• Third-Party Service Provider (TPSP): Provides services related to ACH processing on behalf of another party; may or may not transmit entries directly.
• Third-Party Sender (TPS): A specific type of TPSP that acts on behalf of an Originator to transmit entries through an Originating Depository Financial Institution (ODFI) without a direct agreement between the Originator and the ODFI.

Not sure if your company or your customer, is a Third-Party Sender? Visit Nacha’s Third-Party Sender Identification Tool.

• Nested Third-Party Sender: A TPS that originates through another TPS rather than directly with an Originating Depository Financial Institution. Nested Third-Party Senders are TPSs that operate under another TPS, adding complexity to the chain of responsibility.
• Originator: The individual, business, or organization that initiates a payment. The Originator instructs their financial institution or its TPS to send a payment.
• Originating Depository Financial Institution (ODFI): The Originator’s or Third-Party Sender’s financial institution.

The Nacha Rules define obligations for Third-Party Service Providers (TPSPs) including an annual Rules Compliance Audit that applies to the functions of ACH processing that it performs on behalf of a Participating DFI or a TPS.

Additionally, the Nacha Rules further describe the obligations of Third-Party Senders (TPSs), including the requirements to  conduct annual Rules Compliance Audits and risk assessments, and also provide clearly defined roles for the relationships between ODFIs, TPSs, Nested TPSs, and Originators. Origination Agreements between ODFIs and TPSs and between TPSs and Originators or any Nested TPSs are required to reflect these relationships and define roles and obligations. 

Upcoming Rule Effective Dates Impacting Third Parties

• March 20, 2026: Fraud Monitoring by large Originators, TPSPs, and TPSs (Phase 1).
• March 20, 2026: New Company Entry Descriptions – PAYROLL and PURCHASE.
• June 22, 2026: Fraud Monitoring by all other Originators, TPSP, and TPS.

Rules in Effect that Impact Third Parties

• Supplementing Data Security Requirements: TPSs and TPSPs with over 2 million ACH transactions annually are required to render deposit account data unreadable when stored electronically.
• Third-Party Sender Roles and Responsibilities: The Rule provides clarity surrounding the roles and responsibilities of parties to a Nested Third-Party Sender relationship and the requirement for TPSs to conduct a risk assessment of their ACH activities.
   

TPSs can pursue a voluntary accreditation program to demonstrate that their company meets Nacha’s standards for sound core practices in ACH payment processing. TPSs should meet the Nacha Certified requirements whether or not they choose to apply for the certification. The Nacha Certified requirements can be used as a guide by TPSs and by financial institutions working with TPSs to help determine if their risk management programs appropriately address the expected areas. Learn more about Nacha Certified.

• Third-Party Education Forum: A full-day event on Nov. 5, 2025, covering relevant Rules responsibilities, risk mitigation strategies, third-party agreements, and liability. The event will feature a vendor showcase and networking opportunities. Attendees can earn up to 6.3 Accredited ACH Professional (AAP) and Accredited Payments Risk Professional (APRP) continuing education credits.
• Third-Party Senders & the ACH Network: This publication provides a review of the variations in legal requirements and processing obligations relating to the origination of ACH entries when a TPS participates in the origination of transactions through the ACH Network. This edition reflects the Nacha Rules, offers real-world examples of TPS relationships, and includes sound business practices, risk management topics, and a checklist of issues to be addressed by ODFIs, Originators, and TPSs in processing agreements.
• ACH Risk Management Handbook: The 9th edition offers essential insights into Nacha’s strategies for identifying and mitigating risks associated with ACH payments. This publication provides comprehensive recommendations for developing an effective risk management program tailored for organizations involved in ACH transactions. Importantly, the threats to ACH payments are not unique to the ACH Network; the lessons learned can be applied to create a holistic payments risk management program. The edition includes the latest 2024 Rules focusing on credit push fraud and offers methods to address evolving fraud tactics. Additionally, real-world case studies in each chapter illustrate practical applications of the concepts discussed, helping organizations evaluate and enhance their risk management practices.
• Nacha’s Risk Resource Center offers dozens of risk-related guidance and resources for TPSs, Processors, and TPSPs by selecting the Audience filter.
• ACH Compliance Manual: An essential tool to ensure compliance with the Nacha Rules. The manual provides clear insights into authorizations, processing, and other related topics. Recent Rule are included.
• Payments IQ by Nacha is a payments eLearning hub with approximately 20 on-demand courses involving content related to TPSs.
• Payments Innovation Alliance members can access past Quarterly Rules Updates and other member-exclusive content. To learn more about joining, complete the Payments Innovation Alliance Interest Form.

Are you interested in becoming a TPS and providing ACH Origination Services to businesses? Nacha Consulting can help. Learn more and schedule a free 15-minute consultation.