A new rule requiring all financial institutions in the automated clearing house network to participate in ACH governing body Nacha’s contact registry took effect Wednesday. The registry’s purpose is to enable financial institutions to quickly find the appropriate person to resolve issues when a transaction looks fraudulent or presents other problems.
The rule’s reach is sweeping because nearly all U.S. financial institutions participate in the ACH network. Herndon, Va.-based Nacha already requires originating depository financial institutions (ODFIs) to provide some contact information for ACH personnel. Until now, however, banks and credit unions that do not originate ACH transactions and are only receiving depository financial institutions (RDFIs) have not been required to submit contact information such as phone numbers or email addresses, though they could submit some contact information to a Nacha database on a voluntary basis.
That changes with the new July 1 rule. “Under this rule, all RDFIs must register contact information with Nacha, and keep that information current,” says a Nacha notice. “RDFIs need to implement procedures to keep contact information up-to-date. Annual verification could be performed in conjunction with the annual rules-compliance audit.”
In addition, ODFIs will be required to submit some additional contact information for ACH operations and risk/fraud personnel, and keep that information current.
Nacha’s goal is to enable a financial institution on one end of an ACH transaction to quickly get in touch with the right people at the institution on the other end when proof of authorization is needed or in cases of “ACH-related system outages, erroneous payments, duplicates, reversals, fraudulent payments, etc.,” the notice says. “Contact information will be only for those parties’ own internal use and limited to these purposes.”
In a blog post earlier this year, Nacha senior director of ACH network rules Amy K. Morris said the U.S. has some 10,000 financial institutions, but “just shy of 1,400 financial institutions” were in the database. “That does not provide enough reach to really provide value to the industry,” she said.
Access to the registry will be through Nacha’s existing risk-management portal. All institutions must register the contact information though the portal by Oct. 30. Following a nine-month grace period that ends Aug. 1, 2021, institutions that don’t comply could be subject to fines, Nacha said.