Insights from the experts at Signature Bank

ACH (Automated Clearing House) payments are a vital part of how businesses pay employees, vendors and partners. As usage has grown, so have fraud attempts targeting ACH transactions - especially scams like business email compromise (BEC), vendor impersonation and payroll redirection.

To address these risks, Nacha announced new Risk Management Rules effective March 20th, 2026. These changes are designed to reduce ACH fraud, improve visibility into payment activity and strengthen the industry’s ability to recover funds when fraud occurs.

Below is an overview of what’s changing and what your business can do to prepare.

Why Nacha is updating the rules

The new rules reflect Nacha’s broader effort to:

• Combat evolving fraud schemes – especially scams where fraudsters trick businesses or employees into sending legitimate ACH payments under false information.
• Improve transparency across the ACH network – so that financial institutions can easily identify, flag and respond to suspicious activity.
• Enhance fund recovery efforts – by making it easier to trace and react quickly when fraudulent transactions occur.

In short, these changes are about making the ACH network safer and more resilient for everyone who sends or receives payments.

Key changes businesses should understand

1. New fraud monitoring requirements
Nacha is requiring ACH participants to implement risk-based monitoring to better detect and prevent fraudulent ACH activity.

For businesses, this means your financial institution and service providers will be expected to:

• Monitor payment patterns and behaviors for unusual or high-risk activity
• Use tools and controls that help identify potential fraud
• Respond quickly when suspicious transactions appear

While much of the technical monitoring occurs at the bank or processor level, businesses play an important role by reviewing their own ACH activity and using available fraud-prevention tools.

2. Who’s affected and when
The new requirements will be rolled out in two phases:

• Phase 1 – March 20, 2026
  • Applies to high-volume Originators, ODFIs (Originating Depository Financial Institutions) and RDFIs (Receiving Depository Financial Institutions).
• Phase 2 – June 19, 2026
  • Extends to all remaining participants in the ACH network.

If your business originates a significant volume of ACH payments, you may be impacted sooner, particularly through your bank’s enhanced monitoring and risk controls.

3. New definition of “False Pretenses”
Nacha is introducing a clearer definition of “False Pretenses” to directly address fraud that occurs when payments are initiated based on deceptive information rather than unauthorized account access.

This includes scams such as:

• Vendor impersonation – A fraudster pretends to be a known supplier and asks you to change bank details.
• Business email compromise (BEC) – Criminals gain access to or spoof a company email account and send convincing payment instructions.
• Payroll redirection schemes – An attacker poses as an employee and requests changes to direct deposit information.

By defining “False Pretenses,” Nacha is recognizing that not all fraud involves a “hacked” account - often, the payment itself is “authorized” but based on false information. The new rules aim to support better prevention and stronger pathways for dispute and recovery.

4. Standardized entry descriptions: PAYROLL and PURCHASE
To improve clarity and make it easier to monitor transactions, Nacha will require standardized descriptions for certain ACH entries:

• PAYROLL – Used for payroll-related payments, such as employee direct deposits.
• PURCHASE – Used for purchase-related payments, such as vendor or supplier payments.

These standard entry descriptions help:

• Enhance transparency into the purpose of each payment
• Improve monitoring and analytics for fraud detection
• Support faster identification of unusual or out-of-pattern transactions

For businesses, this may mean working with your bank or payroll/ERP provider to ensure the correct use of these descriptions in your ACH files.

What your business can do now

1. Review your current ACH processes

• Evaluate how ACH payments are originated, approved and reconciled.
• Identify any gaps where a fraudulent payment request could slip through—for example, a single person who can both set up and approve new vendors.

2. Strengthen internal controls

• Require dual approval for new vendors, changes to vendor bank details and high-dollar payments.
• Implement callback or out-of-band verification for changes to payment instructions.
• Ensure payroll, AP and finance teams are trained to recognize red flags like urgent or secretive requests.

3. Coordinate across teams
Compliance, finance, operations and IT should work together to:

• Align internal procedures with the upcoming Nacha standards
• Document and regularly test fraud-prevention controls
• Confirm that vendor management and payroll processes include verification steps for bank account changes

4. Engage early with your bank and providers

• Discuss how your bank, ERP, payroll provider or AP automation platform will support the new Nacha rules.
• Confirm that your systems will be ready for any file-format or description changes (such as PAYROLL and PURCHASE).
• Ask about available monitoring tools, alerts and reporting to help you detect unusual ACH activity.

How Signature Bank can help
At Signature Bank, protecting your business from payments fraud is a core priority. Our solutions are built to help you meet evolving Nacha requirements while keeping your operations efficient and secure.

Key tools and capabilities include:

• Positive Pay – Adds a critical layer of protection to help detect unauthorized or altered checks and or ACH debits before funds are released.
• ACH monitoring & controls – Supports risk-based review of ACH activity, including filters, blocks and alerts tailored to your business.
• Finrails® Technology – Integrates AP automation with bank-backed controls, giving you greater visibility, audit trails and security around your payments.

Whether you are already originating ACH transactions or considering additional automation, our team can work with you to:

• Review your current ACH setup and controls
• Help you understand how Nacha’s 2026 changes apply to your organization
• Recommend practical steps to reduce fraud risk and improve compliance

If you would like assistance evaluating your ACH processes or fraud-prevention tools, please contact your Signature Bank Relationship Manager or email us at tm@signaturebank.bank.

For additional guidance and answers to commonly asked questions, please click here. Staying ahead of Nacha rules changes now can help your business operate with greater confidence, stronger controls and a more resilient payments environment in the years ahead.