Codify Use of Return Reason Code R17

This rule will explicitly allow, but not require, an RDFI to use R17 to return an entry that it thinks is fraudulent.

• Such use is optional and at the discretion of the RDFI.
• The rule retains the current requirement to include the descriptor QUESTIONABLE in the return addenda record for such use.
• The amendment is intended to improve the recovery of funds originated due to fraud.

Some RDFIs already may be able to identify an ACH entry that is fraudulent and want to return the entry on this basis.

• There currently is no defined Return Reason Code for this use.
  • Unauthorized reasons are based on a customer contact, dispute or claim.
• The Rules provide for using the return code that most closely approximates the reason for the return.
  • Nacha guidance has been that R17 is likely the closest return code for incidents of potential fraud.

This new Rule also includes references to a newly defined term, False Pretenses:

• the inducement of a payment by a Person misrepresenting (a) that Person’s identity, (b) that Person’s association with or authority to act on behalf of another Person, or (c) the ownership of an account to be credited.”

This definition covers common fraud scenarios such as Business Email Compromise (BEC), vendor impersonation, payroll impersonation, and other payee impersonations, and complements language on “unauthorized credits” (account takeover scenario).  It does not cover scams involving fake, non-existent or poor-quality goods or services.

Expanded Use of ODFI Request for Return/R06

This rule expands the permissible uses of the Request for Return to allow an ODFI to request a return from the RDFI for any reason.

• The ODFI would still indemnify the RDFI for compliance with the request.
• Compliance by the RDFI would remain optional.
• An RDFI’s only obligation to the ODFI would be to respond to the ODFI’s request.
  • Regardless of whether the RDFI complies with the ODFI’s request to return the Entry, the RDFI must advise the ODFI of its decision or the status of the request within ten (10) banking days of receipt of the ODFI’s request.
• This rule is intended to improve the recovery of funds when fraud has occurred.

Additional Funds Availability Exceptions

This rule provides RDFIs with an additional exemption from the funds availability requirements to include credit entries that the RDFI suspects are originated under false pretenses.

• The additional exemption provides RDFIs with a tool under the Rules regarding questionable entries.
• RDFIs are still subject to requirements under Regulation CC for funds availability.
• The rule is intended to improve the recovery of funds when fraud has occurred.
• The rule is not intended to otherwise alter an RDFI’s obligation to promptly make funds available as required by the Rules.  An RDFI cannot delay funds availability because it has not screened an ACH credit; but it can delay funds availability if its fraud detection processes and procedures identifies a flag.

Currently, the Nacha Rules provide RDFIs with an exemption from funds availability requirements if the RDFI reasonably suspects the credit entry was unauthorized.

• This exemption encompasses cases of account takeovers, in which a party that is not the Originator is able to initiate an ACH credit from the Originator’s account.

This new Rule also includes references to a newly defined term, False Pretenses:

• the inducement of a payment by a Person misrepresenting (a) that Person’s identity, (b) that Person’s association with or authority to act on behalf of another Person, or (c) the ownership of an account to be credited.”

This definition covers common fraud scenarios such as Business Email Compromise (BEC), vendor impersonation, payroll impersonation, and other payee impersonations, and complements language on “unauthorized credits” (account takeover scenario).  It does not cover scams involving fake, non-existent or poor-quality goods or services.

Timing of Written Statement of Unauthorized Debit (WSUD)

This rule will allow a WSUD to be signed and dated by the Receiver on or after the date on which the Entry is presented to the Receiver (either by posting to the account or by notice of a pending transaction), even if the debit has not yet been posted to the account.

• Through digital notifications and alerts, a consumer may be able to report an unauthorized debit prior to the debit posting to his or her account.
• Allowing such a debit to post after being reported may cause harm to the Receiver.

When a consumer account holder notifies an RDFI of an unauthorized debit, the RDFI must obtain a signed Written Statement of Unauthorized Debit (WSUD) to return the debit.

• The current Rules require that the WSUD be dated on or after the Settlement Date of the Entry.

This rule is intended to improve the process and experience when debits are claimed to be unauthorized.

The amendment does not otherwise change the requirement for an RDFI to obtain a consumer’s WSUD.

RDFI Must Promptly Return Unauthorized Debit

This amendment will require that when returning a consumer debit as unauthorized in the extended return timeframe, the RDFI must do so by the opening of the sixth Banking Day following the completion of its review of the consumer’s signed WSUD.

• The amendment is intended to improve the recovery of funds and reduce the incidence of future fraud.
• The prompt return of an unauthorized debit alerts an ODFI and an Originator to a potential problem.
• This is also true in first-party fraud schemes in which the party who disputes the debit Entry is the same party who benefits from the original entry.
• A prompt return supports controls that an Originator may have enabled, such as a hold on funds or delayed shipment of merchandise.
• This amendment does not change reasons or requirements for obtaining a Written Statement of Unauthorized Debit.

Quick responses can be significant when responding to fraud. In the days immediately following posting of an unauthorized debit Entry, any delay in processing a return may expose the ODFI or Originator to additional risk.