Educating your users is all about finding the balance between scaring them and feeling confident in their ability to maintain compliance. However for your program don't think of it as something you "HAVE" to do to be doing your part according to the guidance, find the benefit in doing it to protect your own reputational risk.
We are just starting to educate our customers in other areas (not ACH Origination) and the focal point for us is data security and privacy... but we spin it to the customer in terms of protecting YOURSELF so that you can protect your customers. We also have a state law on privacy which we interweave into the training so they know that this isn't just smoke we're blowing.
We also kind of educate them in terms of being "deputized" by the bank to maintain compliance. As we all know no matter what product or service you offer in almost all cases if it goes wrong and the customer takes a loss they are coming back to you to recover their loss... (Commercial customer protection is coming, I can sense it in the air).
You're never going to "teach" them the NACHA rules so just emphasize awareness and your banks commitment to protecting them and you'll create a strong and effective program.
In life, there is a lot less that could get better and a lot more that could get worse.
MBA Fin/MBS HR
My views only!