Meaningful Modernization: What Does it Mean for Your Debit Authorizations?

Amy Donaghue

By: Liz Cone, AAP, APRP, Manager, Audit Services

The Meaningful Modernization update to the ACH Rules went into effect on September 17, 2021. These Rules defined Standing and Oral Authorizations and provided clarity, flexibility and consistency for participants. This was a significant update to the Rules that included changes to obtaining Written Statements of Unauthorized Debit as well as changes to the standard debit authorization form.

Nacha advised ODFIs and Originators to review the current standard authorization regarding the standards of “readily identifiable” and “clear and readily understandable term.” It was also advised that the language on the standard debit authorization form be reviewed to determine if the minimum data elements are addressed. What does this mean for ODFIs and Originators? What action should be taken? And, do you have to obtain new authorization forms for previously authorized debit Entries? These are all good questions that many participants in the ACH Network have had since the introduction of the Meaningful Modernization update to the ACH Rules was announced.

What Has Remained the Same?

It is true that change is inevitable, and while this update to the ACH Rules does bring quite a bit of change, some things do remain the same with regard to debit authorizations. For one or more debit Entries to a Receiver’s account, the Originator is still required to obtain a written or similarly authenticated authorization from the Receiver. That debit authorization is still required to be readily identifiable as an authorization and have clear and readily understandable terms. As Nacha advised, debit authorizations should be reviewed to ensure that both of these requirements are being met. An inadequate authorization in these areas could result in the authorization being invalid.

What Has Changed?

When comparing previous Rules requirements regarding debit authorizations to the current Rule, you will see that the debit authorization does require more information be gathered from the Receiver prior to initiating the debit Entry. In addition to the general requirements discussed in the previous paragraph, a debit authorization must, at a minimum, include:

  • Language regarding whether the authorization obtained from the Receiver is for a Single Entry, multiple Entries or Recurring Entries;
  • The amount of the Entry(ies) or a reference to the method of determining the amount of the Entry(ies) (i.e. monthly payment amount for a loan, required minimum distribution amount for an IRA disbursement);
  • The timing (including the start date), number and/or frequency of the Entry(ies) (Note: this is an and/or option. All three of these do not have to be present on the authorization form);
  • The Receiver’s name;
  • The account to be debited;
  • The date of the Receiver’s authorization; and
  • Language that instructs the Receiver how to revoke the authorization, including the time and manner in which the Receiver’s communication with the Originator may occur.

Now What?

Now it’s time to communicate the changes and review the standard debit authorization forms to determine if changes need to be made for the forms to comply with the updated rules. An ODFI is responsible for each Originator and Third-Party Sender’s compliance with the ACH Rules. At a minimum, each ODFI should communicate these changes to its Originators and Third-Party Senders and provide some education and training concerning the changes to the Rules and how these changes affect them. To go a step further and provide a peace of mind to management, the ODFI could communicate these changes to each Originator and Third-Party Sender and require that the updated authorization form be provided to the ODFI for review and approval.

Originators and Third-Party Senders should review their debit authorization forms against the updated Rules to ensure compliance with the revised requirements. Should your ODFI reach out to you requesting copies of your debit authorization form, it is important to work closely with your ODFI with a goal of being compliant with the ACH Rules and utilizing forms that are valid under applicable Legal Requirements.

Because an ODFI can also be an Originator by processing ACHs internally for the collection of loan payments, external transfers, etc., it is important for internal debit authorization forms be reviewed as well to ensure compliance with the newly effective Rules.

Taking Action

Should the review of debit authorization form(s) reveal that the current form(s) does not meet the revised minimum standards for a consumer debit authorization, you will need to update your form to include the missing elements that are now required by the Rules.

Does this mean that new authorizations will need to be obtained when there is an existing authorization in place? Absolutely not. Existing authorizations are not impacted by the changes. As of the effective date of this revision to the Rules (September 17, 2021), when a new authorization is obtained or an existing authorization is updated, it must conform to the minimum standards outlined above.

If this new Rule change, or anything else on your radar, is giving your organization pause, reach out to our advisory services team at advisory@epcor.org. Our expert team is ready to assist your organization and can help you find the service that’s right for you to tackle anything on your list! We hope to hear from you soon.