Beginning in June 2026, new NACHA rules will apply to all businesses that originate ACH payments, regardless of size. These changes are designed to strengthen fraud prevention and help protect businesses from growing payment scams that target ACH transactions. If your business sends ACH payments, such as payroll or vendor payments, these updates are important to understand.
ACH fraud often occurs when criminals deceive businesses into sending payments that appear legitimate, such as through fake emails, vendor impersonation, or requests to change payment instructions. Once an ACH payment is sent, it may be difficult or impossible to recover. For this reason, NACHA now requires all business ACH originators to have reasonable controls and monitoring in place to help identify potentially fraudulent payments before funds leave the account.
Effective June 20, 2026, businesses must implement risk‑based monitoring processes to help detect unusual or suspicious ACH activity. This does not require reviewing every transaction or implementing complex systems. Instead, expectations are that controls are appropriate for your business, how you use ACH, and your level of risk. Simple safeguards, like verifying payment changes, reviewing unusual amounts or timing, and separating duties, can significantly reduce the risk of fraud.
Under the updated NACHA rules, businesses remain responsible for maintaining proper authorizations, monitoring outgoing ACH activity, responding promptly to bank inquiries, and periodically reviewing controls to ensure they remain effective. These requirements are not just about compliance, they are about protecting your business, cash flow, and relationships.
Your bank serves as a key partner in ACH risk management. If you have questions about these changes or would like help reviewing your ACH processes and controls, First Bank can help. Contact our Treasury Management team today to review your business's ACH processes and discuss risk management options.
ACH fraud often occurs when criminals deceive businesses into sending payments that appear legitimate, such as through fake emails, vendor impersonation, or requests to change payment instructions. Once an ACH payment is sent, it may be difficult or impossible to recover. For this reason, NACHA now requires all business ACH originators to have reasonable controls and monitoring in place to help identify potentially fraudulent payments before funds leave the account.
Effective June 20, 2026, businesses must implement risk‑based monitoring processes to help detect unusual or suspicious ACH activity. This does not require reviewing every transaction or implementing complex systems. Instead, expectations are that controls are appropriate for your business, how you use ACH, and your level of risk. Simple safeguards, like verifying payment changes, reviewing unusual amounts or timing, and separating duties, can significantly reduce the risk of fraud.
Under the updated NACHA rules, businesses remain responsible for maintaining proper authorizations, monitoring outgoing ACH activity, responding promptly to bank inquiries, and periodically reviewing controls to ensure they remain effective. These requirements are not just about compliance, they are about protecting your business, cash flow, and relationships.
Your bank serves as a key partner in ACH risk management. If you have questions about these changes or would like help reviewing your ACH processes and controls, First Bank can help. Contact our Treasury Management team today to review your business's ACH processes and discuss risk management options.
 |
Kelly Dulle, Senior Vice President, Managing Director-Treasury Management, leads a team of Treasury Management professionals who provide advice and solutions on commercial payments and managing business cashflow. You may contact Kelly Dulle via email at [email protected]. |