Platform

Overview

How It Works

Beneficiary Identity

Policy Corridors

Deterministic Finality

Architecture

Security Model

Governance

Integration
Solutions

Corridors Overview

Institutional Overview

Pricing

All Scenarios

Humanitarian Impact Fund
Assurance

Technical Assurance

Verify Receipt

Receipt Example
Developers

Documentation

APIs & Bridges

Architecture Docs

Glossary

BID API
Company

About

Team

Partners

Roadmap

Investors

Contact

Blog

All Documentation
Schedule Consultation
BRIDGES & APIs

NACHA / ACH Interface Reference

Complete development reference for JIL's NACHA/ACH interface layer - compliance requirements, message formats, 2026 fraud monitoring mandates, and integration architecture for US domestic payment processing.

11 Core Services
2026 NACHA Compliant
99.99% SLA Target

Table of Contents

Overview

JIL's Role in the ACH Flow

The ACH (Automated Clearing House) network, governed by NACHA, processes US domestic payments - payroll, direct deposit, bill pay, and e-commerce. It processes trillions of dollars annually across all US financial institutions. JIL operates at the interface layer between Originators/ODFIs and the ACH Operator.

Originator (Bank Customer) | v ODFI (Originating Depository FI) | v [JIL NACHA Interface Layer] <-- THIS IS WHAT WE BUILD | v ACH Operator (FedACH or The Clearing House) | v RDFI (Receiving Depository FI) | v Receiver (End Beneficiary)

What JIL Adds at the Interface Layer

Beneficiary Binding

Cryptographic lock on intended recipient before ACH entry is submitted.

Pre-Settlement Compliance

KYC/AML/sanctions check before the file is sent to ACH operator.

False Pretense Detection

Satisfies NACHA 2026 fraud monitoring mandate at protocol layer.

Finality Receipts

Deterministic finality receipt mapped to ACH trace number for audit trails.

Description Enforcement

Automatic PAYROLL / PURCHASE entry description tagging per 2026 rules.

Classification

NACHA Participant Classification

JIL operates under one or both classifications depending on implementation structure.

Third-Party Service Provider (TPSP)

  • Provides ACH processing on behalf of ODFIs or Originators
  • Directly subject to NACHA Operating Rules
  • Must be registered with NACHA
  • Subject to audit rights from ODFIs
Recommended

Third-Party Sender (TPS)

  • Transmits ACH entries on behalf of Originators to ODFIs
  • Contractual chain: TPS to ODFI to ACH Operator
  • Requires written agreement with each ODFI partner
  • ODFI remains liable for TPS compliance
Compliance

Core Standing Obligations

Always-on requirements regardless of volume or phase.

Account Validation

WEB debits must validate first-use consumer account numbers. Validation methods: prenote, micro-deposit, account verification service (AVS). JIL BID system satisfies this via the identity verification pipeline.

Sanctions Screening

Screen all originators and receivers against OFAC SDN List, OFAC Consolidated Sanctions, EU Consolidated Sanctions, and UN Sanctions List. Must screen before ACH entry is originated.

Data Security

ACH data encrypted in transit (TLS 1.2+, TLS 1.3 preferred) and at rest (AES-256 minimum). Role-based access controls with principle of least privilege. Log all access to ACH files and records.

Record Retention

ACH transaction records: 7 years minimum. Authorization records: 2 years after revocation. Audit logs: 7 years. ODFI agreements: duration plus 7 years.

Annual Audit

Annual self-audit of all ACH processes and procedures. Must document findings and remediation. ODFI partners may request audit results.

Error & Return Processing

Process return entries within required windows. Handle NOC (Notification of Change) entries. Keep unauthorized debit return rate below 0.5%; admin/general returns below 3%.

2026 Compliance

2026 Rule Changes - Active Now

Phase 1 is effective March 20, 2026. These are not future requirements.

Phase 1 - Effective March 20, 2026

Applies to ODFIs, non-consumer originators, TPSPs, and TPSs with 2023 ACH origination volume of 6 million entries or more.

Fraud Monitoring (Outbound)

  • Replaces "commercially reasonable" with "processes and procedures reasonably intended to identify" fraudulent entries
  • Risk-based approach required - cannot justify eliminating monitoring
  • Must differentiate higher-risk from lower-risk transactions
  • Annual review of processes and procedures mandatory
  • Focus areas: BEC, vendor impersonation, payroll impersonation

Standardized Entry Descriptions (New - All Originators)

DescriptionUse CaseSEC Code
PAYROLLAll PPD credits for wages, salaries, compensationPPD
PURCHASEAll e-commerce consumer debit purchasesWEB

False Pretense Definition (New)

"The inducement of a payment by a person misrepresenting (a) their identity, (b) their association with or authority to act on behalf of another person, or (c) the ownership of an account to be credited."

This definition maps directly to JIL's Beneficiary Binding pillar - cryptographic hash lock on intended beneficiary before value moves.

Phase 2 - Effective June 19/22, 2026

Extends to all remaining non-consumer originators, TPSPs, TPSs below the 6M threshold, and all RDFIs. RDFIs must now monitor incoming ACH credit entries for fraud using risk-based factors: account age, balance history, transaction velocity, behavioral anomalies.

Format Specification

ACH Message Format Reference

NACHA ACH files use a fixed-width flat file format. All fields are positionally defined at 94 characters per record.

File Header Record (Type 1) +-- Batch Header Record (Type 5) +-- Entry Detail Record (Type 6) +-- Addenda Record (Type 7) [optional] +-- Batch Control Record (Type 8) +-- File Control Record (Type 9)

File Header Record (Type 1) - 94 Characters

FieldPositionLengthValue
Record Type Code111
Priority Code2-3201
Immediate Destination4-1310FRB routing, leading space
Immediate Origin14-2310Company EIN or routing
File Creation Date24-296YYMMDD
File Creation Time30-334HHMM
File ID Modifier341A-Z, 0-9
Record Size35-373094
Blocking Factor38-39210
Format Code4011
Dest. Name41-6323FRB or bank name
Origin Name64-8623Company name
Reference Code87-948Optional internal ref

Batch Header Record (Type 5) - 94 Characters

FieldPositionLengthNotes
Record Type Code115
Service Class Code2-43200=mixed, 220=credits, 225=debits
Company Name5-2016Originating company
Company ID37-4610IRS EIN with leading 1
SEC Code47-493PPD, CCD, WEB, etc.
Company Entry Description50-5910PAYROLL or PURCHASE where required
Effective Entry Date66-716YYMMDD - settlement date
ODFI Routing Number76-838First 8 digits of routing
Batch Number84-947Sequential, zero-padded

Entry Detail Record (Type 6) - 94 Characters

FieldPositionLengthNotes
Record Type Code116
Transaction Code2-32See transaction codes
Receiving DFI Routing4-118First 8 digits
Check Digit1219th digit of routing
DFI Account Number13-2917Receiver account, left-justified
Amount30-3910Dollars + cents, no decimal, zero-padded
Individual Name55-7622Receiver name
Addenda Indicator7910=none, 1=addenda follows
Trace Number80-9415ODFI routing (8) + sequence (7)

Transaction Codes

CodeTypeDirection
22Checking creditDeposit to checking
23Checking credit prenoteVerify checking account
27Checking debitDebit from checking
28Checking debit prenoteVerify checking account
32Savings creditDeposit to savings
33Savings credit prenoteVerify savings account
37Savings debitDebit from savings
38Savings debit prenoteVerify savings account
SEC Codes

Standard Entry Class (SEC) Codes

SEC CodeFull NameUse CaseType
PPDPrearranged Payment and DepositPayroll, recurring consumer paymentsConsumer
CCDCorporate Credit or DebitB2B payments, corporate disbursementsCorporate
CTXCorporate Trade ExchangeB2B with EDI addenda dataCorporate
WEBInternet-Initiated EntryE-commerce, online-authorized debitsConsumer
TELTelephone-Initiated EntryPhone-authorized debitsConsumer
IATInternational ACH TransactionCross-border ACHBoth
CIECustomer-Initiated EntryConsumer-initiated online creditsConsumer
POPPoint of PurchaseCheck conversion at POSConsumer
RCKRe-presented Check EntryReturned check re-presentmentConsumer
JIL Primary Focus: PPD (payroll/consumer), CCD (institutional B2B), WEB (e-commerce), IAT (cross-border)
Return Handling

Return Reason Codes

Administrative Returns

CodeDescriptionReturn Window
R01Insufficient Funds2 banking days
R02Account Closed2 banking days
R03No Account / Unable to Locate2 banking days
R04Invalid Account Number2 banking days
R05Unauthorized Debit to Consumer60 calendar days
R07Authorization Revoked60 calendar days
R08Payment Stopped2 banking days
R10Originator Not Known60 calendar days
R16Account Frozen2 banking days
R29Corporate Not Authorized2 banking days

Fraud-Related Returns (2026 Priority)

CodeDescriptionNotes
R05Unauthorized consumer debitMonitor rate - must stay below 0.5%
R10Not authorized / originator unknownFalse pretense indicator
R11Entry not per authorization termsFalse pretense indicator
R29Corporate not authorized
R90Sanctions compliance returnEffective 2028 - build handler now

NOC (Notification of Change) Codes

CodeDescriptionRequired Action
C01Incorrect DFI account numberUpdate within 6 banking days
C02Incorrect routing numberUpdate routing number
C03Incorrect routing and accountUpdate both
C05Incorrect transaction codeUpdate transaction code
C06Incorrect account and transaction codeUpdate both
C07Incorrect routing, account, and transactionUpdate all three
Fraud Prevention

Fraud Monitoring Architecture

Per NACHA 2026 rules, the interface must implement this 5-stage monitoring pipeline.

1

Entity Validation

OFAC/Sanctions screening (originator + receiver), business identity verification (KYB), individual identity verification (KYC)

2

Account Validation

Account ownership verification (WEB debits: mandatory), prenote or micro-deposit verification, account status check

3

Transaction Risk Scoring

Amount vs. history, velocity check, geographic anomaly, entry description consistency, BEC pattern detection

4

False Pretense Detection (NEW 2026)

Beneficiary identity match (JIL BID binding), originator-to-beneficiary association validation, account ownership confirmation. Mismatch triggers hold/reject.

5

Decision

APPROVE: Submit to ACH operator. HOLD: Queue for manual review (with timeout). REJECT: Return with reason code + audit log entry.

Risk Score Thresholds

0-30
Auto-approve
31-60
Enhanced monitoring
61-85
Hold for review
86+
Auto-reject
Architecture

Integration Architecture

+---------------------------------------------------------+ | JIL NACHA INTERFACE | | | | +-------------+ +--------------+ +---------------+ | | | ACH File | | Compliance | | JIL | | | | Parser / |-->| & Fraud |-->| Settlement | | | | Generator | | Engine | | Protocol | | | +-------------+ +--------------+ +---------------+ | | | | | | | v v v | | +-------------+ +--------------+ +---------------+ | | | NACHA File | | BID / KYC | | Finality | | | | Validator | | Integration | | Receipt Gen | | | +-------------+ +--------------+ +---------------+ | +---------------------------------------------------------+ | | v v ACH Operator JIL Settlement (FedACH / TCH) Ledger + Audit Log

Core Services to Build

ServiceFunctionPriority
nacha-file-parserParse inbound NACHA flat files into structured objectsP0
nacha-file-generatorGenerate valid NACHA flat files from JIL transaction objectsP0
nacha-validatorValidate file structure, checksums, field formatsP0
entry-description-enforcerAuto-tag PAYROLL/PURCHASE per 2026 rulesP0
fraud-monitorRisk scoring pipelineP0
return-handlerProcess return entries, NOC entriesP0
sanctions-screenerOFAC/EU/UN screening before originationP0
account-validatorWEB debit account validationP1
return-rate-monitorTrack unauthorized return rates, threshold alertsP1
audit-loggerImmutable audit log with policy version hashP1
nacha-iso20022-bridgeTranslate between NACHA and ISO 20022 pacs.008P2

File Processing Timing

File TypeSubmission CutoffSettlement
Standard ACH (credits)2:45 PM ETNext banking day
Standard ACH (debits)2:45 PM ETNext banking day
Same-Day ACH (Window 1)10:30 AM ETSame day 1:00 PM ET
Same-Day ACH (Window 2)2:45 PM ETSame day 5:00 PM ET
Same-Day ACH (Window 3)4:45 PM ETSame day 6:00 PM ET
Note: Same-Day ACH has a per-transaction limit of $1,000,000 (raised from $100,000 in 2022).
SLA

SLA Commitments

99.99%
Settlement API Uptime
4.3 min/month max downtime
< 500ms
ACH File Validation
Per file processing target
< 1s
Fraud Risk Score
Risk computation latency

Latency Targets

OperationTarget
ACH file validation (per file)< 500ms
Fraud risk score computation< 1 second
BID beneficiary verification< 3 seconds
Sanctions screening< 2 seconds
Finality receipt generation< 5 seconds after consensus
Return/NOC processing< 30 minutes after receipt

Incident Response

SeverityDefinitionResponseResolution
P1 - CriticalACH processing down / settlement blocked15 minutes2 hours
P2 - HighDegraded performance > 20%30 minutes4 hours
P3 - MediumNon-critical service degraded2 hours24 hours
P4 - LowCosmetic / documentation8 hours5 business days
< 2 hrs
RTO (Recovery Time)
Zero
RPO (No ACH Data Loss)
Testing

Testing & Certification

NACHA File Testing Checklist

  • File Header (Type 1) parses and generates correctly
  • Batch Header (Type 5) with all SEC codes
  • Entry Detail (Type 6) for all transaction codes
  • Addenda records (Type 7) for PPD, CCD, CTX, WEB, IAT
  • Batch Control (Type 8) hash and amount totals
  • File Control (Type 9) hash and amount totals
  • Blocking factor padding (multiples of 10 records)
  • PAYROLL description enforced on qualifying PPD credits
  • PURCHASE description enforced on qualifying WEB debits
  • Return and NOC entry processing
  • Prenote handling
  • Same-Day ACH effective date handling

Compliance Testing Checklist

  • Sanctions screening fires on OFAC-listed entity
  • WEB debit rejected on unvalidated account
  • PAYROLL description enforced
  • PURCHASE description enforced
  • Beneficiary hash mismatch triggers hold/reject
  • Risk score thresholds trigger correct disposition
  • Velocity limits enforced
  • Return rate monitoring alerts fire at threshold
  • Audit log captures all decisions with policy hash
  • R90 handler exists (even if not live until 2028)

ODFI Certification Requirements

  • NACHA Third-Party Sender registration
  • Written TPS agreement (signed)
  • Fraud monitoring framework documentation
  • Annual audit commitment
  • Data security controls evidence
Roadmap

Implementation Roadmap

Phase 1 Weeks 1-3

Core Parser / Generator

Build nacha-file-parser, nacha-file-generator, nacha-validator. Unit tests for all SEC codes and transaction codes. File padding and blocking factor logic.

Phase 2 Weeks 3-6

Compliance Layer

Integrate sanctions screening, build entry-description-enforcer, fraud-monitor risk scoring, JIL BID integration, return-handler, return-rate-monitor.

Phase 3 Weeks 6-8

Settlement Integration

Map NACHA trace numbers to JIL finality receipts, build audit log with policy version hash, account-validator, file scheduling engine.

Phase 4 Weeks 8-12

ISO 20022 Bridge

Map NACHA Entry Detail to ISO 20022 pacs.008, NACHA Return to pacs.004, NACHA NOC to camt.027. Validate against existing JIL ISO 20022 gateway.

Phase 5 ODFI Certification

Certification & Go-Live

NACHA TPSP registration, ODFI partner agreement execution, fraud monitoring documentation package, parallel run with test files, production cutover.

Bridges & APIs

Explore All JIL Payment Interfaces

NACHA is one part of JIL's global payment connectivity stack covering 15+ jurisdictions and 25+ payment rails.

View All Interfaces Global Payment Rails