Originator ACH Rules        

January 2014

  1. With the exception of Cash Concentration (CCD), Corporate Trade Payments (CTP), and Corporate Trade Exchange Payments (CTX), there must be a signed authorization from the client before the first entry can be initiated.
  2. The Originator will retain the original or microfilm copy of the signed authorization for at least two years after the revocation of that authorization.
  3. Prior to the first live entry, it is recommended that a Pre-note entry be sent at least six calendar days prior to the live transaction date.  If the originator receives back information indicating the Pre-note cannot be accepted, the Originator cannot send the live transaction.
  4. A return entry may not be reinitiated unless it was returned NSF or the Originator has taken steps to ensure that the entry can now be processed, such as reauthorization.
  5. The Originator will accept notifications of change and make the appropriate changes before generating that entry a second time.
  6. The Originator will not reinitiate any transaction returned R07 or R10 (i.e. Stop Payment, Authorization Revoked, etc.) without a new authorization from the receiver.
  7. Entries returned as R08 (Payment Stopped) are not reinitiated unless subsequent authorization of their client has been obtained, and entries returned as R05 (Unauthorized Debit to Consumer Account Using a Corporate Standard Entry Class (SEC) Code) are not reinitiated unless a) subsequent authorization of their customer has been obtained, and b) the SEC code has been corrected.
  8. Entries returned for R01 (Insufficient Funds) or R09 (Uncollected Funds) are not reinitiated in excess of the limits prescribed by the NACHA Operating Rules.
  9. Reversing files and reversing entries are transmitted to the Receiving ACH Operator in such time as to be transmitted or made available to the RDFI within five banking days following the settlement date of the erroneous entry or file.
  10. The ODFI may audit the compliance of the originator with respect to the NACHA rules and the ACH Agreement.
  11. Each non-consumer Originator, Participating DFI, and Third-Party Service Provider must establish, implement, and update, as appropriate, policies, procedures, and systems with respect to the initiation, processing, and storage of Entries that are designed to:
  • protect the confidentiality and integrity of Protected Information until its destruction;
  • protect against anticipated threats or hazards to the security or integrity of Protected Information until its destruction; and
  • protect against unauthorized use of Protected Information that could result in substantial harm to a natural person.

Such policies, procedures, and systems must include controls that comply with applicable regulatory guidelines on access to all systems used by such non-consumer Originator, Participating DFI, or Third-Party Service Provider to initiate, process, and store Entries.