News / Updates / Blog

New 2022 NACHA Compliance Regulations: What You Need To Know

nacha compliance regulations 2022

Understanding the updates to NACHA compliance regulations for 2022 is critical for any payment processor. Find out what's new and what you need to update. This guide outlines the major 2021 changes in NACHA compliance regulations and offers insight into what can be expected for 2022.

Considering how the automated clearing house (ACH) network facilitates billions of annual business and government payment transactions, some sort of governing structure is necessary. Meet NACHA.

The National Automated Clearing House Association (NACHA) represents almost 11,000 financial institutions. As such, when it comes to ACH regulation, every business that processes payments needs to pay close attention to NACHA edicts. To continually improve payment safety and reduce fraud, NACHA regularly updates regulations for safe data and financial processing. However, the association does not directly involve itself in individual ACH transactions. NACHA sets compliance standards; it is up to businesses to adhere to them—or pay a penalty.

As per usual, annual updates to NACHA’s security guidelines have been approved to address fraud. However, due to the Covid-19 pandemic’s itinerant economic complications, the organization delayed enforcement until March 19, 2022.

The delayed kick-in offers companies that are working towards compliance additional time to implement the required solutions. Take a look at some of the major upcoming compliance regulation changes, so that you are prepared for 2022.

A Quick 2021 NACHA Recap

March 2021: NACHA implemented a new same-day ACH processing window, enabling originating depository financial institutions (ODFIs) and their clients to conduct same-day transactions for an additional two hours every day. At the same time, NACHA implemented additional rules integrating account validation into their enhanced fraud detection standards for web debits.

June 2021: NACHA limited the length of time a receiving depository financial institution can claim the ODFI’s authorization warranty. Previously this timeframe depended on varying state regulations and could last as long as ten years. The new limitation on warranty claims specifies a one-year deadline from the settlement date of entry for non-consumer accounts. Consumer account entries now have a two-year limit. Receiving depository financial institutions (RDFIs) may also claim entries settling within 95 days from the first unauthorized debit to a consumer account.

NACHA also tightened regulations and implemented new formatting requirements regarding reversals. New regulations do not permit entry or file reversals for any reason other than those explicitly stipulated in NACHA rules.

September 2021: The association made amendments aimed at increasing ACH process clarity, adding clear definitions and consistency around authorization. The September amendments also reduced administrative proof-of-authorization burdens and better implemented electronic and oral authorization, including means such as Alexa, Skype, or Facetime.

Same-Day ACH Dollar Limit Increase In 2022

The last time NACHA increased the same-day ACH dollar limit (in March 2020) showed a drastic impact on transactions. In fact, same-day ACH payments increased 46% in the first two months. And over 2020 as a whole, the total same-day dollar volume rose by 86%.

fraud prevention and nacha
Source: Shutterstock

On March 18, 2022, this rule will change again, increasing same-day ACH dollar limits to $1 million per payment for all consumer, business, credit, and debit payments.

NACHA anticipates that this increase will improve B2B same-day ACH payments, as well as tax payments, merchant settlements, insurance claim outflows, and payroll funding. It will also improve business continuity in recovering from outages and missed deadlines.

Supplementary Data Requirements—Phase 2

ACH data protection regulations require large third-party senders and service providers (as well as all non-financial institution originators) to keep electronically-stored account information in an unreadable format.

data security and nacha
Source: Shutterstock

The existing Phase 1 framework already requires compliance from parties with an annual ACH volume of 6 million or more transactions. The second phase, applicable beginning June 30, 2022, lowers the threshold to organizations with 2 million or more annual transactions.

The supplementing data security requirements expand the existing framework, rather than replacing it wholesale. This means affected institutions are (or should be) familiar with the basic requirements already. Regulations are open to various methods of meeting the requirements to render electronic data unreadable, including encryption, tokenization, and truncation, among other technologies. As the implementation date nears, ODFIs need to inform originators, third-party senders, and service providers of their compliance.

Third-Party Sender (TPS): Roles and Responsibilities

Two new rules regarding third-party senders (TPS) come into effect on September 30, 2022. These aim to clarify TPS roles, accountabilities, and risk assessment requirements (including nested third-party sender—NTPS—relationships) in the ACH network.

The new regulations classify NTPS as a TPS that has an agreement with another third-party sender, and not with the ODFI. NACHA’s new regulations clearly define the agreements and obligations of all parties involved in NTPS relationships and update existing registration compliance.

Rules also require an ODFI origination agreement with a TPS to address whether they can have nested third-party senders. If so, an additional origination agreement between the TPS and NTPS is required. ODFIs must now identify all third-party senders that allow NTPS relationships and provide NACHA with the required documentation. Registration time frames apply.

The second part of the new regulations requires third-party senders, whether nested or not, to complete a risk assessment of ACH activities and implement risk management protocols accordingly. New 2022 measures also indicate that a TPS cannot rely on a rules compliance audit or a risk assessment completed by another TPS. It must administer its own.

NatPay: A Leading NACHA Compliance Partner

Founded in 1991, NatPay is a leader in the third-party payment processing industry. NatPay now processes over $115 billion annually, for over 228,000 ACH clients, and is insured through three major insurance carriers. By pairing with NatPay as your third-party institution, you can be certain your transactions are NACHA-compliant.

With decades of experience protecting businesses, NatPay’s suite of fraud protection systems is continuously evolving to meet the new threats and demands of the digital shift. NatPay's solutions benefit your business in all the areas that matter most.

Get in touch with a team member today to schedule a free demo customized to your organization.

Visit our White Paper Library to download this article: New 2022 NACHA Compliance Regulations: What You Need To Know