ACH Network Risk and Enforcement Topics

This Rule will improve the overall quality of the ACH Network by reducing the incidence of returned Entries and the associated costs, both financial and reputational, that such returned Entries impose on the ACH Network and its participants. The approach to reducing risk with this Rule is multi-fold, as described by the various topics below. These changes are also expected to increase customer satisfaction with the ACH Network by reducing the volume of transactions subject to customer disputes.

Detail Icon

Detailed Information

Topic 1- Reducing the Unauthorized Return Rate Threshold ​

The Rule will reduce the current return rate threshold for unauthorized debit Entries (Return Reason Codes R05, R07, R10, R29, and R51) from 1.0 percent to 0.5 percent. This revised threshold is still more than 16 times higher than the average Network return rate of 0.03 percent for unauthorized debit Entries for calendar year 2013. NACHA believes that unauthorized debit returns at 0.5 percent would still indicate problematic origination practices, and therefore would be a useful tool to enable NACHA to focus on outliers of poor quality origination activity.

The Rule will not change any of the existing risk investigation or enforcement processes related to the unauthorized return rate threshold. An ODFI that has an Originator or Third-Party Sender that breaches the lower threshold would be subject to the same obligations and potential enforcement as currently set forth in the Rules for the existing return rate threshold for unauthorized debits. 

Topic 2- Establishing Inquiry Process For Administrative and Overall Return Rate Levels 

The Rule will establish an inquiry process that will provide NACHA with a preliminary evaluation point to research the facts behind an Originator’s ACH activity. Preliminary research, as part of the inquiry process, begins when any Originator exceeds the established administrative return rate or overall return rate level. The review process involves eight steps, and includes an opportunity for NACHA and an industry review panel to review an Originator’s ACH activity prior to any decision to require a reduction in a return rate. The inquiry process does not automatically trigger a Rules enforcement activity.

The established administrative return rate level of 3.0 percent would apply to debit entries returned due to administrative or account data errors (Return Reason Codes R02, R03 and R04). This level is more than 9 times higher than the industry average ACH Network debit return rate for account data errors of 0.33 percent in 2013. This breakpoint would be a useful tool to enable NACHA to look more closely at an Originator’s or Third-Party Sender’s origination practices to determine whether poor origination practices are leading to high return rates that should be reduced. A return rate level above 3.0 percent will not automatically be considered a Rules violation or result in a Rules enforcement proceeding. Rather, a return rate above the level will be considered a starting point for a review of the Originator’s or Third-Party Sender’s origination activity to determine if a reduction is warranted.
 
The established overall return rate level of 15.0 percent would apply to all debit entries (excluding RCK entries) that are returned for any reason. This level is approximately 10.5 times higher than the overall industry return rate average of 1.42 percent in 2013. While some level of returns, including for funding-related issues such as insufficient funds, may be unavoidable, excessive total returns also can be indicative of problematic origination practices.

As with the administrative return rate level, a level of 15 percent would be a useful tool to enable NACHA to look more closely at an Originator’s or Third-Party Sender’s origination practices to determine whether poor origination practices are leading to high return rates that should be reduced. The Rule sets the return rate level at a point that is not so high that it fails to identify unnecessarily high-risk Origination practices, nor so low that it identifies many businesses in industries that experience higher than normal return rates as a matter of course but that otherwise would not be considered problematic.
 
Topic 3 - Reinitiation of Entries 

Reinitiation is the method permitted in the Rules by which a Returned Entry may be resubmitted. 

In July 2013, NACHA issued ACH Operations Bulletin #3-2013 titled “Reinitiation of Returned Debit Entries” in an attempt to clarify that various types of Entries used by such Originators are indeed “reinitiated” Entries and therefore already are restricted, and in some cases prohibited, by the existing Reinitiation Rule. Nonetheless, in order to leave no ambiguity in this regard, the Rule formally incorporates into the Rules several clarifying changes to the Reinitiation Rule consistent with the principles set forth in ACH Operations Bulletin #3-2013.
 
Most fundamentally, Subsection 2.12.4 of the Rules implicitly prohibits the reinitiation of Entries outside of the express limited circumstances under which they are permitted under the Rules. The Rule makes this prohibition explicit. 
 
Consistent with ACH Operations Bulletin #3-2013 “Reinitiation of Returned Debit Entries,” the Rule requires a reinitiated Entry to contain identical content in the following fields: Company Name, Company ID, and Amount. Further, the rule permits modification to other fields only to the extent necessary to correct an error or facilitate processing of an Entry. This change will allow reinitiations to correct administrative errors, but prohibit reinitiation of Entries that may be attempts to evade the limitation on the reinitiation of returned Entries by varying the content of the Entry.
 
Finally, the Rule addresses two technical issues associated with the Reinitiation Rule. First, the ODFI would be required to include the description “RETRY PYMT” in the Company Entry Description field to identify Entries that are permissible resubmissions of Returned Entries under the Reinitiation Rule. Use of this description in the field would notify the Receiver that the Entry relates to a previously Returned Entry, and will facilitate research and dispute resolution for RDFIs. Second, there is not currently a separate Return code for an RDFI to indicate when an Entry is being returned for a violation of the Reinitiation Rule. The Rule will allow such returns to use Return Code R10 (currently used for Extended Returns) to include a Return for a violation of the Reinitiation Rule, since most violations of the Reinitiation Rule are likely to be identified via a customer complaint after the expiration of the “two-day” return timeframe (i.e., an extended return timeframe would be necessary). In order to use R10 and the extended return timeframe, the RDFI will need to obtain a Written Statement of Unauthorized Debit.

 

Topic 1- Reducing the Unauthorized Return Rate Threshold 

The new rule will make the following changes to the Rules regarding the Unauthorized Return Rate Threshold

  • Article Two, Subsection 2.17.2.1 (ODFI Return Rate Reporting Regarding an Originator’s or Third-Party Sender’s Unauthorized Entry Return Rate): creates new subsection heading and modifies text that is specific to the unauthorized Entry return rate
  • Article Two, Subsection 2.17.2.2 (Additional ODFI Action and Reporting When the Unauthorized Entry Return Rate Threshold is Exceeded): creates new subsection heading and modifies text that is specific to the unauthorized Entry return rate
  • Article Two, Subsection 2.17.2.3 (ODFI Reduction of Unauthorized Entry Return Rate): creates new subsection heading and modifies text that is specific to the unauthorized Entry return rate
  • Article Eight, Section 8.105: creates a new definition for "Unauthorized Entry Return Rate Threshold"
Topic 2- Establishing Inquiry Process For Administrative and Overall Return Rate Levels 

The new rule will make the following changes to the Rules regarding the Inquiry Process for Administrative and Overall Return Rate Levels

  • Article Two, Subsection 2.17.2.4 (ODFI Return Rate Reporting Regarding an Originator’s or Third-Party Sender’s Administrative Return Rate or Overall Return Rate): establishes new subsection on ODFI response to a NACHA written request for information
  • Article Two, Subsection 2.17.2.5 (Additional ODFI Action and Reduction of Administrative Return Rate and/or the Overall Return): establishes new subsection on ODFI response to a written directive to lower a return rate
  • Article Two,  Subsection 2.17.2.6 (ODFI Reduction of Administrative or Overall Return Rate): establishes new subsection with timeframes within which and ODFI must lower return rates
  • Article Eight, Section 8.89: creates a new definition for “Return Rate Level”
  • Appendix Ten, Subpart 10.2.1 (National Association Request for Information): broadens text to include reference to Return Rate Levels and National Association use of information from RDFIs
  • Appendix Ten, Subpart 10.2.2.1 (National Association May Initiate an Inquiry Regarding an Administrative Return Rate or an Overall Return Rate): creates new subpart to discuss inquiry procedure
  • Appendix Ten, Subpart 10.4.3 (Submission Requirements for Rules Enforcement Proceedings Initiated by the National Association): modifies text to include address submission requirements under new procedure
Topic 3 - Reinitiation of Entries 

The Reinitiation Rule on will make the following changes to the Rules:

  • Article Two, Subsection 2.12.4.1 (General Rule for Reinitiated Entries): creates a new subsection to specifically define a Reinitiated Entry
  • Article Two, Subsection 2.12.4.2 (Formatting Requirements for Reinitiated Entries): creates a new subsection to address the specific formatting of the Company Description Field for Reinitiated Entries
  • Article Two, Subsection 2.12.4.3 (Improper Reinitiation Practices): creates a new subsection to address Improperly Reinitiated Entries
  • Article Three, Subsection 3.12.4 (Improperly Reinitiated Debit Entries): adds new subsection regarding Reinitiated Entries
  • Article Three, Subsection 3.12.5 (RDFI Must Accept Written Statement of Unauthorized Debit): adds a new item (e) for Reinitiated Entries
  • Article Eight, Subsection 8.78 (“Reinitiated Entry” or “Reinitiation” or  “Reinitiate”): establishes definitions for terms related to Reinitiated Entries
  • Appendix One, Part 1.2 (Data Specifications for ACH Records): adds “RETRY PYMT” to the list of field contents for the Company Entry Description
  • Appendix Three, Subpart 3.2.2 (Glossary of Data Elements): adds  “RETRY PYMT” to the list of field contents for the Company Entry Description
  • Appendix Four, Part 4.2 (Table of Return Reason Codes): modifies Return Reason Code R10 to include Improperly Reinitiated Entries
  • Appendix Ten, Subpart 10.4.6.2 (Responsibilities of Enforcement Panel): includes a new ACH Rules Enforcement Panel responsibility related to Reinitiated Entries
 

Topic 1- Reducing the Unauthorized Return Rate Threshold 

All Participants: NACHA expects all ACH Network participants to benefit from the reduction of the return rate threshold for unauthorized debit entries. 

ODFIs: ODFIs should already have monitoring in place regarding their Originators and Third-Party Senders unauthorized debit return rates.

Originators and Third Party Senders: Originators and Third-Party Senders with unauthorized debit return rates above the new threshold may be required by their ODFIs, and, in the case of some Originators, their Third-Party Senders, to take action to reduce their return rate, and will incur costs in doing so.

Topic 2- Establishing Inquiry Process For Administrative and Overall Return Rate Levels 

All ParticipantsNACHA expects all ACH Network participants to benefit from the establishment of an inquiry process to research the facts behind an Originator’s ACH activity should an Originator exceed an established administrative return or overall return rate level. The amendment is expected to encourage ODFIs to focus on reducing the number of Returns and thereby reducing the number of transactions entering the ACH Network that result in exceptions and returns. Finally, all ACH Network participants should benefit from the ability of NACHA and the ACH Operators to collectively monitor returns at the Network level.

ODFIs: ODFIs should already have monitoring in place regarding their Originators and Third-Party Senders return rate levels. Some ODFIs may incur costs to develop and implement policies and procedures related to the new return rate levels. Finally, some ODFIs may incur costs associated with replying to information requests from NACHA.

Originators and Third Party Senders: Originators and Third-Party Senders with return rates above the new levels may be required by their ODFIs, and, in the case of some Originators, their Third-Party Senders, to take action to reduce their return rates, and will incur costs in doing so.

RDFIs: RDFIs will benefit from a reduction in the number of transactions that cause exceptions and returns, with an attendant reduction in the cost of processing such returns, the cost of Regulation E dispute resolution compliance, and the cost of responding to customer complaints (call centers, branches, and online customer service).  Further, RDFIs are often unfairly blamed for these transactions, so a reduction in these transactions also would reduce the reputational harm RDFIs suffer.

Topic 3 - Reinitiation of Entries

All Participants: NACHA expects all ACH Network participants to benefit from the reduction of the return rates associated with reinitiated Entries. These changes are expected to provide clarity to ODFIs with respect to the existing limitations and qualifications on reinitiations, thereby reducing the number of returned reinitiated Entries. 

ODFIs: Although the rules are consistent with NACHA’s interpretation of the existing reinitiation Rule, some ODFIs, particularly those with practices that do not comply with the limitation on and requirements for reinitiating returned Entries, are likely to incur additional costs associated with the development and implementation of better policies and procedures to ensure compliance with the Rules. ODFIs will incur some cost in modifying systems to include the “RETRY PYMT” description in Reinitiated Entries.

Originators and Third Party Senders: Originators and Third-Party Senders whose practices do not comply with the limitations on and requirements for reinitiating returned Entries are likely to incur additional costs associated with the development and implementation of better policies and procedures to ensure compliance with the Rules. Originators will incur some cost in modifying systems to include the “RETRY PYMT” description in Reinitiated Entries.

RDFIs: RDFIs will benefit from a reduction in the number of improperly reinitiated Entries and from clarification of the means by which such Entries may be returned. RDFIs’ consumer Receivers will be provided with the Entry description that the Entry is a “Retry” at collecting the payment. RDFIs will benefit from a reduction in the cost of processing such returns, the cost of Regulation E dispute resolution compliance, and the cost of responding to customer complaints (call centers, branches, and online customer service). RDFIs’ stop payment systems should be aided by information within reinitiation Entries that is required to be identical to the information in the original Entry.

 

Unauthorized Return Rate Threshold

Q1: What is the new Unauthorized Return Rate Threshold?

  • This rule reduces the return rate threshold for unauthorized debit entries from 1.0 percent to 0.5 percent. All other aspects of the Rules regarding the Unauthorized Return Rate Threshold remain the same.

Q2: What return codes are included in the Unauthorized Return Rate Threshold?

  • The Unauthorized Return Rate Threshold covers Return Reason Codes R05, R07, R10, R29, and R51.

Q3: What SEC Codes are included?

  • Unauthorized Return Rate Threshold covers debits using any SEC Code. It does not apply to credits returned as unauthorized. 

Q4: Does this rule change NACHA’s current risk investigation and enforcement processes?

  • No, the rule does not change any of NACHAs existing risk investigation or enforcement processes related to the Unauthorized Return Rate Threshold.

Q5: How is an unauthorized return rate calculated?

  • The Rules allow two methods to calculate an unauthorized return rate:
  1. Dividing the number of debit Entries returned as unauthorized for the preceding sixty days or two calendar months by the total number of debit Entries contained within the ACH File(s) in which the original Entries were transmitted; or 

  2. Dividing the number of debit Entries returned as unauthorized for the preceding sixty days or two calendar months by the total number of debit Entries originated for the preceding sixty days or two calendar months, respectively. 


New Preliminary Inquiry Process for Administrative and Overall Return Rate Levels

Q6: What is the new preliminary inquiry process?

  • When an Originator or Third-Party Sender is identified as being above one of the new Return Rate Levels, NACHA would utilize this new preliminary inquiry process to review the facts and circumstances of that organization’s ACH origination activity, rather than going directly into enforcement.

Q7: Why is it called “preliminary”?

  • It is called “preliminary” because it is a new step taken prior to the beginning of an enforcement action, if one is started at all. The outcome of a preliminary inquiry could be that a review is closed with no enforcement action.

Q8: What are the new Return Rate Levels?

  • The rule establishes two new Return Rate Levels, which allow for the preliminary inquiry process:
  1. A Return Rate Level of 3.0 percent will apply to debit entries returned due to administrative or account data errors (Return Reason Codes R02, R03 and R04).

  2. A Return Rate Level of 15.0 percent will apply to all debit entries (excluding RCK entries) that are returned for any reason.  

Q9: How is a Return Rate “Level” different than the Return Rate “Threshold” for unauthorized debits?

  • The most significant difference is that a return rate above a Return Rate Level will not be considered automatically as a violation of the Rules. Instead, a return rate above a Return Rate Level allows for a preliminary inquiry into an Originator’s or Third-Party Sender’s ACH origination practices and activity. The inquiry process may ultimately lead to a directive from an industry review panel to reduce a return rate, but only after dialogue and exploration of facts.

Q10: What return codes are included in the Return Rate Levels?

  • The Administrative Return Rate Level applies to Return Reason Codes R02, R03 and R04.  This return rate level does not apply to returned credit entries.

  • The Overall Return Rate Level applies to all Return Reason Codes for all debit entries (excluding RCK entries).  This return rate level does not apply to returned credit entries.

Q11: Are pre-notifications included in the Return Rate Levels? 

  • Yes. Prenotes with debit transaction codes are included in the monitoring and return rate calculations for Return Rate Levels.  If a prenote is being used as intended, then if it is returned using Return Reason Codes R02, R03 or R04, that would prevent a subsequent live transaction from being returned.  This likely would have no material effect on the calculation of a return rate.

Q12: Why are RCK entries excluded?

  • RCK Entries are excluded because, by definition, an RCK is a representment of a check payment that has already been returned for insufficient funds. This makes establishing a valid return rate level impractical.

Q13: How is an administrative return rate or an overall return rate calculated?

  • The Rule provides two methods to calculate an administrative return rate or an overall return rate. 
  1. Dividing the number of debit Entries returned either for administrative reasons (Return Reason Codes R02, R03 and R04 when calculating the Administrative Return Rate) or for any reason (when calculating the Overall Return Rate) for the preceding sixty days or two calendar months, by the total number of debit Entries contained within the ACH File(s) in which the original Entries were Transmitted (when calculating the Overall Return Rate, RCK Entries and Returns may be excluded from both the numerator and denominator); or 

  2. Dividing the number of debit Entries returned either for administrative reasons (Return Reason Codes R02, R03 and R04 when calculating the Administrative Return Rate) or for any reason (when calculating the Overall Return Rate) for the preceding sixty days or two calendar months, by the total number of debit Entries originated for the preceding sixty days or two calendar months, respectively (when calculating the Overall Return Rate, RCK Entries and RCK Returns may be excluded from both the numerator and denominator). 

Q14: Does exceeding a Return Rate Level constitute a Rules violation?

  • No, the identification of an Originator or Third-Party Sender with a return rate that is higher than the respective return rate level would not be automatically considered as a violation of the Rules. Instead, a return rate above a Return Rate Level allows for a preliminary inquiry into an Originator’s business or ACH practices.

Q15: Does this rule change NACHA’s current risk investigation and enforcement processes?

  • Yes, specifically for the Return Rate Levels, there would be a preliminary inquiry process used rather than automatically beginning a Rules enforcement proceeding.  The identification of an Originator or Third-Party Sender may lead to a review of its business or ACH origination practices and activity. The inquiry process is an opportunity for the ODFI to present, and for NACHA to consider, specific facts related to the Originator’s or Third-Party Sender’s ACH origination practices and activity. At the conclusion of the preliminary inquiry, NACHA may determine that no further action is required, or may recommend to an industry review panel that the ODFI be required to reduce the Originator’s or Third-Party Sender’s overall or administrative return rate below the Return Rate Level 

Q16: What is the industry review panel?

  • The industry review panel is composed of ACH experts from large and small financial institutions, Regional Payments Associations, and the ACH Operators. The panel meets regularly to review specific risk or enforcement cases.

Q17: As an ODFI, do I need to reduce an Originator’s return rate below 15 percent?

  • The rule does not automatically require an ODFI to reduce an Originator’s return rate below 15 percent; as such, it is meant to be flexible in accounting for differing needs of a variety of businesses. The rule would require an ODFI to reduce an Originator’s return rate below 15 percent if directed to do so by the industry review panel.

  • As an ODFI, you should determine how you monitor an Originator’s return rates, and the return rates or changes in return rates that constitute red flags. As an ODFI, you should recognize that for specific Originators or Third-Party Senders with return rates above the Return Rate Levels, you might be subject to the preliminary inquiry process.  You should consider what you would present as facts and documentation related to the review criteria defined in the rule, should you ever be asked to do so by the industry review panel.

Q18: Does exceeding a Return Rate Level cause an immediate fine?

  • No. The identification of an Originator or Third-Party Sender with a return rate that is higher than the respective Return Rate Level would not automatically cause the assessment of a fine. Fines are a possible outcome only at the conclusion of an enforcement proceeding.

Q19: Who decides fines?

  • In all cases, the industry review panel is the final authority in deciding and assessing fines for violations of the NACHA Rules.

Q20: What factors will the industry review panel consider in determining whether to direct an ODFI to reduce an Originator’s return rate?
 

  • ​In reviewing the results of a preliminary inquiry, the industry review panel can consider a number of factors, such as:

  1. The total volume of forward and returned debit Entries;
  2. The return rate for unauthorized debit Entries;
  3. Any evidence of Rules violations, including the rules on reinitiation;
  4. Any legal investigations or regulatory actions;
  5. The number and materiality of consumer complaints;
  6.  Any other relevant information submitted by the ODFI.

Q21: Will the Rule impact low-volume Originators?

  • The Return Rate Levels are intended not to disproportionately impact very low-volume Originators. “Low volume” is a defined circumstance in the existing process that the industry review panel can take into consideration when determining whether to assess a fine for a Rules violation. In addition, an Originator’s “total volume” would be a defined factor in the new inquiry process that can be considered prior to determining whether to require an ODFI to reduce the Originator’s return rate. Through these mechanisms, NACHA thinks that low-volume Originators currently are, and would continue to be, largely excluded from being encompassed within these processes except for the most egregious cases.

Q22: Does this Rule ban any industries from using the ACH Network?

  • No. The Rule does not ban the use of the ACH Network by any industry or any specific businesses. The Rule provides tools for identifying “outlier” Originators that cause a disproportionate levels and exceptions, and also provides for an inquiry into their ACH origination practices rather than an automatic rules enforcement sanction. 

Q23: Does the Rule identify high-risk industries?

  • No. The return rate levels are not industry-based. They are designed to be tools in identifying “outlier” Originators regardless of the industry.
Reinitiation of Entries

Q24: What fields in the reinitiated entry should not change from the original entry?

  • Consistent with ACH Operations Bulletin #3-2013 “Reinitiation of Returned Debit Entries,” the Rule requires a reinitiated Entry to contain identical content in the following fields:  Company Name, Company ID, and Amount. Further, the Rule permits modification to other fields only to the extent necessary to correct an error or facilitate processing of an Entry. This allows reinitiations to correct administrative errors, but prohibits reinitiation of Entries that may be attempts to evade the limitation on the reinitiation of returned Entries by varying the content of the Entry.

Q25: Are there other formatting requirements for a reinitiated entry?

  • The ODFI is required to include the description “RETRY PYMT” in the Company Entry Description field to identify Entries that are permissible resubmissions of Returned Entries under the Reinitiation Rule. Use of this description in the field notifies the Receiver that the Entry relates to a previously Returned Entry, and will facilitate research and dispute resolution for RDFIs.

Q26: What if I need to re-initiate an entry that already has content in the Company Entry Description? Do I still need to include “RETRY PYMT”?

  • Yes, the “RETRY PYMT” descriptor must be included in the reinitiated entry even if that means replacing content from the original entry.

Q27: Does a reinitiated entry have to be the same amount as the original entry?

  • Yes, reinitiating any entry in an amount greater or less than the original entry would be considered an improper reinitiation practice.

Q28: If a returned debit is one in a series of recurring debits, would initiating the following debit(s) be considered reinitiation?

  •  No, the Rule allows that a debit Entry in a series of preauthorized recurring debit Entries will not be treated as a reinitiated Entry, even if the subsequent debit Entry follows a returned debit Entry, as long as the subsequent Entry is not contingent upon whether an earlier debit Entry in the series has been returned. 

Q29: If an entry is returned as unauthorized, can it be re-initiated?

  • No, an unauthorized debit cannot be remedied. Reinitiating any entry that was returned as unauthorized would be considered an improper reinitiation practice. The Rule allows that a debit Entry will not be considered a reinitiation if the Originator obtains a new authorization for the debit Entry after the receipt of the return. The timing requirement is important, however, since Originators will not be permitted to obtain advance approval to debit an account in a manner that would otherwise violate this Reinitiation Rule.

Q30: Who decides if there has been an attempted evasion of the limitations on reinitiation?

  • The industry review panel has the final authority in deciding whether a specific case involves attempted evasion of the limitations on reinitiation.

Q31: What return reason code should be used to return improperly re-initiated entries?

  • The Rule allows these returns to use Return Code R10 (currently used for Extended Returns) to include a Return for an improperly reinitiated debit, because these debits are likely to be identified via a customer complaint after the expiration of the normal two-day return timeframe (i.e., an extended return timeframe would be necessary). In order to use R10 and the extended return timeframe, the RDFI needs to obtain a Written Statement of Unauthorized Debit.

  • The Rule does not create any new risk management obligations for Third-Party Senders. The Rule clarifies and makes explicit existing risk management obligations. The Rule does obligate a Third-Party Sender to cooperate with its ODFI for the purpose of providing a valid proof of completion of a Rules compliance audit, when requested.