nacha rules apply to?
Nacha’s rulebook is a living document that outlines binding rules for all 10,000+ members that collectively represent the overwhelming majority of retail banks and credit unions in America. The rules also extend down to all ACH network participants including payment processing partners, businesses, and even individuals that use the ACH network.
In particular, businesses that collect payments over the ACH network have certain rules they must follow. As of 2021, businesses that originate online ACH debits must implement “‘account validation” as part of a “commercially reasonable fraudulent transaction detection system.” Essentially, this means that businesses must ensure that given account numbers are valid, the account is open, and it’s able to conduct ACH transfers—before initiating an online ACH debit. This new rule contributes to the greater goal of preventing fraud.
The intent of Nacha’s rules is to ensure that the ACH network remains an accessible and trusted part of America’s financial infrastructure.
“The Rules ensure that millions of payments occur smoothly and securely each day. The Rules direct how the ACH Network is operated, keeping it safe and efficient. The Rules standardize the roles and responsibilities of all parties using the ACH Network, ensuring that all ACH payments are handled on a level playing field.”
What are the main Nacha requirements?
The Nacha rules are a guiding framework for the ACH Network and include the basic obligations of each ACH network participant. According to Nacha, understanding the rules helps to ensure efficient payments, better risk management practices, and reduces chances of returns.
While Nacha charges a fee for its full rulebook (basic rules are accessible for free), the driving principles behind its rules and standards are:
1. Forcing standardization: Work from a shared understanding of formatting, timelines, and mutual expectations.
2. Reducing fraud: Use appropriate due diligence to minimize system abuse, especially for ACH debit requests and reversals.
3. Promoting data security: Safeguard all consumer data to prevent theft, internal misuse, and/or accidental leakage.
4. Improving usability: Adopt new measures within the recommended timelines to ensure that core innovations are reliably and equally distributed to all users.
Some of the main requirements and rules that follow these principles include:
Member banks and large originators (2+ million transactions per year) are prohibited from sending, receiving, or storing unencrypted information. Any necessary hard copies also have to be stored securely, with access restricted to narrowly defined legitimate business purposes.
Organizations initiating requests to the ACH network have to take reasonable steps to make sure they’ve both verified the identity of the customer being debited (authentication) and gained explicit authorization. For debit transactions, businesses also need to securely store proof of authorization for at least two years. And if the amount of a recurring debit (e.g. automatic bill payments) changes, this must be communicated to payers with “appropriate notice” to give them a chance to rescind their authorization.
As of March 2021, organizations initiating ACH transactions over the internet (which are referred to as WEB debits) need to do what’s “commercially reasonable” to screen transactions to detect and deter fraud. At a minimum, they need to ensure that bank account details are valid before using them.
Originating Depository Financial Institutions (ODFIs/the bank initiating the ACH request) are responsible for ensuring that all recurring debits are canceled promptly upon customer request; and that any changes to amounts or withdrawal dates are communicated transparently and with adequate notice. While the ODFIs are the last line of defense, originators (including fintechs and merchants) are responsible for canceling recurring debits and informing customers of changes.
→ Need to reduce payment risk and fraud? Plaid IDV provides a conversion-optimized identity verification API that leverages cutting-edge anti-fraud technology without information overload.
Why is Nacha compliance important?
In the narrow sense, Nacha compliance is important because rule-breaking orgs will likely encounter more returns in their ACH transactions and could get fined by the ACH network. In the larger sense, complying with rules and standards that are intended to ensure a safe and effective ACH network is good for all who participate in the ACH ecosystem—promoting its healthy use and sustainable growth while protecting consumers.
There are two main drivers for staying compliant with Nacha rules and requirements:
If a business continually violates Nacha’s rules and causes high error rates, their bank may fine them and potentially discontinue their business relationship. Additionally, organizations relying on outdated processes that aren’t Nacha-compliant are also less likely to complete transactions without returns; or effectively screen for fraud, causing harm to the network and potentially consumers.
Whenever an ACH network participant falls behind on the rules and standards, there’s going to be a resulting customer service failure. Some will be getting a worse-off deal than they ought to receive, while others might experience payment failure altogether.
Every bad experience with the system sours perceptions of ACH, which is bad for the ACH ecosystem as a whole. In contrast, every positive experience improves the system’s reputation, which is good for both adoption and consumer satisfaction.
Are there ways to make Nacha compliance easier?
For organizations that rely on the ACH network, the best way to streamline Nacha compliance is to ensure awareness of the Rules and full compliance. A foundation for debiting accounts is to quickly and effectively verify account and routing numbers and whether the account is in good standing—before initiating an ACH transaction. This is a necessary step to comply with Nacha’s account verification and fraud mitigation requirements, and certain account verification methods make compliance easier and more pleasant for users than others.
There are currently five Nacha-approved ways to verify a consumer’s banking details: Microdeposits, Manual Validation, Pre-notes, Database verification, and Instant Account Verification.
Other than Instant Account Verification, these methods generally take multiple days to complete and require customers to provide information they likely don’t have on hand (e.g. a voided check or account and routing numbers). This causes them to be slow, error-prone, and have a poor user experience.
Plaid Instant Auth enables consumers to easily and securely connect their financial accounts for ACH transactions by validating their account and routing numbers in seconds. For businesses onboarding new customers to fund accounts, transfer money, or pay bills via ACH, Instant Auth is the fastest way to do so in compliance with Nacha rules.