The Automated Clearing House (ACH) Network has long been a backbone of U.S. payments, quietly moving trillions of dollars every year through payroll, vendor payments, consumer purchases and countless automated transactions. Beginning in March and June 2026, Nacha is implementing some of the most significant rule changes in decades, changes that directly affect treasury operations, payment risk management, ERP file formatting and banking partnerships. These amendments are a direct response to surging fraud, increasingly sophisticated payment scams and the growing need for clearer, standardized data across the network.

For treasury and finance leaders, the 2026 updates represent not just compliance requirements, but an opportunity to strengthen fraud defenses, refine operating procedures and modernize payment governance. Below is a breakdown of what’s changing and how to prepare.

Why Nacha Is Changing the Rules Now

ACH fraud, particularly credit‑push schemes, vendor impersonation and business email compromise (BEC), has risen sharply, prompting Nacha to shift from selective monitoring requirements to a more comprehensive, risk‑based approach. Historically, mandated monitoring applied mainly to WEB debits and micro‑entries. But as fraudsters increasingly target ACH credits and social engineering attacks proliferate, Nacha is broadening expectations network‑wide.

Beginning in 2026, all participants, including ODFIs, non‑consumer originators, third‑party service providers/senders and RDFIs, must implement stronger, documented processes intended to identify entries initiated due to fraud. This shift is paired with new standardized payment descriptions designed to improve transparency and reduce confusion in downstream reconciliation.

These updates are not merely incremental; they signal a fundamental change in how the industry approaches identity, validation and fraud oversight.

The Most Important Changes Taking Effect in 2026

Network‑Wide Fraud Monitoring Requirements

Effective in two phases, Nacha now requires all relevant parties to establish risk‑based processes and procedures reasonably intended to identify suspicious ACH transactions before they are released. This includes recognizing entries initiated under “false pretenses,” a term that explicitly covers BEC, vendor impersonation and payroll diversion scenarios.

The rules no longer rely on the vague “commercially reasonable” standard. Instead, Nacha calls for clearly defined and annually reviewed processes, shifting the burden toward documented, proactive fraud detection.

Standardized Company Entry Descriptions

Effective March 20, 2026, originators must include two newly required descriptions for specific payment types:

• PAYROLL — for all PPD credits that pay wages, salaries, bonuses or similar employee compensation.
• PURCHASE — for all consumer e‑commerce purchases, typically WEB debits, including recurring purchases initially authorized online.

This requirement means accounting systems, ERP templates and payroll files must be updated to comply, an operational lift for many organizations.

Expanded Monitoring Responsibilities for Receiving Institutions

Nacha is also introducing new responsibilities for RDFIs, requiring risk‑based monitoring of incoming ACH credits. This change acknowledges that fraud detection cannot rest solely with the originator or ODFI; the receiving side must also help identify anomalies and assist in the rapid recovery of funds when fraud occurs.

Additional 2026 Rule Updates

Later in 2026, Nacha will also implement changes related to:

• Funds Availability: Eliminating the 5:00 p.m. local time condition for non‑Same Day ACH credits, requiring funds to be available by 9:00 a.m. local time on settlement date.
• IAT Clarification: Updated definitions intended to make it easier to determine when a transaction qualifies as an International ACH Transaction.

These updates affect cash forecasting, posting schedules and how global transactions are classified and processed.

Who Is Affected, and When

The rollout spans two major milestones:

Phase 1: March 20, 2026

Applies to:

• All ODFIs
• Non‑consumer originators and third parties with 6-plus  million ACH originations in 2023

Requirements include the implementation of fraud‑monitoring processes and mandatory use of PAYROLL and PURCHASE descriptions.

Phase 2: June 19/22, 2026

Applies to:

• All remaining non‑consumer originators and third‑party senders
• All other RDFIs under new credit‑monitoring rules

Because June 19 is a federal holiday, many institutions will operationalize Phase 2 on June 22, 2026.

What Treasury Leaders Should Expect Operationally

Stronger Identity and Ownership Verification

You’ll need clearer procedures for verifying payee identity, validating changes to payment instructions and identifying red flags like sudden beneficiary changes or unusual transaction patterns.

Enhanced Monitoring and Analytics

Organizations may require systems or processes capable of detecting anomalies based on the company’s typical payment behaviors, seasonality, volumes and counterparties.

ERP and File‑Format Updates

Finance and IT teams must update templates to populate the new descriptions accurately and ensure those fields remain intact from origin through transmission.

Documentation and Audit Readiness

Policies, annual reviews, monitoring procedures, vendor management steps and staff training must be fully documented, a key point for audits and bank oversight.

Coordination with Banks and Third Parties

Because responsibilities vary by role, originators should align with their ODFI and any third‑party service providers to clarify expectations and escalation paths.

Preparing Now: A Practical Checklist

• Conduct or refresh your ACH Risk Assessment and explicitly map controls to Nacha’s 2026 requirements.
• Update authorization procedures and strengthen validation of payment instruction changes.
• Review ERP, AP and payroll file templates and insert required descriptions well before March 2026.
• Implement or expand anomaly detection processes, manual or automated, aligned with your organization’s payment patterns.
• Train AP, payroll, treasury and cash management staff on new obligations and red flag behaviors.
• Work with your bank to document pre‑ and post‑processing monitoring workflows, fraud recovery procedures and communication protocols.

The Bottom Line

The 2026 ACH rule changes reflect the new reality of digital payments: Faster movement of funds means faster exploitation by fraudsters. By tightening fraud monitoring requirements, standardizing key payment descriptions and expanding responsibilities across the network, Nacha is modernizing the ACH ecosystem with a strong emphasis on security, transparency and shared accountability.

For treasury leaders, early preparation will reduce operational friction and ultimately strengthen your organization’s defense against fraud. And with the right planning, and the right banking partner, you can use these changes as a catalyst for better governance, smoother processing and safer payments.