New Nacha Fraud Monitoring Rule for ACH Originators
Effective June 19, 2026
The National Automated Clearing House Association (Nacha) has introduced a new rule that will impact all businesses that originate ACH payments.
Beginning June 19, 2026, all non-consumer ACH Originators must have implement risk-based processes and procedures designed to identify ACH transactions initiated due to fraud.
Please note that all Northeast Bank non-consumer ACH Originators are subject to Phase 2 of the new Fraud Monitoring rule, which has an effective date on June 19, 2026. However, since that is a federal holiday (Juneteenth) and a Friday, the practical compliance date for ACH participants is Monday, June 22, 2026.
This rule is intended to strengthen fraud prevention across the ACH Network and reduce the risk of unauthorized or deceptive payment activity.
Who Does This Rule Apply To?
This requirement applies to non-consumer customers of Northeast Bank who originate ACH payments, including organizations that initiate:
- Payroll deposits
- Vendor or supplier payments
- Customer payment collections
- Other recurring or one-time ACH transactions
Any business, nonprofit, or government entity that sends ACH files is considered a non-consumer Originator under NACHA rules.
Key Requirements for ACH Originators
Businesses that originate ACH payments must establish a proactive, risk-based fraud monitoring program that includes:
Risk-Based Monitoring Procedures
Documented processes designed to identify ACH transactions that may be:
- Unauthorized entries (initiated without the account holder’s permission)
- Entries authorized under false pretenses (approved due to deception)
Annual Review
Fraud monitoring processes must be reviewed and updated at least annually to ensure they remain effective as fraud risks evolve.
Risk Assessment
Businesses should evaluate their ACH activity and determine which transactions present higher or lower risk, applying appropriate monitoring controls accordingly.
Understanding “False Pretenses” Fraud
The updated NACHA rule highlights the growing threat of payments authorized under deception, including:
- Business Email Compromise (BEC)
A fraudster impersonates an executive or vendor through email and requests a payment to a fraudulent account. - Vendor or Payroll Impersonation
A fraudster contacts an employee requesting changes to vendor or payroll payment details.
These scams are among the most common fraud schemes affecting businesses today.
Examples of Fraud Monitoring Controls
Each business should implement controls appropriate for its operations. Examples include:
- Dual authorization for ACH files or high-value payments
- Verification of payment changes through a trusted secondary contact method
- Transaction monitoring to identify unusual payment patterns
- Account validation before sending payments to new vendors or employees
- Multi-factor authentication (MFA) for ACH system access
- Employee training to recognize phishing and payment scams
Effective fraud prevention typically involves multiple layers of protection.
Compliance Timeline
The Nacha deadline for implementing these fraud monitoring procedures is June 19, 2026
- New ACH Origination customers may be asked to implement these requirements during onboarding.
- Existing ACH Originators must ensure their procedures meet the new standards by the deadline.
Northeast Bank will sample ACH originators for compliance with the new Fraud Monitoring Rule during our annual ACH Originator audits.
For additional information about the new Fraud Monitoring rule, please reference these the Nacha website:
https://www.nacha.org/rules/risk-management-topics-fraud-monitoring-phase-1
Remember, the Phase 2 date applies to all Northeast Bank ACH Originators.
Need Assistance?
Northeast Bank is committed to helping our business customers maintain secure and efficient payment operations.
If you have questions about the new NACHA rule or would like guidance on strengthening your ACH fraud controls, please contact us at 612-362-3277.