NOTICE OF AMENDMENT TO THE 2014 NACHA OPERATING RULES SUPPLEMENT #1-2014

Similar documents
ACH Rules Compliance Audit Requirements Request for Comment

Publications. ACH Audit Requirements. A new approach to payments advising SM. Sound Practices Checklists

ACH Audit Guide for Third-Party Senders Step-by-Step Guidance and Interactive Form For Internal ACH Audits Audit Year 2017

June 30, Phyllis Schneider, AAP, Director, Network Rules ᅳ Rules Development & Technical Support

ACH Audit Guide Step-by-Step Guidance and Interactive Form For Internal ACH Audits Audit Year 2018

ACH Rules Update for Originating Companies

Direct Access Registration

Identifying, Registering, and Auditing your Third Party Senders. Presented by Michele Barlow, AAP NCP Vice President

ACH Audit Guide Step-by-Step Guidance and Interactive Form For Internal ACH Audits Audit Year 2016

2017 National ACH Association Rules

2018 ACH RULE CHANGES AND UPDATES. Jessica Lelii & Jill Lamb, AAP EFT Specialist, MY CU Services, LLC. Disclaimer

ACH: Now and Next. Andrée E. Ortega, AAP, CTP VP, ACH Product Manager, Wells Fargo. April 19 & 20, 2018

Mobile ACH Payments Request for Comment

Client Resource Guide. NACHA File Format FORMATTING GUIDE 8/31/17

ACH Message Entries: Automating Exception Processing via ACH. Request for Comment Proposed Modifications to the Rules March 12, 2018

Stakeholder and community feedback. Trusted Digital Identity Framework (Component 2)

ACH Rules Update for Originating Companies

26 May Victoria Learmonth Prudential Supervision Department PO Box 2498 Wellington

CLIENT RESOURCE - Member FDIC - 1/7/2018

You are signing up to use the Middlesex Savings Bank Person to Person Service powered by Acculynk that allows you to send funds to another person.

Jordan Morell, AAP, NCP Tim Thorson, AAP, CTP

Application of Key UCC 4A Concepts and Terms to the Real-Time Payment System

Renewal Registration & CPE for CPAs in Iowa

August 2, 2004 Ohio Balance of State Homeless Management Information System (OBOSHMIS) Policy and Procedures Manual

UHIN STANDARDS COMMITTEE

INFORMATION CAPTURE PROFESSIONAL CERTIFICATION PROGRAM

Financial Planning Institute of Southern Africa SETTING THE STANDARD. Continuous Professional Development (Cpd) Policy

Privacy Policy. Data Controller - the entity that determines the purposes, conditions and means of the processing of personal data

GBB (WA) 1.11 (BUILD 345) RELEASE NOTES

China Code of Ethics Certification 2018 CHECKLIST

This slide is relevant to providing either a single three hour training session or explaining how a series of shorter sessions focused on per chapter

NSDA ANTI-SPAM POLICY

Code of Ethics Certification 2018 CHECKLIST

Palo Alto Unified School District OCR Reference No

GENERAL PRIVACY POLICY

Proposed Final Report on the Post-Expiration Domain Name Recovery Policy Development Process Executive Summary

E- SIGNATURE AND ELECTRONIC DISCLOSURES AGREEMENT. Agreement to Conduct Transactions by Electronic Means

FIREFLY SEND MONEY TERMS & CONDITIONS

Person to Person (P2P) Services Terms and Conditions

REPORT 2015/186 INTERNAL AUDIT DIVISION

2017 NACHA Third-Party Sender Initiatives

KNOWLEDGE BURST - NACHA

Australian Standard. Records Management. Part 1: General AS ISO ISO

Request for Comments (RFC) Process Guide

Terms and Conditions P2P Service E-Signature and Electronic Disclosures Agreement

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

Comment on Exposure Draft, IFRS Practice Statement: Application of Materiality to Financial Statements

NACHA S Risk Management Portal Instruction Manual for Financial Institutions

LVTS RULE 11 CHANGE MANAGEMENT, TESTING AND CERTIFICATION 2018 CANADIAN PAYMENTS ASSOCIATION

USA HEAD OFFICE 1818 N Street, NW Suite 200 Washington, DC 20036

ALABAMA STATE BOARD OF PUBLIC ACCOUNTANCY ADMINISTRATIVE CODE

CUMBRE VISTA HOMEOWNERS ASSOCIATION, INC. RECORDS INSPECTION AND COMMUNICATIONS POLICY AND PROCEDURE. 1-Pl) ~ \ 1

Audit Considerations Relating to an Entity Using a Service Organization

File No. SR-NASD-00-70

Certified Program By-Laws

Payment Card Industry (PCI) 3-D Secure (PCI 3DS) Qualification Requirements for 3DS Assessors

Municipal Law Enforcement Officer Certified-M.L.E.O. (c) Certification Application Guide

CERTIFICATION RENEWAL APPLICATION CERTIFIED HEALTHCARE ENVIRONMENTAL SERVICES PROFESSIONAL

Maryland Health Care Commission

ACCREDITATION OF CERTIFICATION BODIES OF SOCIAL ACCOUNTABILITY SYSTEMS SAAS ACCREDITATION REQUIREMENTS TABLE OF CONTENTS

FedACH Risk Origination Monitoring Service

Canada s Anti-Spam Legislation (CASL) Compliance Primer & Checklist. April 2014

RESOLUTION DIGEST

Building Information Modeling and Digital Data Exhibit

RECORDS AND INFORMATION MANAGEMENT AND RETENTION

Reviewed by ADM(RS) in accordance with the Access to Information Act. Information UNCLASSIFIED.

Request for Qualifications for Audit Services March 25, 2015

SCHEME OF DELEGATION (Based on the model produced to the National Governors Association)

LIST OF SUBSTANTIVE CHANGES AND ADDITIONS. PPC's Guide to Audits of Local Governments. Thirty first Edition (February 2016)

Figure 1: Summary Status of Actions Recommended in June 2016 Committee Report. Status of Actions Recommended # of Actions Recommended

REPORT 2015/149 INTERNAL AUDIT DIVISION

CANADIAN PAYMENTS ASSOCIATION ASSOCIATION CANADIENNE DES PAIEMENTS STANDARD 005 STANDARDS FOR THE EXCHANGE OF FINANCIAL DATA ON AFT FILES

THE CAN-SPAM ACT OF 2003: FREQUENTLY ASKED QUESTIONS EFFECTIVE JANUARY 1, December 29, 2003

WEBSITE DESIGN, DEVELOPMENT AND HOSTING SERVICES

Rules for Commissioned Processing. (DDV Declaration of Conformity)

Data Processing Agreement

BSCP128 Production, Submission, Audit and Approval of Line Loss Factors Version 3.0. Balancing and Settlement Code. BSC Procedure DRAFT

FIRST BANK P2P Service Cent Terms and Conditions (Available via online or mobile banking)

Gatekeeper and Notice Requirements For Direct Electronic Access and Routing Arrangements

GLOBAL MANAGEMENT CERTIFICATION SERVICES PRIVATE LIMITED PROCEDURE

Cyber Security Standards Drafting Team Update

The CAN SPAM Act And Your Chapter/State Council Communication Plan

Rowing Canada Aviron. Online Registration System - Protection of Personal Privacy. Policy Statement

PRIVACY NOTICE. 1.2 We may obtain or collect your Personal Data from various sources including but not limited to:

Regulatory Notice 11-26

E-invoice. Service Description

CALIFORNIA INDEPENDENT SYSTEM OPERATOR CORPORATION FERC ELECTRIC TARIFF ORIGINAL VOLUME NO. III Original Sheet No. 977 METERING PROTOCOL

CruiseSmarter PRIVACY POLICY. I. Acceptance of Terms

P2P Service Terms and Conditions. E-Signature & Electronic Disclosures Agreement

Internet Banking Cash Management Training Customer Documentation

Needham Bank Business Online Banking

Asian Institute of Chartered Bankers. Admission, Resignation, Cessation, and Re-admission of Individual Members. 1. Commencement and Application 02

Examination Regulations for Employee Certification regarding Usability Engineering

These terms and conditions are applicable to all Web Development projects that are undertaken by Maturski.Net.

AUDIT PROGRAM. Revision 6 Dated September 29, Management Systems Analysis, Inc. P.O. Box 136, Royersford, PA

Platform Privacy Policy (Tier 2)

Checklist According to ISO IEC 17065:2012 for bodies certifying products, process and services

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 June 2, 2014

Timber Products Inspection, Inc.

Governance, Risk, and Compliance Controls Suite. Release Notes. Software Version

Transcription:

NOTICE OF AMENDMENT TO THE 2014 NACHA OPERATING RULES February 11, 2014 SUPPLEMENT #1-2014 Clarification of Third-Parties in the ACH Network Effective Date: March 21, 2014 2014 NACHA The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.

Supplement #1-2014 to the NACHA Operating Rules SUPPLEMENT #1-2014 TO THE NACHA OPERATING RULES On December 6, 2013, NACHA s Voting Membership approved the Clarification of Third-Parties in the ACH Network amendment to the NACHA Operating Rules (Rules). The effective date for this rule change is March 21, 2014. This supplement provides ACH Network participants with a summary of the key components of the change, along with details regarding the technical changes to Rules language. To ensure compliance with the most current rules, this Supplement should be used in conjunction with the 2014 edition of the Rules. 2

Clarification of Third-Parties in the ACH Network (Approved December 6, 2013 Effective March 21, 2014) SUMMARY This Rule revises the NACHA Operating Rules (Rules) to clarify the definitions and certain roles and responsibilities of Third-Parties in the ACH Network. The amendments ( Rule ) clarify and expand on the Rules to assist Third-Parties and other ACH participants in better understanding their roles and responsibilities in a particular transaction. This Rule addresses three specific areas of clarification: (1) Definition of Third-Party Sender; (2) Definition of Third-Party Service Provider; and (3) Third-Party Sender and Third-Party Service Provider Audit Requirements. KEY COMPONENTS OF RULE AMENDMENT New business opportunities in the ACH Network have led to expanded Third-Party Service Provider and Third-Party Sender roles over the last several years. Third-Parties are now performing roles in ACH processing that were not contemplated at the time Third-Parties were first addressed in the Rules, and there is sometimes a blurring of roles between Third-Parties and Originators. An entity can be a Third- Party Sender for one set of transactions and an Originator for another set of transactions. In some cases, new Third-Party roles have resulted in confusion as to whether a particular party is the Third-Party Sender, Third-Party Service Provider, or Originator in a given transaction. The new Rule clarifies the roles and responsibilities of Third-Parties in ACH transactions so that all participants have a better understanding of their respective obligations. In addition, ACH participants have reported that there is some uncertainty in the industry regarding rules compliance audit requirements for Third-Party Service Providers and Third-Party Senders. Some Third-Parties are apparently unclear about their obligation to conduct an ACH Rules compliance audit. The Rule provides Third-Parties and other ACH Network participants with clarification regarding audit requirements, which will help these participants better understand and fulfill their audit obligation. Definition of Third-Party Sender This amendment provides a new definition of a Third-Party Sender that addresses several areas of confusion or uncertainty about the role of a Third-Party Sender. The new definition focuses on two fundamental characteristics of the relationships among Third-Party Senders, Originators, and ODFIs (1) the Third-Party Sender acts as an intermediary between the Originator and the ODFI, including through Direct Access, and (2) the Third-Party Sender (rather than the Originator) has the Origination Agreement with the ODFI. Further, the new definition clarifies that an ACH participant can act as a Third-Party Sender for a given transaction or an Originator for that transaction, but cannot assume both roles for the same transaction. This Rule helps participants reconcile a Third-Party s role versus an Originator s role in a particular transaction. Definition of Third-Party Service Provider Outsourcing and downstream Third-Parties have created questions about whether Third-Party Service Providers can perform processing functions on behalf of Third-Party Senders. Current Rules language does not explicitly address these relationships, although they are not prohibited. This amendment specifically acknowledges that Third-Party Service Providers can act on behalf of Third-Party Senders. Third-Party Sender and Third-Party Service Provider Audit Requirements Third-Party Senders and Third-Party Service Providers are obligated under the Rules to perform an annual audit of Rules compliance to the extent they perform obligations of an ODFI or RDFI. This requirement 3

is stated in the text of Article One General Rules, and of Appendix Eight Rules Compliance Audit Requirements. To ensure that this responsibility is obvious to all ACH participants, this Rule changes the titles in Appendix Eight to name all parties subject to the audit requirements contained in that part. This amendment also helps resolve the issue of which audit requirements outlined in Appendix Eight do not apply to Third-Parties. Specifically, the Rule includes a modification to Part 8.2 (Audit Requirements for All Participating DFIs, Third-Party Service Providers, and Third-Party Senders) that states affirmatively that Third-Parties are excluded from one audit requirement (Part 8.2(e)), which is only applicable to financial institutions. This Rule also includes a similar modification to Part 8.4 (Audit Requirements for ODFIs, Third-Party Service Providers, and Third-Party Senders) to state affirmatively that Third-Parties are excluded from two audit requirements (Parts 8.4 (l) and (m)), which are only applicable to ODFIs. Finally, the Rule includes a minor change in the formatting of Appendix Eight, Part 8.1 (General Audit Requirements) to improve readability. IMPACT TO PARTICIPANTS Originators/ODFIs/RDFIs, Third-Party Service Providers, and Third-Party Senders: There should be no costs for organizations currently in compliance with the Rules. An organization may incur costs if it finds that it is not currently in compliance due to these clarifications, such as Third Parties that are not performing annual rules compliance audits. TECHNICAL SUMMARY Below is a summary of the impact of this rule change on the NACHA Operating Rules. Sections of the Rules that are affected by this amendment are also included and reflect rule language as it will read upon implementation in highlighted, italicized text. Article Eight, Section 8.98 (Third-Party Sender) defines a Third-Party Sender as an intermediary between the Originator and the ODFI, including through Direct Access, that has an Origination Agreement with the ODFI. Article Eight, Section 8.99 (Third-Party Service Provider) updates the definition to acknowledge that Third-Party Service Providers can execute certain functions on behalf of Third-Party Senders. Appendix Eight, Part 8.2 (Audit Requirements for All Participating DFIs) modifies the title to include Third-Party Service Provider and Third-Party Sender, and the text to exclude Third-Parties from Item (e). Appendix Eight, Part 8.3 (Audit Requirements for RDFIs) modifies the title to include Third-Party Service Provider and Third-Party Sender. Appendix Eight, Part 8.4 (Audit Requirements for ODFIs) modifies the title to include Third-Party Service Provider and Third-Party Sender, and the text to exclude Third-Parties from Items (l) and (m). Appendix Eight, Part 8.1 (General Audit Requirements) updates the format for better readability, without text changes. Implementation Date: March 21, 2014 4

As approved December 6, 2013, effective March 21, 2014, the Rules are modified as follows for the rule changes specific to Clarifications of Third-Parties in the ACH Network. [Note: The individual audit provisions defined in Appendix Eight, Parts 8.2, 8.3, and 8.4 are not affected by this amendment, and are not included within this Supplement.] ARTICLE EIGHT Definitions of Terms Used in These Rules SECTION 8.98 Third-Party Sender an Organization that is not an Originator that has authorized an ODFI or a Third Party Service Provider to Transmit, for its account or the account of another Third-Party Sender, a credit Entry, debit Entry, or Non- Monetary Entry to the Receiver s account at the RDFI. An Organization acting as a Third-Party Sender also is a Third-Party Service Provider. u a type of Third-Party Service Provider that acts as an intermediary in Transmitting Entries between an Originator and an ODFI, including through Direct Access, and acts on behalf of an Originator or another Third-Party Sender. A Third-Party Sender must have an Origination Agreement with the ODFI of the Entry. A Third-Party Sender is never the Originator for Entries it Transmits on behalf of another Organization. However, a Third-Party Sender of Entries may also be an Originator of other Entries in its own right. SECTION 8.99 Third-Party Service Provider u an Organization that performs any functions on behalf of the Originator, the Third-Party Sender, the ODFI, or the RDFI (not including the Originator, ODFI or RDFI acting in such capacity for such Entries) related to the processing of Entries, including the creation of the Files or acting as a Sending Point or Receiving Point on behalf of a Participating DFI. An Organization acting as Third-Party Sender also is a Third-Party Service Provider. APPENDIX EIGHT Rule Compliance Audit Requirements PART 8.1 General Audit Requirements 1 u Each Participating DFI, Third-Party Service Provider, and Third-Party Sender must, in accordance with standard auditing procedures, conduct an internal or external audit of compliance with provisions of the ACH rules in accordance with the requirements of this Appendix Eight. These audit provisions do not prescribe a specific methodology to be used for the completion of an audit but identify key rule provisions that should be examined during the audit process. An annual audit must be conducted under these Rule Compliance Audit Requirements no later than December 31 of each year. This audit must be performed under the direction of the audit committee, audit manager, senior level officer, or independent (external) examiner or auditor of the Participating DFI, Third-Party Service Provider, or Third-Party Sender. 1 The text of Part 8.1 (General Audit Requirements) is highlighted to draw attention to structural changes to improve readability and understanding of content. The rules language has not changed. 5

u The Participating DFI, Third-Party Service Provider or Third-Party Sender must retain proof that it has completed an audit of compliance in accordance with these Rules. Documentation supporting the completion of an audit must be (1) retained for a period of six years from the date of the audit, and (2) provided to the National Association upon request. Failure of a Participating DFI to provide proof of completion of an audit according to procedures determined by the National Association may be considered a Class 2 rule violation pursuant to Appendix Ten, subpart 10.4.7.4 (Class 2 Rules Violation). PART 8.2 Audit Requirements for All Participating DFIs, Third-Party Service Providers, and Third-Party Senders Each Participating DFI, Third-Party Service Provider, and Third-Party Sender must conduct the following audit of ACH operations. These audit specifications apply generally to all Participating DFIs, regardless u of a Participating DFI s status as an ODFI or RDFI. The specifications also apply to Third-Party Service Providers and Third-Party Senders, with the exception of Part 8.2, item (e). u PART 8.3 Audit Requirements for RDFIs and Third-Party Service Providers In addition to the audit procedures outlined in Parts 8.1 (General Audit Requirements) and 8.2 (Audit u Requirements for All Participating DFIs, Third Party Service Providers, and Third-Party Senders) of this Appendix Eight, all RDFIs and their Third-Party Service Providers must conduct an audit of the following relating to the receipt of ACH entries: u PART 8.4 Audit Requirements for ODFIs, Third-Party Service Providers and Third- Party Senders In addition to the audit procedures outlined in Parts 8.1 (General Audit Requirements) and 8.2 (Audit Requirements for All Participating DFIs) of this Appendix Eight, ODFIs, Third-Party Service Providers, and Third-Party Senders must conduct an audit of the following relating to the origination of ACH entries: u In addition to the audit procedures outlined in Parts 8.1 (General Audit Requirements) and 8.2 (Audit Requirements for All Participating DFIs, Third-Party Service Providers, and Third-Party Senders) of this Appendix Eight, ODFIs, and Third-Party Service Providers, and Third-Party Senders when performing an obligation of the ODFI, must conduct an audit of the following relating to the origination of ACH entries. Part 8.4, items (l) and (m) do not apply to Third-Party Senders. 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback