NACHA Compliance
NACHA operating rules for ACH payments processed through Cresora.
The National Automated Clearing House Association (NACHA) governs ACH payment rules in the US. All ACH payments processed through Cresora must comply with NACHA operating rules.
Key NACHA requirements
Authorization
Before debiting any bank account, you must obtain the customer's authorization. The authorization must:
- Be in writing (digital acceptance is acceptable)
- Include the specific account to be debited
- Include the amount or amount range
- For recurring: include the schedule (or state that amounts may vary)
- Be retained for 2 years after the last ACH entry
See ACH Authorization Language → for the exact required text.
Reg E re-notification
For recurring ACH plans, if the debit date or amount changes significantly, NACHA Regulation E requires you to send re-notification to the customer before the charge. Cresora fires ach.renotification_required when this applies.
R10 returns
An R10 return ("Customer advises not authorized") requires you to:
- Immediately stop all retries on that account
- Remove the account from future debit attempts
- Investigate and remediate
Continued debiting after an R10 is a NACHA rule violation and can result in fines.
Retry limits
NACHA limits ACH retry attempts after a return:
| Return code | Max retries |
|---|---|
R01 (NSF) | 2 retries within 180 days |
R09 (uncollected funds) | 2 retries within 180 days |
| All other codes | 0 retries |
Cresora's NACHA responsibilities
Cresora, as an Originating Depository Financial Institution (ODFI) sponsor, is responsible for:
- Submitting ACH files to the network on your behalf
- Enforcing NACHA-compliant retry rules
- Reporting suspicious activity
You are responsible for:
- Obtaining and retaining proper authorization from customers
- Implementing R10 stop logic
- Using NACHA-compliant authorization language
- Sending Reg E re-notifications when required