Meaningful Modernization

Effective Date

Rule Status

Rule Status

The overarching purpose of these rules is to improve and simplify the ACH user-experience by

  • Facilitating the adoption of new technologies and channels for the authorization and initiation of ACH payments

  • Reducing barriers to use of the ACH

  • Providing clarity and increasing consistency around certain ACH authorization processes; and

  • Reducing certain administrative burdens related to ACH authorizations

The rule will become effective September 17, 2021.

 

Details

Details

Standing Authorization

This rule will define a “Standing Authorization”

  • A Standing Authorization will be defined as an advance authorization by a consumer of future debits at various intervals

  • Under a Standing Authorization, future debits may be initiated by the consumer through some further action, as distinct from recurring entries which require no further action and occur at regular intervals

In addition to defining a Standing Authorization, other aspects of the rule include:

  • A Standing Authorization may be obtained in writing or orally (Oral Authorizations)

  • Individual payments initiated based on the Standing Authorization will be defined as Subsequent Entries

  • Individual Subsequent Entries may be initiated in any manner identified in the Standing Authorization

This rule also will allow Originators some flexibility in the use of SEC codes for individual Subsequent Entries

  • Allows an Originator to use the TEL or WEB codes for Subsequent Entries when initiated by either a telephone call or via the Internet/wireless network, respectively, regardless of how the Standing Authorization was obtained

  • In such cases, the Originator will not need to meet the authorization requirements of TEL or WEB, but will need to meet the risk management and security requirements associated with those codes

Oral Authorization

This rule will define and allow “Oral Authorization” as a valid authorization method for consumer debits distinct from a telephone call

  • Currently, only the TEL transaction type has requirements and addresses risks specific to an oral authorization; but it is specific to a telephone call

  • Many newer methods and channels make use of verbal interactions and voice-related technologies

Other Authorization Proposals

In conjunction with the other authorization rules (Standing Authorizations and Oral Authorizations), this Rule includes other modifications and re-organizations of the general authorization rules for purposes of clarity, flexibility and consistency

Clarity

  • Re-organizes the general authorization rules to better incorporate Standing Authorizations, Oral Authorizations, and other changes described below

  • Defines “Recurring Entry” to complement the existing definition of Single Entry and the proposed new definition of Subsequent Entry, and align with terms in Regulation E

Flexibility

  • Explicitly states that authorization of an ACH payment by any method allowed by law/regulation

  • Only consumer debit authorizations require a writing that is signed or similarly authenticated

Consistency

  • Applies the standards of “readily identifiable” and “clear and readily understandable terms” to all authorizations

  • For all consumer debit authorizations, applies the minimum data element standards that are currently stated only in the TEL rules (i.e., what will be in a consumer authorization)

Alternative to Proof of Authorization

This Rule will allow an ODFI to agree to accept the return of an entry as an alternative to providing proof of authorization

  • Example – An RDFI requests proof of authorization for a PPD debit; the ODFI will have the option within 10 banking days to either provide proof or agree to accept a return. If the ODFI chooses to accept the return, the RDFI will have 10 banking days to make that return

In situations in which the ODFI has accepted, or agreed to accept, a return in lieu of providing proof of authorization, but the RDFI still needs such proof, the RDFI will still retain the ability to obtain it from the ODFI. The ODFI must provide proof within 10 banking days of the RDFI’s subsequent request

  • Example – After an ODFI and RDFI agree on the return of a debit, the RDFI needs to obtain the proof of authorization as part of litigation

Written Statement of Unauthorized Debit via Electronic or Oral Methods

This Rule clarifies and makes explicit that an RDFI may obtain a consumer’s Written Statement of Unauthorized Debit (WSUD) electronically or orally

  • The same formats/methods permissible for obtaining a consumer debit authorization are permissible for obtaining a consumer’s statement of unauthorized debit

  • Although these formats/methods for obtaining a WSUD are not prohibited by the current Rules, there is confusion in the marketplace today; an explicit reference that they are permissible will increase the industry’s consideration of them

An additional clarification will be made that a consumer is permitted to sign a WSUD with an Electronic Signature

Technical

Technical

These rule amendments includes changes to the following sections of the Nacha Operating Rules.

Article Two

  • Section 2.3 Authorization and Notice of Entries
  • Section 2.4 General Warranties and Liabilities of ODFIs
  • Section 2.5 Provisions for Specific Types of Entries (TEL and WEB subsections)

Article Three

  • Section 3.12 Written Statement of Unauthorized Debit

Article Eight definitions

Appendix Three – ACH Record Format Specifications

Appendix Four – Return Entries

Summary of Implementation Impacts 

Impact

Impact

Benefits


Standing Authorization

  • The rule will make it easier to use ACH payments in many situations

    • Enables the authorization and initiation of ACH payments across a broader set of business models, including the ability to switch among various technologies and channels

    • Provides some flexibility in the use of certain consumer SEC Codes (among PPD, TEL, and WEB) to better accommodate variations in Originator’s practices and systems

    • Provides a clearer understanding of what will be included in an authorization in scenarios that aren’t addressed in existing rules for single and recurring entries

    • Provides an authorization framework under which Originators can add new payment initiation methods and channels


Oral Authorization

  • This rule will expand the use of oral authorizations for consumer ACH payments, without changing how existing TEL transactions are currently used and authorized

  • It will also accommodate new technologies and channels for conducting commerce and initiating payments that make use of use voice commands and interactions

  • The rule clarifies the use of SEC Codes and risk management requirements related to oral authorizations


Other Authorization Proposals

  • Overall, this Rule is intended to improve the clarity and consistency of authorization requirements and methods, while providing some additional flexibility for authorizations for ACH payments other than consumer debits

  • Better clarity and consistency ultimately will lead to easier and better understanding of the Rules

  • Less ambiguity and better understanding of the authorization rules will improve the quality of authorizations


Alternative to Proof of Authorization

  • This Rule will reduce an administrative burden on ODFIs and their Originators for providing proof of authorization in every instance in which it is requested by an RDFI

  • By allowing an alternative, the rule will reduce the costs and time needed to resolve some exceptions in which proof of authorization is requested

  • The rule provides some additional flexibility to parties in the ACH Network on how to handle these exception cases

Written Statement of Unauthorized Debit via Electronic or Oral Communications

  • This Rule will address an administrative burden on RDFIs and their consumer Receivers

    • Currently, anecdotal evidence suggests that the significant majority of WSUDs are still obtained by paper/wet signature

  • Accepting WSUDs electronically and or orally increases flexibility for RDFIs and can reduce administrative burdens

  • These options and increased flexibility will reduce exception costs and resolution time

  • Increased adoption of electronically and orally provided WSUDs will improve consumers’ experiences in interacting with their financial institutions

 

Impacts

Standard Authorization

  • ODFIs and Originators may choose to make use of Standing Authorizations and Subsequent Entries, but will not be required to

  • Originators that want to make use of this authorization method will need to modify or add to their authorization practices and language

  • RDFIs will experience no impacts on the receipt and posting of Entries

  • Some volume of Subsequent Entries will have a different SEC Code than under the existing rules – i.e., related to the method/channel used for payment initiation, rather than the method/channel used for authorization (for example, WEB if initiated online instead of PPD if authorized via paper)

    • Impact on the application of risk management practices specific to SEC codes

    • Impact on the tracking of SEC Code volume, returns, and return rates


Oral Authorizations

  • ODFIs and Originators may choose to make use of the expanded applicability of Oral Authorizations, but will not be required to

  • Originators that will like to make use of oral authorizations will need meet all requirements for oral authorizations

    • Will result in the storage and provision of larger numbers of oral authorizations

  • RDFIs will have no impacts to their receipt and posting of Entries

  • Some volume of existing TEL entries will migrate to WEB

    • Impact on the application of risk management practices specific to SEC codes

    • Impact on the tracking of SEC Code volume, returns, and return rates


Other Authorization Proposals

  • ODFIs and Originators will need to review authorizations regarding the standards of “readily identifiable” and “clear and readily understandable terms”

  • ODFIs and Originators will need to review consumer debit authorization language regarding the minimum data elements

  • RDFIs will have no impacts to their receipt and posting of Entries


Alternative to Proof of Authorization

  • ODFIs and their Originators that want to take advantage of this alternative will have to modify business processes

  • RDFIs will receive different responses to their requests for proof of authorization

 

Written Statement of Unauthorized Debit via Electronic or Oral Communications

  • RDFIs that want to take advantage of accepting WSUDs by electronic and oral forms need to incorporate new procedures and technology
  • RDFIs taking advantage of accepting WSUDs by electronic and oral forms need to be able to meet the requirement to provide a copy upon request

  • ODFIs who request copies of WSUDs will receive these documents in various formats

 

 

 

FAQs Section

FAQs Section
Coming soon

RFC Summary

RFC Summary

These Rules were originally proposed in a Request For Comment in February 2020

  • 92% supported the overall concepts included

  • 75% agreed that the proposals would reduce barriers to use of ACH

  • 77% agreed that the proposals would have a positive impact on the ACH Network

86% of respondents agreed with the proposal to define and enable Standing Authorizations.  In response to industry comments, the Rule includes the following additional modifications:

  1. Proof of authorization for entries initiated under a Standing Authorization - Adds language to state that proof of authorization for Standing Authorizations must include (1) a copy of the Standing Authorization, and (2) evidence of the Receiver’s affirmative action to initiate a Subsequent Entry

  2. Retention Requirements for Standing Authorizations - Specifies that an Originator must retain a copy of each Standing Authorization for 2 years following termination/revocation of the Standing Authorization; and proof that each entry was initiated by the Receiver for 2 years following the settlement date of the entry

  3. Data security requirements for Subsequent Entries – Clarifies that, where the trigger for a Subsequent Entry may involve the communication or confirmation of any banking information via an unsecured electronic network, the Originator must comply with existing security requirements of Section 1.7 (Secure Transmission of ACH Information Via Unsecured Electronic Networks)

Also in response to industry comments, this Rule identifies an optional method to indicate Entries initiated under a Standing Authorization. (review Proposed Rule language for details)

86% of respondents supported the proposal to define an Oral Authorization as a valid method for consumer debits distinct from a telephone call

91% agreed that an Oral Authorization obtained over the internet (not a telephone call) should use the WEB SEC Code

In response to industry comments, the Rule includes the following additional modifications to Oral Authorizations

Security requirements

  • Clarifies that, where the Receiver’s Oral Authorization is communicated (other than a telephone call) over an Unsecured Electronic Network, the Originator must comply with existing security requirements as defined within Section 1.7 (Secure Transmission of ACH Information Via Unsecured Electronic Networks)

Retention/Proof of Authorization requirements

  • Specifies that an Originator’s obligation for proof of authorization for an Oral Authorization is (1) the original or duplicate audio recording for a recurring entry; and (2) the original or duplicate audio recording or a copy of the written notice for single entry

83% of respondents agreed that the Other Authorization Proposals will provide better clarity and consistency to the rules on authorization. Each of the specific elements was supported by at least 83% of respondents. No significant changes have been made to the Original Proposal.

83% of respondents supported the proposal on Alternatives to Proof of Authorization. In response to industry comments on the proposal, this ballot includes the following additional modifications to proposed rule language:

  • Clarifies that the ODFI/Originator deadline to provide proof of authorization, once the RDFI confirms via a subsequent request that proof of authorization is still needed, is 10 banking days of the RDFI’s subsequent request

90% of respondents supported the proposals related to WSUD via Electronic or Oral Methods. No significant changes were made to the Original Proposal.