woman using her laptop in an office banner

3 min read

Key takeaways

  • In March 2026, Nacha will implement changes requiring businesses to strengthen fraud monitoring for their ACH transactions.
  • The rules apply to businesses and payment processors that handle ACH transactions, requiring them to monitor for suspected fraudulent or scam transactions.
  • To comply with the new Nacha rules, your business must evaluate their fraud detection systems and may need to implement enhanced monitoring processes.
  • J.P. Morgan offers solutions such as Validation Services, Account Confidence Score and Payment Control Center to help businesses strengthen their fraud detection capabilities.

New rules starting in March 2026 will require most businesses using ACH payments to upgrade their fraud monitoring systems.

Nacha (formerly the National Automated Clearing House Association) governs the ACH Network, the backbone of electronic payments in the U.S.

The changes will affect any business that processes electronic payments, from payroll deposits to vendor payments.

What are the current rules? 

Current Nacha rules require companies to screen WEB debits and micro-entries to reduce unauthorized transactions and fraud. Nacha also urges all participants to implement adequate control systems to detect and prevent fraud, including instances that involve a new account number or changes to an existing account number.

Key benefit types affected:

  • WEB debits: Online payments that pull money from consumer bank accounts
  • Micro-entries: Small test transactions (under $1) used to verify account access

What is the new Nacha rule?

The 2026 Nacha rule requires ACH network participants to implement risk-based processes to identify fraudulent outgoing ACH entries and monitor entries that are unauthorized or initiated under false pretenses.

Who is affected:

  • Non-consumer originators: Businesses or organizations that initiate ACH transactions
  • Depository financial institutions: Financial institutions that initiate and receive ACH transactions for their customers' accounts
  • Third-party service providers: Payment processors, payroll companies and other services that handle ACH transactions for other businesses

The rules will be implemented in two phases:

  • Phase 1, starting March 20, 2026: Applies to non-consumer originators and third parties with 2023 ACH origination volume of 6 million or more
  • Phase 2, starting June 19, 2026: Applies to all remaining non-consumer originators and third parties

These entities should establish monitoring processes and review them annually to address evolving fraud risks.

Steps you can take to prepare

Consider these areas for evaluation and discussion with your compliance, legal and technology teams:

  1. Assessment and gap analysis: Work with your compliance team to identify gaps in current processes and evaluate data security requirements.
  2. Fraud monitoring evaluation: Assess your current risk-based monitoring capabilities and validation processes with your risk team.
  3. Technology assessment: Evaluate compliance software options and integration requirements with your IT and compliance teams.
  4. Team preparation: Plan staff education on new Nacha requirements and compliance culture with your HR and compliance teams.
  5. Contract review: Work with legal to assess vendor and partner agreements' alignment with new requirements.
  6. Ongoing compliance strategy: Establish regular review processes with your compliance team.

For additional information on the 2026 NACHA fraud monitoring rules, visit our detailed description on the upcoming changes

J.P. Morgan Trust and Safety solutions

As clients evaluate the new Nacha rules, they should consider whether J.P. Morgan Trust and Safety solutions could be helpful for their organization’s specific fraud mitigation objectives. 

  • Pre-transaction: Entity Validation verifies individual and business entity information, while Account Validation and Account Confidence Score verify account status, account ownership and potential payment risk associated with that account.
  • Post-transaction: The Payment Control Center (PCC) enables transaction rules and exception alerts.

We’re here to help

These new Nacha requirements come at a critical time. The 2024 AFP Payments Fraud and Control Survey found that 80% of organizations experienced payments fraud attacks in 2023, with ACH credits particularly vulnerable to fraud schemes.1

J.P. Morgan fraud prevention specialists understand both the regulatory landscape and the practical challenges of implementing enhanced monitoring systems. Our team works with organizations of all sizes to evaluate compliance options and develop strategies that fit your existing risk management framework.

Contact us for expert guidance on navigating these Nacha requirements before the 2026 deadlines.

JPMorgan Chase Bank, N.A. Member FDIC. Visit jpmorgan.com/commercial-banking/legal-disclaimer for disclosures and disclaimers related to this content.

This article, and the services described herein, are not intended to, and do not, satisfy any rule, regulatory or other requirements for fraud monitoring or for the establishment or maintenance of any Sanctions, Anti-Money Laundering, or Know-Your-Customer program. Clients using J.P. Morgan’s Trust and Safety solutions and products remain subject to and solely responsible for compliance with their obligations under applicable payment network rules, regulations, and sanctions requirements.

Contact us

This field is required.

This field is required.

This field is required.

This field is required.

This field is required.

Please enter a valid business email. This field is required.

Please enter a valid business email. This field is required.

Please enter a valid business email. This field is required.

This field is required.

By checking the box below I consent to JPMorganChase using the information I have provided to send me:

Learn more about our data practices in our privacy policy.

Something went wrong. Please try again in a few minutes.