Authorizations & Agreements Presented by Laura Nelson, AAP NCP Education Specialist/Auditor
Audio Handouts Questions
Presented by: PAR/WACHA - The Premier Payments Resource Laura Nelson, AAP, NCP Education Specialist / Auditor 262-345-1245 or 800-453-1843 www.wacha.org lnelson@wacha.org 2017
Disclaimer WACHA, through its Direct Membership in NACHA, is a specially recognized and licensed provider of ACH education, publications and support. Regional Payments Associations are directly engaged in the NACHA rulemaking process and Accredited ACH Professional (AAP) program. NACHA owns the copyright for the NACHA Operating Rules & Guidelines. The Accredited ACH Professional (AAP) is a service mark of NACHA. This material is derived from collaborative work product developed by NACHA The Electronic Payments Association and its member Regional Payments Associations, and is not intended to provide any warranties or legal advice, and is intended for educational purposes only. This material is not intended to provide any warranties or legal advice, and is intended for educational purposes only. This document could include technical inaccuracies or typographical errors and individual users are responsible for verifying any information contained herein. No part of this material may be used without the prior written permission of WACHA/PAR 2017 PAR/WACHA All rights reserved
Agenda Overview of Originators/ODFI Agreements Authorizations
What is ACH Origination? The process of creating ACH entries pursuant to an authorization or agreement for submission through an Originating Depository Financial Institution to the ACH Operator
ACH Transaction Flow ORIGINATOR ODFI RECEIVER RDFI ACH Transaction Flow with Sending Point and Receiving Point ACH OPERATOR Sending Point Receiving Point
Article Two of the ACH Operating Rules Authorization between Originator & Receiver Complies with the Rules Contains required information Timeliness of Entries Secure transmission ODFI Warranties Verification of Identity of Originator/Third-Party Sender
ODFI Warranties ODFI warranties do not apply to goods or services ODFI warrants each entry transmitted by its Sending Point ODFI indemnifies every RDFI and ACH Operator for breach of warranty or failure to comply with Reg E
ODFI Warranties Liability for Breach of Warranty Simply Each ODFI breaching any of the preceding warranties shall: Indemnify every other ACH participant and all claim, demand, loss, liability, or expense, including attorney s fees and costs that result directly or indirectly from the breach of warranty or the debiting or crediting of the entry to the Receiver s account This indemnity also includes, in the case of a consumer account and the failure to comply with the EFTA or Regulation E Pay any and all fines from ACH rules violations
As an ODFI, you are liable to everything you release into the ACH Network If the fist 8 digits of the trace number are from your FI, your FI is the ODFI and therefore LIABLE!
Agreements Agreement with the operator Participant Agreement Third-Party Processor Agreement Sending Point Agreement Originator/ODFI Agreement ACH Origination Agreement Third-Party Sender Agreement Third-Party Sender Agreement ACH Origination Agreement
Third Party Service Provider An entity other than an Originator, ODFI, or RDFI that performs any functions on behalf of the Originator, the ODFI, or the RDFI related to the ACH processing of entries, including but not limited to, creation of ACH files or acting as a Sending Point or Receiving Point on behalf of a Participating DFI Data Processing Service Correspondent Bank Payroll Service Company
Third Party Service Provider Agreement Agreement between an ODFI/RDFI and the provider who processes, transmits or receives ACH entries on their behalf The ODFI and RDFI are still the responsible parties they hold the warranties and liabilities Addresses updates for compliance with ACH rules, all federal regulations and state laws Annual Audit requirements
LIABILITY The Originating Depository Financial Institution is LIABLE even if a third-party provider is used!
Agreement with The ACH Operator Federal Reserve Bank or Electronic Payment Network Ensure authorized personnel are still employed at the FI
Originator/ODFI Agreements Legal Agreement Between Originator and ODFI Designed to protect both parties Defines relationship Identifies processing requirements Establishes liability and accountability: who is responsible?
Originator/ODFI Agreements The Originator and ODFI have entered into an agreement under which the Originator agrees to be bound by the ACH Rules and acknowledges that entries will not be initiated that violate the laws of the United States and OFAC
Office of Foreign Asset Control - OFAC Specially Designated Nationals List (SDN) Originator may not initiate transactions that violate OFAC ODFI must check all originators against SDN list Penalties include prison and fines ($1,000,000) https://www.treasury.gov/about/organizational-structure/ offices/pages/office-of-foreign-assets-control.aspx
Comply with the ACH Rules How does the ODFI ensure that the originator knows the rules Supply a corporate edition of the ACH Rules Inform them that a copy of The Rules is available for their use Convey all rule changes to the Originators on a timely basis How you make the rules available should be addressed in your agreement
Originator/ODFI Agreements Defines parameters of relationship between parties Financial Institution Obligations Establishes Liability and Accountability Transmittal of Entries Format, medium, timing etc. Balanced vs unbalanced files Prenote requirements Company s Representations, Warranties and Agreements Each entry is authorized Timely & accurate Not re-initiated in violation of the rules
Originator/ODFI Agreements Level of Security Other Data Breach provisions SEC Codes & Authorization requirements 2 year retention Settlement/account requirements Prefunding Funding method; maintain balances; nonsufficient funds Provisional Credit Notice/UCC4A Funds availability (debit entries) Open of business, upon finality, hold for returns Exposure Limits Due Diligence
Originator/ODFI Agreements Cancellation, Amendment or Rejection of Entries Right of ODFI to reject entries Timeframe for notifying Originator of rejected file or entry Timeframe for remaking files or entries Delays in processing Reversals Notice of Returned Entries & Notification of Change Entries Returned as Unauthorized Unauthorized Return Rate in Excess of 1% Upcoming Same Day Options
Originator/ODFI Agreements Periodic Statements Requirements to reconcile account Fees Rules Enforcement Inconsistency of Name and Account Number Third-Party Sender restrictions Contingency plan Rules Compliance Review-Right to Audit
Originator/ODFI Agreements These three issues are required to be addressed in ACH Originator Agreements signed or renewed after June 18, 2010 The right of the ODFI to terminate or suspend the Originator The ability to audit the originator Any restrictions on the types of transactions allowed
Originator/ODFI Agreement Attachments Delivery of Files Location Format Acknowledgement Timing SEC Codes supported Additional details or restrictions for ARC, BOC, IAT POP, RCK, WEB and TEL Same Day Option Exposure Limits Security/Transmittal Procedures UCC4A requires the originators and the ODFI agree upon security procedures that will detect duplicate or erroneous files Fees/Pricing (outlined in detail) Authorized Representatives/Signers
IAT Origination Agreements Cannot contract away liability for OFAC compliance ODFIs must review all current agreements and make necessary revisions to comply with IAT rules Originators May want separate agreement for each country Separate Exposure Limits for IAT entries Third-Party Service Providers Agreement with Gateway Operator Authorization from FI customers Where the FI is the Originator
Third Party Sender ODFI Co/IDFI agreement ABC Company Hardware Store Payroll Company No agreements with originators Grocery Bike shop Church Dry Cleaner Day Care
ACH Transaction Flow Third Party Sender RECEIVER ORIGINATOR Agreement Payroll processor Third Party Sender Agreement ODFI Third Party Sender s FI ORIGINATOR s FI NO Agreement RDFI ACH OPERATOR
Third Party Sender Agreement Similar to the Originator/ODFI agreement Authorizes sender to submit entries on behalf of the Originator Bound to ACH Rules and comply with US Law Must make payment to ODFI no matter what Exposure Limits Determines liabilities & warranties Third Party Sender assumes ODFI liabilities
Third Party Sender Agreement Statement that Third Party Sender will provide the ODFI a list identifying the Originators Who have agreements with 3 rd party sender Know your customer s customer (KYCC) ODFI should request list on regular basis Audit Requirements
ALL Origination Agreements Ensure they are all signed by the Originator and the ODFI Ensure that what is in the agreement is what is being done Store entire agreement including addenda records
Authorizations
Authorizations All Authorizations must be Clear and Readily Understandable If it s not clear and readily understandable, it s not authorized
Consumer Authorization for PPD Entry Must be recognizable as credit or debit authorization Signed or Similarly Authenticated Written authorization is optional for PPD credit entries Clearly state terms of authorization Include company name If recurring, state frequency and amount for debits Contain name, account # and type, routing number Terms and instructions on revoking authorization for electronic payment Consumer to receive a copy
Examples of PPD Entries Eagle Banks pulls money from Jason s checking account at Cardinal Credit Union to pay Jason s car loan at Eagle Bank Jason signs the debit authorization Jason receives his payroll through a direct deposit from his employer Jason may or may not have signed an authorization
Changes to Original Authorization Change in Date The company must notify the receiver 7 days prior to the date of the debit Change in Dollar Amount The company must notify the receiver 10 days prior to the date of the debit Receiver can choose a specific range with no notice
Sample Authorization I authorize (COMPANY NAME) to initiate entries to my checking/savings account. This authority will remain in effect until I notify you in writing to cancel it in such time as to afford the company a reasonable opportunity to act on it. I can stop payment on any entry by notifying my financial institution 3- days before my account is charged. (NAME OF FINANCIAL INSTITUTION) (BRANCH) (CITY) (STATE) (ZIP CODE) (SIGNATURE) (DATE) (NAME PLEASE PRINT) (ADDRESS - PLEASE PRINT) Account No. Checking Savings Financial Institution Routing Number RETAIN FOR YOUR RECORDS On I authorized (DATE) (COMPANY NAME) Phone ( ADDRESS) to initiate electronic entries to my checking/savings account and have agreed to the terms listed on the authorization. I may revoke my authorization with you at any time by writing to the address above. Initial payment amount: $ Regular payment date (if payment amount changes we will notify you at least 10 days before the regularly scheduled payment date)
Authorization for all ACH Entries Originator is responsible for authorization Securing Retention Must retain for 2 years after termination or revocation of authorization
Authorization for CCD & CTX Trading Partner Agreements Agreements between entities that spell out exactly how the transactions will be executed No specific format requirement ODFI must have Originator s contact information that can be used for inquiries about authorization of Entries. Originator s name, and phone number or email address for inquiries regarding authorization of Entries
A Source Document Once a check has been converted to an ACH entry, the check itself is referred to as a Source Document
Accounts Receivable Entry (ARC) Enables an Originator to convert a check received via the U.S. mail, at a dropbox, or at a manned bill payment location into a single-entry ACH debit for the payment of goods or services Originator retains the check
ARC Source Document Be completed and signed by the consumer Contain pre-printed serial number Less than $25,000 Does not contain an Auxiliary-On-Us field MICR line information captured via scanner/reader
Auxiliary On-Us field
ARC Authorization Notification is required prior to acceptance of check NO written authorization required Prior to receipt of source document used for an ARC entry, notice must be provided in a clear and conspicuous manner When you provide a check as payment, you authorize us either to use the information from your check to make a one-time electronic fund transfer from your account or to process the account as a check transaction. *Language taken from Regulation E
Accounts Receivable Entry Receiver MICR Information Captured Company office (Mail or Drop Box) ACH Debit ACH Debit Electronic Network Payor s Bank ODFI
Back Office Conversion Entry (BOC) Check converted to a single entry ACH debit during back office processing: accepted at the point-of purchase, or manned bill payment locations Originator retains the check
BOC Source Document Single Entry Debit Transaction Be completed and signed by the consumer Contain pre-printed serial number Less than $25,000 Does not contain an Auxiliary-On-Us field MICR line information captured via scanner/reader
BOC Authorization Authorization obtained via notice and receipt of the check (source document) Notice posted in prominent and conspicuous location AND copy of notice provided to the Receiver at the time of the transaction Prior to receipt of source document used for an BOC entry, notice must be posted in a prominent and conspicuous location When you provide a check as payment, you authorize us either to use the information from your check to make a one-time electronic fund transfer from your account or to process the account as a check transaction. For inquiries, please call <Retailer phone number>. *Language taken from Regulation E
Back Office Conversion Receipt handed back Check presented in person ODFI MICR Information Captured @ Grocery Store back office RDFI ACH Debit ACH Debit Electronic Network
Point-of-Purchase Entry (POP) Used to initiate a single entry ACH debit to a Receiver s account for inperson purchases made at the point of purchase
POP Source Document Contain pre-printed serial number Less than $25,000 Does not contain an Auxiliary-On-Us field MICR line information captured via scanner/reader
POP Authorization Posted Notice PLUS Written authorization required Written authorization should indicate that the check will not be processed Prior to receipt of source document used for an POP entry, notice must be posted in a prominent and conspicuous location When you provide a check as payment, you authorize us either to use the information from your check to make a one-time electronic fund transfer from your account or to process the account as a check transaction. *Language taken from Regulation E
POP Consumer take away Copy of the authorization, voided check, and receipt must be given to the consumer/business Receipt must contain: Merchant name Merchant telephone number Merchant number (or other unique number that identifies the location of the transaction) Date of transaction Amount of transaction Check serial number Terminal City and State
Point-of-Purchase Check presented in person MICR Information Captured @ grocery store Authorization Signed Check and Receipt handed back ODFI RDFI ACH Debit ACH Debit Electronic Network
Re-Presented Check Entry (RCK) Used to transmit a single entry ACH debit in place of a paper check after the paper check has been returned for insufficient (NSF) or uncollected funds
RCK Source Document Consumer Check Contain pre-printed serial number Less than $2,500 Must indicate NSF or Uncollected Funds on face Must be dated 180 days or less from date of RCK entry
RCK Authorization Notification required prior to acceptance of check No written authorization required. Notice and Receipt of Check=Authorization RCK Sample Notice If you pay for your purchase with a check and this check is returned to us for NSF or Uncollected funds, we will process future presentations as ACH transactions
Internet-Initiated Entry (WEB) Consumer entry Debit or credit Single Entry or Recurring WEB-S WEB-R P2P
WEB Debit Authorization Entry to a consumer account initiated by an Originator pursuant to an authorization obtained from the Receiver via the Internet If authorization is recurring, must provide a way to revoke the authorization Hard copy
WEB Debit Authentication Authentication of Receiver Proves Identity of the consumer Multi-Factor PIN, Shared Secret, Biometrics, Tokens, Pass mark. Method in which an Originator can be assured of the identity of the consumer Protects merchant from fraudulent transactions Protects consumer from unauthorized use of account information Can have authentication without authorization, but not authorization without authentication
Telephone-Initiated Entry (TEL) Consumer entry Debit only Single or recurring entry Entry where consumer provides authorization orally over the telephone Initiated when there is: The consumer has initiated the phone call OR An existing relationship between the Originator and consumer
Authorization TEL Authorization One Time = Recorded OR Written Notice Recurring = Recorded AND Written Notice must be sent to Receiver Valid authorization requires Originator to clearly state that consumer is authorizing an ACH debit, and clearly express terms of authorization
TEL Transactions At minimum, the Originator must disclose the following information: Date on or after which the consumer s account will be debited Amount of the debit entry Consumer s name Telephone number for customer inquiries Date of oral authorization Statement of Originator that consumer s authorization will be used to originate ACH debit entry
Destroyed Check Entry(XCK) Any lost or destroyed check under $2,500 ODFI initiates entries to collect cash letters which are lost or destroyed Can be used for non-imageable items Creator has extra warranties and limitations RDFI may choose not to accept any XCK entries 60 day right of return
QUESTIONS
AAP Continuing Education Credits Authorizations and Agreements (Date) This session is worth 1.6 credits (Keep this for your records)
Resources WACHA- The Premier Payments Resource PAR- Payment Advisory Resource HELP DESK Phone: 262-345-1245 Toll Free: 800-453-1843 Fax: 262-345-1246 info@wacha.org
Laura Nelson, AAP, NCP Lnelson@wacha.org Upcoming WACHA events with CBANC Education: Reg E for Debit Cards Reg CC 2018 ACH Rules Update M 10/23 at 1pm CT/2pm ET Th 10/26 at 1pm CT/2pm ET Th 11/9 at 1pm CT/2pm ET