
Digital Content

- Unlimited access to peer-contribution articles and insights
- Global research and market intelligence reports
- Discover iNFRont Magazine, an NFR publication
- Panel discussion and presentation recordings



- Nacha’s new ACH fraud monitoring rules take effect starting March 2026
- 80% of institutions are still unprepared or unsure of compliance needs
- Rules require tailored, risk-based monitoring by originators and banks
- Compliance must span the entire customer lifecycle from onboarding to payment
- March and June 2026 are key deadlines for phased implementation
- Vendor selection and fraud system upgrades should be completed in 2025
- Real-world deployments show operational and customer service gains
- Legacy systems are unlikely to meet new fraud detection expectations
- Modular, API-driven platforms are advised for scalability and efficiency
- Compliance is not just regulatory – it’s now a competitive necessity
A year out from the most significant overhaul to ACH fraud monitoring in over a decade, the majority of financial institutions in the U.S. are still struggling to prepare.
According to LSEG Risk Intelligence, Nacha’s 2026 Fraud Monitoring Rules—set to begin taking effect from March next year—require not only technical upgrades but a complete strategic shift in how fraud is addressed across the payment lifecycle.
Despite surging fraud risks and increasing regulatory urgency, a staggering 80% of financial institutions surveyed admitted they have either not started preparing or are still trying to assess what’s required.
The new rules mandate risk-based fraud detection processes at every stage, from onboarding to payment execution.
Compliance is not optional, nor is it uniform – each firm must tailor its fraud controls based on the size and nature of its operations.
Brian Holbrook, Director of Product Strategy and Integrated Services at LSEG Risk Intelligence, warned that many firms risk falling behind.
“If you haven’t started execution, depending on the size and breadth of your enterprise, you may be falling behind,” he said.
Holbrook stressed that 2025 is the critical implementation year – when vendor decisions must be finalized, fraud detection systems upgraded, and operational shifts completed.
The new regulations respond to a marked uptick in fraudulent ACH activity, particularly across same-day transactions. In 2024 alone, ACH payments totaled more than $86 trillion in the U.S., intensifying the need for robust oversight mechanisms.
The changes come in two waves. By March 20, 2026, large originators, third-party service providers and receiving banks must implement new monitoring protocols. By June 19, all others must comply.
Importantly, this is not a checkbox exercise. The rules require institutions to adopt tailored, risk-based procedures to detect and prevent suspicious activity. That includes identifying anomalies in transaction velocity, unexpected account changes, or deviations from typical customer behavior.
Holbrook and other experts emphasize the importance of taking a holistic view—fraud detection must span the entire customer lifecycle.
This begins with identity verification and AML screening at onboarding, continues through change events such as account updates, and culminates in ongoing monitoring during payments and disbursements. Any red flags must prompt swift, automated responses.
Real-world implementations suggest that the benefits of compliance go beyond just avoiding penalties.
In one example, LSEG partnered with a U.S. financial institution to dismantle siloed fraud controls and establish a unified framework.
The changes led to faster resolution of low-risk issues, freed up call centre resources for higher-risk tasks, and ultimately delivered better customer experiences.
As Holbrook explained, the key to readiness lies in both planning and execution. The roadmap is clear: 2023 was for assessing changes, 2024 for process evaluation and vendor selection, and 2025 is the year to act. Final testing and compliance must be in place by early 2026.
Yet many institutions continue to underestimate what’s required. The assumption that legacy fraud systems can simply be retrofitted to meet new rules is not only dangerous – it could be costly.
Experts advise adopting a modular, API-driven approach with flexible workflows, integrated data analytics, and real-time alerts.
Nacha’s rules are a wake-up call for the payments industry. As financial fraud grows in complexity, compliance must evolve into strategic resilience. Time is short, and the stakes are high.