The deadline for compliance with the new NACHA operating rules is a year away. With payments made through the Automated Clearing House (ACH) network increasing by a trillion-dollar value every year, fraudsters have their eye on that money.
In 2024, the ACH network processed 33.6 billion payments valued at $86.2 trillion. With the volume of payments rising, both regulators and institutions are looking to mitigate business email compromise (BEC) risk, a particularly lucrative form of APP fraud.
Despite this, a recent report found that less than 60% of organizations have developed risk management procedures to safeguard against BEC, noting less than half (49%) of those who did create new policies have tested them.
Timely implementation of NACHA’s new rules will help mitigate this risk to institutions and their customers.
How NACHA’s New Rules Address ACH Scams
The new rules include guidelines for receiving depository financial institutions (RDFIs) to monitor and delay suspicious transactions — without request or customer claim. RDFIs should be monitoring conditions such as:
- The Standard Entry Class (SEC) code’s alignment with expected transaction type.
- Unusual dollar amounts for the receiving account.
- The age of the receiving account to detect anomalies.
- Multiple similar credit entries over a short period.
- Transactions directed to dormant or newly opened accounts.
All institutions must align with these regulations by March 26, 2026, to effectively combat ACH fraud and protect their customers.
The new rules emphasize a comprehensive approach to fraud detection, covering the entire lifecycle of an ACH transaction from origination to receipt. This will reduce the incidence of BEC, vendor impersonation, payroll impersonation and other forms of social engineering that result in authorized payments being pushed from a payor’s account to fraudsters.
The New NACHA Operating Rules: Tools for Compliance
To comply with the upcoming NACHA regulations, financial institutions need to implement procedures to monitor transactions at every stage. This holistic view of customer behavior will identify fraudulent activities, money mule operations, the accounts of bad actors and suspicious payment activity.
Evaluating higher fraud volumes effectively requires strong use of leading technologies. Artificial intelligence, in concert with the power of consortium-based analytics, will help address the new NACHA requirements and automate time-intensive manual processes.
A Consortium Approach: Effective Detection & Fewer False Positives
Consortium analysis achieves this by referencing demographic and transactional data from hundreds of millions of counterparties to quickly assess the risk of all outgoing transactions, while simultaneously reducing false positives.
Combined with cross-channel intelligence, this approach strengthens fraud detection across various channels, such as wire, instant payments, and other payment channels, and helps populate the mule database. This will assess risk more effectively on the payor and the payee sides of ACH transactions and include identified mule accounts in future analyses, enhancing overall fraud prevention strategies.
Staying Ahead: How Nasdaq Verafin Supports Compliance with the NACHA Rules
The forthcoming changes to NACHA’s operating rules represent a significant advancement in fraud management and fund recovery processes.
Nasdaq Verafin offers a robust fraud management solution designed to help financial institutions navigate these changes. With powerful analytics derived from 2,600 customer partners and over 650 million counterparties, we uncover risk throughout the entire journey of a transaction.
View our feature sheet for more information about how Nasdaq Verafin will help your institution enhance its ACH fraud prevention efforts.
