Guide to ACH Network

The Automated Clearing House (ACH) Network is comprised of U.S. financial institutions, the Clearing House, Federal Reserve, and the National Automated Clearing House Association (NACHA). These elements work together in order to facilitate the electronic transfer of funds in the United States. 
This network promises users reliability and security as a way of reducing financial fraud and providing clear expectations around electronic money transfers. 
In this way, allowing ACH billing or ACH processing for your company is good for client retention and easing the financial transaction process. But in order to send an ACH transfer, you must do so through a verified ACH Operator. 
If you’d like to send a bank-to-bank electronic payment that is far cheaper than a wire transfer, you’ll have to be cleared to send an ACH transaction processed through the ACH Network. 
To help you out, we’ve developed this guide to the ACH Network. 

How to Set Up ACH Payment Processing

Setting up ACH payment processing is relatively easy but how you do it depends on the payment processor you use and the types of payments that you will be working with. 
There are several types of payment processors: 

  • A financial institution, like a bank or credit union
  • A third-party payment processor (TPPP), which is usually a service that you can sign up and link to a bank account through an eCommerce site
  • An ACH API, like Sila, which allows you to create your own ACH payment processing service

No matter which ACH payment processing option you use, each should follow the necessary NACHA guidelines and Know Your Customer (KYC) rules.
You’ll also want to consider the functionality of your ACH payment processor. Will it be integrated with an eCommerce site or will customers be using it at the POS? 
Consider the following when searching for a payment processor:

  • Can the service be set up on your eCommerce site? 
  • Does it also process debit card and credit card transactions?
  • Can it be customized to your brand and payment needs?
  • Is it an ACH API?
  • Can it be integrated with a payment gateway? Or is it a payment gateway?
  • Can it be integrated with a digital wallet?
  • How does it verify KYC rules? Or, is it following rules that are outdated like Customer Due Diligence (CDD)?
  • How does the ACH payment processor store sensitive information?
  • Are there ACH payment fees associated with each transaction?

Choosing the right ACH payment processor is extremely important. The ACH Network is as secure as it is because financial institutions, like Originating Depository Financial Institutions (ODFIs) and Receiving Depository Financial Institution (RDFIs), practice caution when dealing with sensitive information. 
With these protections in place, it is far less likely that ACH fraud will occur. As someone who uses the ACH Network, keeping the network secure is part of your responsibility. 

Third-party Senders and the ACH Network

Third-party senders are an organization that has authorized an ODFI or Third-Party Service Provider to send an ACH debit entry, ACH credit entry, or non-monetary ACH entry on behalf of an Originator. 
The rules of NACHA still apply to an ODFI when working with a third-party sender. In fact, there are additional rules that must be followed when working with these organizations. 
These include: 

  • Reasonably necessary banking information of each Originator must be provided by the third-party sender to the ODFI within two banking days of the request. 
  • The third-party sender must assure the ODFI that the Originator has agreed to act and uphold the responsibilities of an Originator as required by the NACHA rules. 
  • They must be legally able to perform the duties of an ODFI and must comply with these requirements, as stated under the NACHA Operating Rules. 
  • Third-party senders must pay ACH credit entries and ACH debit entries returned by the receiving bank. 
  • If an ODFI does not receive payment from the third-party sender, the ACH Originator must pay the ODFI.
  • And, finally, third-party senders and the ACH Originator must retain their records, documents, and data for verification and audit purposes. 

A third-party sender is almost interchangeable with a third-party service provider, but this is not always the case. In the basic sense though, a third-party sender can be considered an intermediary between an Originator and the ODFI. 
When working with a third-party sender, there is no contractual agreement between the ODFI and the Originator because the third-party sender is in an agreement with each party.

ACH Network Risk and Enforcement

When sending any ACH transaction, there is a level of risk that each party must bear. However, the enforcement of each NACHA rule, as well as the authorization of each ACH facilitator as an ACH Operator, allows for the ACH Network to function with minimal risk.  
ACH activity is monitored by a number of organizations, including NACHA and the Federal Reserve, under a number of regulations. 
Regulations that protect ACH activity include: 

  • Regulation E of the Electronic Funds Transfer Act
  • The Office of Foreign Assets Control (OFAC) of the U.S. government
  • The National Automated Clearing House Association (NACHA) Operating Rules
  • CCPA and GDPR, which governs all people and transactions based out of the location of coverage
  • And Know Your Customer (KYC) regulations

Since each transaction requires that the ACH Operator collects sensitive information on the Originator, there is still a fair amount of risk involved with operating within the ACH Network. Sending an ACH transaction is relatively safe, but only when the ACH Operators abide by the Operating Rules. 
ODFIs, RDFIs, and third-party senders are required to collect the following information on Operators:

  • The name of the bank account owner
  • The bank account number
  • The bank routing number
  • And information about the amount to be sent and the frequency

Sending an ACH transaction has a lot of versatility. It can be used for ACH billing, for sending in bill payment, and for direct deposit. 
By allowing these features, a company can minimize their payment processing costs and provide reliable payment methods for their clients. It can also minimize the use of credit cards from customers. 
However, simply allowing ACH transactions is not enough. You must ensure that your customer information is safe if you are to facilitate the transfer of ACH funds. 

Best Practices for the ACH Network

Before accepting an ACH transaction, do some research on the payment processor you aim to use, including the functionality of the payment processor and the company’s privacy policy. 
With all things said and done, ACH fraud is still real and can compromise your customer’s banking information and the integrity of the ACH Network. All that is needed is a user’s account number and the bank routing number. Typically, a criminal is able to acquire this information through a misleading website. 
Therefore, it is in the best interest of the person facilitating the ACH payment to follow by ACH security best practices
This includes:

  • An ACH debit block that auto-returns any ACH transaction directed at a specific bank account. 
  • An ACH debit filter, which auto-returns any ACH transaction for a designated account unless the ACH item was pre-authorized and all unauthorized transactions are automatically returned. 
  • An ACH alert and activity monitoring for every electronic transaction.
  • Authorization limits at the company and individual levels.

In addition to these safety measures, make sure that the payment processor is FDIC insured and that they comply with the PCI storage protocols for storing sensitive data. 
You should also set up restrictions within your organization. Make sure that all unauthorized ACH debits are returned to the account holder within 24 hours. And, limit who has access to recipient information. Background and credit checks should be run on all employees and anyone who would have access to a bank account or sensitive banking information. 

The ACH Network is a secure network in the U.S. that facilitates the transfer of electronic funds through a series of approved ACH Operators. Regulations are in place in order to protect this network and the sensitive information that is transferred during an ACH transaction. 
Businesses can allow ACH transactions to be used for payments by integrating an ACH API or software into their eCommerce system or by using a digital wallet. This allows more versatility for clients. Be sure to consider the information listed in this article because of integrating an ACH payment processor.