Nacha has recently updated its operating rules for clients transacting payments via ACH. The new requirement supplements data security to improve quality while mitigating risk. The existing ACH Security Framework, including its data protection requirements, will be supplemented to explicitly require large, non-FI Originators, Third-Party Service Providers (TPSPs) and Third-Party Senders (TPSs) to protect deposit account information by rendering it unreadable when it is stored electronically. |
FAQ for New Nacha Guidelines
Q1. When do the changes go into effect?
A. Phase 1 Implementation begins with the largest Originators and TPSPs (including TPSs) and initially applies to those with ACH volume of 6 million transactions or greater annually with effectivity by June 30, 2020.
Phase 2 applies to those with ACH volume of 2 million transactions or greater annually with effectivity by June 30, 2021.
Q2. Is this on the Sage product roadmaps?
A. The individual product groups are working to meet the impending guidelines, the following is what has been communicated to RKL.
- Sage 100cloud has this on the roadmap
- Sage X3 has this on the roadmap
- Sage 500 still uncertain
- Sage Intacct still uncertain
Q3. Where can we get more information?
A. You can get more information from these sites:
https://www.nacha.org/news/2020-brings-four-nacha-operating-rules-changes-are-you-ready
https://www.nacha.org/rules/supplementing-data-security-requirements
Additionally, once we have more information from Sage, we will document this information in newsletters and product updates. If you have immediate questions you can reach us directly at -> RKL eSolutions.