New Rules to Safeguard Your Business
April 20, 2026
First Bank and Trust Company is committed to helping you protect your organization and your customers from evolving fraud risks. There is an important update to the NACHA Operating Rules that requires ACH Originators to implement risk-based processes to detect and mitigate fraud.
This rule is designed to address increasing threats such as business email compromise (BEC) and payroll redirection fraud, which continue to impact organizations of all sizes.
What This Means for Your Business
As an ACH Originator, you are expected to adopt a risk-based approach tailored to your organization’s size, complexity, and transaction activity. Below are key strategies to consider as part of your fraud prevention framework:
1. Out-of-Band Authentication
Implement verification procedures that occur outside of your primary transaction channel. For example, confirm payment instructions or account changes through a separate communication method, such as a phone call to a known and trusted contact.
2. Device and Behavioral Monitoring
Leverage tools that evaluate device characteristics and user behavior patterns. Identifying unfamiliar devices, unusual login activity, or deviations from normal transaction behavior can help detect unauthorized access attempts. Ask us about IP restrictions and/or block out times per users if you would like more information about additional security features.
3. Anomaly Detection
Establish systems or processes to flag unusual transaction activity, such as unexpected changes in payment amounts, timing, or recipient account details. Prompt review of anomalies can significantly reduce fraud exposure.
Strong internal controls remain your most effective defense against fraud and are a foundational expectation under the updated rule.
Next Steps
We encourage you to review your current ACH processes and enhance your controls where necessary to align with these requirements. Our Treasury Management team is available to assist you in evaluating your existing procedures and recommending appropriate safeguards.
If you have any questions or would like guidance on implementing these measures, please contact your relationship manager or reach out to our Treasury Management team directly.
Learn More:
Read "The Vendor Email That Changed Everything: A Business Scam Story" to learn more about how a business was caught off guard and how the incident served as a costly but valuable lesson in how event trusted relationships can be exploited.