Contents Getting Started Chapter 1 ACH Business Summary

Document Sample
Contents Getting Started Chapter 1 ACH Business Summary Powered By Docstoc
					                                                                      Contents


       About the Author ........................................................................................................................... iii
       Acknowledgements ......................................................................................................................... v
       How to Use This Manual.............................................................................................................. vii
       Summary Table of Contents ........................................................................................................ xiii



                                                               Getting Started


                                                           Chapter 1
                                                      ACH Business Summary


       ACH Business Summary ......................................................................................................... 1 — 2
         ACH and the Strategic Plan ............................................................................................... 1 — 2
         Senior Management Oversight ........................................................................................... 1 — 3
         Identification of Risk Factors ............................................................................................. 1 — 3
       ACH Business Summary Revision .......................................................................................... 1 — 3
         Change Can Mean New Risk Considerations .................................................................... 1 — 4
            Exhibit 1.1: Sample ACH Business Summary Documents .......................................... 1 — 7
            Exhibit 1.2: ACH Processing Risk Issues Checklist for Received
            ACH Transactions ....................................................................................................... 1 — 17
            Exhibit 1.3: ACH Processing Risk Issues Checklist for Originated
            Credit Transactions ..................................................................................................... 1 — 19
            Exhibit 1.4: ACH Processing Risk Issues Checklist for Originated
            Debit Transactions ...................................................................................................... 1 — 21
            Exhibit 1.5: ACH Risk Assessment Model ................................................................. 1 — 23




7/09                                                                         xv
ACH Transactions Risk Management




                                                           Risk Management


                                          Chapter 2
                     Risk Management for the Receiving Financial Institution


      ACH Business Summary ......................................................................................................... 2 — 1
      Cross-Channel Risk ................................................................................................................. 2 — 1
      Managing Risk Associated with ACH Rules Compliance ...................................................... 2 — 2
         Acceptance of ACH Transactions ...................................................................................... 2 — 2
         Prenotification Verification ................................................................................................ 2 — 3
         Processing Return Entries .................................................................................................. 2 — 5
         Processing Notifications of Change ................................................................................... 2 — 6
         Data Retention .................................................................................................................... 2 — 8
         Funds Availability for Consumer Credit Transactions....................................................... 2 — 9
         Funds Availability for Corporate Credit Transactions ..................................................... 2 — 10
         ACH Debit Transaction Posting ....................................................................................... 2 — 11
         Account Statement Descriptive Information .................................................................... 2 — 12
         Stop Payment Orders on Consumer Accounts ................................................................. 2 — 13
         Stop Payment Orders on Corporate Accounts.................................................................. 2 — 15
         Written Statement Under Penalty of Perjury .................................................................... 2 — 16
         Providing Payment Related Data When Requested ......................................................... 2 — 17
         UCC 4A Compliance ....................................................................................................... 2 — 18
         Audit................................................................................................................................. 2 — 18
         Data Security .................................................................................................................... 2 — 20
      Managing Third-Party Service Provider Relationship Risk .................................................. 2 — 21
      Compliance with Other Regulations That Affect ACH Transactions ................................... 2 — 21
      Annual ACH Audit ................................................................................................................ 2 — 22
      General ACH Processing Risk Management......................................................................... 2 — 22
         Hardware Failure Risk ..................................................................................................... 2 — 22
         Software Failure Risk ....................................................................................................... 2 — 23
         Telecommunication Failure Risk ..................................................................................... 2 — 23
         Power Failure Risk ........................................................................................................... 2 — 24
         Human Error Risk ............................................................................................................ 2 — 25
         Staffing Risk..................................................................................................................... 2 — 26
         Fraud Risk ........................................................................................................................ 2 — 27
            Internal Fraud Risk ..................................................................................................... 2 — 27
            External Fraud Risk .................................................................................................... 2 — 27
         Systemic Risk ................................................................................................................... 2 — 29
      Contingency Planning ........................................................................................................... 2 — 30
      Disaster Recovery.................................................................................................................. 2 — 31
         Excused Delay .................................................................................................................. 2 — 31



                                                                            xvi
                                                                                                                                         Contents




         Exhibit 2.1: Checklist for Developing Risk Management Policies for Receiving
         and Processing ACH Transactions .............................................................................. 2 — 33
         Exhibit 2.2: Checklist for Developing Risk Management Procedures for
         Receiving and Processing ACH Transactions............................................................. 2 — 35



                                  Chapter 3
            Risk Management for the Originating Financial Institution


ACH Business Summary ......................................................................................................... 3 — 1
Cross-Channel Risk ................................................................................................................. 3 — 2
ODFI/Originator Relationship Risk Management ................................................................... 3 — 2
   Underwriting/Approval Process ......................................................................................... 3 — 2
   ODFI/Originator Agreement .............................................................................................. 3 — 4
RISK Management Through ACH Rules Compliance............................................................ 3 — 5
   Agreements ........................................................................................................................ 3 — 7
   Exposure Limits ................................................................................................................. 3 — 8
   Data Security .................................................................................................................... 3 — 10
   Notifications of Change ................................................................................................... 3 — 12
   Permissible Return Entries ............................................................................................... 3 — 13
   Data Retention .................................................................................................................. 3 — 13
   Originator Responsibilities............................................................................................... 3 — 14
      Authorizations ............................................................................................................. 3 — 14
      Prenotifications ........................................................................................................... 3 — 16
      Return Entries ............................................................................................................. 3 — 17
      Notifications of Change .............................................................................................. 3 — 17
      Reversing Files and Reversing Entries ....................................................................... 3 — 18
      Internet-Initiated Entries ............................................................................................. 3 — 19
      Telephone-Initiated Entries ......................................................................................... 3 — 20
      Point-of-Purchase Entries ........................................................................................... 3 — 21
      Re-Presented Check Entries ........................................................................................ 3 — 22
      Accounts Receivable ................................................................................................... 3 — 23
      Back-Office Conversion Entries ................................................................................. 3 — 24
Risk Management Through Originator Funding Requirements ............................................ 3 — 25
   Originator Settlement Options ......................................................................................... 3 — 25
Risk Management Through Originator Balance Requirements............................................. 3 — 26
   Establishing Originator Balance Requirements ............................................................... 3 — 26
Return Entry Monitoring ....................................................................................................... 3 — 26
   Unauthorized Return Entry Reporting Requirements ...................................................... 3 — 27
Compliance with Other Regulations That Affect ACH Transactions ................................... 3 — 29
General ACH Processing Risk Management......................................................................... 3 — 30
   Hardware Failure Risk ..................................................................................................... 3 — 30
   Software Failure Risk ....................................................................................................... 3 — 31


                                                                   xvii
ACH Transactions Risk Management




         Telecommunication Failure Risk ..................................................................................... 3 — 31
         Power Failure Risk ........................................................................................................... 3 — 32
         Human Error Risk ............................................................................................................ 3 — 32
         Staffing Risk..................................................................................................................... 3 — 34
         Fraud Risk ........................................................................................................................ 3 — 34
            Internal Fraud Risk ..................................................................................................... 3 — 34
            External Fraud Risk .................................................................................................... 3 — 35
         Systemic Risk ................................................................................................................... 3 — 37
      Contingency Planning ........................................................................................................... 3 — 38
      Disaster Recovery.................................................................................................................. 3 — 39
         Excused Delay .................................................................................................................. 3 — 40
      Annual ACH Audit ................................................................................................................ 3 — 40
      Risk Management Reports for the Board of Directors .......................................................... 3 — 41
      ACH Operator Risk Controls ................................................................................................ 3 — 41
            Exhibit 3.1: Checklist of Risk Management Reports to Provide to the
            Board of Directors....................................................................................................... 3 — 43
            Exhibit 3.2: Checklist for Developing Risk Management Origination Policies ......... 3 — 45
            Exhibit 3.3: Checklist for Developing Risk Management Origination
            Procedures ................................................................................................................... 3 — 46
            Exhibit 3.4: Model ODFI/Originator Agreement........................................................ 3 — 47



                                                                  Chapter 3A
                                                                  Fraud Risk


      Internal Fraud Risk ...............................................................................................................   3A — 1
         Protect Physical Processing Area ....................................................................................              3A — 1
         Encrypt Transmitted Data ...............................................................................................           3A — 1
         Control and Test Software Changes ................................................................................                 3A — 2
         Protect Originator and Third-Party Sender Settlement Information ...............................                                   3A — 2
         Use ACH File Controls ...................................................................................................          3A — 3
             Schedule Originated Files ..........................................................................................           3A — 3
         Send File Acknowledgements .........................................................................................               3A — 4
         Balance Files Throughout Processing .............................................................................                  3A — 4
      External Fraud Risk ..............................................................................................................    3A — 5
         Know Your Customer or Member ..................................................................................                    3A — 6
         Controls for the Originator and Third-Party Sender .......................................................                         3A — 6
             Separation of Duties ...................................................................................................       3A — 7
             Controlled Access to Processing Area .......................................................................                   3A — 7
             Securely Stored Account Information........................................................................                    3A — 7
             Protection of Transmitted Data ..................................................................................              3A — 8
             Monitor Software Changes ........................................................................................              3A — 8
             ACH Network Fraud-Fighting Tools .........................................................................                     3A — 8


                                                                           xviii
                                                                                                                                       Contents




      Risk Controls Required for Internet-Initiated (WEB) Entries ................................... 3A — 8
Exposure Limits ................................................................................................................... 3A — 9
   Setting Exposure Limits ................................................................................................ 3A — 10
   Monitoring Exposure Limits ......................................................................................... 3A — 11
   Reviewing Exposure Limits .......................................................................................... 3A — 11
Controlling Incoming ACH Transaction Fraud .................................................................. 3A — 11
   ACH Block .................................................................................................................... 3A — 12
   ACH Receipt Authorization .......................................................................................... 3A — 12
   Reverse Positive Pay ..................................................................................................... 3A — 12
   Account Monitoring ...................................................................................................... 3A — 12
   Returning an Unauthorized ACH Debit ........................................................................ 3A — 12
Fraud Control Tips ............................................................................................................. 3A — 13



                                  Chapter 4
          Third-Party Service Provider Relationship Risk Management


RDFI/Third-Party Service Provider Relationship ................................................................... 4 — 1
   Risk in the RDFI/Third-Party Service Provider Relationship ............................................ 4 — 2
   RDFI/Third-Party Service Provider Relationship Risk Management ................................ 4 — 3
      Third-Party Service Provider as Receiving Point ......................................................... 4 — 3
      RDFI/Third-Party Service Provider Agreement ........................................................... 4 — 4
      Receipt of ACH Files .................................................................................................... 4 — 4
      Receipt of ACH Files and File Processing.................................................................... 4 — 5
      Receipt of ACH Files, File Processing and Exception Handling.................................. 4 — 6
Originating Depository Financial Institution/Third-Party Service Provider Relationship ...... 4 — 7
   Risk in the ODFI/Third-Party Service Provider Relationship............................................ 4 — 7
      Third-Party Service Provider as File Creator ................................................................ 4 — 7
      Third-Party Service Provider as File Creator and File Submitter ................................. 4 — 8
   Risk Management............................................................................................................... 4 — 9
      File Creation................................................................................................................ 4 — 10
      Exposure Limits .......................................................................................................... 4 — 10
      Office of Foreign Asset Control (OFAC) ................................................................... 4 — 11
      File Delivery ............................................................................................................... 4 — 11
      Data Security ............................................................................................................... 4 — 11
      Scheduling................................................................................................................... 4 — 12
      Contingency Plan ........................................................................................................ 4 — 12
      Authorized Sending and Receiving Point ................................................................... 4 — 12
      Agreements ................................................................................................................. 4 — 13
      File Creation and File Submission to ODFI................................................................ 4 — 13
      File Creation and File Submission to ACH Operator ................................................. 4 — 14
Third-Party Service Provider as Contingency Processor ...................................................... 4 — 15
Third-Party Service Provider Audit Requirements ............................................................... 4 — 16


                                                                   xix
ACH Transactions Risk Management




      Third-Party Service Provider as Vendor ............................................................................... 4 — 16
            Exhibit 4.1: Sample RDFI/Third-Party Service Provider Agreement for
            Receipt of ACH Files .................................................................................................. 4 — 18
            Exhibit 4.2: Sample RDFI/Third-Party Service Provider Agreement for
            Receipt and Processing of ACH Files ......................................................................... 4 — 20
            Exhibit 4.3: Sample RDFI/Third-Party Service Provider Agreement for
            Receipt and Processing of ACH Files and Exception Processing ............................... 4 — 23
            Exhibit 4.4: Sample ODFI/Third-Party Service Provider Agreement for
            File Creation and Submission to ODFI ....................................................................... 4 — 26
            Exhibit 4.5: Sample ODFI/Third-Party Service Provider Agreement for
            ACH File Creation and Submission to ACH Operator ............................................... 4 — 29
            Exhibit 4.6: Sample Risk Management Policy for RDFI/Third-Party Service
            Provider Relationship.................................................................................................. 4 — 32
            Exhibit 4.7: Sample Risk Management Policy for ODFI/Third-Party Service
            Provider Relationship.................................................................................................. 4 — 34



                                             Chapter 5
                          Third-Party Sender Relationship Risk Management


      Risk in the ODFI/Third-Party Sender Relationship ................................................................ 5 — 3
      Risk Management .................................................................................................................... 5 — 3
         Underwriting ...................................................................................................................... 5 — 4
         File Creation ....................................................................................................................... 5 — 4
         Exposure Limits ................................................................................................................. 5 — 4
         Settlement ........................................................................................................................... 5 — 5
         Office of Foreign Asset Control (OFAC) .......................................................................... 5 — 6
         File Delivery....................................................................................................................... 5 — 6
             Data Security ................................................................................................................. 5 — 6
             Scheduling..................................................................................................................... 5 — 6
             Contingency Plan .......................................................................................................... 5 — 7
             Authorized Sending Points............................................................................................ 5 — 7
         Risk Management Unique to the ODFI/Third-Party Sender Relationship ......................... 5 — 7
         Third-Party Sender Risk Management Through the NACHA Operating Rules ................ 5 — 8
         Agreement Between ODFI and Third-Party Sender .......................................................... 5 — 9
             File Submission to ODFI .............................................................................................. 5 — 9
             File Submission to the ACH Operator ........................................................................ 5 — 11
      Third-Party Sender Audit Requirements ............................................................................... 5 — 12
             Exhibit 5.1: Sample ODFI/Third-Party Sender Agreement When Files Are
             Submitted to ODFI ...................................................................................................... 5 — 13
             Exhibit 5.2: Sample ODFI/Third-Party Sender Agreement When Files Are
             Submitted to ACH Operator ....................................................................................... 5 — 17



                                                                           xx
                                                                                                                                            Contents




         Exhibit 5.3: Sample Risk Management Policy for ODFI/Third-Party
         Sender Relationship .................................................................................................... 5 — 21



                                                      Risk-Based Audit


                                           Chapter 6
                               What Every ACH Auditor Should Know


Participants in ACH Transactions ........................................................................................... 6 — 1
   Originator ........................................................................................................................... 6 — 2
   Originating Depository Financial Institution ..................................................................... 6 — 2
   Receiving Depository Financial Institution........................................................................ 6 — 2
   Receiver.............................................................................................................................. 6 — 2
   ACH Operator .................................................................................................................... 6 — 3
   Third-Party Service Provider ............................................................................................. 6 — 3
   Third-Party Sender ............................................................................................................. 6 — 3
ACH Transaction Types .......................................................................................................... 6 — 3
ACH Transation Standard Entry Class Code .......................................................................... 6 — 4
Additional Data Sent with an ACH Transaction ..................................................................... 6 — 4
Security of Banking Information in an ACH Transaction ....................................................... 6 — 4
Returned ACH Transactions.................................................................................................... 6 — 5
   Return Entry Time Frame .................................................................................................. 6 — 6
   Return Entry for Payment Stopped .................................................................................... 6 — 6
   Return Entry Time Frame for ACH Re-Presented Check Entries ...................................... 6 — 7
   ACH Adjustment Entry ...................................................................................................... 6 — 7
   ACH Adjustment Entry Return Time Frame ..................................................................... 6 — 8
   Written Statement Under Penalty of Perjury ...................................................................... 6 — 8
Uniform Commercial Code Article 4A ................................................................................... 6 — 8
Availability of Consumer Credits ............................................................................................ 6 — 9
Debit Posting ........................................................................................................................... 6 — 9
Periodic Statements ................................................................................................................. 6 — 9
Notifications of Change........................................................................................................... 6 — 9
Record Retention ................................................................................................................... 6 — 10
Regulation E .......................................................................................................................... 6 — 10
Agreements ............................................................................................................................ 6 — 10
Audit Requirements for Third-Party Service Providers ........................................................ 6 — 10
Audit Requirements for Third-Party Senders ........................................................................ 6 — 11
Exposure Limits .................................................................................................................... 6 — 11
Originator Audit Requirements ............................................................................................. 6 — 11
       Exhibit 6.1: What Every ACH Auditor Should Know Checklist................................ 6 — 12


                                                                     xxi
ACH Transactions Risk Management




                                                            Chapter 7
                                                      Risk-Based ACH Audit


      Audit Basics ............................................................................................................................ 7 — 1
        ACH Participants That Must Conduct an Audit................................................................. 7 — 1
        Audit Document Retention................................................................................................. 7 — 1
        Auditor Qualifications ........................................................................................................ 7 — 2
      Conducting a Risk-Based ACH Audit ..................................................................................... 7 — 2
        Audit Worksheets ............................................................................................................... 7 — 3
            Audit Worksheets Update ............................................................................................. 7 — 3
            Completing Audit Worksheets ...................................................................................... 7 — 4
            Make a Note of Contributors ........................................................................................ 7 — 4
            Retain Documents Copies ............................................................................................. 7 — 4
        Standards ............................................................................................................................ 7 — 5
        Sampling ............................................................................................................................ 7 — 5
        Rules Compliance Audit Requirements for All Financial Institutions ............................... 7 — 6
            Record Retention .......................................................................................................... 7 — 6
            Electronic Record Retention ......................................................................................... 7 — 7
            Audit Completion and Issue Resolution ....................................................................... 7 — 7
            Data Security ................................................................................................................. 7 — 8
            Payment of Fees ............................................................................................................ 7 — 9
            Rule Compliance Audit Requirements for the RDFI .................................................... 7 — 9
            Prenotifications ............................................................................................................. 7 — 9
            Acceptance of ACH Transactions ............................................................................... 7 — 10
            Availability of Credits................................................................................................. 7 — 11
            Posting of Debit Entries .............................................................................................. 7 — 12
            Periodic Statements ..................................................................................................... 7 — 13
            Returned Debit Entries ................................................................................................ 7 — 14
            Returned Credit Entries............................................................................................... 7 — 15
            Written Statement Under Penalty of Perjury .............................................................. 7 — 16
            Stop Payment Orders .................................................................................................. 7 — 17
            Stop Payment Order Placed on Source Document or Item (Adjustment Entries) ...... 7 — 18
            Notification Requirements for UCC Article 4A ......................................................... 7 — 19
            Notifications of Change .............................................................................................. 7 — 21
            Corporate Payment-Related Data................................................................................ 7 — 21
        Third-Party Service Provider as Receiving Point............................................................. 7 — 22
        Rules Compliance Audit Requirements for Originating Financial Institutions ............... 7 — 23
            Agreements ................................................................................................................. 7 — 23
            UCC Article 4A .......................................................................................................... 7 — 25
            Exposure Limits .......................................................................................................... 7 — 27
            Return Entries ............................................................................................................. 7 — 28
            Reversing Files and Entries......................................................................................... 7 — 29
            Back-Office Conversion Entry Originators ................................................................ 7 — 30
            Reporting to NACHA ................................................................................................. 7 — 30


                                                                           xxii
                                                                                                                                           Contents




      Notifications of Change .............................................................................................. 7 — 31
      Permissible Return Entries .......................................................................................... 7 — 31
      Originator Compliance................................................................................................ 7 — 32
  Review of the ODFI/Originator Agreement..................................................................... 7 — 35
  Review of ODFI/Third-Party Service Provider Relationship .......................................... 7 — 36
      ODFI/Third-Party Service Provider Agreement ......................................................... 7 — 37
      Third-Party Service Provider Audit ............................................................................ 7 — 37
  Review of ODFI/Third-Party Sender Relationship .......................................................... 7 — 38
      ODFI/Third-Party Sender Agreement ......................................................................... 7 — 39
      Third-Party Sender Audit ............................................................................................ 7 — 40
      Third-Party Sender/Originator Agreement ................................................................. 7 — 41
  Review of Policies and Procedures .................................................................................. 7 — 41
Audit Report .......................................................................................................................... 7 — 42
  Audit Scope ...................................................................................................................... 7 — 42
  Summary of Audit Recommendations ............................................................................. 7 — 43
  Audit Rating and Comments ............................................................................................ 7 — 43
  Date of Prior Annual ACH Audit ..................................................................................... 7 — 44
  Audit of Received and Originated ACH Activity ............................................................ 7 — 44
      Rules and Regulations Compliance ............................................................................ 7 — 44
  Review of Third-Party Service Provider and/or Third-Party Sender Relationship .......... 7 — 44
  Review of Policies and Procedures .................................................................................. 7 — 45
      Exhibit 7.1: Sample RDFI Audit Worksheet .............................................................. 7 — 46
      Exhibit 7.2: Sample ODFI Audit Worksheet .............................................................. 7 — 53
      Exhibit 7.3: Sample Audit Report for Receiving-Only Institution with No
      Exceptions ................................................................................................................... 7 — 60
      Exhibit 7.4: Sample Audit Report for Receiving-Only Financial Institutions with
      Exceptions ................................................................................................................... 7 — 62
      Exhibit 7.5: Sample Audit Report for Receiving and Originating Financial
      Institution with No Exceptions ................................................................................... 7 — 64
      Exhibit 7.6: Sample Audit Report for Receiving and Originating Financial
      Institution with Exceptions ......................................................................................... 7 — 68
      Exhibit 7.7: Sample Audit Report for Receiving-Only Financial Institution ............. 7 — 72
      Exhibit 7.8: Sample Audit Report for Receiving and Originating Financial
      Institution .................................................................................................................... 7 — 74




                                                                    xxiii
ACH Transactions Risk Management




                                               Regulation Risk Management


                                          Chapter 8
                   Rules and Regulations that Affect ACH Risk Management


      NACHA Operating Rules ........................................................................................................ 8 — 1
        ACH Rules Layout and Content......................................................................................... 8 — 2
            Understanding the ACH Network: An ACH Primer..................................................... 8 — 2
            Quick Find: A Reference Guide to the ACH Rules ...................................................... 8 — 3
            Revisions ....................................................................................................................... 8 — 3
            Operating Rules ............................................................................................................ 8 — 3
            Formal Interpretation of the NACHA Operating Rules ................................................ 8 — 5
            Schedule of Fees ........................................................................................................... 8 — 5
            Operating Guidelines .................................................................................................... 8 — 5
            Resources ...................................................................................................................... 8 — 6
            Instructions for Accessing ACH Rules Online ............................................................. 8 — 6
            Regional Payments Associations and Direct Members ................................................ 8 — 7
        ACH Rules Noncompliance Risk ....................................................................................... 8 — 7
            Initiation of Rules Enforcement Proceeding by a Participant ....................................... 8 — 7
            Initiation of Rules Enforcement Proceeding by NACHA ........................................... 8 — 10
        Action Process .................................................................................................................. 8 — 12
            Notice of Possible Rules Violation ............................................................................. 8 — 12
            Notice of Possible Fines.............................................................................................. 8 — 13
        ACH Rules Enforcement Panel ........................................................................................ 8 — 14
        Fines and Penalties ........................................................................................................... 8 — 14
            Class 1 Rules Violation ............................................................................................... 8 — 14
            Class 2 Rules Violation ............................................................................................... 8 — 15
            Class 3 Rules Violation ............................................................................................... 8 — 16
            Suspension .................................................................................................................. 8 — 16
        Disputes Involving ACH Transactions ............................................................................ 8 — 16
            Filing a Complaint ...................................................................................................... 8 — 17
            Dispute Classifications................................................................................................ 8 — 18
            Selecting Arbitrators ................................................................................................... 8 — 19
            Decision Process ......................................................................................................... 8 — 20
            Payment and Appeal ................................................................................................... 8 — 22
      Regulation E .......................................................................................................................... 8 — 22
        Federal Enforcement Agencies ........................................................................................ 8 — 23
        Disclosure of Information ................................................................................................ 8 — 24
        Periodic Statements .......................................................................................................... 8 — 24
        Authorizations and Consumer Notices ............................................................................. 8 — 25
        Consumer Liability........................................................................................................... 8 — 25
        Error Resolution ............................................................................................................... 8 — 26


                                                                          xxiv
                                                                                                                                            Contents




   Stop Payments .................................................................................................................. 8 — 27
   Notice of Debit Transactions Varying in Amount ........................................................... 8 — 28
   Notice of Preauthorized ACH Credits to Consumer Accounts ........................................ 8 — 28
   Record Retention .............................................................................................................. 8 — 29
   Receipts ............................................................................................................................ 8 — 29
   Electronic Communication Requirements........................................................................ 8 — 30
Uniform Commercial Code Article 4A ................................................................................. 8 — 30
   ACH Transactions Subject to UCC 4A ............................................................................ 8 — 31
   Financial Institution Compliance ..................................................................................... 8 — 31
   Amendment by Agreement or Application of ACH Rules .............................................. 8 — 31
   ODFI Risk Management .................................................................................................. 8 — 32
      Execution of an Entry by the ODFI ............................................................................ 8 — 32
      Acceptance of an Entry by the ODFI .......................................................................... 8 — 32
      Financial Institution as Originator’s Bank and Receiver’s Bank ................................ 8 — 33
      Cancellation and Amendment of Originated Entries .................................................. 8 — 35
      Liability for Erroneous Entries Transmitted by the ODFI .......................................... 8 — 35
      Liability of the Originator for Erroneous Entries ........................................................ 8 — 36
      Commercially Reasonable Security Procedures ......................................................... 8 — 36
   RDFI Risk Management .................................................................................................. 8 — 37
      Acceptance by the RDFI ............................................................................................. 8 — 37
      Availability of Funds by the RDFI ............................................................................. 8 — 38
      Notification to the Receiver by the RDFI of Receipt of Entry.................................... 8 — 38
   Choice of Law .................................................................................................................. 8 — 39
Office of Foreign Assets Control (OFAC) ............................................................................ 8 — 40
ACH OFAC Policy ................................................................................................................ 8 — 40
   ACH Participants Subject to OFAC ................................................................................. 8 — 41
   Knowledge of a Blocked Party......................................................................................... 8 — 41
   ODFI Risk Management .................................................................................................. 8 — 42
      Receiver Accounts at the ODFI .................................................................................. 8 — 43
      Inadvertent Origination of a Credit Entry to a Blocked Party..................................... 8 — 43
      Inadvertent Origination of a Debit Entry to a Blocked Party...................................... 8 — 43
   RDFI Risk Management .................................................................................................. 8 — 44
      Receiver Compliance .................................................................................................. 8 — 44
   Use of Third-Parties ......................................................................................................... 8 — 45
   Gateway Operator ............................................................................................................ 8 — 45
      ACH Operator ............................................................................................................. 8 — 45
      Financial Institution .................................................................................................... 8 — 46
   Reporting Requirements................................................................................................... 8 — 47
Regulation CC ....................................................................................................................... 8 — 47
Financial Institution Compliance .......................................................................................... 8 — 48
Regulation D.......................................................................................................................... 8 — 49
      Exhibit 8.1: Checklist for Preparing Risk Management Policies and Procedures
      to Ensure Regulation Compliance............................................................................... 8 — 52
      Exhibit 8.2: ODFI Risk Management Checklist for OFAC Compliance .................... 8 — 54
      Exhibit 8.3: RDFI Risk Management Checklist for OFAC Compliance .................... 8 — 56


                                                                     xxv
ACH Transactions Risk Management




                                                          Rules Enforcement


                                                Chapter 9
                                 Managing Risk Through Rules Enforcement


      Initiation of Rules Enforcement Proceeding by a Participant ................................................. 9 — 3
      Initiation of Rules Enforcement Proceeding by NACHA ....................................................... 9 — 5
      Action Process ......................................................................................................................... 9 — 6
          Notice of Possible Rules Violation .................................................................................... 9 — 6
          Notice of Possible Fines ..................................................................................................... 9 — 7
      ACH Rules Enforcement Panel ............................................................................................... 9 — 7
      Fines and Penalties .................................................................................................................. 9 — 8
          Class 1 Rules Violation ...................................................................................................... 9 — 8
          Class 2 Rules Violation ...................................................................................................... 9 — 9
          Class 3 Rules Violation ...................................................................................................... 9 — 9
              Suspension .................................................................................................................. 9 — 10
      Disputes Involving ACH Transactions .................................................................................. 9 — 10
          Filing a Complaint............................................................................................................ 9 — 11
          Dispute Classifications ..................................................................................................... 9 — 12
              Procedure A: Damages $250-$10,000 ........................................................................ 9 — 12
              Procedure B: Damages $10,000-$50,000 ................................................................... 9 — 13
              Procedure C: Damages $50,000+................................................................................ 9 — 13
          Selecting Arbitrators ........................................................................................................ 9 — 13
              Procedure A ................................................................................................................ 9 — 14
              Procedures B and C ..................................................................................................... 9 — 14
          Decision Process .............................................................................................................. 9 — 14
              Procedure A ................................................................................................................ 9 — 15
              Procedure B ................................................................................................................. 9 — 15
              Procedure C ................................................................................................................. 9 — 16
          Payment and Appeal ........................................................................................................ 9 — 16
              Procedures A and B .................................................................................................... 9 — 16
              Procedure C ................................................................................................................. 9 — 16
      Tips for Financial Institutions on Responding to Reports of Possible Rules Violations ....... 9 — 17



                                                                 Appendixes


                                                             Appendix A
                                                          Glossary of Terms

                                                                          xxvi
                                                    Contents




                  Appendix B
Regional Payments Association Contact Information


                Appendix C
       ACH Operator Contact Information


                   Appendix D
    Federal Reserve Bank Operating Circular 4


                  Appendix E
           Risk Management Guidance


                   Appendix F
       2006 Electronic Payments Network:
    Rules of Membership and Operating Rules


                  Appendix G
                   Resources




                       xxvii
ACH Transactions Risk Management




                                   xxviii

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:11
posted:11/27/2011
language:English
pages:14