|
Nacha has recently updated its operating rules for clients transacting payments via ACH. The new requirement supplements data security to improve quality while mitigating risk. The existing ACH Security Framework, including its data protection requirements, will be supplemented to explicitly require large, non-FI Originators, Third-Party Service Providers (TPSPs) and Third-Party Senders (TPSs) to protect deposit account information by rendering it unreadable when it is stored electronically. |
Q1. When do the changes go into effect?
A. Phase 1 Implementation begins with the largest Originators and TPSPs (including TPSs) and initially applies to those with ACH volume of 6 million transactions or greater annually with effectivity by June 30, 2020.
Phase 2 applies to those with ACH volume of 2 million transactions or greater annually with effectivity by June 30, 2021.
Q2. Is this on the Sage product roadmaps?
A. The individual product groups are working to meet the impending guidelines, the following is what has been communicated to RKL.
Q3. Where can we get more information?
A. You can get more information from these sites:
https://www.nacha.org/news/2020-brings-four-nacha-operating-rules-changes-are-you-ready
https://www.nacha.org/rules/supplementing-data-security-requirements
Additionally, once we have more information from Sage, we will document this information in newsletters and product updates. If you have immediate questions you can reach us directly at -> RKL eSolutions.