Nacha 2026: How ACH Workflows Are Changing
New Controls Shape What Happens Before Money Moves
A system is perfectly designed to get the results it gets.
First, let's get to know ACH.
ACH, short for Automated Clearing House, is the electronic network that moves money between banks across the United States. It powers everyday payments that people and businesses depend on, including payroll, bill pay and vendor payments.
ACH is the reliable backbone of everyday payments, supporting the transactions that keep work running and life moving.
Most of the time, it works so smoothly that people rarely think about it at all.
Most of the time.
Occasionally, the instructions behind a routine payment are wrong long before the payment ever reaches the ACH network.
That is where this story starts.
In 2026, a series of new Nacha rule changes will reshape how organizations and financial institutions monitor ACH activity, manage risk and handle payment workflows. The simplest way to understand the impact is to follow one familiar payment scenario through the year, first as it works today and then after the new rules take effect.
For protection, the individual’s name has been changed. The situation itself has not.
Meet Mark. He works in accounts payable. His days are a mix of routine and rush.
Invoices were stacked in the system. A few had already been kicked back for coding issues. One vendor was waiting on a payment before shipping. Another email had “urgent” in the subject line, which almost always meant someone else’s delay had just become his emergency.
Then a message arrived from a vendor he knew.
Same contact name. Same tone. Same thread history. The note was short and ordinary. They were updating banking details before the next payment. Please use the new account on the attached invoice.
Nothing about it demanded a slowdown. That was the gap.
Mark opened the invoice PDF and checked the amount. The due date matched. The vendor name matched. The thread looked familiar enough to move fast, and fast was the goal. He updated the vendor record with the new bank information and released the payment through ACH.
It felt like a good hour. One more thing cleared.
The next day the vendor called.
Where is our payment?
Mark said it had already gone out after he'd entered the new payment details.
There was a pause, then the sentence that changed the day.
"We never changed our bank account."
Mark reopened the email and read it line by line, slower this time. The signature looked right. The formatting looked right. The thread looked right. Then he saw it. One character in the sender address was off.
A single consonant.
The payment itself had moved exactly as instructed. The failure happened earlier, when a routine request was allowed to rewrite trusted payment instructions without forcing verification.
Now the work was no longer invoices and deadlines. It was screenshots, calls to the bank, escalation messages, and the uncomfortable job of reconstructing to key stakeholders what happened, step by step, after money already moved.
ACH payments move through a network, but they are governed by a rulebook. Nacha writes that rulebook, which means its updates shape how banks and businesses handle timing, monitoring and payment risk.
In 2026, those updates will start changing the routine moments where mistakes and fraud can slip through.
Nobody set out to do the wrong thing. The process made the wrong thing easy.
The 2026 Nacha timeline is designed to change that.
ACH Before 2026
The network worked exactly as designed.
ACH payments moved as instructed once they were submitted. The vulnerability often appeared earlier in the workflow, when routine requests could change trusted payment instructions without requiring independent verification.
That is the baseline going into 2026, as new Nacha rule dates begin strengthening fraud monitoring, standardizing payment descriptions and setting clearer operational expectations.
Jan. 1, 2026
The year begins quietly.
The first updates in the 2026 Nacha Operating Rules focus on technical clarifications. The operational changes that affect fraud monitoring and ACH workflows arrive later in the year.
March 20th, 2026
Fraud Monitoring Phase One Begins
Fraud monitoring gets a clearer standard.
Before, fraud monitoring requirements existed but documentation and escalation expectations were not always defined in the same way across institutions.
Starting March 20th, 2026, Fraud Monitoring Phase One begins for Originating Depository Financial Institutions, or ODFIs. The rule also establishes monitoring expectations for Originators, Third-Party Senders and Third-Party Service Providers, with large Receiving Depository Financial Institutions, or RDFIs, required to monitor inbound ACH credits.
The same date also introduces standardized Company Entry Descriptions for certain ACH entries, including “Payroll” for certain PPD credits and “Purchase” for certain WEB debits, making payment activity easier to identify and review.
June 22nd, 2026
Fraud Monitoring Phase Two
The rules expand beyond large players.
Before, Fraud Monitoring Phase One applied primarily to participants above certain transaction thresholds.
Starting June 22, 2026, Fraud Monitoring Phase Two expands those requirements beyond the Phase One thresholds, bringing additional Originators, Third-Party Senders and RDFIs into scope.
Sept. 18th, 2026
International ACH classification becomes clearer and funds must be made available earlier.
Before, Nacha Operating Rules defined what qualifies as an International ACH Transaction (IAT). However, identifying when an ACH entry was part of a broader cross‑border payment could require interpretation, leading to inconsistent classification.
Starting September 18, 2026, the Nacha Operating Rules clarify how IAT entries should be identified when an ACH payment is part of a broader cross‑border transaction. This change improves consistency without expanding what payments should be considered IATs.
On the same date, Receiving Depository Financial Institutions (RDFIs) are also required to make non–Same Day ACH credit entries available to receivers by 9:00 a.m. local time on the settlement date.
After Sept. 18th, 2026
The new operating rhythm.
After June 22, the major Risk Management Rule updates are in effect and after September 18th, the major international 2026 Nacha Operating Rule updates are in effect and the focus shifts from preparing for the changes to operating under them consistently.
Earlier funds availability and ongoing fraud monitoring expectations become part of routine ACH operations.
Fraud monitoring also becomes ongoing program work, with processes and procedures reviewed at least annually.
What happens to Mark after the changes?
The vendor email lands in Mark’s inbox and it looks familiar. Same contact name. Same tone. Same thread history. Updated bank details attached. Easy enough.
Mark opens the vendor record to make the change. The workflow does not let it glide through.
A change to banking instructions triggers a required verification step. The update cannot be finalized and the payment cannot be released until the request is confirmed through a trusted channel outside the email thread.
Mark calls the vendor using the phone number already on file. The vendor is confused. No one asked to change banking details.
Mark goes back to the email and reads it again. One character in the sender address is off.
A single consonant.
This time, the payment never goes out. The work stays in prevention, not recovery, because the process treated a bank detail change as a moment that deserves guardrails.
Not only did Mark suddenly develop sharper fraud detection. The process changed around him.
In 2026, Nacha’s updates push a more consistent approach to fraud monitoring and more uniform payment labeling. The combined effect is simple. Routine moments, like a bank detail change that arrives through a familiar thread, face more necessary guardrails and more review before real money moves.
“In conversations with financial institutions and corporate payment teams, the biggest concern is not the rule language itself, but how their existing ACH workflows align with the new expectations around timing and monitoring. Many organizations are still evaluating where verification and documentation actually occur before funds are released. Those that address those gaps now will be better positioned as 2026 progresses.”
Bradley Menhennet
LexisNexis® Risk Solutions
National Account Executive
Many teams bring in outside support to close these gaps. As a Nacha preferred partner, LexisNexis® Risk Solutions supports payment teams as they map where verification and documentation happen before funds are released. That can include validating routing information against trusted reference data using LexisNexis® Bankers Almanac® Routing Transit Number Data and confirming account ownership with LexisNexis® Bankers Almanac® Validate™ Safe Payment Verification to confirm bank account ownership before money moves.
LexisNexis® Risk Solutions also serves as the Registrar of Routing Numbers for the American Bankers Association, assigning routing numbers under ABA policy, the kind of quiet infrastructure ACH depends on.
Most payments will still move the way they always have. The difference is what happens when something looks routine and is not.
LexisNexis and the Knowledge Burst logo are registered trademarks of RELX Inc., registered in the U.S. or other countries. Bankers Almanac is a registered trademark and Validate is a trademark of LNRS Data Services Limited, registered in the U.S. or other countries. Other products or services may be trademarks or registered trademarks of their respective companies. Copyright © 2026 LexisNexis Risk Solutions.
All information contained herein is for educational purposes only and not intended to and shall not be used as legal advice. LexisNexis Risk Solutions does not (a) represent nor warrant that this document is complete or error free, and (b) guarantee the functionality or features of any LexisNexis Risk Solutions services identified herein.
