Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Sales

Request for Comment: ACH Security Framework ACH Participant

advertisement 
ACH Security Framework
ACH Participant Survey
May 8, 2012
RESPONSES DUE BY JUNE 22, 2012
NACHA requests comments on a proposed ACH Security Framework, which is described in Part
IV of the ACH Security Framework Request For Comment Executive Summary. The Security
Framework is a set of proposed amendments to the NACHA Operating Rules that, in the
aggregate, is aimed at protecting the security and integrity of certain ACH data. Survey
responses and other comments on the Security Framework are due by Friday, June 22, 2012 at
5:00 pm Eastern Time.
The survey should be completed online at https://www.nacha.org/RequestforComment by June
22, 2012. For convenience, the survey questions are also provided within this document to assist
respondents in gathering information from within their organizations.
NACHA STAFF CONTACTS
Return comments to:
Maribel Bondoc, Manager, Network Rules
Fax: (703) 787-0996
E-mail: mbondoc@nacha.org
Questions:
Deborah Shaw, Managing Director, Network Enforcement & Risk
Management
E-mail: dshaw@nacha.org
Danita Tyrrell, Director, Network Rules
E-mail: dtyrrell@nacha.org
Section I - Respondent Information
Name
Title
Organization
Phone
Email
Request for Comment: ACH Security Framework
ACH Participant Survey; May 8, 2012
Page 2
Please indicate your organization’s role(s) in the ACH Network (select all that apply):
ODFI
Regional Payments Association
RDFI
Direct FI Member of NACHA
ACH Operator
Government
Originator
Third Party Service Provider
Receiver
Software Vendor
Industry Association
Other:
What areas of your organization provided input for the responses to this survey?
Operations
Wholesale/corporate banking/treasury mgt
Product management
Customer service
Legal
Compliance
Information
Retail/online banking
Technology/software
Corporate Treasury
Accounts Payable
Accounts Receivable
Other:
Would your organization be willing to be contacted in order to
provide more information on the topics included within this survey?
Financial Institution Respondents
Asset Size:
Yes
No
less than $250 million
$250 million - $999 million
$1 billion - $9.9 billion
$10 billion - $100 billion
Greater than $100 billion
Section II – Security Requirements and Access Controls
Yes
1.
Does your organization agree that the NACHA
Operating Rules should include specific requirements for
ACH participants to address the security of “Protected
Information” related to ACH payments?
No
Don’t
know
No
opinion
Request for Comment: ACH Security Framework
ACH Participant Survey; May 8, 2012
Page 3
2. If you answered Yes to Question 1, do you agree that the
requirements should apply only to the protection of
consumer information?
Please provide any additional explanation for your response:
3. If you answered Yes to Question 1, does your organization agree that each of the following
ACH Participants should be covered by the proposed security requirements?
a. Non-Consumer Originators
b. ODFIs
c. RDFIs
d. Third-Party Service Providers
e. Third-Party Senders
f. Others - please specify:
4. If you answered Yes to Question 1, does your organization agree that the security
requirements should address each of the following:
a. Protect the confidentiality and integrity of Protected
Information until destruction?
b. Protect against anticipated threats or hazards to the
security or integrity of Protected Information until its
destruction?
c. Protect against unauthorized use of Protected
Information that could result in substantial harm to a natural
person?
d. Address controls on access to all systems used to
initiate, process, and store Entries?
5. Regardless of your answer to Question 1, does your
organization agree with the proposed definition of “Protected
Information?”
6. Please provide any additional explanations for your responses, or any other comments on the
proposed Security Requirements.
Section III – Verification of Identity – Originators and Third-Party Senders
Yes
7. Do you agree that ODFIs should be required to use
No
Don’t
know
No
opinion
Request for Comment: ACH Security Framework
ACH Participant Survey; May 8, 2012
Page 4
commercially reasonable methods to establish the identity of
every Originator and Third-Party Sender with which it enters
into an Origination Agreement?
8. If you answered Yes to Question 7, does your organization
agree with replacing the current warranty with a clearlydefined ODFI obligation for such identity verification?
9. Please provide any additional explanations for your responses, or any other comments, on the
proposed Verification of Identity of Originators and Third-Party Senders.
Section IV – Self – Assessment
Yes
No
Don’t
know
No
opinion
10. Does your organization support including a selfassessment of the Security Requirements as part of the annual
Rules Compliance Audit?
11. Please state why or why not, or provide any other comments on Self-Assessments.
Section V – Impacts and Proposed Implementation Date
On a scale of 1-5 (with “1” representing no systems/software impact, and “5” indicating
extensive systems/software impact), please indicate the estimated impact to your organization
related to the following proposals:
1=
No
impact
12. Security
Requirements
13. Verification of
Identity
14. Self-Assessment
via Rules
Compliance Audit
2=
Minimal
impact
3=
Moderate
impact
4=
Large
impact
5=
Extensive
impact
Don’t
know
No
opinion
Request for Comment: ACH Security Framework
ACH Participant Survey; May 8, 2012
Page 5
15. Please identify which technology/software systems would be impacted.
16. Please estimate your organization’s costs for these changes.
Does your organization support the proposed effective date of
September 20, 2013 for the proposed changes related to the
following:
17. Security Requirements
18. Verification of Identity
19. Self-Assessment via Rules Compliance Audit
June 21,
2013
Yes
March 21,
2014
No
Don’t
know
No
opinion
Other (Please specify):
20. If you answered No for Question
17 (Security Requirements), what
effective date do you support?
21. If you answered No for Question
18 (Verification of Identity), what
effective date do you support?
22. If you answered No Question 19
(Self-Assessment), what effective
date do you support?
Section VI – Additional Questions
23. Are there any sections of the proposal that your organization
believes should be balloted separately?
Yes
No
Don’t Know
If yes, please specify which sections:
24. Please provide any other comments or suggestions regarding this rule proposal.
Request for Comment: ACH Security Framework
ACH Participant Survey; May 8, 2012
Page 6
Related documents
NACHA Issues RFC for Same Day ACH
NACHA Issues RFC for Same Day ACH
Assessing progress and attainment without levels
Assessing progress and attainment without levels
Application Instructions
Application Instructions
Simons Fellows in Mathematics and Theoretical Physics
Simons Fellows in Mathematics and Theoretical Physics
NACHA PHISHING ALERT (02/22/2011) EMAIL CLAIMING TO BE
NACHA PHISHING ALERT (02/22/2011) EMAIL CLAIMING TO BE
Request for Domestic Electronic Funds Transfer
Request for Domestic Electronic Funds Transfer
2014-05-16 payCLT – NACHA Rule Update
2014-05-16 payCLT – NACHA Rule Update
Compliance and Operations Topics — ACH Participant
Compliance and Operations Topics — ACH Participant
Download
advertisement