IBA Compliance Connection

Your go to source for compliance!

How long do corporate customers have to report an unauthorized “PPD” ACH transaction? Our account agreements provide that customers must notify us of unauthorized transactions within 30 days of receiving a statement showing the unauthorized transaction, and a customer did notify us within that time frame.

by

admin

Generally, a business customer’s time frame for reporting an unauthorized ACH transaction for a commercial account will be governed by your account agreement, which in your case requires business customers to report unauthorized transactions within thirty days. However, your bank’s deadline for reporting a transaction for reimbursement from the originating depository financial institution (ODFI) is governed by the NACHA rules and depends on how the ODFI coded the ACH transaction.

Here, we understand that the ODFI used an incorrect code for the transaction — the “prearranged payment and deposit” (PPD) code. The PPD code was used incorrectly because this is a business account, and the PPD code is used only for consumer transactions. By erroneously using the PPD code, the ODFI obligated itself to follow NACHA’s return rules for consumer transactions, which may be returned within sixty days after a transaction’s settlement date (under “Return Reason Code R10”). Consequently, you have sixty days to return the transaction to the ODFI.

Also, because you will be using Return Reason Code R10 when returning this entry to the ODFI, you should obtain a signed Written Statement of Unauthorized Debit from your customer (as you would from a consumer reporting an unauthorized transaction). 

For resources related to our guidance, please see:

  • NACHA Rules, Section 8.77 (“‘Prearranged Payment and Deposit Entry’ or ‘PPD Entry’ or ‘PPD’ — a credit or debit Entry initiated by an Organization to a Consumer Account of a Receiver based on a standing or a Single Entry authorization from the Receiver.”)
  • NACHA Operating Guidelines, Chapter 39, Corporate Credit or Debit and Corporate Trade Exchange Entries (“At times, Originators may erroneously transmit ACH entries that are formatted using an incorrect SEC code. This is in violation of the NACHA Operating Rules. The Rules allow the RDFI to rely on the ODFI’s warranty that the SEC Code included in the entry is proper and obligates the RDFI to use the return rules and time frames associated with that particular SEC Code.”)
  • NACHA Rules, Section 3.13.1 (“An RDFI may Transmit an Extended Return Entry with respect to any debit Entry for which it recredits a Receiver’s account in accordance with Section 3.11 (RDFI Obligation to Recredit Receiver), provided that . . . (b) the RDFI Transmits the Extended Return Entry to its ACH Operator by its deposit deadline for the Extended Return Entry to be made available to the ODFI no later than the opening of business on the Banking Day following the sixtieth calendar day following the Settlement Date of the original Entry.”)
  • NACHA Rules, Appendix Four, Code R10 (“Time Frame: ** 60 Calendar Days. (** Each Return Entry must be received by the RDFI’s ACH Operator by its deposit deadlines for the Return Entry to be made available to the ODFI no later than the opening of business on the Banking Day following the sixtieth calendar day following the Settlement Date of the original Entry.”)
  • NACHA Rules, Appendix Four, Code R10 (“Notes: . . . May also be used to return an unauthorized debit Entry to a Non-Consumer Account if the debit Entry contains a consumer SEC Code.”)
  • NACHA Rules, Section 3.13.2 (“In addition to the other warranties contained in these Rules, an RDFI . . . warrants to each ODFI . . . that, prior to initiating the Extended Return Entry, the RDFI obtained from the Receiver a Written Statement of Unauthorized Debit complying with Section 3.12 . . . .”)