Nacha Rules Resource Center

Businesses that only receive ACH transactions to their accounts and do not originate ACH Entries.

Standardized use of the Company Entry Description to help parties in the ACH Network identify, monitor, and count the volume of payments for specific purposes and help manage risk.     

Included in the Nacha rule amendments are two newly defined Company Entry Descriptions:

• PAYROLL
  • Establishes a new standard description for credit Entries with a Standard Entry Class code of PPD for payment of wages, salaries, and similar types of compensation.
  • The Company Entry Description must contain the word PAYROLL in the first seven (7) characters of the field.
  • Entries with this description make no representation or warranty to the RDFI or to the Receiver regarding the Receiver’s employment status.
  • These requirements do not apply if payroll processing is outsourced to a third-party payroll service provider. You are encouraged to confirm your provider's compliance with the Nacha Operating Rules Changes.

• PURCHASE
  • Establishes a new standard description for debit Entries with a Standard Entry Class Code of WEB for e-commerce purchases.
  • The Company Entry Description field must contain the word PURCHASE.

Continue using your existing Company Entry Descriptions to describe the transaction types for ACH Entries not related to payroll or consumer e-commerce payments.

• Improved, targeted risk mitigations and tools may be utilized as participants are able to better identify certain purposes of transactions.    
• For payroll, it can help support RDFI transaction monitoring and logic regarding funds availability.
• For e-commerce purchases, it enables identification of such transactions.
• Standardized use of data can help parties manage risk and improve ACH quality.

• Originators/TPSPs/ODFIs of these types of transactions will need to update their systems to utilize the required Company Entry Description(s). 
• RDFIs may choose to take advantage of intelligence enabled by new descriptors, but they would not be required to act as a result of these descriptions.
• The ODFI has no obligation to verify the presence or accuracy of the words “PAYROLL” or “PURCHASE” as a description of purpose.

• ACH Originator Fraud Monitoring
  • Requires qualified ACH Originators to establish and implement risk-based processes and procedures reasonably intended to identify ACH Entries initiated due to fraud.
    • The amendment is intended to reduce the incidence of successful fraud attempts.
    • Regular fraud detection monitoring can establish baselines of typical activity, making atypical activity easier to identify.

• RDFI ACH Credit Fraud Monitoring
  • Requires qualified RDFIs to establish and implement risk-based processes and procedures designed to identify credit Entries initiated due to fraud.
    • RDFIs have a view of incoming transactions as well as account profile information and historic activity on receivers’ accounts.
    • A risk-based approach to monitoring can consider factors such as transactional velocity, anomalies (e.g., SEC Code mismatch with account type), and account characteristics (e.g., age of account, average balance, etc.). This aligns with AML monitoring practices in place today.
    • Based on its monitoring of incoming credits, an RDFI may decide to return an entry or contact the ODFI to determine the validity of a transaction.

• Expanding fraud detection responsibilities to more parties in the ACH Network provides additional opportunities to detect and prevent fraud, especially for frauds that make use of credit-push payments.  
• Reducing the incidence of successful fraud and improving the quality of transactions in the ACH Network.
• Enabling RDFIs to exercise heightened scrutiny of accounts that are receiving fraudulent or potentially fraudulent transactions and improving funds recovery.

• Implementing or updating fraud-detection processes and procedures, particularly by organizations that are not currently performing fraud monitoring.  
• There is less impact on originators who have already implemented a monitoring system for WEB Debits or Micro-Entries.
• RDFIs will need to either establish processes and procedures reasonably intended to identify Entries that are suspected of being unauthorized, authorized under false pretenses, or ensure that existing processes and procedures are satisfactory for this requirement, including updating such systems and their alerting processes, if necessary.
• RDFIs may need to enable information sharing internally between teams that monitor transactions for suspicious activity and operations, product, and relationship teams.

• All ACH Originator Fraud Monitoring Nacha rules changes outlined in Phase 1 apply to all Non-Consumer Originators, TPSPs, and TPSs, regardless of their ACH origination volume.
• All RDFI ACH Credit Fraud Monitoring Nacha rules changes outlined in Phase 1 apply to all RDFIs, regardless of their ACH receipt volume.

RDFIs must make funds from all non–Same day ACH credit Entries available to receivers no later than 9:00 a.m. (RDFI local time) on the Settlement Date. This eliminates the prior rule allowing a 5:00 p.m. posting cutoff for transactions received late in the prior business day. 

• Faster access to funds for consumers and businesses receiving payroll, benefits, vendor payments, cashouts, refunds, and other ACH credits.
• More consistent posting expectations across RDFIs, improving transparency within the network. 

• RDFIs may need to adjust internal processing schedules, staffing, or automation to ensure funds are available by 9:00 a.m., including handling files received through the 6:00 a.m. ET ACH Operator window.
•  Institutions not currently providing early‑morning posting may need system or workflow enhancements to meet the accelerated deadline.

Nacha is refining and expanding the definition of an International ACH Transaction (IAT) to provide clearer, more operationally consistent standards for determining when a transaction must be classified as IAT.

• Key Changes include:
  • An IAT is now defined as the U.S. ACH Network component of an international payment transaction, where funds or monetary value (a) originates with, transit through, or is delivered to an account at an office of a financial agency located outside the U.S. or (b) otherwise is received from a sender or delivered to a receiver, in each case, via a facility of a financial agency located outside of the U.S.
  • The updated definition replaces narrower terms such as “foreign bank” with a broader, more accurate concept of “financial agency.”
  • Financial agency is defined as an entity that is authorized by applicable legal requirements to provide financial asset accounts, including deposits, or to conduct the business of issuing general purpose payment instruments or transferring funds or other monetary value for third parties.
  • The definition now explicitly clarifies that IAT Entries cannot be Same Day ACH Entries.

• Improved clarity reduces misclassification of international payments and enhances alignment across Originators, TPSs, ODFIs, and RDFIs.
• Better visibility and oversight for transactions touching foreign financial agencies increases compliance accuracy and reduces operational confusion. 

• Originators and TPSs may need to re‑evaluate certain payment flows that were previously treated as domestic but now fall within the revised IAT definition.
• Financial institutions may see shifts in IAT volumes and must ensure that systems logic, reporting, risk controls, and all related compliance processes (including OFAC screening, monitoring, and onboarding requirements) are updated to reflect the revised IAT definition.