Nacha News

Nacha creates broadly adopted payment and financial messaging rules and standards through consensus-led governance, international collaboration, and innovative development practices. We continually advance the ubiquitous ACH Network and engage diverse stakeholders to accelerate a digital future of global financial services interoperability.

Sign up for Press Releases Sign up for Blog Posts

ACH Operations Bulletin: Unlawful Internet Gambling Transactions

For Distribution to Participating Depository Financial Institutions, Gateway Operators and Third-Party Processors 

This ACH Operations Bulletin describes the obligations of participants in the ACH Network under a new regulation implementing the Unlawful Internet Gambling Enforcement Act, which were issued on November 12, 2008 by the Federal Reserve Board and the U.S. Department of the Treasury (the “Regulation”). The Regulation requires non-exempt participants in the ACH Network to establish and implement written policies and procedures reasonably designed to identify and block or otherwise prevent or prohibit restricted, unlawful Internet gambling transactions. The Regulation is effective January 19, 2009, with compliance mandatory by December 1, 2009.

All participants in the ACH Network are exempt from the Regulation’s requirement to establish such written policies and procedures except for (1) the Originating Depository Financial Institution (“ODFI”) of a domestic ACH debit; (2) the Receiving Depository Financial Institution (“RDFI”) of a domestic ACH credit; (3) the receiving gateway operator[2] that receives instructions from a non-U.S. sender for an ACH debit; and (4) certain third party processors. A non-exempt third party processor is (a) a service provider that has a direct relationship with the commercial customer to initiate a domestic ACH debit; (b) a service provider that has a direct relationship with the commercial customer to receive the proceeds of a domestic ACH credit on behalf of the last depository institution to handle the ACH credit; and (c) the first service provider in the U.S. to receive the debit instructions initiated by a foreign sender. In all cases, the non-exempt participant is a commercial customer’s financial institution or processor, and not an individual consumer’s (gambler’s) financial institution.

These non-exempt participants must establish and implement written policies and procedures reasonably designed to identify and block or otherwise prevent or prohibit unlawful Internet gambling transactions. The policies and procedures should be tailored to the non-exempt participant’s business and may be different for different business lines of a non-exempt participant. The Regulation provides certain non-mandatory examples of policies and procedures that would comply with the Regulation, if adopted by the non-exempt ACH Network participant.

Specifically, for ODFIs, RDFIs and non-exempt third party processors in connection with domestic ACH credits and debits, the implementation of procedures that include the following would comply with the Regulation: (a) methods of conducting due diligence of each commercial customer at account opening to gain a basic understanding of its business and the risk of restricted transactions presented by that business, (b) methods of conducting due diligence to confirm that the Internet gambling transactions of a commercial customer are not unlawful when the participant has “actual knowledge” that a commercial customer participates in an Internet gambling business; and (c) procedures to be followed when the participant has “actual knowledge” that the commercial customer has originated or received a restricted, unlawful Internet gambling transaction via an ACH debit or credit.

For gateway operators and non-exempt third party processors that receive instructions to originate an ACH debit from a foreign sender, the procedures that are needed to comply with the Regulation are less prescriptive than those for domestic ACH payments. Specifically, the gateway operator may implement procedures to be followed, such as sending notification to the foreign sender, if the non-exempt participant has “actual knowledge,” based on notice from a government entity, that it has received instructions for a restricted transaction.

Like the underlying law, the Regulation does not identify which Internet gambling activities are legal or illegal. Rather, the Regulation states that “Unlawful Internet gambling means to place, receive or otherwise knowingly transmit a bet or wager by any means which involves the use, at least in part, of the Internet where such bet or wager is unlawful under any applicable Federal or State law in the State or Tribal lands in which the bet or wager is initiated, received or otherwise made.” The Regulation includes examples of acceptable due diligence for confirming whether Internet gambling activities are illegal.

Block” means to “reject a particular transaction before or during processing, but does not require freezing or otherwise prohibiting subsequent transfers or transactions regarding the proceeds or account.”

Actual knowledge” includes information regarding a particular transaction or commercial customer that is known by or brought to the attention of (a) the participant’s compliance personnel responsible for that transaction or customer; or (b) any officer of the participant.


Questions about this ACH Operations Bulletin should be submitted via 


[1] This ACH Operations Bulletin is for information purposes only and is not intended to provide legal advice. Readers should seek advice from professional advisors with regard to their obligations under the Regulation. The complete text of Regulation GG can be found at 12 C.F.R. Parts 132 and 233 or accessed online.
[2] Effective September 18, 2009 with the rules for International ACH Transactions (IAT), such entities will be defined as “Gateway Operators.”