KNOWLEDGE BURST - NACHA

Transcription

1 Copyright 2017 MAC. All Rights Reserved. Copyright MAC. All Rights Reserved. KNOWLEDGE BURST - NACHA Jordan Bennett Senior Director, Network Risk, NACHA

2 NACHA Third-Party Sender Updates Jordan Bennett, AAP Senior Director, Network Risk NACHA

3 NACHA s Risk Management Portal

4 4 Risk Management Portal Third-Party Sender Registration Database All ODFIs must register TPS customers or state that they have none. Deadline to register was March 1, Over 9,000 Third-Party Senders registered. Emergency FI Contact Database Over 1,200 financial institutions have registered. Vehicle for communication during a crisis: financial institutions can collaborate and share information as needed to mitigate threats.

5 5 Risk Management Portal Terminated Originator Database (TOD) Over 900 financial institutions registered. Open to Third-Party Senders and Third-Party Service Providers. The TOD allows ODFIs and Third-Party Service Providers to share information on terminated originators. ODFIs are not prohibited from doing business with originators listed in the TOD. NACHA recognizes that some ODFIs may have greater risk tolerance and risk management practices for managing an originator that other ODFIs may terminate.

6 NACHA Certified

7 7 NACHA Certified Criteria Criteria sourced from existing: Laws Regulations NACHA Operating Rules Guidance Reinforces existing risk management and compliance expectations. All Third-Party Senders should meet the criteria whether or not NACHA Certified.

8 8 NACHA Rules Compliance Audit NACHA Operating Rules General Rules Compliance Compliance relating to ACH origination agreements Was the audit performed by an independent party? Are your ACH compliance audits completed annually? Were there any findings? What action was taken to remediate the findings?

9 9 Risk Assessment What happens if. your financial institution decides to exit the business? your largest originator goes bankrupt? a fraudster wants to originate through your company? an originator submits an illegal transaction? a file is altered or duplicated by an employee or outside actor? Are you prepared? Can your business continue?

10 10 Compliance and Risk Program How well is your Compliance and Risk program documented? KYC and KYCC Underwriting, Credit, and Onboarding AML and OFAC Compliance Security Compliance General Risk Management Exception Handling

11 11 Return Rate Monitoring Return rate monitoring for ACH returns. Monitoring program that reviews all originators for return rate compliance by category: Unauthorized Administrative Overall Written policies and procedures for remediating non-compliant originators. Origination agreements that specify compliance requirements and consequences for non-compliance.

12 12 Stability Business duration Must be in business for a minimum of 2 years Does not have to be in ACH Strong leadership Background checks on all principals and key officers Financially sound Two years of audited financials Most recent quarterly financial report Business Continuity Plan Appropriately insured

13 13 Third-Party Senders Set yourself apart from your competition. Demonstrate to financial institutions that you have sound practices, solid risk management, and are compliant with Rules, laws and regulations. NACHA Certified TPSs Publicly listed on our website. May display the NACHA Certified logo.

14 14 ODFIs The NACHA Certified Criteria can be a starting point for your due diligence. The criteria are publically available. Does not replace FI due diligence. NACHA Certified can support your due diligence. Know that your TPS is a good player in the ACH industry.

15 15 Contact Information Jordan Bennett, AAP Senior Director, Network Risk (703)

16