The National Automated Clearing House Association (NACHA), the governing body for the Automated Clearing House (ACH), is implementing new requirements in 2026 that may impact how you originate payments.

Why are they updating the rules?

In the past, only specific ACH transactions required active monitoring, but rising fraud and scam activity have prompted NACHA to broaden those expectations. The 2026 updates strengthen fraud-monitoring standards and distribute responsibility to more organizations involved in processing ACH payments.

What does this mean for me?

Phase 1: Standard Entry Descriptions – March 20, 2026

Businesses will now be required to use standard entry descriptions in their ACH entries for certain transaction types. In the Company Entry Description field, Originators must use:

• “PAYROLL” for wage, salary, and similar types of compensation-related PPD credits
• “PURCHASE” for e-commerce WEB debits (an e-commerce purchase is defined as a debit Entry authorized by a Consumer for the online purchase of goods, including recurring purchases first authorized online)

See how to apply these changes with our tutorial video.

Phase 2: Risk-Based Processes & Procedures – June 19, 2026

ACH originators must implement risk-based processes and procedures intended to identify ACH entries initiated due to fraud, including unauthorized entries and entries authorized under false pretenses. All other originators, third-party service providers, and third-party senders must implement similar fraud monitoring and compliance requirements.

Visit NACHA’s website for a complete list of upcoming rule changes.

How can I prepare?

We strongly encourage you to attend this free webinar for end-users on March 17^th for an overview of the rule changes.

1. Review and Update Your ACH Systems and Procedures

Evaluate your current ACH systems and processes to ensure they meet the updated NACHA requirements, including risk-based monitoring to identify potentially unauthorized entries, such as:

• • Utilizing multi-factor authentication
  • Authenticating the receiver
  • Confirming validity of the authorization, effective date, and all other payment information
  • Verifying the account number and routing number
  • Obtaining required internal approval
  • Requiring dual control for changes

2. Create or Update a Written ACH Risk Assessment Policy

Document how your organization identifies, evaluates, and monitors ACH fraud risks. Include procedures for detecting unusual activity, verifying payment instructions, and reviewing controls at least annually.

3. Maintain Detailed Documentation for Compliance and Audits

Maintain comprehensive records of ACH processes, risk assessments, control implementation, employee training, monitoring activities, and fraud prevention efforts to demonstrate compliance with current and upcoming NACHA Rule requirements. 

Questions? Contact Cash Management at cashmanagement@maine.bank.

This information provided is intended for general informational purposes only and does not constitute official guidance or regulatory advice. NACHA rules, guidelines, and requirements are subject to change, revision, or amendment at any time. For additional information, please visit NACHA’s website.