Skip to main content

Mark your calendar: Phase 2 of Nacha’s Data Security Requirement effective June 30

Note: This article was updated on June 2, 2022.

Effective June 30, 2022, the second phase of the Supplemental ACH Data Security rule, as defined in ACH Operations Bulletin #7-2020 (Off-site, PDF), will take effect. This change applies to ACH originators and Third-Parties with more than 2 million entries or more ACH payments annually.

This rule requires ACH originators and Third-Parties to protect DFI account information when electronically stored. Check out Nacha’s Supplementing Data Security Requirements (Phase 2) (Off-site) article for more details surrounding the June 30 change.

For additional information on the rule change and potential impact to your institution, please reach out to your payments association (Off-site).