Dear Valued Customer,
As part of our commitment to keeping our customers informed of their responsibilities under the Nacha Operating Rules (i.e., “the Rules”), we are providing you with the following summary of your obligations under the Rules. This summary does not address all ACH Rule requirements but highlights key topics for businesses to consider when initiating ACH entries. It is not intended to replace the detailed analysis needed to determine the impact the Rules have on your specific organization. If you have any questions about these requirements, please call Treasury Management at 844-282-7372 or visit www.nacha.org/corporates.
Key ACH Rules
The Rules impose several requirements that originators of ACH entries must follow.
Authorizations
- Authorization for consumer credit entries or business-to-business credit and/or debit entries must be received in writing. You must retain authorizations and evidence of the receiver providing their account number in the rare instance there is a dispute over the receiving account number established for the payment.
- Authorizations for consumer debit entries include the following information:
- The number of entries authorized (one-time, recurring, etc.)
- The dollar amount of entries or how the dollar amount will be determined
- The timing of entries (such as the date of the first entry and the frequency of future entries)
- Receiver’s name
- Account that will be debited
- The date of the authorization
- How the receiver can revoke the authorization with the Originator
Notifications of Change (“NOCs”)
The Rules provide receiving institutions the opportunity to correct a received entry and transmit a corresponding NOC to the originating institution.
- Originators are required to make the change advised in the NOC within six banking days of receiving the NOC or before sending a subsequent entry, whichever is later.
- Originators who receive an NOC in response to a one-time entry are not required to make changes to future entries.
Return Entries
Administrative returns must be received by the originator within two banking days of the entry’s original settlement date. Unauthorized consumer entries can be returned for up to sixty calendar days.
Each return entry includes a code that specifies the reason for the return. The most common Return Reason Codes are:
Code | Description |
R01 | Insufficient Funds |
R02 | Account Closed |
R03 | No Account / Unable to Locate Account |
R04 | Invalid Account Number |
R05 | Unauthorized Debit to Consumer Account Using Corporate SEC Code |
R06 | Returned Per ODFI Request |
R07 | Authorization Revoked by Customer |
R08 | Payment Stopped |
R09 | Uncollected Funds |
R10 | Customer Advises Originator is Not Known to Receiver and/or Originator is Not Authorized by Receiver to Debit Receiver’s Account |
R11 | Customer Advises Entry Not in Accordance with the Terms of the Authorization |
R29 | Corporate Customer Advises Not Authorized |
Originators should consider taking action based on the type of return received as summarized below:
- Insufficient or Uncollected Funds (R01 and R09)
- Incorrect Entry
- The receiver is claiming that the entry is incorrect (e.g., typically dollar amount or date errors). The Rules allow the originator to reinitiate the corrected entry when receiving an R11 return.
- Administrative Returns (R02, R03, and R04)
- These return codes indicate an issue with the account number used; the originator should review the authorization and work with the receiver to determine the cause of the error and correct the account number for future entries
- Sending a prenotification entry will reduce these types of returns.
- Unauthorized Returns (R05, R07, R10, R29)
- Originators must stop future entries after receiving an unauthorized return and work with the receiver to determine why the entry was disputed. Originators can obtain a new authorization from the receiver but should take extra steps to ensure future entries are properly authorized and the receiver has the right to debit the account specified.
- Stopped Payment and Revoked Authorization (R08 and R07)
- Originators should work with their receiver to determine if there was an error in the entry (such as wrong amount) or if the receiver stopped the payment or claimed they revoked the authorization.
General Originator Requirements
In addition to the key Rules above, all originators are required to comply with the general origination requirements of the Rules including:
- Retaining the original or copy of each written authorization of a receiver for at least two years from the termination or revocation of the authorization. (Subsection 2.3.2.5- Retention and Provision of the Record of Authorization)
- Providing proper and timely notice to receivers for changes to the amount or scheduled date of recurring debits. (Subsection 2.3.2.6- Notices of Variable Debits to Consumer Accounts)
- Notice of Change for Amount = 10 Calendar Days
- Notice of Change in Scheduled Debiting Date = 7 Calendar Days
- The proper way to initiate prenotification entries. (Section 2.6- Prenotifications)
- Waiting Period for Prenote Entries = 3 business days following the settlement date of the Prenote Entry to allow time for the RDFI to return it.
- The proper way to reverse files or entries. Contact the Bank if you need to reverse a file or entries. (Section 2.8- Reversing Files and Section 2.9 Reversing Entries)
- Consumer Debits Only:
The originator should also be aware of the unique provisions for the specific types of entries it originates:
- CCD (Corporate Credit or Debit) provisions are included in Subsection 2.5.3
- PPD (Prearranged Payment and Deposit) provisions are included in Subsection 2.5.12
Fraud Trends and Prevention
Fraud schemes and attacks represent a serious threat to your business and your customers. Fraud volumes continue to grow year-over-year and electronic methods of generating payments are increasingly targeted. Scams such as fake invoices, business or government impersonation, tech support, and fake checks continue to grow, and perpetrators continue to target businesses. The Federal Trade Commission (FTC) has a resource page for small businesses with details on these scams and tools that your staff and customers can use to help protect themselves.
Sincerely,
CalPrivate Bank
Treasury Management
Phone (844) 282-7372