3 min read
New rules starting in March 2026 will require most businesses using ACH payments to upgrade their fraud monitoring systems.
Nacha (formerly the National Automated Clearing House Association) governs the ACH Network, the backbone of electronic payments in the U.S.
The changes will affect any business that processes electronic payments, from payroll deposits to vendor payments.
Current Nacha rules require companies to screen WEB debits and micro-entries to reduce unauthorized transactions and fraud. Nacha also urges all participants to implement adequate control systems to detect and prevent fraud, including instances that involve a new account number or changes to an existing account number.
Key benefit types affected:
The 2026 Nacha rule requires ACH network participants to implement risk-based processes to identify fraudulent outgoing ACH entries and monitor entries that are unauthorized or initiated under false pretenses.
Who is affected:
The rules will be implemented in two phases:
These entities should establish monitoring processes and review them annually to address evolving fraud risks.
Consider these areas for evaluation and discussion with your compliance, legal and technology teams:
For additional information on the 2026 NACHA fraud monitoring rules, visit our detailed description on the upcoming changes.
As clients evaluate the new Nacha rules, they should consider whether J.P. Morgan Trust and Safety solutions could be helpful for their organization’s specific fraud mitigation objectives.
These new Nacha requirements come at a critical time. The 2024 AFP Payments Fraud and Control Survey found that 80% of organizations experienced payments fraud attacks in 2023, with ACH credits particularly vulnerable to fraud schemes.1
J.P. Morgan fraud prevention specialists understand both the regulatory landscape and the practical challenges of implementing enhanced monitoring systems. Our team works with organizations of all sizes to evaluate compliance options and develop strategies that fit your existing risk management framework.
Contact us for expert guidance on navigating these Nacha requirements before the 2026 deadlines.
JPMorgan Chase Bank, N.A. Member FDIC. Visit jpmorgan.com/commercial-banking/legal-disclaimer for disclosures and disclaimers related to this content.
This article, and the services described herein, are not intended to, and do not, satisfy any rule, regulatory or other requirements for fraud monitoring or for the establishment or maintenance of any Sanctions, Anti-Money Laundering, or Know-Your-Customer program. Clients using J.P. Morgan’s Trust and Safety solutions and products remain subject to and solely responsible for compliance with their obligations under applicable payment network rules, regulations, and sanctions requirements.