Contact us
Careers
Locations
Help
Effective: 2021-09-17
Meaningful Modernization
EFFECTIVE DATE
September 17, 2021
RULE STATUS
Upcoming Rules
The overarching purpose of these rules is to improve and simplify the ACH user-experience by
Facilitating the adoption of new technologies and channels for the authorization and initiation of ACH payments
Reducing barriers to use of the ACH
Providing clarity and increasing consistency around certain ACH authorization processes; and
Reducing certain administrative burdens related to ACH authorizations
The rule will become effective on September 17, 2021.
Details
Standing Authorization
This rule will define a “Standing Authorization”
A Standing Authorization will be defined as an advance authorization by a consumer of future debits at various intervals
Under a Standing Authorization, future debits may be initiated by the consumer through some further action, as distinct from recurring entries which require no further action and occur at regular intervals
In addition to defining a Standing Authorization, other aspects of the rule include:
A Standing Authorization may be obtained in writing or orally (Oral Authorizations)
Individual payments initiated based on the Standing Authorization will be defined as Subsequent Entries
Individual Subsequent Entries may be initiated in any manner identified in the Standing Authorization
This rule also will allow Originators some flexibility in the use of SEC codes for individual Subsequent Entries
Allows an Originator to use the TEL or WEB codes for Subsequent Entries when initiated by either a telephone call or via the Internet/wireless network, respectively, regardless of how the Standing Authorization was obtained
In such cases, the Originator will not need to meet the authorization requirements of TEL or WEB, but will need to meet the risk management and security requirements associated with those codes
Oral Authorization
This rule will define and allow “Oral Authorization” as a valid authorization method for consumer debits distinct from a telephone call
Currently, only the TEL transaction type has requirements and addresses risks specific to an oral authorization; but it is specific to a telephone call
Many newer methods and channels make use of verbal interactions and voice-related technologies
Other Authorization Proposals
In conjunction with the other authorization rules (Standing Authorizations and Oral Authorizations), this Rule includes other modifications and re-organizations of the general authorization rules for purposes of clarity, flexibility and consistency
Clarity
Re-organizes the general authorization rules to better incorporate Standing Authorizations, Oral Authorizations, and other changes described below
Defines “Recurring Entry” to complement the existing definition of Single Entry and the proposed new definition of Subsequent Entry, and align with terms in Regulation E
Flexibility
Explicitly states that authorization of an ACH payment by any method allowed by law/regulation
Only consumer debit authorizations require a writing that is signed or similarly authenticated
Consistency
Applies the standards of “readily identifiable” and “clear and readily understandable terms” to all authorizations
For all consumer debit authorizations, applies the minimum data element standards that are currently stated only in the TEL rules (i.e., what will be in a consumer authorization)
Alternative to Proof of Authorization
This Rule will allow an ODFI to agree to accept the return of an entry as an alternative to providing proof of authorization
Example – An RDFI requests proof of authorization for a PPD debit; the ODFI will have the option within 10 banking days to either provide proof or agree to accept a return. If the ODFI chooses to accept the return, the RDFI will have 10 banking days to make that return
In situations in which the ODFI has accepted, or agreed to accept, a return in lieu of providing proof of authorization, but the RDFI still needs such proof, the RDFI will still retain the ability to obtain it from the ODFI. The ODFI must provide proof within 10 banking days of the RDFI’s subsequent request
Example – After an ODFI and RDFI agree on the return of a debit, the RDFI needs to obtain the proof of authorization as part of litigation
Written Statement of Unauthorized Debit via Electronic or Oral Methods
This Rule clarifies and makes explicit that an RDFI may obtain a consumer’s Written Statement of Unauthorized Debit (WSUD) electronically or orally
The same formats/methods permissible for obtaining a consumer debit authorization are permissible for obtaining a consumer’s statement of unauthorized debit
Although these formats/methods for obtaining a WSUD are not prohibited by the current Rules, there is confusion in the marketplace today; an explicit reference that they are permissible will increase the industry’s consideration of them
An additional clarification will be made that a consumer is permitted to sign a WSUD with an Electronic Signature
Technical
These Rule amendments includes changes to the following sections of the Nacha Operating Rules.
Article Two Section 2.3 Authorization and Notice of Entries
Section 2.4 General Warranties and Liabilities of ODFIs
Section 2.5 Provisions for Specific Types of Entries (TEL and WEB subsections)
Article Three
Section 3.12 Written Statement of Unauthorized Debit
Article Eight definitions
Appendix Three – ACH Record Format Specifications
Appendix Four – Return Entries
Impact
Benefits
Standing Authorization
The rule will make it easier to use ACH payments in many situations
Enables the authorization and initiation of ACH payments across a broader set of business models, including the ability to switch among various technologies and channels
Provides some flexibility in the use of certain consumer SEC Codes (among PPD, TEL, and WEB) to better accommodate variations in Originator’s practices and systems
Provides a clearer understanding of what will be included in an authorization in scenarios that aren’t addressed in existing rules for single and recurring entries
Provides an authorization framework under which Originators can add new payment initiation methods and channels
Oral Authorization
This rule will expand the use of oral authorizations for consumer ACH payments, without changing how existing TEL transactions are currently used and authorized
It will also accommodate new technologies and channels for conducting commerce and initiating payments that make use of use voice commands and interactions
The rule clarifies the use of SEC Codes and risk management requirements related to oral authorizations
Other Authorization Proposals
Overall, this Rule is intended to improve the clarity and consistency of authorization requirements and methods, while providing some additional flexibility for authorizations for ACH payments other than consumer debits
Better clarity and consistency ultimately will lead to easier and better understanding of the Rules
Less ambiguity and better understanding of the authorization rules will improve the quality of authorizations
Alternative to Proof of Authorization
This Rule will reduce an administrative burden on ODFIs and their Originators for providing proof of authorization in every instance in which it is requested by an RDFI
By allowing an alternative, the rule will reduce the costs and time needed to resolve some exceptions in which proof of authorization is requested
The rule provides some additional flexibility to parties in the ACH Network on how to handle these exception cases
Written Statement of Unauthorized Debit via Electronic or Oral Communications
This Rule will address an administrative burden on RDFIs and their consumer Receivers
Currently, anecdotal evidence suggests that the significant majority of WSUDs are still obtained by paper/wet signature
Accepting WSUDs electronically and or orally increases flexibility for RDFIs and can reduce administrative burdens
These options and increased flexibility will reduce exception costs and resolution time
Increased adoption of electronically and orally provided WSUDs will improve consumers’ experiences in interacting with their financial institutions
Impacts
Standard Authorization
ODFIs and Originators may choose to make use of Standing Authorizations and Subsequent Entries, but will not be required to
Originators that want to make use of this authorization method will need to modify or add to their authorization practices and language
RDFIs will experience no impacts on the receipt and posting of Entries
Some volume of Subsequent Entries will have a different SEC Code than under the existing rules – i.e., related to the method/channel used for payment initiation, rather than the method/channel used for authorization (for example, WEB if initiated online instead of PPD if authorized via paper)
Impact on the application of risk management practices specific to SEC codes
Impact on the tracking of SEC Code volume, returns, and return rates
Oral Authorizations
ODFIs and Originators may choose to make use of the expanded applicability of Oral Authorizations, but will not be required to
Originators that will like to make use of oral authorizations will need meet all requirements for oral authorizations
Will result in the storage and provision of larger numbers of oral authorizations
RDFIs will have no impacts to their receipt and posting of Entries
Some volume of existing TEL entries will migrate to WEB
Impact on the application of risk management practices specific to SEC codes
Impact on the tracking of SEC Code volume, returns, and return rates
Other Authorization Proposals
ODFIs and Originators will need to review authorizations regarding the standards of “readily identifiable” and “clear and readily understandable terms”
ODFIs and Originators will need to review consumer debit authorization language regarding the minimum data elements
RDFIs will have no impacts to their receipt and posting of Entries
Alternative to Proof of Authorization
ODFIs and their Originators that want to take advantage of this alternative will have to modify business processes
RDFIs will receive different responses to their requests for proof of authorization
Written Statement of Unauthorized Debit via Electronic or Oral Communications
RDFIs that want to take advantage of accepting WSUDs by electronic and oral forms need to incorporate new procedures and technology
RDFIs taking advantage of accepting WSUDs by electronic and oral forms need to be able to meet the requirement to provide a copy upon request
ODFIs who request copies of WSUDs will receive these documents in various formats
RFC Summary
These Rules were originally proposed in a Request For Comment in February 2020
92% supported the overall concepts included
75% agreed that the proposals would reduce barriers to use of ACH
77% agreed that the proposals would have a positive impact on the ACH Network
86% of respondents agreed with the proposal to define and enable Standing Authorizations. In response to industry comments, the Rule includes the following additional modifications:
Proof of authorization for entries initiated under a Standing Authorization – Adds language to state that proof of authorization for Standing Authorizations must include (1) a copy of the Standing Authorization, and (2) evidence of the Receiver’s affirmative action to initiate a Subsequent Entry
Retention Requirements for Standing Authorizations – Specifies that an Originator must retain a copy of each Standing Authorization for 2 years following termination/revocation of the Standing Authorization; and proof that each entry was initiated by the Receiver for 2 years following the settlement date of the entry
Data security requirements for Subsequent Entries – Clarifies that, where the trigger for a Subsequent Entry may involve the communication or confirmation of any banking information via an unsecured electronic network, the Originator must comply with existing security requirements of Section 1.7 (Secure Transmission of ACH Information Via Unsecured Electronic Networks)
Also in response to industry comments, this Rule identifies an optional method to indicate Entries initiated under a Standing Authorization. (review Proposed Rule language for details)
86% of respondents supported the proposal to define an Oral Authorization as a valid method for consumer debits distinct from a telephone call
91% agreed that an Oral Authorization obtained over the internet (not a telephone call) should use the WEB SEC Code
In response to industry comments, the Rule includes the following additional modifications to Oral Authorizations
Security requirements
Clarifies that, where the Receiver’s Oral Authorization is communicated (other than a telephone call) over an Unsecured Electronic Network, the Originator must comply with existing security requirements as defined within Section 1.7 (Secure Transmission of ACH Information Via Unsecured Electronic Networks)
Retention/Proof of Authorization requirements
Specifies that an Originator’s obligation for proof of authorization for an Oral Authorization is (1) the original or duplicate audio recording for a recurring entry; and (2) the original or duplicate audio recording or a copy of the written notice for single entry
83% of respondents agreed that the Other Authorization Proposals will provide better clarity and consistency to the rules on authorization. Each of the specific elements was supported by at least 83% of respondents. No significant changes have been made to the Original Proposal.
83% of respondents supported the proposal on Alternatives to Proof of Authorization. In response to industry comments on the proposal, this ballot includes the following additional modifications to proposed rule language:
Clarifies that the ODFI/Originator deadline to provide proof of authorization, once the RDFI confirms via a subsequent request that proof of authorization is still needed, is 10 banking days of the RDFI’s subsequent request
90% of respondents supported the proposals related to WSUD via Electronic or Oral Methods. No significant changes were made to the Original Proposal.
Effective Date: 2021-09-17