As of June 30, 2021, a new rule on supplementing data security requirements goes into effect for ACH originators that have an annual volume of 6 million transactions or greater. The rule requires the originators (and third party service providers) to protect bank account information unreadable when it's stored electronically. Basically, the sensitive bank account data needs to be tokenized.
There is also a second phase of this new rule that goes into effect on June 30, 2022. In this second phase of the rule, ACH originators with an annual volume of 2 million ACH transactions or greater will need to adhere to the data protection standard. More information on the new data protection security requirements can be found at https://www.nacha.org/rules/supplementing-data-security-requirements.
Right now there are a lot of high volume ACH originators looking into options for how they can best meet the NACHA security requirement for their organization. We know that for a fact. Many times these large volume ACH originators have a direct ODFI relationship. The problem is that banks are not equipped to provide their ACH originator clients with a solution that meets the NACHA data security requirements. Therefore they must search outside the banking relationship for a solution that can work with their direct ODFI bank relationship.
Fortunately there are solutions to be found, and we at Agile Payments can offer a number of solutions up for these high volume ACH originators. If your organization is in need of a tokenization solution for your direct ODFI relationship, contus us and let us meet your tokenization needs.