Nacha Operating Rules Updates

NBT Bank takes great pride in keeping our clients informed and educated on the ever changing payments landscape. The following information provides a high level overview of the current Nacha rule changes, as well as a link to the Nacha Operating Rules & Guidelines.

As stated within the ACH Originator Agreement, signed between you (Originator) and NBT Bank N.A. (Originating Depository Financial Institution, ODFI), each company that originates ACH entries through NBT Bank must comply with the Nacha Operating Rules & Guidelines (Rules).

  • The National Automated Clearing House Association (Nacha) is the rule-making body that governs the ACH network and therefore all participants of the ACH network must comply with these Rules.
  • As an Originator, you are required to understand the existing Rules and any upcoming Rule changes. It is recommended you purchase a copy of the updated Nacha Operating Rules & Guidelines on an annual basis.

Disclaimer: This webpage is not intended to be a replacement or substitution for the Rules. It is not intended to provide any warranties or legal advice and is provided for educational purposes only.

Upcoming Rules in 2022

Increasing the Same Day ACH dollar limit

Effective March 18, 2022

  • The per-transaction dollar limit for Same Day ACH transactions will increase from $100,000 to $1,000,000.
    • Both Same Day ACH credits and debits will be eligible for same day processing up to $1,000,000 per transaction.
  • Please see for additional information about the same day ACH dollar limit.

Account validation requirement for WEB initiated debits

Effective March 19, 2021 – Enforced March 19, 2022

  • WEB (Internet Initiated ACH Payments) will specifically require an additional “account validation” screening as part of a “commercially reasonable fraudulent transaction detection system.”
    • The supplemental requirement would apply to the first use of an account number, and changes to an account number previously used.
  • Please see for additional information about validating WEB initiated debits.

Supplementing Data Security Requirements

Effective June 30, 2022

  • Phase 2 of this Rule states that those Originators and Third-Party Senders with annual ACH volumes larger than 2 million transactions must protect deposit account information by rendering it unreadable when stored electronically.
    • The Rules are neutral as to the methods/technologies that may be used for compliance.
  • Please see for additional information about Supplementing Data Security Requirements.


Phase 1 – Effective September 16, 2022

  • “Micro-Entries” will be defined as ACH credits of less than $1, and any offsetting debits, for account validation.
    • Credit amounts must be equal to, or greater than, debit amounts, and must be transmitted to settle at the same time.
  • Originators must use “ACCTVERIFY” in the company entry description field.
  • Company name must be easily recognizable to Receivers and the same or similar to what will be used in subsequent entries.

Phase 2 – Effective March 17, 2023

  • Originators must conduct commercially reasonable fraud detection on its use of Micro-Entries.
    • This includes monitoring forward and return Micro-Entry volumes.
  • Please see for additional information about Micro-Entries.

Third-Party Sender Roles and Responsibilities

Effective September 30, 2022

  • This Rule will address the existing practice of Nested Third-Party Sender (TPS) relationship
    • Defines a Nested Third-Party Sender as a TPS that has an agreement with another TPS to act on behalf of an Originator, that does not have a direct agreement with the ODFI.
    • Updates the requirements of Origination Agreements for a Nested TPS relationship and establishes the “chain of agreements” and responsibilities in a Nested TPS arrangement
  • This Rule will also explicitly state that a TPS is required to conduct a Risk Assessment and implement a risk management program
    • Each TPS will conduct its own Risk Assessment. The obligation to perform the Risk Assessment, as well as the required Rules Compliance audit, cannot be passed onto another party.
    • This rule amendment does not define a specific methodology or list of topics for a TPS Risk Assessment.
  • Please see for additional information about Third-Party Sender Roles and Responsibilities.