ACH Industry Update, Audit Weaknesses and Emerging Payment Trends

Similar documents
Performed by: The Payments Authority, under the oversight of AuditLink. October 22, 2013

ACH FUNDAMENTALS: UNDER THE MICROSCOPE. Heather Spencer, AAP Implementation Coordinator, MY CU Services, LLC. Disclaimer

2016 Annual ACH Audit CU*Answers

Get on First Base with Same-Day ACH Risks

New Rules & Faster Payments

Key Components of an RDFI. Mini Deck

5/2/2017. Mini Deck. Disclosure

NACHA Operating Rules: What Do They Mean to You?

Same Day ACH: Moving Payments Faster

ACH Audit and Risk Assessment: Choose Your Own Adventure

The ACH Network: Progress and Pathways to Faster Payments

Authorizations & Agreements. Presented by Laura Nelson, AAP NCP Education Specialist/Auditor

2015 NACHA COMPLIANCE SUMMARY GUIDE

Expanding Same Day ACH

Session 8: ACH. New York Bankers Association-Community Bank Auditors Group Internal Audit Training-June 6-8, 2016

Managing Third Party Risk in the ACH Network

ACH Credit a transaction through the ACH network originated to pay a receiver (deposit funds into an account).

UMACHA 2014; All rights reserved 2

Glossary of ACH Terms

Navigating the ACH Rules

CORPORATE USER ACH QUICK REFERENCE CARD

Presented by: Jen Wasmund, AAP, NCP Vice President of Education and Compliance. Jordan Morell, AAP, NCP Associate Director of Education Services

MEMORANDUM. December 7, CU*Answers Executive Council CU*Answers Board of Directors. From: Patrick Sickels Internal Auditor CU*Answers

Same-Day ACH A New Rule; A New World. August 21, 2015 Puerto Rico Same Day ACH Symposium

The State of ACH. MAAFP January 2017

Same Day ACH: It s Here, You Need to Prepare

UCC 4A and the ACH Network. Presented by Wanda Downs, AAP Director of Payments Education

ACH Originator Resources

INTRODUCTION TO SAME-DAY ACH

Same Day ACH Transaction Risk

Payment System Rules and Regulations. What will you learn? After this course, you will be able to:

ORIGINATING ACH ENTRIES REFERENCE

OBLIGATIONS OF ORIGINATORS

Payment Processing 101

This is designed to provide those who are not familiar with the ACH Network with a basic understanding of the fundamentals of the ACH Network.

RISKS WITH SAME DAY ACH

Same Day ACH: What Does It Mean to Your Financial Institution?

Same Day ACH, Third-Party Sender Registration and Other Payments Initiatives, Oh My! Discussion. Faster Payments. Central OK AFP March 23, 2017

Account Disclosures. RDFI should review and update account disclosures to address:

UNDERSTANDING ACH First Tennessee Bank National Association. Member FDIC.

Copyright 2017 Lakeland Bank. All rights reserved. This material is proprietary to and published by Lakeland Bank for the sole benefit of its

NACHA Rulemaking Process Update

Risks with Same-Day ACH. Presented by Kevin Olsen, AAP NCP Senior Vice President, Payments Education

Same Day ACH and PEP+ Opportunities. August 21, 2015

Pain Points in the Rules Phase Two Request for Comment and Request for Information. Executive Summary and Rules Description June 27, 2011

ACH Management Policy

February 6, 2015 BY COURIER AND ELECTRONIC DELIVERY

Electronic Payments and the ACH Network: Everything a Controller Needs to Know

Same Day ACH: Preparing for Debits. Presented by Laura Nelson, AAP NCP Education Specialist/Auditor

ACH Risk: Is It a Myth or Reality. Mary Gilmeister, AAP, NCP President WACHA Fred Laing, II, AAP, CCM, NCP President UMACHA

ARE YOU READY FOR SAME DAY ACH??

Definitions AML/BSA Risks Assess Your Risks Identify the Risks Mitigate the Risks Scenario Questions?

CASH MANAGEMENT SCHEDULE. AUTOMATED CLEARING HOUSE SERVICES for Originators & Third-Party Senders

NEACH Payments Management Conference ACH Credit Risk: Credits, Debits, Same Day

A Faster, Safer, or More Efficient Payment System: What Do Credit Managers Want?

AUTOMATED CLEARING HOUSE (ACH) THIRD PARTY SERVICE PROVIDER ADDENDUM TO THE BUSINESS ONLINE USER AND ACCESS AGREEMENT

ACH Primer for Healthcare. A Guide to Understanding EFT Payments Processing

General Terms and Conditions: 1. Up to HK$1,100 Cash Rebate at Broadway, Up to 40% off on Selected Items, the Interest-free Purchase Instalment

Old Point ACH Services Annual Training 2014

Commercial Banking Online Service Agreement

ACH Origination Agreement (Company) has requested that Easthampton Savings Bank (bankesb) permit it to initiate Entries to Accounts maintained at the

Copyright 2016 by the Electronic Check Clearing House Organization

Automated Clearing House

Wire Transfer & ACH Origination. What will you learn? Wire Transfer Origination. After this course, you will be able to:

INTERNATIONAL ACH TRANSACTIONS. IAT Scenarios Simplified

Treasury Management Services Product Terms and Conditions Booklet

December 3, ACH Rulebook Subscribers. Cari Conahan, AAP Senior Director, Network Rules

Exactly what kind of bank is South State Bank?

TREASURY MANAGEMENT MASTER AGREEMENT TERMS AND CONDITIONS

(For sweep accounts.) Total dividends earned as of the last day of the statement period. (For line of credit.) Amount advanced today.

NOTICE OF AMENDMENT TO THE 2016 NACHA OPERATING RULES SUPPLEMENT #1-2016

GFOA - Banking RFP Checklist

Directory of ACH Return Codes

Funds Transfer Services

Treasury Management Services Product Terms and Conditions Booklet

HIPAA Summit ACA Operating Rules Update. NACHA The Electronic Payments Association

NACHA Operating Rules Update: Healthcare Payments

New ACH Stop Payment and Written Statement of Unauthorized Debit Requirements

National Check Payments Certification. Check Fundamentals and Check Processing. Copyright 2017 by the Electronic Check Clearing House Organization

Key Learning Points. Disclaimer. Compliance and Payments: A View of the Legal Framework. Lori Moore, CRCM ATTUS Technologies, Inc.

Business Mobile Banking Quick Reference Guide

Applied Risk Management

Agenda. New ACH Stop Payment and Written Statement of Unauthorized Debit Requirements. ACH Stop Payment Requirements Regulation E

Re: Request for Comment and Request for Information, Compliance and Operational Topics

Treasury Management Services Product Terms and Conditions Booklet

Same Day ACH Progress Report Looking Ahead. Ryan Waterman, AAP, AVP, Risk & Regulatory Compliance

Retail Payments Office of the Federal Reserve System 1000 Peachtree Street, N.E. Atlanta, GA

The Green Book & ACH Payments

National Check Payments Certification. Check Fundamentals and Check Processing. Copyright 2016 by the Electronic Check Clearing House Organization

CARPENTERS COMBINED FUNDS ELECTRONIC FUNDS TRANSFER (EFT) AUTHORIZATION FORM Please print or type all required information.

A to Z Jargon buster. Call +44 (0) to discuss your upgrade options

ONLINE BANKING DISCLOSURE STATEMENT AND AGREEMENT

Re: Risk Management Enhancements, Request for Comment/Information, April 29, 2011

A2A EXTERNAL FUNDS TRANSFER SERVICE ADDENDUM TO ONLINE BANKING SERVICES AGREEMENT

Virginia Department of Taxation

Country Bank Cash Management Agreement

Payments 101. An Overview the US Payment Networks. René M Pelegero, President, Retail Payments Global Consulting Group

ACH Origination Agreement

Expedited Processing and Settlement (EPS)

Introduction. Page 1. Introduction

Transcription:

ACH Industry Update, Audit Weaknesses and Emerging Payment Trends Presented by Adrian Brown, AAP Director of Education The Payments Authority is the association for payments people. ACH CARD CHECK WIRE www.thepaymentsauthority.org The Payments Authority 2015 1

ACH Volume - 2015 4.7 trillion debits and credits $10.5 trillion WEB transactions made up almost 21% of ACH Network volume Moving Payments Faster Same-Day ACH 3 phase approach Most entries eligible Mandated for RDFIs The Payments Authority 2015 2

Phased-In Implementation Phase 1 ACH credits would be eligible to be processed during the two new same day processing windows. Interbank settlement for same day ACH credits would occur at 1:00 PM and 5:00 PM ET, respectively, for the two new windows. Phase 2 ACH debits would become eligible for same day processing during the two new same day processing windows. Phase 3 RDFIs would be mandated to make available funds from same day ACH credits no later than 5:00 PM at the RDFI s local time. Eligible Transactions Same day ACH credits: payroll, business to business, bill payment, and person to person payments. Same day ACH debits: bill payment, account to account transfers, check conversion, business to business, and e commerce payments. Most non monetary transactions prenotifications, notifications of changes, zero dollar remittance information transactions, etc. would also be eligible for same day processing. Ineligible transactions: IAT, and transactions over $25,000. 2 2 The $25,000 transaction limit would apply to individual transactions; i.e., a single same day ACH transaction could not be for more than $25,000. There would be no limit on the aggregate value of a batch of same day transactions. The Payments Authority 2015 3

Implementation Phases Functionality Phase 1 3 Transaction Eligibility ($25,000 limit; IAT not eligible) Sept. 23, 2016 Phase 2 Sept. 15, 2017 Phase 3 March 16, 2018 Credits only Credits and debits Credits and debits New Same Day ACH Processing Deadlines 4 10:30 AM ET and 3:00 PM ET 10:30 AM ET and 3:00 PM ET 10:30 AM ET and 3:00 PM ET New Settlement Time(s) 1:00 PM ET and 5:00 PM ET 1:00 PM ET and 5:00 PM ET 1:00 PM ET and 5:00 PM ET ACH Credit Funds Availability End of RDFI s processing day End of RDFI s processing day 5:00 PM RDFI local time 3 The proposed effective dates of the three phases are contingent on the timely support of the Federal Reserve, as explained on the next slide. 4 Times shown represent the approximate times for an ODFI s deadlines to transmit same-day ACH transactions to an ACH Operator. Use Cases for Same Day ACH According to NACHA the top 5 most commonly cited use cases that would be used or offered include: Payroll (cited by 87% of survey respondents that said they would use/offer Same Day ACH) Business to business (72%) Account to account transfers (59%) Person to person payments (57%) Bill payments (53%) 11 The Payments Authority 2015 4

ACH Audit Appendix Eight Every FI, Third Party Service Provider and Third Party Sender must conduct an annual ACH audit Audit must be conducted under the direction of an audit committee, audit manager, senior level officer, or independent examiner Audits must be retained for 6 years Audit must be conducted no later than December 31 of every year ACH Audit ACH Audit is divided into 3 sections: Requirements for all Participating Financial Institutions (DFI) and Third Party Senders/Third Party Service Providers Requirements for RDFIs Requirements for ODFIs and Third Party Service Providers Verify all Third Party Service Providers have conducted their annual ACH audit NACHA has the right to request proof of audit of any FI or Third Party The Payments Authority 2015 5

ACH Security Requirement Verify that the DFI has Established, implemented and updated Security policies Procedures Systems Responsibilities and Obligations Key Components Source: NACHA Operating Rules & Guidelines 1. Protect sensitive data and access controls 2. Self Assessment 3. Verification of Third Party Senders and Originators Applies to: Financial Institutions Originators Third Party Processors Third Party Senders The Payments Authority 2015 6

Data Security Self-Assessment All DFIs Requirement Verify an ACH risk assessment has been conducted Verify a risk management program has been implemented based on the risk assessment Verify a risk assessment has been conducted by any Third Party Sender Test: Have risk issues been addressed from previous risk assessment? Has all ACH activity been incorporated into enterprise wide risk assessment? The Payments Authority 2015 7

RDFI Audit Requirement Verify that the required information for ACH entries to consumer accounts is passed to the statement. Applies to all Standard Entry Class Codes. Verify that required information for ACH entries to nonconsumer accounts is passed to statement. Applies to ARC, BOC, POP. Test: Verify the descriptive information prints to the monthly account statements for all SEC codes. New rule for WEB credits (P2P payments) The Individual Number Field that contains the name of the sender must be passed to the statement RDFI Audit Requirement 8.3.l Verify that payment related information transmitted with CCD, CIE, CTX and IAT entries to non consumer accounts can be provided within 2 days of receipt. Test: Determine how payment related information is identified. Verify written procedures for process of providing payment related information. Verify there is an electronic delivery method offered for payments to health care providers The Payments Authority 2015 8

Common areas of weakness for the RDFI audit: RDFI Audit Common areas of weakness for the RDFI audit: Accurate information for NOCs Dual control to prevent error or fraud Procedures have not been revised to reflect rule changes Transactions transmitted beyond the required return timeframe The Payments Authority 2015 9

RDFI Audit Common areas of weakness for the RDFI audit: Record retention for FI mergers Electronic record retention Prompt re credit for the unauthorized entry Written procedures for providing payment related information. Electronic delivery method for healthcare payment addenda RDFI issues not addressed in the Audit Written procedures for IAT entries regarding: Screening BSA procedures for suspect transactions and method of return (debit or credit) Written procedures for handling Federal Government payments upon notification of death Written procedures for handling Notice of Reclamations for Federal Government The Payments Authority 2015 10

RDFI ACH Audit Prep Review Policies and Procedures Determine connectivity to the ACH Network Receipt Origination Returns Third Party Providers/Senders Set the audit period E-Sign Act E Sign Act Electronic Signatures in Global and National Commerce Act Provides that documents and signatures delivered electronically are the legal equivalent of the original document E Sign Law provides more legal certainty and may help promote the growth of electronic commerce. The Payments Authority 2015 11

Questions? Common areas of weakness for the ODFI audit: The Payments Authority 2015 12

Third Party Sender Third Party Sender Originators Required agreement has not been executed between ODFI and Third Party Sender ODFI Audit Requirements Periodic review of exposure limits Verify procedures have been established to monitor origination and return activity across multiple Settlement Dates The Payments Authority 2015 13

ODFI Audit Requirements Determine if the ODFI utilizes Commercially Reasonable Security Procedures that have been agreed upon with the Originator. ODFI Audit Requirements Verify reversing files and entries are handled timely and appropriately The Payments Authority 2015 14

ODFI Audit Requirements Verify procedures have been implemented to monitor return rate information on each Originator or Third Party Sender, as requested by the National Association. ODFI Audit Requirements Determine if Data Security responsibilities and obligations have been provided to the Originator and Third Party Provider/Sender Determine how the ODFI has kept Originators and Third Party Senders informed of their obligations under these rules. Third Party Sender The Payments Authority 2015 15

ODFI Audit Common areas of weakness for the ODFI audit: How the ODFI informs Originators and Third Party Senders on their responsibilities for the ACH rules relative to the types of transactions originated Training for internal departments originating ACH Proof of annual ACH audit Originators initiating WEB entries Third Party Provider/Senders ODFI Audit Prep Does the FI offer internal origination? FI to FI transfers (P2P/A2A), loan payments, collections, bill pay, etc. What you need to know before the audit: # of Originators # of delivery channels What SEC codes are originated What types of entries are originated: payroll, taxes, consumer payments, vendor payments, International payments The Payments Authority 2015 16

ODFI ACH Audit Prep Review origination and credit approval procedures How are Originators approved? Periodic review? Determine how files are originated Direct connect to ACH Operator (Fed or EPN) Third Party Processor/Sender Correspondent Cash management system Determine if there are multiple delivery channels Determine connection(s) i.e. internet, phone or other Determine audit period Resource Checklist Current Resources ACH Rule Book Green Book On Line UCC 4A and the ACH Network ACH Risk Management Handbook ACH Compliance Manual The Payments Authority 2015 17

Questions? Emerging Payments The Payments Authority 2015 18

NACHA Initiatives All types and sizes of organizations ACH Blueprint Broad industry wide survey 50+ Individual interviews over 6 months Source: www.nacha.org The Clearing House Initiative Efforts to develop a Secure, Real Time Payment System in the U.S. Known for other innovation and R&D: ACH operator services Check Image PCI, EMV, tokenization Mobile, Crypto currency Directory based services (Secure Cloud) Source: theclearinghouse.org The Payments Authority 2015 19

FRB Initiatives Strategies for Improving the U.S. Payment System Speed, Security, Efficiency, International and Collaboration The Faster Payments Task Force identify and evaluate alternative approaches for implementing safe, ubiquitous, faster payments capabilities Secure Payments Task Force to advise the Federal Reserve in its leader/catalyst and operator roles on payment security matters Source: fedpaymentsimprovement.org Remittance Coalition FRB Initiatives Small Business Payments Toolkit Remittance.coalition.smb@mpls.frb.org FedPayment Improvement Community Source: fedpaymentsimprovement.org The Payments Authority 2015 20

Tokenization Substituting a sensitive data element with a non sensitive equivalent, referred to as a token, that has no meaning or value. The token maps back to the sensitive data through a tokenization system, rendering tokens infeasible to reverse in the absence of the tokenization system (i.e. random numbers). The system must be secured and validated using security sound business practice, secure storage, audit, authentication and authorization. The tokenization system provides processing authority and interfaces to request tokens, or de tokenize back to sensitive data. Near Field Communications NFC is a form of contactless communication between devices like smartphones or tablets. Contactless communication allows a user to wave the smartphone over a NFC compatible device to send information without needing to touch the devices together. The Payments Authority 2015 21

International Connection The ACH Network currently supports usage of ISO 20022 payment remittance messages. ISO 20022 information standards widely used around the globe. NACHA developed an ISO 20022 Mapping Guide to help map ISO 20022 formatted payment messages to corresponding NACHA file formats. Three Models for P2P Payments The Payments Authority 2015 22

Convergence is Happening Account Opening Online Facetime Skype The Payments Authority 2015 23

Risk Management Considerations Determine if transfers are being originated with FIs RTN Ensure ACH rules and other regulatory compliance Update BSA risk matrix Discuss process with BSA Officer for OFAC considerations and money laundering issues Add process to the unusual activity report Implement FFIEC authentication and layered security procedures Review disclosures for transfer product Risk Management Considerations Review dollar limits for consumer wire transfers and Debit Card/ATM withdraw for consistency Implement dollar thresholds Restrict number of transfers per day Establish monitoring procedures for 2 day and extended return transactions. Consider delayed settlement for the credit offset. Add to vendor due diligence process Review vendor audits (ACH and SSAE 16) if applicable The Payments Authority 2015 24

Payments Innovation Reward Currency The Payments Authority 2015 25

Smart Card MCX Mobile Wallet The Merchant Customer Exchange (MCX), founded by Wal Mart, Target and a dozen more of the nation s largest retailers is developing a mobile application that will allow customers to pay for goods at participating stores' registers with their smartphones. MCX owner members operate more than 75,000 stores and process more than $1 trillion in payments annually. The app will also give users exclusive coupons and deals. The MCX wallet will be a cloud based system that relies on bar codes for consumers to conduct transactions. The Payments Authority 2015 26

Mobile Payments Apple Pay Samsung Pay Google Wallet Android Pay How will you serve them? They will not write checks They will not walk into a branch They will only do banking on their mobile devices. Apple Pay The Payments Authority 2015 27

What s a bank? Digital Natives Any where Any time Instantly The Payments Authority 2015 28

Getting Ready What topics are on your board s agenda? Does your FI have a product innovation taskforce? What s the strategic buzz in your office? How are you engaging the digital generation as potential account holders? Questions? The Payments Authority 2015 29

Contacts & Resources PYMNTS.COM on line news source. fedpaymentsimprovement.org Theclearinghouse.org Thepaymentsauthority.org The Payments Authority 2015 30

The Payments Authority 2015 31

Thank You! Adrian Brown, AAP Director of Education abrown@thepaymentsauthority.org 580 Kirts Blvd Suite 301 Troy, MI 48084 (800) 450-2508 info@thepaymentsauthority.org www.thepaymentsauthority.org 2015 The Payments Authority. All rights reserved. No part of this material may be used without the prior written permission of The Payments Authority. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind. The Payments Authority 2015 32

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback