The National Automated Clearing House Association (NACHA) has added several rules that will go into effect Sept. 20, 2013. While many financial institutions have been aware of these changes since their approval in October and, most recently, March, it is imperative that institutions thoroughly review their Automated Clearing House (ACH) practices to ensure compliance with the updated regulations ahead of time.

The four new rules pertain to ACH security framework, health care payments, stop payments and notification of change for single entries, as follows:

1) ACH Security Framework Rule

The ACH Security Framework Rule amendment will now establish minimum data security commitments for ACH network participants to protect respective data, while creating consistency with other regulatory security obligations. The rule is separated into three sets of security frameworks, including:

Protection of Sensitive Data and Access Controls

This rule requires non-consumer originators, participation depository financial institutions (DFIs), third-party service providers and third-party senders to establish policies that ensure protection against:

    • Security threats
    • Unauthorized use of protection information
    • Breach of confidentiality and integrity

Self-Assessment

In subsequence to establishing security protection policies, DFIs, third-party service providers and third-party senders must verify compliance with protection policies. The self-assessment component would be applicable to the audit cycle completed by Dec. 31, 2014.

Verification of Third-Party Senders and Originators

Under this rule, originating depository financial institutions (ODFIs) are required to establish or determine if existing systems are suitable to identify each non-consumer originator or third-party sender with whom the ODFI enters into an origination agreement at the initiation of the agreement.

2) Health Care Payments via ACH Rule

Changes to the NACHA Operating Rules related to health care payments through ACH will also take effect Sept. 20, 2013. This will require financial institutions to be ready to send and receive health care corporate credit and debit (CCD) entries for health plans and providers. This rule in turn will be working towards the implementation of the Department of Health and Humans Services (HHS) electronic funds transfers and remittance advice transactions (ETF & ERA) operating rule set interim final rule with comment period (IFC). The compliance date for the HHS rule is January 1, 2014.

In addition, receiving depository financial institutions (RDFIs) must offer an electronic option for the delivery or provision of payment-related information to health care providers. Data within the payment-related information addenda record should be provided no later than the opening of business on the second banking day following the settlement date of the entry.

Originators and ODFIs can begin using these standards earlier than the September effective date. This will not cause processing problems for RDFIs who can also implement the standards as soon as they feel suitable.

3) Effective Period of Stop Payment to Non-Consumer Account Rule

Currently, this rule requires a stop payment order on a non-consumer entry to expire after six months, unless it is renewed in writing. As part of the changes taking place in September, two additional conditions under which a stop order may expire will be employed:

  1. The withdrawal of the stop payment order by the receiver
  2. The return of the debit entry to which the stop payment order relates

4) Originator Obligations With Respect to Notifications of Change for Single Entries Rule

Originators will no longer be required to make changes requested within notifications of change (NOCs) for single entries, making it now optional for them to respond. This will not affect RDFIs’ right to initiate an NOC for any entry, including those identified as single entries.

To learn more about what you can do to prepare for the NACHA changes, contact our dedicated Financial Institutions Group, with regulatory compliance specialists in Michigan, Houston and Ft. Lauderdale.