2017 NACHA Third-Party Sender Initiatives

Transcription

1 2017 NACHA Third-Party Sender Initiatives Jordan Bennett Senior Director, Network Risk NACHA

2 2 MAC is an organization of Bankcard professionals involved in the risk management side of Card Processing. We have members from Banks, ISOs, Card Associations and others related to the risk management side of the industry. MAC s mission is to strengthen the payment ecosystem through ongoing education, communication and cooperation among acquirers, card brands and enforcement agencies. To learn more about MAC or to become a member of MAC please visit the website below.

3 3 NACHA s Risk Management Strategy Past and concurrent Third-Party initiatives include: NACHA Certified Third-Party Sender Registration Rule Risk Management Portal Third-Party Sender Identification Tool and online resources Third-Party Sender Operations Bulletin

4 NACHA Certified: NACHA s Certification Program for Third-Party Senders

5 5 What is NACHA Certified? NACHA Certified is a voluntary accreditation program for Third-Party Senders in the ACH Network The program includes a set of commonly understood requirements for conformance to sound business practices and standards NACHA Certified helps Third-Party Senders set themselves apart from their peers while improving the quality of the Network

6 6 Why Did NACHA launch NACHA Certified? NACHA recognizes that Third-Party Senders fill an important and vital role in the ACH Network! NACHA Certified provides value to industry participants and the network by improving self-governance Growth of third-party participation in the network to support new innovative payment methods many new market entrants act as Third-Party Senders and may not be familiar with compliance, risk management, and regulatory responsibilities Improve transparency for well-governed industry partners looking to do business together via public list of Third-Party Senders

7 7 What are the Benefits to the ODFI? Serves as a starting point for ODFI s own due diligence, as well as a source of validation for the ODFI s ongoing oversight for existing Third-Party Sender relationships Provides assurance that the Third-Party Sender has an understanding of NACHA Operating Rules compliance requirements, and has demonstrated sound practices related to ACH transaction processing Publicly available certification requirements set the standard that all Third-Party Senders should meet and improves awareness of governance expectations A public list of certified Third-Party Senders may smooth the way for more efficient and effective interactions with ODFI partners

8 8 What are the Benefits for Third-Party Senders? A public list of certified Third-Party Senders paves the way to a more positive interaction with ODFI partners All NACHA Certified Third-Party Senders may display the NACHA Certified seal and will have their names and company information displayed on the NACHA Certified website Third-Party Senders are able to set themselves apart from peers by meeting certification program standards Provides well-governed Third-Party Senders a mechanism to demonstrate sound corporate governance, risk management, and compliance with Rules, Laws and Regulations Provides Originators a level of assurance that their Third-Party Sender partner meets the NACHA Certified program standards

9 9 Certification Program Pillars All Third-Party Senders that apply for certification agree to submit to a review of the following by NACHA: NACHA Operating Rules Compliance Audit Background checks on applicant organization and key principals Audited annual and quarterly financial statements Compliance and Risk Management: Internal Risk Assessment Return Monitoring Program Statement attesting to adoption of policies, procedures and internal controls that satisfy the Program Criteria, as well as obligations under federal and state laws and regulations Upon NACHA s request, the applicant will make available all policies, procedures, internal controls and other documentation relating to the Applicant s Compliance and Risk Program

10 10 Some Details Who is eligible? All Third-Party Senders that have been in business for at least two years are eligible to become NACHA Certified What must be provided? Applicants must provide the following documentation: Independent NACHA Operating Rules Audit ACH Risk Assessment Attestation to Meeting Specified Compliance and Risk Program Elements Agreement to Criminal Background Check for all principals and key officers Audited Financial Statements What is the pricing? The pricing was designed to incent adoption by Third-Party Senders and to cover program costs The fee for application to apply to become NACHA Certified is $5,000 for the two year certification period The fee to maintain the certification in intervening years is $750

11 Risk Management Portal: NACHA s new home for all of our risk management databases

12 12 NACHA s Risk Management Portal NACHA s Risk Management databases are moving to the new Risk Management Portal. Required by the NACHA Rules Third-Party Sender Registration (New) Direct Access Registration (Re-attest) Voluntary Emergency Financial Institution Contact Database Terminated Originator Database Retiring Originator Watch List (OWL)

13 13 OWL Discontinuation NACHA discontinued OWL on September 29, 2017 in conjunction with launch of Risk Management Portal Enhancements in new Risk Management Portal creates improved efficiencies in NACHA s risk management tools OWL no longer provides incremental value in light of these alternative enhancements

14 14 NACHA s Risk Management Portal Each organization should register only once. NACHA uses information from the Accuity, the Routing Number (RTN) registrar, to link RTNs owned by the financial institution. Registering third-parties are linked by their US TIN. Each organization will select one employee to act as administrator and register for access to the Risk Management Portal. The administrator has the ability to add up to four additional users. Administrators and users have access to view and edit.

15 15 Financial Institution Registration

16 16 Financial Institution Registration

17 17 Financial Institution Registration

18 18 Initial login NACHA must accept each registration most will be instant, but some may take up to 3 business days The admin and users will receive an with a welcome notice and temporary password. Login and change your password.

19 19 Two-Factor Authentication A One-Time Authentication Code is generated at each login. The One-Time Authentication Code is sent via . Type or copy and paste the One-Time Authentication Code. Users are logged out of the Risk Management Portal after five minutes of inactivity.

20 20 Financial Institution Registration Management View and edit FI information here. Print or export this screen for your records.

21 21 Financial Institution Registration Management The Edit icon (A) will let you edit FI information. The Deactivate icon (B) will deactivate the FI.

22 22 Third-Party Sender Registration Add, edit, view, and export TPS customers from the TPS tab. Tab is only enabled for FIs that attest to having TPS customers.

23 23 Third-Party Sender Registration two processes Manual Entry Enter TPS customer information into a standard form. Edit any entry (bulk or manual) Bulk Upload Upload or edit many TPS customers at one time. Templates available in Excel, CSV, and XML. Validations are performed by the portal. Files placed into queue and processed at midnight on the date of upload.

24 24 TPS Registration Manual Entry Select Manual Entry from the TPS DB Management Screen. A pop-up will appear. All fields marked with an * need to be completed.

25 25 TPS Registration - Manual Entry ODFI Routing Number is the RTN used by TPS customer being registered. Only register the TPS Company ID and TPS Name of the third-party sender

26 26 TPS Registration Bulk Upload Select Bulk Upload from the TPS drop down menu or from the TPS DB Management screen.

27 27 TPS Registration Bulk Upload Select a template. Add TPS customers or Modify current TPS customers. Save the file.

28 28 TPS Registration Bulk Upload Chose the file and select upload. The portal will perform schema validation and place the file into the processing queue.

29 29 Bulk Upload History Monitor submitted files in the Bulk Upload History. Files will remain in Pending status until midnight on the date the file was received.

30 30 Export TPS Entries Files can be exported in the bulk upload formats or the TPS table. Bulk upload formats can be modified and uploaded using the bulk upload process. The TPS table format includes the date registered, date modified, and modified by fields that are not part of the bulk upload formats.

31 31 Direct Access Debit Registration - Required All ODFIs will need to re-attest. NACHA has contacted all ODFIs that were registered in the legacy system as having a Direct Access Debit relationship. Direct Access (DA) menu is only enabled for FIs that have DA relationships. For new relationships, NACHA Staff will contact each FI that attest as to having direct access debit relationships. NACHA staff will confirm the direct access relationship and complete the registration with the financial institution

32 32 Terminated Originator Database (TOD) - Voluntary NACHA ended vender agreement for the TOD service and now offers without a charge to ODFIs and Third Parties. The TOD allows ODFIs and Third-Party Senders and Third-Party Service Providers to share information on terminated originators. ODFIs are not prohibited from doing business with originators listed in the TOD. NACHA recognizes that some ODFIs may have greater risk tolerance and risk management practices for managing an originator that other ODFIs may terminate.

33 33 TOD Contribute and Manage Contributions Select TOD DB Management from the TOD dropdown menu To add a new TOD contribution, select Contribute to TOD.

34 34 TOD - Contribute To contribute a new terminated originator or third-party sender, all fields marked with an * need to be completed.

35 35 TOD - Search Searches can be done on the complete legal name, tax ID or doing business as name (DBA). Only an exact match will return a result. No partial names or wildcards can be used to search TOD.

36 36 Emergency FI Contact Database - Voluntary NACHA provides an Emergency FI Contact Database as a vehicle for communication during a crisis: financial institutions can collaborate and share information as needed to mitigate threats impact on day-to-day operations. Financial institutions must register to contribute to the Emergency Financial Institution Contact Database.

37 37 Emergency FI Contact Database - Contribute

38 38 Emergency FI Contact Database - Contribute A single contact can be associated with every RTN owned by the FI. Phone number is a required field. is optional.

39 39 Emergency FI Contact Database - Search The Emergency FI Contact Database can be searched by Routing Number or Financial Institution Name

40 40 Additional Resources NACHA links

41 41 SAVE THE DATE MAC 2018 Annual Conference March 13-15, 2018 SLS Hotel - Las Vegas, NV Register online at Don t miss the premier payments industry risk conference.