Nacha Operating Rules - New Rules

The ​Nacha Operating Rules are the foundation for every ACH payment. By defining the roles and responsibilities of financial institutions and establishing clear guidelines for each Network participant, the Rules ensure that millions of payments occur smoothly and easily each day. All Rules are displayed by effective date.

Access Complimentary Rules Webinar Recordings

Feb. 5, 2026 Recording    April 19, 2024 Recording

Click here for a list of approved rule changes and implementation dates

ACH Rules logo

RISK MANAGEMENT TOPICS – (Fraud Monitoring Phase 2)

These Rule amendments related to monitoring for fraud become effective on June 19, 2026 and are part of a larger Risk Management package intended to reduce the incidence of successful fraud attempts and improve the recovery of funds after frauds have occurred. NOTE: As June 19 is a federal holiday, the practical effective date for these two rules will be the next banking day – Monday, June 22, 2026. All affected parties are encouraged to become compliant with these rules as soon as possible, but no later than June 22, 2026. This applies to all references to June 19, 2026, which follow.

Learn More

Registration of IAT Contacts in the ACH Contact Registry

This Rule will require a Participating DFI to register their IAT- handling contact with either: 

The name, title, email address, and phone number for at least one primary and one secondary contact person for the area of responsibility; or 

Department contact information that includes an email address and a working telephone number.

Learn More

MINOR RULES TOPICS

These changes will amend the Nacha Operating Rules to address a variety of minor issues and will become effective June 21, 2024.

Micro-Entries (Phase 2)

This Rule will define and standardize practice and formatting of Micro-Entries, which are used by some ACH Originators as a method of account validation. This phase of the Rule requires Originators of Micro-Entries to use commercially reasonable fraud detection, including the monitoring of Micro-Entry forward and return volumes.

Third-Party Sender Roles and Responsibilities

This Rule clarifies the roles and responsibilities of Third-Party Senders (TPS) in the ACH Network by addressing the existing practice of Nested Third-Party Sender relationships, and making explicit and clarifying the requirement that a TPS conduct a Risk Assessment.

Micro-Entries (Phase 1)

This Rule will define and standardize practices and formatting of Micro-Entries, which are used by some ACH Originators as a method of account validation.

Supplementing Data Security Requirements

This rule supplements previous ACH Security Framework data protection requirements by explicitly requiring large, non-FI Originators, Third-Party Service Providers (TPSPs) and Third-Party Senders (TPSs) to protect deposit account information by rendering it unreadable when it is stored electronically.

Increasing the Same Day ACH Dollar Limit

This rule will continue to expand the capabilities of Same Day ACH. Increasing the Same Day ACH dollar limit to $1 million per payment is expected to improve Same Day ACH use cases, and contribute to additional adoption.

Meaningful Modernization

These Rules intend to improve and simplify the ACH user-experience by: Facilitating the adoption of new technologies and channels for the authorization and initiation of ACH payments; Reducing barriers to use of the ACH; Providing clarity and increasing consistency around certain ACH authorization processes; and Reducing certain administrative burdens related to ACH authorizations

Minor Rules Topics

These changes will amend the Nacha Operating Rules (Rules) to address a variety of minor topics related to Meaningful Modernization, an ACH Operator edit and expiration of stop payments on non-consumer accounts.

Reversals and Enforcement

The overarching purpose of these two Rules is to deter and prevent, to the extent possible, the improper use of reversals and the harm it can cause.

The two Rules explicitly address improper uses of reversals, and improve enforcement capabilities for egregious violations of the Rules.

Limitation on Warranty Claims

The Limitation on Warranty Claims limits the length of time in which an RDFI will be permitted to make a claim against the ODFI’s authorization warranty. The rule will become effective June 30, 2021.

Supplementing Data Security Requirements (Phase 1)

The existing ACH Security Framework Rule -- including its data protection requirements -- will be supplemented to explicitly require large, non-FI Originators, Third-Party Service Providers and Third-Party Senders to protect deposit account information by rendering it unreadable when it is stored electronically.

Differentiating Unauthorized Return Reasons

This rule better differentiates among types of unauthorized return reasons for consumer debits. This differentiation will give ODFIs and their Originators clearer and better information when a customer claims that an error occurred with an authorized payment, as opposed to when a customer claims there was no authorization for a payment. ODFIs and their Originators should be able to react differently to claims of errors, and potentially could avoid taking more significant action with respect to such claims.