UMACHA 2014; All rights reserved 2

Similar documents
Key Components of an RDFI. Mini Deck

5/2/2017. Mini Deck. Disclosure

Presented by: Jen Wasmund, AAP, NCP Vice President of Education and Compliance. Jordan Morell, AAP, NCP Associate Director of Education Services

Wire Transfer & ACH Origination. What will you learn? Wire Transfer Origination. After this course, you will be able to:

ACH FUNDAMENTALS: UNDER THE MICROSCOPE. Heather Spencer, AAP Implementation Coordinator, MY CU Services, LLC. Disclaimer

Get on First Base with Same-Day ACH Risks

2016 Annual ACH Audit CU*Answers

Glossary of ACH Terms

Authorizations & Agreements. Presented by Laura Nelson, AAP NCP Education Specialist/Auditor

Performed by: The Payments Authority, under the oversight of AuditLink. October 22, 2013

ACH Industry Update, Audit Weaknesses and Emerging Payment Trends

CORPORATE USER ACH QUICK REFERENCE CARD

NEACH Payments Management Conference ACH Credit Risk: Credits, Debits, Same Day

ACH Audit and Risk Assessment: Choose Your Own Adventure

2015 NACHA COMPLIANCE SUMMARY GUIDE

RISKS WITH SAME DAY ACH

Risks with Same-Day ACH. Presented by Kevin Olsen, AAP NCP Senior Vice President, Payments Education

Pain Points in the Rules Phase Two Request for Comment and Request for Information. Executive Summary and Rules Description June 27, 2011

Same Day ACH: Preparing for Debits. Presented by Laura Nelson, AAP NCP Education Specialist/Auditor

MEMORANDUM. December 7, CU*Answers Executive Council CU*Answers Board of Directors. From: Patrick Sickels Internal Auditor CU*Answers

Session 8: ACH. New York Bankers Association-Community Bank Auditors Group Internal Audit Training-June 6-8, 2016

ACH Management Policy

OBLIGATIONS OF ORIGINATORS

Payment System Rules and Regulations. What will you learn? After this course, you will be able to:

Same Day ACH: What Does It Mean to Your Financial Institution?

The Green Book & ACH Payments

UNDERSTANDING ACH First Tennessee Bank National Association. Member FDIC.

ORIGINATING ACH ENTRIES REFERENCE

ACH Credit a transaction through the ACH network originated to pay a receiver (deposit funds into an account).

Business to Business Payments

ACH Risk: Is It a Myth or Reality. Mary Gilmeister, AAP, NCP President WACHA Fred Laing, II, AAP, CCM, NCP President UMACHA

Directory of ACH Return Codes

ACH Originator Resources

The ACH Network: Progress and Pathways to Faster Payments

Account Disclosures. RDFI should review and update account disclosures to address:

Same-Day ACH A New Rule; A New World. August 21, 2015 Puerto Rico Same Day ACH Symposium

Managing Third Party Risk in the ACH Network

Commercial Banking Online Service Agreement

UCC 4A and the ACH Network. Presented by Wanda Downs, AAP Director of Payments Education

Copyright 2017 Lakeland Bank. All rights reserved. This material is proprietary to and published by Lakeland Bank for the sole benefit of its

Treasury Management Services Product Terms and Conditions Booklet

This is designed to provide those who are not familiar with the ACH Network with a basic understanding of the fundamentals of the ACH Network.

NACHA Operating Rules: What Do They Mean to You?

INTRODUCTION TO SAME-DAY ACH

Old Point ACH Services Annual Training 2014

International ACH Transaction (IAT) Exception Handling. Presented by Laura Nelson, AAP, NCP Auditor/Education Specialist

December 3, ACH Rulebook Subscribers. Cari Conahan, AAP Senior Director, Network Rules

New ACH Stop Payment and Written Statement of Unauthorized Debit Requirements

Navigating the ACH Rules

Same Day ACH, Third-Party Sender Registration and Other Payments Initiatives, Oh My! Discussion. Faster Payments. Central OK AFP March 23, 2017

Agenda. New ACH Stop Payment and Written Statement of Unauthorized Debit Requirements. ACH Stop Payment Requirements Regulation E

NACHA Rulemaking Process Update

REGULATION GG YOUR NEW OBLIGATIONS TO STOP UNLAWFUL INTERNET GAMBLING

P2P, A2A Payments: Perils to Protection. WACHA Conference 2016 Kimberly W. Rector, AAP

Treasury Management Services Product Terms and Conditions Booklet

CASH MANAGEMENT SCHEDULE. AUTOMATED CLEARING HOUSE SERVICES for Originators & Third-Party Senders

Same Day ACH: Moving Payments Faster

Automated Clearing House

Same Day ACH Transaction Risk

NOTICE OF AMENDMENT TO THE 2016 NACHA OPERATING RULES SUPPLEMENT #1-2016

ONLINE BANKING DISCLOSURE STATEMENT AND AGREEMENT

(For sweep accounts.) Total dividends earned as of the last day of the statement period. (For line of credit.) Amount advanced today.

Rabo Commercial Banking (RCB) Agreement

Paying the Employee Section 5

Treasury Management Services Product Terms and Conditions Booklet

NACHA Third-Party Sender Certification Program Criteria

Key Learning Points. Disclaimer. Compliance and Payments: A View of the Legal Framework. Lori Moore, CRCM ATTUS Technologies, Inc.

Key Information in Electronic Report Delivery (ERD) Reports - NOC

Applied Risk Management

Matching Payments to Services Delivered

21 Billion ACH Transactions: Yep, Something s Going to Go Wrong!!! WACHA Conference 2014 Kimberly W. Rector, AAP MACHA

Returns File Format. Revised 6/10/2010 Page 1 of 8

ACH Origination Agreement (Company) has requested that Easthampton Savings Bank (bankesb) permit it to initiate Entries to Accounts maintained at the

CARPENTERS COMBINED FUNDS ELECTRONIC FUNDS TRANSFER (EFT) AUTHORIZATION FORM Please print or type all required information.

ARE YOU READY FOR SAME DAY ACH??

Service Agreement. UltraBranch Business Edition. alaskausa.org AKUSA R 05/15

ACH Origination Agreement

Same Day ACH Progress Report Looking Ahead. Ryan Waterman, AAP, AVP, Risk & Regulatory Compliance

AUTOMATED CLEARING HOUSE (ACH) THIRD PARTY SERVICE PROVIDER ADDENDUM TO THE BUSINESS ONLINE USER AND ACCESS AGREEMENT

NACHA Operating Rules Update: Healthcare Payments

Enhancements to ACH Applications ARC, BOC, POP, TEL and XCK; Collection of Service Fees Request for Comment

March 1, NACHA OPERATING RULES AND GUIDELINES ERRATA #1

TREASURY MANAGEMENT MASTER AGREEMENT TERMS AND CONDITIONS

Country Bank Cash Management Agreement

New Rules & Faster Payments

INTERNATIONAL ACH TRANSACTIONS. IAT Scenarios Simplified

Same Day ACH: It s Here, You Need to Prepare

Automated Clearing House (ACH) Rules for Originators Trinidad and Tobago

Improving ACH Network Quality by Reducing Exceptions Request for Comment and Information

TREASURY MANAGEMENT. BBVA Compass net cash Conversion Training: Payments

Expanding Same Day ACH

IAT Modifications Proposed Modifications to the Rules August 15, 2012 ISSUE #1 - IDENTIFICATION OF COUNTRY NAMES WITHIN IAT ENTRIES

Electronic Payments and the ACH Network: Everything a Controller Needs to Know

UNFCU Digital Banking Agreement

OFAC Compliance Officer Responsibilities. OFAC Regulations. Transactions Subject to OFAC. Reviewed by and Date:

KEYBANK BUSINESS ONLINE PAY WITH ACH SERVICE

How to Ace Your BSA Exam & Risk Assessment

NACHA Requests for Comment on ACH Quality and Risk Management Topics and ACH Rules Compliance Audit Requirements

ACH Primer for Healthcare. A Guide to Understanding EFT Payments Processing

ecorp Online Banking Access Agreement

Transcription:

Mitch Kenady, AAP Compliance Services Specialist Dahlia Penland, AAP Compliance Services Specialist

Regional Payments Associations, through their Direct Membership in NACHA, are specially recognized and licensed providers of ACH education, publications and support. Regional Payments Associations are directly engaged in the NACHA rulemaking process and Accredited ACH Professional (AAP) program. NACHA owns the copyright for the NACHA Operating Rules & Guidelines. The Accredited ACH Professional (AAP) is a service mark of NACHA. DISCLAIMER: This presentation and applicable materials are intended for general education purposes and nothing in this presentation should be considered to be legal, accounting or tax advice. You should contact your own attorney, accountant or tax professional with any specific questions you might have related to this presentation that are of a legal, accounting or tax nature. UMACHA 2014; All rights reserved 2

Is your Financial Institution meeting all of the Appendix Eight requirements? Regular ACH Rules Compliance Audits and an ACH Risk Assessment of key processing areas will maintain your program in Rock Star form! UMACHA 2014; All rights reserved 3

» Common ACH Rules Compliance Audit Findings Potential Risk Non-Compliant Recommendations» Common ACH Risk Assessment Findings ACH Risk Areas Identified Recommendations» Tips for Your ACH Program Third-Party Senders (TPS) ACH Origination Agreements Audit Schedule and Perspective» Questions/Open UMACHA 2014; All rights reserved 4

General Audit Requirements Part 8.1 All Participating DFI Requirements Part 8.2 Requirements for RDFIs Part 8.3 Requirements for ODFIs Part 8.4 Best Practice Areas UMACHA 2014; All rights reserved 5

» Non-Compliant (NC) An annual audit has not been completed internally or by an external party Proof/Documentation is not retained for six years to support an audit which includes all Appendix Eight requirements, applicable to the Financial Institution» Recommendations (RC) Engage knowledgeable, independent staff or third-party to conduct the audit Secure all proof of audit completion electronically or in hard copy, in a manner that is readily accessible UMACHA 2014; All rights reserved 6

» Record Retention (NC) Detailed records not retained for the required six year period Paper entries damaged, destroyed, or location not identified Records not retained following a record retention system or core system change Only summary data is not available that is sufficient to recreate entries» Recommendations (RC) Periodically test ability to pull historical entries Ensure conversion process from former system allows access or provides copies of historical entries Understand available reports/ information in new system UMACHA 2014; All rights reserved 7

» Prenotification Entries (NC) Not reviewing Prenote reports Not responding to invalid entries timely or at all» Areas of Risk (AR) No procedures Dual control not in place» Recommendations (RC) Written procedures for handling prenotifications Dual control and review UMACHA 2014; All rights reserved 8

» Timely Returns (NC) Unauthorized Corporate ACH entries (CCD & CTX) returned untimely Return reason: R10 vs. R29» Recommendations (RC) Written procedures for handling returns for both consumer and nonconsumer entries Review of the Standard Entry Class (SEC) code prior to return UMACHA 2014; All rights reserved 9

» Stop Payment (NC) ACH Stop Payment entry returned untimely No or incomplete Stop Payment form on file Non-consumer Stop Payment request is not signed within 14 calendar days» Areas of Risk (AR) Forms not completed accurately Stop Payment not executed consistently with procedures and Rules Stop Payment placed for six months UMACHA 2014; All rights reserved 10

» Recommendations (RC) Written procedures for stop payment requests which include: a) Paper checks (consumer and corporate) b) Single and Recurring Consumer ACH account requests c) Single and Recurring Non-consumer account requests Training is key UMACHA 2014; All rights reserved 11

» Written Statement of Unauthorized Debit (NC) Unauthorized entries returned untimely Incorrect return reason code No WSUD or incomplete WSUD on file» Areas of Risk (AR) Forms not completed accurately WSUDs not executed consistently with procedures and Rules UMACHA 2014; All rights reserved 12

» Recommendations (RC) Written procedures for accepting and completing WSUDs which include: a) Differences between consumer and non-consumer b) Training on proper completion and use of WSUD form and procedures c) Conversation with customer Training is key UMACHA 2014; All rights reserved 13

» Origination Agreement (NC) Agreement not signed by both parties No agreement on file No identification of approved or restricted Standard Entry Class codes (SEC)» Recommendations (RC) Update agreements with ACH Security Framework provisions: a) Each Participating DFI, Third-Party Service Provider, and Third-Party Sender must establish, implement, and update data security policies, procedures, and systems related to the initiation, processing and storage of Entries and resulting Protected Information Execute Origination Agreements and retain on file Add attachment to include SEC approvals and/or restrictions UMACHA 2014; All rights reserved 14

» Exposure Limits (NC) Files being transmitted to the ACH Operator which exceed limits contained in the Origination Agreement a) Proper approval not received for over limit files b) No exposure limit review c) Origination files created by the Financial Institution and no restrictions enforced on the file totals When applicable, multiple-day settlement is not monitored UMACHA 2014; All rights reserved 15

» Areas of Risk (AR) Exposure limits are set too high or do not account for historical activity Periodic review of exposure limits not completed» Recommendations (RC) Consider historical data and volume when establishing limits Develop procedures to set consistent guidelines for approving ACH files that do not meet exposure criteria Ensure account relationship managers or loan officers are involved with decisions to mitigate risk UMACHA 2014; All rights reserved 16

» Originator/Third-Party Sender Obligations Originator/TPS not advised of improper ACH activity or Rule changes Incorrect use of: a) SEC codes b) Company Name Field c) Prenotification Entries» Areas of Risk (AR) ACH Policy is not followed for establishing procedures to notify Originators of their Rules responsibilities ACH Rules not provided or made available Formatting of origination files Company Name and SECs Periodic reviews or audits not completed UMACHA 2014; All rights reserved 17

» Recommendations (RC) On-site review/audit or self-assessment Open-house education session, newsletters, notices on website Periodic, random reviews of origination files In-person training of online origination service; provide User Guides Ready availability or access to current NACHA Corporate Rules UMACHA 2014; All rights reserved 18

» OFAC (AR) No written procedures for screening International ACH Transaction entries, including action to take if entry is determined to be a true hit Posting suspect/false positive IAT entries before final review this includes memo-posting No written Policy regarding receipt, return or origination of IAT entries» Recommendations (RC) Develop and implement procedures for handling IAT entries (received and originated) which includes suspending an IAT entry from being available to the account holder prior to final OFAC screening of suspect entries Incorporate receipt, return and origination of IAT entries into BSA/AML/OFAC policy UMACHA 2014; All rights reserved 19

» 31 CFR Part 310 (Federal Government Payments) (AR) No written procedures for handling Death Notification Entries (DNE) or Notices of Reclamation Failure to immediately return post-death Federal Government payments upon notice or constructive knowledge of death Misuse of return reason codes (R14 vs. R15)» Recommendations (RC) Develop and implement procedures for processing DNEs and Reclamations which include: flagging the beneficiary account, review of all account relationships the beneficiary has ownership in, notification to all appropriate staff, and the immediate return of all post-death benefit payments with the appropriate return reason code Knowledge of, and access to The Green Book http://www.fms.treas.gov/greenbook UMACHA 2014; All rights reserved 20

» File Delivery Methods (AR) No out-of-band authentication method, multifactor authentication system, or multilayered approach Dual control does not exist when processing or building ACH entries internally for corporate Originator» Recommendations (RC) Develop written procedures which include an out-of- band authentication for file deliveries Ensure dual control of ACH origination entries created on behalf of your Originator UMACHA 2014; All rights reserved 21

» In-House ACH Origination (AR) Transmitting B2B entries as consumer entries (PPD) No dual control on functions related to in-house origination entries» Recommendations (RC) Develop and implement procedures which require dual control on setup, maintenance and deletion of in-house ACH entries Assign appropriate SEC codes to all in-house ACH entries UMACHA 2014; All rights reserved 22

UMACHA 2014; All rights reserved 23

A Participating DFI must: a) conduct, or have conducted, an assessment of the risks of its ACH activities; b) implement, or have implemented, a risk management program on the basis of such an assessment; and, c) comply with the requirements of its regulator(s) with respect to such assessment and risk management program. (NACHA Operating Rules & Guidelines 2014, Article 1, Subsection 1.2.4) UMACHA 2014; All rights reserved 24

» ACH Risk Assessment Institutions have not conducted an ACH Risk Assessment yet a) Full assessment of the ACH Program both Receiving and Originating Activity b) An Enterprise-wide assessment may not incorporate all ACH processes c) Critical activity or changes in the ACH environment, services, or system did not result in a new or reviewed assessment» Recommendations (RC) Risk assessment should be based on the complexity of the environment and the requirements of your regulator Changes in the operating environment, emerging threats or losses incurred may be reasons to re-assess your ACH risk UMACHA 2014; All rights reserved 25

» Areas of Concern Incomplete or no risk assessment specific to the ACH program ACH Procedures not in place or outdated a) Have any of your systems changed? b) Have you had any staff turnover? ACH audit not completed annually according to Appendix Eight guidelines Board of Directors/Senior Management not informed regular, periodic reporting UMACHA 2014; All rights reserved 26

» Areas of Concern (cont.) Incomplete/Non-Compliant ACH Agreement for Originators and Third-Party Senders Unreasonable or not enforced ACH exposure limits Information System controls regarding ACH information a) Management, storage and destruction of non-public ACH information b) Network/workstation security at Originator site c) Training and awareness of information security practices for staff and Senior Management/Board of Directors Cross Channel Risk relative to ACH and overall credit exposure across an Originator s entire relationship (wire transfers, RDC, other payment products) UMACHA 2014; All rights reserved 27

» Board/Senior Management Reports ACH volumes received and originated ACH Originator listing including such things as exposure limits, transaction types, average file amount, return and NOC volumes Revenues and Expenses associated with ACH program Variances from prior reports» Regular review of agreements Updates as the Rules change (including Attachments)» Documented due diligence of Originators» Policy and Procedures How to establish ACH exposure limits How to monitor and enforce limits UMACHA 2014; All rights reserved 28

» Information System Controls Multifactor and multilayer controls within online banking Are Originators storing data securely in compliance with the ACH Security Framework Rule?» Monitor Cross Channel Risk Are you able to monitor customer activity across all access points?» Complete annual ACH audit Can proof of audit and supporting documentation be provided to NACHA? Are you reviewing this for TPSP and TPS relationships? UMACHA 2014; All rights reserved 29

» Update ACH policies and procedures Have you changed paper storage methods to electronic? Do your policies and procedures reflect the change?» Update risk assessment as needed Changes in core processing systems New products: online banking origination, remote deposit capture Acquisitions/mergers Staff turnover and loss of key employees» Ongoing education of staff and customer/members Webinars and in-person classes Review of rule changes Periodic emails containing the latest news and updates UMACHA 2014; All rights reserved 30

Depending on your size and ACH strategic plan, your ACH program may be easily managed, or may require analyzing many areas to create a strong program. Be sure to consider all areas of your Financial Institution!» Returns» Origination» Policies» Third-Party Service Providers» Exceptions» Procedures» Education» Training» Board Reporting» Exposure» Information Security» OFAC Compliance UMACHA 2014; All rights reserved 31

» Identify any Third-Party Senders ODFI s are responsible for all entries transmitted to ACH Operator Periodically check Company Name field for entries sent on behalf of Originators a) Do you see just the Company Name of your Originator OR is there a variety of Company Names? b) Multiple Company Names could mean entries are being sent for a Third-Party Sender If a Third-Party Sender relationship is discovered, (that you were not aware of), updates should be made to your KYC and CIP policy Third-Party Senders are required to do an annual ACH Audit UMACHA 2014; All rights reserved 33

Agreement here between parties similar to Co/ODFI agreement (as outlined in Article Two) Third Party Sender Agreement (Co/ODFI Agreement) Health Club Accounting Firm There is NO AGREEMENT (Relationship) between the Originator and the ODFI UMACHA 2014; All rights reserved 34

» ACH Originator / ODFI Agreement Periodic review of Origination Agreements to ensure meeting Rule Requirements and your Financial Institution s ACH policy Update File Delivery Methods - CURRENT Update Security Procedures - CURRENT Use ONE version of the ACH Origination Agreement UMACHA 2014; All rights reserved 35

» Audit perspective Schedule your annual audit a) 12 months does not have to pass between audits b) Audits can be done in December one year and January the following Make sure you give yourself as much time as you need to gather all necessary materials UMACHA 2014; All rights reserved 36

UMACHA 2014; All rights reserved 37

» Choose UMACHA to perform one or more of your Compliance needs ACH Audits ACH Risk Assessments Remote Deposit Capture (RDC) Risk Assessments Contact us today to receive a quote! UMACHA 2014; All rights reserved 38

» ACH Audit Guide on CD $75 Members/$150 Non-Members» ACH Risk Assessment Guide on CD $150 Members/$300 Non-Members» RDC Risk Assessment Guide on CD $150 Members/$300 Non-Members» Rules Review Guide for Originators $35 Members/$70 Non-Members» ACH Procedures Manual NEW! $175 Members/$350 Non-Members» ACH Procedures Manual Updates (3 Yr. Subscription) NEW! $150 Members/$300 Non-Members Be sure to visit the UMACHA booth to see our publications and place an order! UMACHA 2014; All rights reserved 39

» ACH Audit Compliance Webinar (2-Week Series)» ACH Risk Assessment Webinar (2 Week Series)» Un-Complicating Your Third Party Relationships Webinar» ACH Rule Changes for 2015 Webinar» ACH Stop Payments vs. Unauthorized Transactions Webinar» ACH Basics for the Non-ACH Person Webinar Members $300.00 Non-Members $550.00 Be sure to visit the UMACHA booth or our website www.umacha.org for details on upcoming dates for these webinars! UMACHA 2014; All rights reserved 40

UMACHA 2014; All rights reserved 41

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback