In response to the Coronavirus (COVID-19) pandemic sweeping the nation, the National Automated Clearing House Association (NACHA) has issued some updated guidance on Supplementing Data Security Requirements and Written Statements of Unauthorized Debits. Doeren Mayhew has outlined the highlights of the new bulletins below.

Supplementing Data Security Requirements

On March 26, 2020, ACH Operations Bulletin #4-2020 was issued to extend the Supplementing Data Security Requirements rules of phase 1 and phase 2 by one year to June 30, 2021 and June 30, 2022, respectively.

  • Phase 1: Applies to ACH originators and third parties with more than 6 million ACH payments annually, which is now effective on June 30, 2021.
  • Phase 2: Applies to ACH originators and third parties with more than 2 million ACH payments annually, which is now effective on June 30, 2022.

The new rule is a supplement to the existing rules found in Section 1.6 Security Requirements, Page OR3 of the 2020 NACHA Operating Rules and Guidelines (ACH rule book). These new supplements require ACH originators and third parties to protect account information used in ACH payments by rendering it unreadable when stored electronically. Visit NACHA’s website for more information on the rule.

Written Statements of Unauthorized Debits

On March 27, 2020, NACHA issued an ACH Operation Bulletin #5-2020 addressing Written Statements of Unauthorized Debits requirement to be signed or similarly authenticated. Due to the need for less human face-to-face contact at the present time, NACHA will not enforce the signature/similar authentication requirement until further notice. Additionally, they would like RDFIs that have the ability for consumers to authenticate signatures to still do so, as well as to continue to follow procedures to verify claims of unauthorized ACH debits to avoid improper returns. The extended return timeframe of 60 days for claims for unauthorized debits to consumer accounts is still enforced.

Relief on Return Rate Levels

On April 2, 2020, NACHA released ACH Operations Bulletin #6-2020 addressing relief regarding potential rules violations for elevated return levels. In summary:

  • Any business originating pre-authorized ACH debits is at an increased risk of returns if services have been interrupted.
  • NACHA advises businesses to disclose to customers how they will handle pre-authorized ACH debits in the event of a service interruption.
  • Relief from NACHA will be given on a case-by-case basis to potential rule violations.

Future Considerations

The CARES Act recovery rebates payments will be coming to many Americans in the coming weeks. These payments may come in the form of electronic payment if a bank or credit union account was listed on the 2019 or 2018 tax return. We recommend your institution watch for fraud on accounts. There may be fraud instances where tax preparers who prepare a tax return have the refund setup to come to the tax preparer’s account – potentially leaving several Americans upset. Consumers can refer to the Internal Revenue Service’s website on how to get these payments sent to the account they prefer.

If you have questions regarding new ACH guidance and its impact on your institution, contact Doeren Mayhew’s Financial Institutions Group today.

Author

Rachel Backus, Compliance Supervisor