Summer 2019 Newsletter - New
Supplementing Data Security Requirements
The Change: The existing ACH Security Framework, including its data protection requirements, will be supplemented to explicitly require large non-FI Originators, Third-Party Service Providers (TPSPs), and Third-Party Senders (TPSs) to protect deposit account information by rendering it unreadable when it is stored electronically.
The Timing:
Implementation begins with the largest originators and TPSPs (including TPSs), and initially applies to those with ACH volume of 6 million transactions or greater annually. A second phase applies to those with ACH volume of 2 million transactions or greater annually.
The Impact: Implementation for those originators and Third-Parties that currently would not be compliant.The Timing:
- Phase 1: June 30, 2020 for originators and Third-Parties with ACH volume greater than 6 million in 2019
- Phase 2 :June 30, 2021 for originators and Third-Parties with ACH volume greater than 2 million in 2020