Add to collection(s) Add to saved
  1. Business

BCAC –ACH Risk Management - bcac

BCAC –ACH Risk Management
Sean Carter, AAP
NEACH & NEACH Payments Group
www.neach.org
© 2013 NEACH. All rights reserved.
NEACH, as a Direct Member of NACHA, is a
specially recognized and licensed provider of ACH
education, publications and support. Regional
Payments Associations are directly engaged in
the NACHA rulemaking process and the
Accredited ACH Professional (AAP) program.
This material is not intended to provide any warranties or
legal advice, and is intended for educational purposes only.
NACHA owns the copyright for the NACHA Operating Rules
& Guidelines. Any unauthorized use or access is expressly
prohibited.
2
Agenda
•
•
•
•
•
•
ACH Overview and Flow
Participant Roles and Responsibilities
Inherent Risks of Processing ACH Transactions
Areas of Risk for RDFIs and mitigation techniques
Areas of Risk for ODFIs and mitigation techniques
Risk Assessments & Audits
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
3
What is ACH?
• Automated Clearing House
– “Processing and delivery system that provides for the distribution and settlement of electronic debits
and credits among financial institutions”
• Batch-oriented, store-and-forward processing system
• Safe, secure, electronic network for consumer, business, and government
payments
• Used by more than 11,000 participating FIs and millions of business and
consumers
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
4
Unique ACH Network Attributes
•
Unlike other payment systems, the ACH Network supports all of the following:
– Credit transactions that “push” value
– Debit transactions that “pull” value
– Ubiquity to receive payments from and make payments to virtually all
checking and savings accounts in the U.S.
– Both payments and robust payment information
– Native electronic transactions and check conversion transactions
– Zero-dollar transactions (for interbank messaging)
– Consumer transactions and Business transactions (both B2B and internal
transactions)
– Government transactions
– Domestic and international transactions
– Recurring and one-time transactions
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
5
Facts about the ACH Network
• Over 17.5 billion transactions in 2013
– Does not include on-us
• Payments valued at more than $38 trillion dollars in 2013
– Up almost 5% over 2012
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
6
6
Foundation of the NACHA Operating
Rules is Contract Law
– Originating Depository Financial Institutions (ODFIs) and Receiving
Depository Financial Institutions (RDFIs) are bound collectively to each
other by the Rules, as a multilateral agreement
– The Rules assign ODFIs and RDFIs distinct roles, responsibilities, and
liabilities for ACH transactions that they originate and receive that flow via
warranties and indemnification to all other DFIs and ACH Operators in the
ACH Network
• The NACHA Operating Rules require ODFIs and RDFIs to execute
agreements with Originators and third-parties, as applicable, that bind
them to the Rules
– Rules require Originators to have a relationship with Receivers (agreement or
authorization)
For more information attend
Recent Developments in Electronic Payments Law on Monday at 11:15
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
7
Legal Framework for ACH Transactions
Federal Reserve Operating Circular 4
Regulation D
ACH Participation of Federal Reserve Banks
Depository Financial Institution
Reserve Requirements / Defines
Transaction Account
Code of Federal Regulations (CFR) Title 31 Part 210
U.S. Federal Government ACH Payments
Regulation CC
Funds Availability & Check Collection
Corporate Debit Payments
Office of Foreign Assets Control
(OFAC)
No overarching payment laws/regulations
Financial Interdiction
NACHA Operating Rules
Regulation E
Consumer Credit & Debit EFT Payments
Uniform Commercial Code (UCC)
Article 4A
Corporate Credit Payments
NACHA Operating Rules
Contractual Hierarchy
ACH
Operators
Financial
Institutions
(ODFIs &
RDFIs)
Third-Party
Processors
Receivers
(Consumer or
Business)
Third-Party
Processors
Originators
Receivers
(Consumer or
Business)
Originators
Who are the Participants?
•
•
•
•
•
www.neach.org
Originator
Originating Depository Financial Institution (ODFI)
ACH Operator
Receiving Depository Financial Institution (RDFI)
Receiver
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
10
10
Who are the Participants?
Originator
• Party which initiates the ACH transaction
• Can be a company, a government agency
• Must have Authorization from the Receiver
• Examples: utility company initiating payments, employer initiating Direct
Deposit of an employee’s wages
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
11
11
Potential ACH Originators
Possible Uses of ACH
Property Management Company
Collection of Monthly Condo Association Dues
School District, College or University
Payroll and Collection of Tuition Payments
Charitable Organization
Scheduled Pledge Donations
Cable Company, Newspaper
Subscriber Billings
Church
Member Tithes and Donations
Insurance Company
Collection of Policyholder Premiums
Fitness Club, Health Club or Spa
Dues and Service Fee Collections
Retail Store, Doctor’s or Dentist’s Office, Conversion of Check Payments Received, Electronically
Credit Card Company
Re-Presenting Checks Returned as NSF
Municipality
Utility Bill Collections
Financial Institution
Loan Payments, Stockholder Dividends, Safe Deposit
Box Billing, Transfers
Manufacturing Company, Corporation
(General)
Direct Deposit of Payroll, Pension Payments, Account
Transfers, Tax Payments, Expense Account
Reimbursements, Vendor Payments
© 2012 EastPay. All Rights
12
Who are the Participants?
ODFI
• The Financial Institution which originates the ACH
transaction after receiving payment instructions from an
Originator
• Warrants that each transaction is correct and
authorized
• There must be an agreement between the ODFI and
the Originator that, at a minimum, binds the Originator
to the Rules
• ODFI must also act as an RDFI
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
13
13
Who are the Participants?
ACH Operator
• Central clearing facility for the Financial Institutions
• ACH Operator agrees to adhere to the Rules
• There are 2 ACH Operators
– Federal Reserve
– Electronic Payments Network (EPN)
• Both can be involved in a transaction
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
14
Who are the Participants?
RDFI
• The Financial Institution which receives an ACH
transaction for posting to the Receiver’s account
• RDFI has ability to return entries but must do so within
the proper timeframes and adhere to other
requirements
• Does not have to act as an ODFI
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
15
Who are the Participants?
Receiver
• Party which receives the ACH transaction
• Has authorized the Originator to initiate the ACH entry
– Except for a Destroyed Check entry
• May be a company, individual or government agency
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
16
Pop Quiz!
My corporate account-holder sends weekly files to me to
originate Direct Deposit of payroll for their employees.
Who am I?
A. Originator
B. ODFI
C. ACH Operator
D. RDFI
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
17
ACH Credit Payment: Entry and Funds Flow
Authorization
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
18
ACH Debit Payment: Entry and Funds Flow
Authorization
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
19
Direct Deposit via ACH
• The deposit of funds for
payroll, T&E,
government benefits,
tax and other refunds,
and annuities and
interest payments.
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
20
Direct Payment via ACH
• The use of funds for making a payment.
• Individuals or organizations can send or receive a Direct
Payment.
• May be ACH credit or debit.
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
21
Pop Quiz!!
If a company is paying its employees payroll by
ACH, is it sending credits or debits to the
employee’s accounts?
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
22
General ACH Rules
• Application of Rules
• Compliance with Rules
– Effect of Illegality, Audits, Rules Enforcement, Risk Assessment, Compensation, and
Arbitration
• Records
– Retention, provision upon request, may be electronic
• Excused Delay
• Secure Transmission of ACH Information
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
23
The Role of
the ODFI
www.neach.org
© 2013 NEACH. All rights reserved.
Origination of Entries
• ODFI is responsible for entries and rules compliance
• Must have Originator Agreement with Originator
• Must perform risk management
– Assess & monitor nature of ACH activity, establish & enforce
exposure limits
• Must ensure Originator has proper authorization from
Receiver
• ODFI warranties (general and specific to SEC Code)
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
25
General ODFI Warranties
• Each entry is properly authorized
– not revoked, not terminated by law, correct amount
•
•
•
•
•
Each entry is timely
Complies with other requirements of the Rules, including proper SEC Code
Transmits required information
ODFI warranties do not apply to goods or services
Article Two, Section 2.5 addresses warranties specific to each application
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
26
• Prenotes
Origination of Entries
– Non-monetary entry sent prior to first live entry to notify RDFI that
Originator intends to send ACH to Receiver’s account
– Originator must wait 6 banking days after prenote before sending
live dollar entry (effective September 2014 wait time will reduce to
3 banking days)
• Reversals (files and entries)
– Erroneous entry
• Duplicate, wrong Receiver, wrong amount, specific conditions related
to payroll payments
– Must be sent within 5 days of erroneous file/entry
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
27
Origination of Entries
• Re-initiation
– Originator or ODFI may reinitiate returned entry if:
• Returned for NSF/uncollected funds
• Returned for stop payment and reinitiation was authorized by Receiver
• Corrective action taken to remedy reason for return
– Reinitiation must occur within 180 days from settlement date of original entry
• Must be formatted as RETRYPYMT as of 09/18
– All information must remain the same including company ID and dollar amount
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
28
Impact of Same Day
•
•
•
•
Identification and Formatting
Credit Policy
Agreements
Prefunding Models
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
29
The Role of the Originator
www.neach.org
© 2013 NEACH. All rights reserved.
Obligations of Originators
• Authorization must:
– Be readily identifiable, have clear and readily understandable terms, provide that Receiver
may revoke only by notifying Originator in manner specified
• Debit entries to consumer accounts
– Notice of change in amount
– Notice of change in scheduled date
– Copy of debit authorization
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
31
Obligations of Originators
• Record of authorization
– Originator must retain original or copy of authorization for defined period of time
– Upon RDFI request, Originator must provide to ODFI copy of authorization so that ODFI
can provide to RDFI within 10 banking days
• Some SEC Codes have specific requirements for Originators
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
32
The Role of the RDFI
www.neach.org
© 2013 NEACH. All rights reserved.
General Rights & Responsibilities of RDFIs
•
•
•
•
•
•
RDFI must accept entries
May rely solely on account numbers to post
May rely on Standard Entry Class Codes
May request copies of authorizations
Must provide entry information as defined for various types of entries
Does not have to notify Receiver of receipt of entry
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
34
General Rights & Responsibilities of RDFIs
• Must make funds available by defined time and may not debit prior to
settlement date
• Must verify prenotes and respond if appropriate
• Must honor stop payments orders provided by Receivers
• May return entries in a timely manner (but may not return based solely on type
of entry)
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
35
Returns
 Returns
◦
◦
◦
◦
◦
◦
Restrictions
Timing requirements
Unposted credits
ODFI request
Re-initiation
Return Reason Codes (e.g., R01, R02, R10)
 Dishonor, Contested Dishonor, Correction
◦ Timing requirements
◦ Return Reason Codes (e.g., R68, R73)
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
36
Return Time Frames
• Administrative (normal) return time frame – return entry
must be received by RDFI’s ACH Operator by its
deposit deadline for the return to be made available to
the ODFI no later than opening of business on second
banking day following settlement date of original entry”
• Consumer (extended) return – “…no later than opening
of business on the banking day following the 60th
calendar day following settlement date…” used mainly
for unauthorized consumer debit entries
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
37
Return Flow
Original Item
ODFI sends entry to RDFI
Return (either administrative or extended timeframe)
RDFI returns original entry to ODFI
Dishonored Return (within 5 banking days of settlement of Return)
ODFI dishonors return to RDFI
Contested Dishonored Return (within 2 banking days of settlement of Dishonor)
RDFI contests the Dishonored return
Same Day Impact
• Pick up additional files
• Availability
• Exceptions
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
39
Pop Quiz!!!
– A RDFI can return an ACH debit
whenever it wants.
True or False?
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
40
Types of Risk
• Credit - Occurs when a party to a transaction cannot provide the necessary
funds, as contracted, in order for settlement to occur
• Operational- Occurs when a transaction is altered or delayed due to an
unintentional error
• Fraud- Occurs when a payment transaction will be initiated or altered in an
attempt to misdirect or misappropriate funds by any party to the transaction or
outside intruders
• Compliance- Occurs when a party to a transaction fails to comply, either
knowingly or inadvertently, with NACHA Operating Rules, applicable
regulations, and U.S. and state law
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
41
41
Types of Risk
• Systemic Risk- Occurs when a payment system participant cannot settle its
obligation causing other participants to be unable to settle theirs
• Third Party Risk- The risk that the party entrusted by the FI to perform a
function of ACH processing does not meet the expectations of the FI
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
42
42
What is an ACH Risk Assessment?
• It is NOT:
– A security assessment
– An audit
– A one time effort
• It Is:
– Required to be conducted
– Comply with the expectations of the FIs regulators
– Part of the ACH Audit
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
43
The Rule
• SUBSECTION 1.2.4 Risk Assessments A Participating DFI must:
– conduct, or have conducted, an assessment of the risks of its ACH activities;
– implement, or have implemented, a risk management program on the basis of such an
assessment; and,
– comply with the requirements of its regulator(s) with respect to such assessment and risk
management program.
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
44
The Rule – In a Nutshell
• Must have assessment of risks from ACH activities
• Must have risk management program based on the assessment
• Must ensure assessment and risk management program comply with DFIs
regulator requirements
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
45
The Rule
•
•
•
•
Reflect ACH industry best practices
Send a strong message to the industry on the importance of risk management
Ensure that all ODFIs perform know-your-customer due diligence
Establish procedures, systems and controls to manage the risks of their
Originator’s and Third-Party Sender’s ACH activities
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
46
NACHA Risk Assessment Framework
• Examples of recent risk management requirements and guidance by
regulators include:
– OCC Bulletin 2006-39, Automated Clearing House Activities
– OCC Bulletin 2008-12, Payment Processors Risk Management Guidance
– FFIEC’s BSA/AML Examination Manual, 2010 edition (pages 224 through 233 are specific to ACH;
however ACH is referenced in numerous locations throughout this manual)
– FFIEC Guidance on Risk Management of Remote Deposit Capture
– FFIEC Retail Payments System
– FFIEC Supplement to Authentication in an Internet Banking Environment
– FDIC Financial Institution Letter 127-2008, Payment Processor Relationships
– FDIC Financial Institution Letter 144-2008, Managing Third Party Risk
– FDIC Financial Institution Letter 3-2012, Payment Processor Relationship
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
47
Components
• Systems and controls
– Policies and procedures
– Board reporting
– Audit Scope
• Credit management
–
–
–
–
–
–
–
Credit risk
Underwriting standards
Risk selection
Originator management
Exception Processing
Government Payment Processing
Funds availability
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
48
Components (cont.)
• Compliance
–
–
–
–
–
ACH Rules
BSA/AML
OFAC
Reg D, E, CC, GG
UCC4A
• Third parties
– Service level agreements
– Contracts
– Management
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
49
Components (cont.)
• Direct Access
– Volume
– Agreements
• Operational and transactional process
– RDFI
– ODFI
• IT
– Technology controls
– Data protection
– Business continuity
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
50
Components (cont)
• Identify
– Threats
• Consistent between institutions
• Vary over time
– Vulnerabilities
• Unique to each institution
• Not always manageable
– Controls
•
•
•
•
www.neach.org
Preventative
Procedural
Technical
Detective
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
51
Assessment Deliverables
• Measure
– Control effectiveness
– Residual risk
• Prioritize
• Remediate or accept
• Documentation of the process
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
52
Risk Management Program
53
Risk Management Program
OCC 2006-39
• Establish ACH Risk Management Program
– Clear objectives
– Well developed business strategy
– Clear risk parameters
• Board and Management role
– Board overall business strategy and risk limits
– Management establish management system
• Ongoing Process
– Evaluate activities v. risk parameter
– Policies, procedures, & controls effective
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
54
54
Risk Management Program
Board Reporting
• Board or Committee should receive period reports
– Metrics & trend analyses on ACH volumes and more
– Metrics & trend analyses of originators and any third-party senders;
– Capital adequacy relative to the volume of ACH activity and level of risk associated with
originators;
– The percentage of the deposit base linked to ACH origination;
– A summary of return rates by originator and third-party senders;
– Unauthorized returns that exceed board-established thresholds;
– Notices of potential/actual rules violations from NACHA;
– Financial reports on profitability of ACH function center; and
– Risk management reports, including a comparison of actual performance to approved risk
parameters
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
55
55
Risk Management Program
Audit
• Common issues:
– inadequate audit coverage
– inexperienced audit staff
– lack of appropriate auditor training.
• Audit scope
–
–
–
–
–
growth in transaction volume
new products and services
new ACH systems
underwriting policies and customer due diligence (CDD) policies and practices
customers' online access to the ACH network.
• Ensure that periodic audits of third-party service providers
• (NACHA) Rules Compliance Audit
– not a substitute for a comprehensive, risk-based audit
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
56
56
Risk Assessment Findings
• What Auditors and Examiners are finding (continued):
– Out of band authentication is not used
– IAT entry screening is happening but some institutions are unclear what happens if an
entry is a suspect transaction
– Inadequate knowledge of ACH Rules by audit and compliance department
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
57
57
Risk Assessment Findings
•
•
•
•
The ACH Policy does not adequately define objectives.
The role of ACH in the overall strategic plan is not defined.
Including ACH in BSA/AML monitoring.
Failure to have adequate controls in place to prevent Corporate Account
Takeover or account takeover for Account to Account Consumer transactions.
• Inadequate Vendor Management controls
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
58
General Audit Requirements
• Who is required to complete the ACH Audit?
– Participating Depository Financial Institutions (DFIs)
– Third-Party Service Providers and/or Third Party Senders that provide ACH services to
DFIs
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
59
59
General Audit Requirements
• Who can perform the Audit?
– Audit performed under the direction of:
•
•
•
•
www.neach.org
Audit Committee
Audit Manager
Senior Level Officer
External auditor of DFI or Third-Party Service Provider
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
60
60
Non-Rule Related Best Practices
• A Participating DFI may wish to audit other aspects of its’ ACH Operations in
conjunction with its annual rules compliance audit
–
–
–
–
OFAC Compliance
ACH Business Continuity Plans
ACH Risk Management Policies
Compliance with 31 C.F.R. Part 210 and Green Book Compliance
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
61
61
General Audit Requirements
• Compliance with Appendix Eight, OR 203
• Identifies Rules that should be reviewed
– Direct impact on quality of ACH Services
– Satisfaction of DFIs and Receivers
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
62
62
General Audit Requirements
• Conduct annually by December 31st
• Retain proof for 6 years from date of audit
• Provide to NACHA upon request
– NACHA is requesting proof now
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
63
63
Audit Requirements for all DFIs
8.2 7 Areas of examination
–
–
–
–
–
–
–
Record Retention
Electronic Records
Proof of Audit completion
Data Security
Payment of NACHA fees
Risk Assessment completion
Security Policies and Procedure
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
64
64
8.3 – 12 Rules tested for RDFI
•
•
•
•
•
•
•
65
Prenote Verification
Proper Use of NOCs
Acceptance of entries
Funds availability
Statement Requirements
Proper handling of returns
RCK returns
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
•
•
•
•
•
Credit Returns
Stop payments
WSUDs
UCC 4A
Addenda Reporting
65
Most Commonly Found areas of Non-Compliance for
RDFI’s
•
•
•
•
•
Not Completing an ACH Audit
NOC and/or Return Records not retained in full detail for six years
Prenotes not being looked at or responded to
WEB Credits not posted correctly on statements
WSUD vs. Stop Payments
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
66
66
Audit Requirements for ODFIs
• All ODFIs and Third-Party Service Providers required to complete audit
• ODFI warrants completion of audit by both of these participants
• Conduct audit to determine compliance with rules regarding origination of ACH
entries
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
67
67
Appendix Eight, 8.4
14 Rules tested for compliance
• A. Agreements with Originators and TPS
• B. Sending Point Agreements
• C. Exposure Limits
• D. Acceptance of Return Entries
• E. NOC Processing
• F. Copies of Authorizations
• G. Permissible returns
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
68
68
Appendix Eight, 8.4
•
•
•
•
•
•
•
H. UCC 4A
I. Identity of Originators
J. Reversing Entries
K. BOC entries
L. NACHA Reporting
M. Direct Access Registration
N. Keeping Originators informed of the Rules
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
69
69
Most Commonly Found areas of Non-Compliance for ODFI’s
•
•
•
•
Origination Agreements missing the recently added requirements
NOC’s
Unable to location Sending Point agreement
Untimely Reversals
www.neach.org
© 2013 NEACH. All rights reserved. Proprietary and Confidential. For NEACH use only.
70
Sean Carter, AAP
SVP, Payments Strategies & Advisor
781-321-1011
scarter@neach.org
QUESTIONS
Related documents
Disclosure and Confidentiality Agreement for Staff and Board
Disclosure and Confidentiality Agreement for Staff and Board
Proprietary Information And Confidentiality Policy
Proprietary Information And Confidentiality Policy
Provider Data - HealtheConnections
Provider Data - HealtheConnections
Non-Disclosure (Confidentiality) Agreement Policy
Non-Disclosure (Confidentiality) Agreement Policy
Health Exchange Subsidy Calculator
Health Exchange Subsidy Calculator
Download