Yes, we believe that the NACHA Operating Rules and Guidelines permit your institution to return the BOC transactions under Return Reason Code R10 as unauthorized entries. Your bank should follow the same procedures it would for other returns under code R10, such as obtaining a written statement of unauthorized debit (WSUD) from your customer. The extended return deadline of sixty days from the settlement date for each entry would apply, as it would for any type of entry eligible for a return under the R10 code.
Additionally, your bank may have a warranty claim against the grocery store if it did not follow commercially reasonable procedures for identifying your customer. However, we believe that your bank would have to pursue any such warranty claim outside of the ACH return system.
For resources related to our guidance, please see:
- NACHA Operating Guidelines (“BOC entries are governed by the same Return Reasons and Return Reason Codes as other ACH debit entries. . . .”)
- NACHA Rules, Section 3.13.1 (“An RDFI may Transmit an Extended Return Entry with respect to any debit Entry for which it recredits a Receiver’s account in accordance with Section 3.11 (RDFI Obligation to Recredit Receiver), provided that . . . (b) the RDFI Transmits the Extended Return Entry to its ACH Operator by its deposit deadline for the Extended Return Entry to be made available to the ODFI no later than the opening of business on the Banking Day following the sixtieth calendar day following the Settlement Date of the original Entry.”)
- NACHA Operating Guidelines, OG 102 (“In general, consumer debit entries returned by the RDFI as unauthorized will bear Return Reason Code R10 . . . . When using this Return Reason Code, the RDFI must receive a Written Statement of Unauthorized Debit from the Receiver prior to transmitting the extended return entry.”)
- NACHA Operating Guidelines (“In addition to all other ODFI warranties in the NACHA Operating Rules, each ODFI that chooses to transmit BOC entries on behalf of its Originators also warrants that: . . . the ODFI has employed commercially reasonable procedures to verify the identity of the Receiver. . . .”)