Nacha Operating Rules Updates

This page provides a summary of selected Operating Rules changes recently published by Nacha.

Questions? Call Treasury Management Services Support.

Mon-Fri, 7:30AM – 8:00PM ET
Sat, 8:00AM – 4:00PM ET
Sun, 11:00AM – 3:00PM ET

Or, contact your Treasury Management Officer

Account validation requirement for WEB initiated debits (Enforcement)

Enforcement begins March 18, 2022

  1. WEB (Internet Initiated ACH Payments) will specifically require an additional "account validation" screening as part of a "commercially reasonable fraudulent transaction detection system."

    • The supplemental requirement would apply to the first use of an account number, and changes to an account number previously used.
    • The requirement is non-specific with regard to the method or technology to validate account information.
  2. Customers who create WEB transactions using their own software, or with that of software provider or other vendor must ensure this validation is in place.

  3. If your organization originates WEB entries, please act now to ensure you'll have account validation functionality in place before this change becomes effective.

    • Please see for additional information

Note: Customers that use TD Bank's TD eBill service to originate WEB transactions is compliant with this requirement by the effective date.

Increasing the Same Day ACH Dollar Limit

Effective March 18, 2022

  1. This new Rule will continue to expand the capabilities of Same Day ACH. Increasing the Same Day ACH dollar limit to a maximum of $1 million per payment is expected to improve Same Day ACH use cases, and contribute to additional adoption.

    • Currently, the per payment limit is set at $100,000
    • Increasing the dollar limit is anticipated to contribute to ongoing adoption of Same Day ACH.
  2. A dollar limit increase would result in a larger amount of dollars settling at several times throughout the day

    • ODFIs can determine whether to offer higher dollar limits to Same Day ACH Originators as they do not have to offer to the maximum of $1 million per payment.
      • TD Bank will allow for Same Day ACH Credit Origination up to $250,000 per payment
      • TD Bank will allow for Same Day ACH Debit Origination of $100,000 per payment
  3. Please see for additional information

Data Security Requirements for Non-Financial Originators, Third-Party Service Providers, and Third-Party Senders

Effective June 30, 2022 – Phase 2 – Updated Implementation Date

  1. Initially, this rule change was slated for June 30, 2021 but changed to June 30, 2022.

  2. Phase 2: Any Originator, Third-Party Service Providers, and Third-Party Senders that originates 2 million or more ACH transactions in calendar year 2020 will need to be compliant by June 30, 2022.

  3. This rule expands the existing ACH Security Framework to explicitly require large, non-financial institution Originators, Third-Party Service Providers, and Third-Party Senders to protect account numbers used in the initiation of ACH entries by rendering them unreadable when stored electronically.

  4. The rule aligns with existing language contained in PCI requirements; thus, industry participants are expected to be reasonably familiar with the manner and intent of the requirement.

  5. The rule applies only to account numbers collected for or used in ACH transactions and does not apply to the storage of paper authorizations.

Third-Party Sender Roles and Responsibilities

Effective September 30, 2022

  1. The overarching purpose of these Rules is to further clarify the roles and responsibilities of Third-Party Senders (TPS) in the ACH Network by:

    • Addressing the existing practice of Nested Third-Party Sender relationships, and
    • Making explicit and clarifying the requirement that a TPS conduct a Risk Assessment.
  2. Nested Third-Party Senders

    • Defines a Nested Third-Party Sender
    • Updates the requirements of Origination Agreements for a Nested TPS relationship
    • Establishes the “chain of agreements” and responsibilities in a Nested TPS arrangement
    • Updates existing TPS registration to denote whether a TPS has Nested TPS relationships
  3. Third-Party Senders and Risk Assessments

    • Makes explicit that a Third-Party Sender, whether Nested or not, must complete a Risk Assessment of its ACH activities
    • Clarifies that a Third-Party Sender cannot rely on a Rules Compliance Audit or a Risk Assessment completed by another TPS in a chain; it must conduct its own
  4. Please see for additional information


Phase 1: Effective September 16, 2022; Phase 2: Effective March 17, 2023

  1. Micro-Entries are a generally accepted method in the marketplace for an ACH Originator to test the validity of a Receiver’s account

  2. The overarching purpose of these Rules is to further define Micro-Entries in the ACH Network by:

    • Define “Micro-Entries” as ACH credits of less than $1, and any offsetting ACH debits, used for the purpose of verifying a Receiver’s account
    • Standardize the Entry description and Company Name requirements for Micro-Entries
    • Establish other Micro-Entry origination practices
    • Apply risk management requirements to the origination of Micro-Entries

Phase 1: September 16, 2022

  1. Definition of Micro-Entries

    • A Micro-Entry would be “a credit or debit Entry used by an Originator for the purpose of verifying a Receiver’s account or an individual’s access to an account.”
    • A credit Micro-Entry must be in the amount of less than $1.00
    • One or more debit Micro-Entries must not exceed, in total, the amount of the corresponding credit Micro-Entries
  2. Standardize Formatting for Micro-Entries

    • In the Company Entry Description field, the Rule would require the use of “ACCTVERIFY”
    • The Company Name must be readily recognizable to the Receiver, and be the same or similar to the Company Name that will be used in future Entries
  3. Origination Requirements for Micro-Entries

    • An Originator that is using debit Micro-Entry offsets must send the debits and the corresponding credit Micro-Entries simultaneously for settlement at the same time
    • The total amount of the credit Micro-Entry(ies) must be equal to or greater than the value of the debit Micro-Entry(ies)
    • An Originator using Micro-Entries may initiate future Entries to the Receiver’s account as soon as the Originator’s process for validating the amounts of the Micro-Entries has been completed

Phase 2: March 17, 2023

  1. Risk Management Requirements for Micro-Entries

    • An Originator of Micro-Entries must conduct commercially reasonable fraud detection on its use of Micro-Entries, including by monitoring of forward and return volumes of Micro-Entries
  2. Although not part of this Rule, ACH participants should understand how other provisions of the Nacha Rules apply to Micro-Entries

    • Although Micro-Entries are often referred to as test transactions, they are actual “live” ACH Entries that result in the movement of money
    • ODFI warranties apply to these Entries, including the warranties that they are authorized and contain accurate information
  3. Please see for additional information

Meaningful Modernization

  1. The overarching purpose of these rules is to improve and simplify the ACH user-experience by

    • Facilitating the adoption of new technologies and channels for the authorization and initiation of ACH payments
    • Reducing barriers to use of the ACH
    • Providing clarity and increasing consistency around certain ACH authorization processes; and
    • Reducing certain administrative burdens related to ACH authorizations
  2. Standing Authorizations

    • The Standing Authorization rule will define a “Standing Authorization”
      • A Standing Authorization will be defined as an advance authorization by a consumer of future debits at various intervals
      • Under a Standing Authorization, future debits may be initiated by the consumer through some further action, as distinct from recurring entries which require no further action and occur at regular intervals
    • In addition to defining a Standing Authorization, other aspects of the rule include:
      • A Standing Authorization may be obtained in writing or orally (Oral Authorizations)
      • Individual payments initiated based on the Standing Authorization will be defined as Subsequent Entries
      • Individual Subsequent Entries may be initiated in any manner identified in the Standing Authorization
    • This rule also will allow Originators some flexibility in the use of SEC codes for individual Subsequent Entries
      • Allows an Originator to use the TEL or WEB codes for Subsequent Entries when initiated by either a telephone call or via the Internet/wireless network, respectively, regardless of how the Standing Authorization was obtained
      • In such cases, the Originator will not need to meet the authorization requirements of TEL or WEB, but will need to meet the risk management and security requirements associated with those codes
  3. Oral Authorization

    • The Oral Authorization rule will define and allow “Oral Authorization” as a valid authorization method for consumer debits distinct from a telephone call
      • Currently, only the TEL transaction type has requirements and addresses risks specific to an oral authorization; but it is specific to a telephone call
      • Many newer methods and channels make use of verbal interactions and voice-related technologies
  4. Other Authorization Proposals

    • In conjunction with the other authorization rules (Standing Authorizations and Oral Authorizations), this Rule includes other modifications and re-organizations of the general authorization rules for purposes of clarity, flexibility and consistency
    • Clarity
      • Re-organizes the general authorization rules to better incorporate Standing Authorizations, Oral Authorizations, and other changes described below
      • Defines “Recurring Entry” to complement the existing definition of Single Entry and the proposed new definition of Subsequent Entry, and align with terms in Regulation E
    • Flexibility
      • Explicitly states that authorization of an ACH payment by any method allowed by law/regulation
      • Only consumer debit authorizations require a writing that is signed or similarly authenticated
    • Consistency
      • Applies the standards of “readily identifiable” and “clear and readily understandable terms” to all authorizations
      • For all consumer debit authorizations, applies the minimum data element standards that are currently stated only in the TEL rules (i.e., what will be in a consumer authorization)
  5. Alternative to Proof of Authorization

    • This Rule will allow an ODFI to agree to accept the return of an entry as an alternative to providing proof of authorization
      • Example – An RDFI requests proof of authorization for a PPD debit; the ODFI will have the option within 10 banking days to either provide proof or agree to accept a return. If the ODFI chooses to accept the return, the RDFI will have 10 banking days to make that return
    • In situations in which the ODFI has accepted, or agreed to accept, a return in lieu of providing proof of authorization, but the RDFI still needs such proof, the RDFI will still retain the ability to obtain it from the ODFI. The ODFI must provide proof within 10 banking days of the RDFI’s subsequent request
      • Example – After an ODFI and RDFI agree on the return of a debit, the RDFI needs to obtain the proof of authorization as part of litigation
  6. Written Statement of Unauthorized Debit via Electronic or Oral Methods

    • This Rule clarifies and makes explicit that an RDFI may obtain a consumer’s Written Statement of Unauthorized Debit (WSUD) electronically or orally
      • The same formats/methods permissible for obtaining a consumer debit authorization are permissible for obtaining a consumer’s statement of unauthorized debit
      • Although these formats/methods for obtaining a WSUD are not prohibited by the current Rules, there is confusion in the marketplace today; an explicit reference that they are permissible will increase the industry’s consideration of them
    • An additional clarification will be made that a consumer is permitted to sign a WSUD with an Electronic Signature
  7. Please see for additional information

By clicking on this link you are leaving our website and entering a third-party website over which we have no control.

Neither TD Bank US Holding Company, nor its subsidiaries or affiliates, is responsible for the content of third-party sites hyper-linked from this page, nor do they guarantee or endorse the information, recommendations, products or services offered on third-party sites.

Third-party sites may have different Privacy and Security policies than TD Bank US Holding Company. You should review the Privacy and Security policies of any third-party website before you provide personal or confidential information.

Have a question? Find answers here