NACHA Releases Interim Policy on Data Breaches

RESTON, Va. — NACHA–the Electronic Payments Association–has issued an interim policy to deal with security breaches of the automated clearinghouse system.The key points of the Operations Bulletin are that an Originating Depository Financial Institution must notify NACHA of a breach of consumer-level data and the ODFI must also make information about the breach available to the affect Receiving Depository Financial Institutions. The interim policy became effective Sept. 28, however NACHA will not enforce it until a final rule is adopted.The NACHA Operations Bulletin stated, “The policy is a statement of NACHA’s expectation that ODFIs and their Originators and Third Parties will have appropriate procedures in place to prevent, detect, and investigate ACH data breach events, to report such events to NACHA, and to make information about such events available to affected RDFIs.”The policy outlines what a data breach event is and defines consumer-level ACH data as including a bank account number or a customer’s name together with their Social Security number. The ODFI is responsible for ensuring the protection of the data and that it and its third-party providers implement commercially reasonable policies, procedures and systems to detect the occurrence of a data breach within their respective organizations.If a breach is detected, the ODFI is expected to “immediately commence and diligently pursue” an investigation. This pursuit should aim to determine (i) if a data breach has actually occurred, (ii) the scope of the data breach, including the type and amount of data affected, (iii) the risk that the affected data will be misused, and (iv) what steps are necessary to prevent further unauthorized access to Consumer-Level ACH Data, NACHA said. While the ODFI is required to report various aspects to NACHA, such as the cause and scope of the breach, NACHA may withhold the names of the organizations involved in the breach at the request of the ODFI.

Complete your profile to continue reading and get FREE access to, part of your ALM digital membership.

Your access to unlimited content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Critical information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers, resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
  • Exclusive discounts on ALM and CU Times events.
  • Access to other award-winning ALM websites including and

Already have an account?


© 2023 ALM Global, LLC, All Rights Reserved. Request academic re-use from All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.


Credit Union Times

Join Credit Union Times

Don’t miss crucial strategic and tactical information necessary to run your institution and better serve your members. Join Credit Union Times now!

  • Free unlimited access to Credit Union Times' trusted and independent team of experts for extensive industry news, conference coverage, people features, statistical analysis, and regulation and technology updates.
  • Exclusive discounts on ALM and Credit Union Times events.
  • Access to other award-winning ALM websites including and

Already have an account? Sign In Now
Join Credit Union Times

Copyright © 2023 ALM Global, LLC. All Rights Reserved.