deepidv
Back to News
The Deep Brief · Jun 15, 2026 · 3 min read

Nacha Activates Phase 2 Fraud Monitoring: Volume Thresholds Eliminated

Nacha activated Phase 2 Fraud Monitoring on June 19, 2026, scrapping ACH volume thresholds and forcing all originators, TPSPs, and TPSs into risk-based tracking.

Shawn-Marc Melo
Shawn-Marc Melo
Founder & CEO at deepidv
Nacha Phase 2 ACH fraud monitoring rule eliminating processing volume thresholds for originators

On June 19, 2026, Nacha activated Phase 2 of its Fraud Monitoring rule and eliminated every historical processing volume threshold. The change pulls all remaining non-consumer ACH originators, Third-Party Service Providers (TPSPs), and Third-Party Senders (TPSs) into mandatory, risk-based fraud monitoring — regardless of how much ACH volume they process.

The headline for compliance teams is a shift in posture. Nacha is moving the network from simple account validation to holistic user identity tracking, and it expects firms to spot anomalies before a transaction ever leaves the network.

What Phase 2 changes for ACH originators

The most consequential shift is the removal of the volume threshold itself. Phase 1 captured high-volume originators and processors first, giving smaller players a grace window. That window is gone. Whether a firm pushes ten ACH transactions a month or ten million, the same risk-based monitoring obligation now applies, and Nacha expects documented procedures rather than a checkbox attestation.

This is a move from simple account validation to holistic user identity tracking. Validating that a routing and account number resolve to an open account does nothing to catch a credential that has been hijacked or a vendor record that was quietly edited. Phase 2 asks originators to understand who is actually behind each origination instruction, not just whether the destination account exists.

For most teams, the operational reality is that legacy account-verification tooling will not satisfy an examiner. Nacha wants evidence that you can spot anomalies against an established baseline, which means you need a behavioral and identity signal layer feeding your decisioning before funds move.

Why false-pretenses fraud is the real target

The rule is aimed squarely at false-pretenses fraud — schemes where a legitimate party is tricked into authorizing a payment that goes to a criminal. That category covers business email compromise (BEC), corporate vendor impersonation, and payroll diversion. In each case the ACH transaction is technically valid: the account exists, the credentials check out, and the originator believes the instruction is genuine. The fraud lives in the identity and intent behind the request, not in the mechanics of the transfer.

That is precisely why account validation alone fails here. A diverted payroll deposit or a redirected vendor invoice will pass every structural check while draining real money. Catching it requires baseline user patterns and the ability to flag deviation — a sudden change in a vendor's banking details, an off-hours origination from an unfamiliar device, or a payroll batch that breaks an established rhythm.

Meeting the standard before funds leave the network

The hard part of Phase 2 is timing. Nacha wants firms to establish baseline user patterns and identify anomalies *before* a transaction leaves the network, not reconstruct what happened after a recall request lands. Post-settlement review is too late; ACH recalls are slow and frequently unsuccessful once funds have been withdrawn downstream.

This is where real-time signal validation does the work that batch account checks cannot. deepidv runs automated forensic layers across the identity and device signals tied to each origination, scoring deviation from an established baseline as the instruction is processed rather than after the fact. That gives originators, TPSPs, and TPSs a defensible, documented basis for the risk-based monitoring the rule now requires.

Two capabilities make the standard practical to hold. Continuous transaction monitoring keeps a live behavioral profile for every originating party, and ongoing continuous monitoring of the underlying identities surfaces drift — a re-used credential, an impersonated vendor, a tampered profile — before it converts into a settled loss. Together they turn Phase 2 from a paperwork exercise into an enforceable control.

Nacha Phase 2 Fraud Monitoring: common questions

What is Nacha's Phase 2 Fraud Monitoring rule?
Phase 2, activated June 19, 2026, eliminates all historical processing volume thresholds from Nacha's Fraud Monitoring rule. It pulls every remaining non-consumer ACH originator, Third-Party Service Provider (TPSP), and Third-Party Sender (TPS) into mandatory risk-based fraud monitoring. There is no longer a volume exemption, so a low-volume originator carries the same obligation as a high-volume one.
Who has to comply with the new Nacha ACH rule?
All remaining non-consumer ACH originators, TPSPs, and TPSs that were not already captured under Phase 1 are now in scope. The removal of volume thresholds means firms that previously sat below the line must now establish documented, risk-based fraud monitoring procedures. Compliance is no longer tied to how much ACH volume you process.
What kinds of fraud does Phase 2 target?
The rule targets false-pretenses fraud, where a legitimate party is deceived into authorizing a valid payment to a criminal. That includes business email compromise (BEC), corporate vendor impersonation, and payroll diversion. In these schemes the transaction passes every structural check, so the fraud has to be caught through identity and behavioral signals rather than account validation.
Why is account validation no longer enough under Nacha Phase 2?
Account validation only confirms that a routing and account number resolve to an open account. It cannot detect a hijacked credential, an impersonated vendor, or a diverted payroll instruction, all of which produce technically valid transactions. Phase 2 shifts the standard to holistic user identity tracking, which requires baseline behavioral patterns and anomaly detection before funds move.
How does deepidv help satisfy Nacha's proactive risk-based tracking?
deepidv provides automated, real-time signal validation and forensic layers that score each ACH origination against an established identity and device baseline as it is processed. Continuous transaction and identity monitoring flag anomalies — changed vendor banking details, unfamiliar devices, broken payroll rhythms — before a transaction leaves the network. That gives originators, TPSPs, and TPSs a documented basis for the risk-based monitoring the rule requires.
TagsIdentity VerificationRegulationFinTechAMLACHIntermediateNews

Relevant Articles

What is deepidv?

Not everyone loves compliance — but we do. deepidv is the AI-native verification engine and agentic compliance suite built from scratch. No third-party APIs, no legacy stack. We verify users across 211+ countries in under 150 milliseconds, catch deepfakes that liveness checks miss, and let honest users through while keeping bad actors out.

Learn More