605.665.7432
FDIC Digital Sign, using the official FDIC wordmark. This digital sign indicates the deposit institution is backed by the full faith and credit of the US government.

Important Update

Woman sits at laptop

New Nacha Operating Rules take effect on March 20, 2026 and impact businesses that originate ACH payments, including payroll and vendor payments. These updates strengthen fraud prevention and help protect you from unauthorized and deceptive ACH activity. We are here and ready to help you understand these changes and how to prepare. We recommend you begin to review and update your templates and ACH processes as soon as possible to ensure a smooth transition. 

Summary of Nacha Rule Changes

Beginning March 20, 2026, non-consumer ACH Originators must implement risk-based ACH fraud monitoring controls and use standardized entry descriptions for certain transaction types.

What this means for your business: 
Businesses who originate ACH payments must:

  • Establish risk-based ACH fraud monitoring procedures
  • Review and document those procedures at least annually
  • Apply stronger controls to higher-risk payments, such as payroll and vendor changes
  • Payroll Entry Description Update: All payroll-related ACH deposits must use the entry description PAYROLL.
    Actions needed:
    •    Replace legacy descriptions such as SALARY, WAGES, or PAY
    •    Update payroll templates before March 20, 2026
    •    Coordinate changes with your payroll provider or software vendor
  • Additional Entry Description Requirement: Online sale of goods (eCommerce purchases) made with an ACH withdrawal, must use the standardized description PURCHASE

Examples of fraud monitoring procedures and controls: 

  • Dual authorization for ACH files
  • Independent verification of vendor or employee account changes
  • Monitoring for unusual dollar amounts or transaction patterns
  • ACH prenotes or account validation for new payees
  • Multi-factor authentication (MFA)
  • Ongoing employee fraud awareness training
Nacha Operating Rules and Guidelines

Why Nacha is making changes: 
Business ACH fraud continues to increase, including:

  • Unauthorized entries caused by account takeover
  • False pretenses where a payment is considered authorized but initiated because the ACH Originator was misled or deceived into sending funds to a fraudulent account.
  • Business Email Compromise (BEC)
  • Vendor and payroll impersonation scams

Key Takeaway 
These Nacha updates do not change ACH liability rules, yet they require businesses to take a more proactive role in preventing ACH fraud. 

Our team is here to help! Please reach out to any team member, call us at 1.800.486.4712, or email cashmanagement@firstdakota.com