2026 ACH Rule Changes: Industry Impact Guide

Article Payments & Treasury Solutions

March 12, 2026

ACH Rule Changes

Fraud risk in the ACH Network continues to shift. In 2026, Nacha is responding with rule changes designed to improve fraud detection, transparency, and recovery.

In this article, we’re exploring how the ACH Rule changes in 2026 impact higher education, healthcare, government, and nonprofits.

For institutions that move large volumes of funds but aren’t traditional “payments companies,” these changes are less about technology mandates and more about process awareness.

Here’s what’s changing and what it looks like in real life for mission‑driven organizations.

  1. Expanded ACH Fraud Monitoring Requirements

    Effective March 20, 2026 (Phase 1)/June 19, 2026 (Phase 2)

    What’s changing?
    Certain originators, third‑party senders, third‑party service providers, and ODFIs must establish and maintain risk‑based processes reasonably intended to identify ACH entries initiated due to fraud.

    This is not a requirement to screen every transaction or deploy a specific tool. Instead, Nacha expects organizations to:

  • Understand where fraud risk exists in their ACH activity
  • Monitor for unusual patterns (volume, velocity, dollar amounts, timing)
  • Review and update those processes at least annually
Expanded ACH Fraud Monitoring Requirements
Use Case #1 Use Case #2
Higher Ed Use Cases

Vendor Change & Refund Fraud
A university processes thousands of ACH credits for student refunds and vendor payments. Fraud monitoring helps identify:

  • Sudden changes to vendor banking details
  • Unusual spikes in refund amounts or frequency tied to a single department

Payroll Redirection Attempts
An employee’s direct deposit information is changed shortly before payroll runs. Monitoring for timing and pattern anomalies can help flag potential account takeover before funds are released.
Healthcare Use Cases

Provider Payment Irregularities
A healthcare system issues ACH credits to physicians, labs, and partner organizations. Monitoring helps detect:

  • Unexpected increases in payment volume to a single provider
  • Payments routed to new accounts without a corresponding contract update

Patient Refund Abuse
ACH refunds issued after overpayments or insurance adjustments are monitored for:

  • Repeated refunds to the same account
  • Refunds inconsistent with historical patient activity

 
  
Government Use Cases

Benefits & Assistance Payments
A government agency distributes benefits via ACH. Fraud monitoring helps identify:

  • Rapid changes in recipient banking information
  • Multiple benefit payments flowing to a single account

Grant Disbursements
ACH credits for grants are reviewed for abnormal timing or amounts that may indicate internal error or external manipulation.
 
  
Not-for-Profit Use Cases

Emergency Assistance Programs
A nonprofit distributes emergency funds to individuals. Monitoring helps flag:

  • Duplicate payments
  • Payments inconsistent with program limits or approval patterns

Vendor & Partner Payments
ACH credits to partner organizations are monitored for unexpected increases or changes in destination accounts.
 
  

Why this matters

Many mission‑based organizations already have internal controls. This rule simply formalizes the expectation that ACH activity is part of fraud risk management, not separate from it.

  1. New Standard Company Entry Description: PAYROLL

    Effective March 20, 2026
    What’s changing?
    All PPD ACH credits used for wages, salaries, or similar compensation must include “PAYROLL” in the Company Entry Description field. This applies to:

  • Employees
  • Contract workers (1099s)
  • Pre‑tax payroll components, such as HSA contributions
Expanded ACH Fraud Monitoring Requirements
Use Case #1 Use Case #2
Higher Ed Use Cases

Faculty & Staff Payroll
Universities issuing ACH payroll must ensure payroll files consistently use the PAYROLL descriptor, helping banks detect unusual payroll activity tied to redirection fraud.
 
  

Graduate Assistants & Stipends
Recurring stipend payments benefit from standardized identification, making unexpected or duplicate payments easier to detect.
 
  
Healthcare Use Cases

Hospital Payroll
Hospitals with large, frequent payroll runs benefit from clearer identification of legitimate payroll credits versus anomalous ACH credits.
 
  

Contract Clinicians
Payments to contract nurses or physicians are still considered compensation and must carry PAYROLL, regardless of employment status.
 
  
Government Use Cases

Municipal Payroll
Local governments issuing payroll to employees and elected officials must apply PAYROLL consistently across departments.
 
  

Seasonal or Temporary Workers
Standardized descriptions help identify unusual payroll timing or frequency.
 
  
Not-for-Profit Use Cases

Staff Payroll
Non profits often operate with lean finance teams. Clear payroll descriptors reduce confusion and support fraud monitoring at receiving banks.
 
  

Fellowship or Program Compensation
Stipends tied to employment-like services should also use PAYROLL where applicable.
 
  

3. New Standard Company Entry Description: PURCHASE

Effective March 20, 2026
What’s changing?

The PURCHASE Company Entry Description is required for consumer e-commerce ACH debits, defined as:

A debit entry authorized by a consumer Receiver for the online purchase of goods, including recurring purchases first authorized online. This applies to consumer (B2C) transactions only, not business-to-business ACH activity.

Expanded ACH Fraud Monitoring Requirements
Use Case #1 Use Case #2
Higher Ed Use Cases

Online Merchandise Sales
A university bookstore allows consumers to purchase apparel online using ACH. These WEB debits must use PURCHASE.
 
  

Continuing Education Materials
A consumer purchases course materials online via ACH — PURCHASE applies.
(Does not apply to inter departmental or institutional ACH payments.)
 
  
Healthcare Use Cases

Consumer Online Purchases
A patient purchases wellness products or medical supplies online via ACH — PURCHASE applies.
 
  

Subscription Health Services
Recurring consumer subscriptions first authorized online must use PURCHASE.
(Provider to provider payments are excluded.)
 
  
Government Use Cases

Consumer Online Purchases
A citizen purchases goods from a government operated online store (e.g., surplus items) using ACH.
 
  

Recreation or Permit Related Goods
ACH payments for consumer goods purchased online may fall under PURCHASE.
(Taxes, fines, and B2B payments do not.)
 
  
Not-for-Profit Use Cases

Online Gift Shop Sales
A nonprofit sells merchandise online and accepts ACH from consumers — PURCHASE applies.
 
  

Subscription Based Educational Content
Consumer subscriptions initiated online must use PURCHASE.
(Donations and grants are not PURCHASE transactions.)

 
  
2026 ACH Rule Changes

Final Takeaway

These 2026 ACH rule changes aren’t about turning universities, hospitals, governments, or nonprofits into banks.

They’re about:

  • Clearer payment purpose
  • Stronger fraud awareness
  • Better alignment between how ACH payments move and how risk is managed

Organizations that understand where these rules apply and where they don’t will avoid unnecessary changes while strengthening their overall payments posture.

If you need assistance with your ACH program, contact us to complete an ACH Rules Assessment. We’re here to assess your ACH environment and help your organization meet evolving Nacha requirements.

Get Started

Share

About the Author
Ruth Harpool

Ruth Harpool

AAP, APRP, CTP

Treasury Solutions Advisor

Ruth provides consulting in the areas of Treasury Operations, Payments, and Payments Risk management. She has over 30 years of experience in banking services, banking operations, not-for-profit treasury cash management, and payments management operational leadership. Formerly, Ruth was the Managing Director of Treasury Operations at Indiana University.

Related Content

Checklists and Templates

Access Our Free Guide to Unlock the Benefits of ACH Assessments

Download this ACH Assessment Benefits Guide to help you stay compliant with Nacha Rules. Learn about the benefits of an ACH Assessment.

Payments & Treasury Solutions
Download Our ACH Assessments Guide about the Access Our Free Guide to Unlock the Benefits of ACH Assessments
Article

ACH Fraud Prevention and Detection

Learn the top types of ACH payment fraud, real-world examples, and proven prevention strategies to protect your organization from financial cybercrime.

Payments & Treasury Solutions
Protection from ACH Fraud about the ACH Fraud Prevention and Detection
Article

Important Updates to the ACH Fraud Monitoring Rule

Learn the latest updates to the ACH Fraud Monitoring Rule and explore our checklist to enhance the security of your ACH origination and data security policies and procedures.

Payments & Treasury Solutions
New Rule Requirements about the Important Updates to the ACH Fraud Monitoring Rule