ACH Operations Bulletin #2-2013



Similar documents
ACH Operations Bulletin #1-2014

ACH Origination File System Changes

Q2: What return codes are included in the Unauthorized Return Rate Threshold?

ACH Network Risk and Enforcement Topics

Third-Party Sender Case Studies: ODFI Best Practices to Close the Gap An ACH Risk Management White Paper

ACH Network Risk and Enforcement Topics Request for Comment and Request for Information. Executive Summary and Rules Description November 11, 2013

January 13, Maribel Bondoc Manager, Network Rules NACHA, The Electronic Payments Association Sunrise Value Drive Herndon, VA 20171

2015 NACHA Rules, Same Day ACH and Regulation E Changes

O OCC BULLETIN OCC Automated Clearing House Activities. Risk Management Guidance

Third Party Payment Processors Job Aid

Increasingly community banks are turning to

Automated Clearing House

Managing your community bank s ACH and demand draft risk By George F. Thomas

Request for Comment on Proposed NACHA Rules to Improve ACH Network Quality

Identifying Key Risk Indicator

Treasury Management Services Product Terms and Conditions

Know Your Customer & Know Your Customer s Customers (KYCC) BITS ACH Fraud Risk Subgroup Presented by George Thomas November 19, 2008

August 2, Dear NACHA Voting Member:

ACH and Third Party Payment Processors

Third-Party Senders Risks and Best Practices

Payment Systems: Regulatory Interest in Payment Processors, Faster Payments, and Related Consumer Protections

Industry Update & New Rules. Stephanie Schrickel, AAP Director, emarketing EastPay. All Rights Reserved 1 EASTPAY

ACH Transactions

Section E Electronic Items

Payment Processor Relationships Revised Guidance

.>'-" '-' <. The. ,,..,..~ Clear1ngHouselM. At the Center of Banking Since May 2, 2014 BY COURIER AND ELECTRONIC DELIVERY

Important ACH Rules Changes Effective September 18. Complying with the New Return Percentages

QUICK GUIDE Automated Clearing House (ACH) Rules for ACH Originators

GUIDANCE ON PAYMENT PROCESSOR RELATIONSHIPS (Revised July 2014)

THIRD PARTY PAYMENT PROVIDERS

NACHA and the ACH Network: What You May Not Know

ACH Internal Control Questionnaire

Don t Originate in the Dark: Shine Some Light on Your Third-Party Senders and Their Originators

SERVICE RULES. Deposit Plus User Agreement. ACH Origination Services Agreement. ACH Positive Pay Services Agreement

Knowing your customers and their customers and their customers and so on and so on

FDIC Updates Guidance on Payment Processor Relationships

NACHA Return Codes. The available and/or cash reserve balance is not sufficient to cover the dollar value of the debit entry.

echeck.net Developer Guide

Risk Management of Remote Deposit Capture

PAYROLL SERVICE AGREEMENT. On this day of, 2016, this PAYROLL SERVICE AGREEMENT. ( Agreement ) is entered into by and between ("EMPLOYER")

E-Sign and Online Banking Disclosure. E-Sign Disclosure

Bill Payer Services Agreement

This presentation was originally given by:

Money One Federal Credit Union Pocket 2 Pocket Service E-SIGNATURE AND ELECTRONIC DISCLOSURES AGREEMENT

The New NACHA Rules & Regulatory Compliance. Marsha Jones, TPPPA Bonnie Finley, EFT Network Kirk Chewning, Strategic Link Consul@ng

Third-Party Payment Processing and Financial Crimes March 14, 2012

Please fax, or snail mail all five pages back to us at the above as soon as possible or by May 17 th at the latest.

HERITAGE TRUST FEDERAL CREDIT UNION ONLINE SERVICES ON LINE BANKING AND BILL PAYMENT AGREEEMENT AND DISCLOSURE

itransact Payment Facilitator User Agreement

Emerging ACH Issues. Florida Bankers Association 30 th Annual Consumer Compliance Seminar Orlando, Florida April 29- May 1, 2015

ACH GUIDE ACH PARTICIPATION

WEB ACH Primer. Receiver The person (for WEB transactions this must be a human being) who owns the bank account being debited.

External Funds Transfer Disclosure

Boss Revolution Direct to Consumer U.S. Website. Terms of Use for Non-Regulated Products and Services that IDT Distributes

echeck.net Developer Guide

Attachment E. BUSINESS DAY - A calendar day other than a Saturday, Sunday, or Federal holiday.

You may have to accept additional terms and conditions for certain services you may wish to utilize within the Account Center.

echeck.net Operating Procedures and User Guide

Directions Credit Union CUOnline (Online Banking), edocuments and Bill Pay Services Agreement and Disclosures

Unlawful Internet Gambling Enforcement Act of 2006 Overview

STATEMENT STUART F. DELERY ASSISTANT ATTORNEY GENERAL CIVIL DIVISION

AIM for Success and Effectively Manage High Risk Originators

MOBILE DEPOSIT AGREEMENT AND DISCLOSURE ONLINE BANKING AGREEMENT ADDENDUM

ACH TERMS AND CONDITIONS

Operational Means to Fraud Mitigation and BSA/AML Compliance

Standard Merchant Acquisition Conditions. writing (whether in the Merchant Agreement Form or otherwise) to effect and complete CNP Transactions.

5500 Brooktree Road, Suite 104 Wexford, PA AN OVERVIEW OF ACH COPYRIGHT 2013, PROFITUITY, LLC

ACH Training. Automated Clearing House

ACH Audit Guide Step-by-Step Guidance and Interactive Form For Internal ACH Audits Audit Year 2015

Bank-to-Bank Transfer Service Agreement

Business Mobile Deposit Capture Terms & Conditions

- 0 - Terms and Conditions for BUSINESS INTERNET BANKING SERVICES

Service Agreement. UltraBranch Business Edition. alaskausa.org AKUSA R 05/15

ELECTRONIC SERVICES AGREEMENT

DEBIT CARD & ELECTRONIC FUNDS TRANSFER DISCLOSURE

IDENTITY THEFT PROCEDURES

NCI BUILDING SYSTEMS, INC. FOREIGN CORRUPT PRACTICES ACT POLICY STATEMENT AND COMPLIANCE GUIDE

Same Day ACH Proposed Modifications to the Rules 1

CONSOLIDATED COMMUNITY CREDIT UNION ONLINE BILL PAY BILL PAYMENT AGREEMENT & DISCLOSURES

Sole Ownership Partnership Corporation Part A. General Information

ADDITIONAL USERS: The Administrator may add or delete additional users at any time utilizing the internet banking system.

BUSINESS INTERNET BANKING ENROLLMENT

FORTE PAYMENT SYSTEMS, INC. TERMS AND CONDITIONS

MERCHANT SERVICES AGREEMENT

360 Degrees: Regulating Payday Lending from All Angles By Christopher Dye, Senior Compliance Counsel, Harland Financial Solutions

Deposit funds to your Checking and Share accounts (At deposit taking ATM locations).

SecureCheck Service Agreement

ENT FEDERAL CREDIT UNION FUNDS TRANSFER AGREEMENT AND NOTICE

GUIDANCE FOR MANAGING THIRD-PARTY RISK

PLEASE CAREFULLY REVIEW THESE TERMS AND CONDITIONS BEFORE PROCEEDING:

CCH Small Firm Services 2008 License Agreement for Online Applications Terms and Conditions

Managing TPPPs and TPSs in the Current Regulatory Environment

Direct Deposit of IRS Tax Refunds Resource Page

TTCU THE CREDIT UNION

To: Our Clients and Friends March 25, 2014

1476 South Major Street, SLC, Utah Office/ Fax

Chapter 24 Title Lending Registration Act. Part 1 General Provisions

Office of Inspector General Evaluation of the Consumer Financial Protection Bureau s Consumer Response Unit

The London School of Architecture Website Terms & Conditions

SuitePAY Global Payment Processing

Transcription:

ACH Operations Bulletin #2-2013 High-Risk Originators and Questionable Debit Activity March 14, 2013 EXECUTIVE SUMMARY Recent press reports have inaccurately stated that some Receiving Depository Financial Institutions (RDFIs) have colluded with payday lenders to enable allegedly unlawful activity when RDFIs honor ACH debits to consumer accounts. This ACH Operations Bulletin addresses the applicability of the NACHA Operating Rules (NACHA Rules) to such questionable debit activity, and highlights the roles and responsibilities of both Originating and Receiving Depository Financial Institutions. 1 In the circumstances described in these articles, the RDFI has no relationship with the Originator of the ACH debit, and has no basis or information to make an independent judgment as to whether any specific transaction was properly authorized and relates to a bona fine, legal transaction. The RDFI becomes aware of questionable debit activity when it is contacted by its customer. The NACHA Rules provide a mechanism for a consumer to dispute the validity of an ACH debit, and then to be properly re-credited. This existing mechanism shifts the financial burden back to the Originating Depository Financial Institution (ODFI) of the ACH debit, appropriately placing the burden on the party that warranted the validity of the debit in the first place. Once the consumer is re-credited, any further dispute between the consumer and the business (such as a payday lender) about the purpose and validity of a debit is determined outside of the ACH system. In short, the articles fundamentally mischaracterize the nature of financial transaction processing through the ACH Network, and the responsibilities and obligations of participating Depository Financial Institutions. In fact, consumers have significant protections provided by Regulation E and the NACHA Rules, and are much better insulated against questionable transactions through the ACH Network than when third parties use remotely created checks to debit consumers accounts. 2 Despite the inaccuracies in these recent articles, they do serve as a reminder of the role of ODFIs as the gatekeepers of the ACH Network. This ACH Operations Bulletin is intended to provide guidance to both ODFIs and RDFIs on their rights and obligations within the ACH Network to 1 Financial institutions also have obligations under Regulation E for electronic transactions to consumer accounts. This Operations Bulletin is not intended to cover those obligations (please refer to Regulation E; an online link is included on Page 5 of this Bulletin). In many cases, the NACHA Rules give effect to the consumer s rights under Regulation E for electronic transactions that are processed over the ACH Network. 2 In some cases, high-risk merchants utilize remotely created checks to debit consumers accounts in order to avoid the requirements and the enforcement mechanisms of the NACHA Rules.

March 14, 2013; Page 2 help address potentially illicit activity, and to briefly summarize some sound practices. RDFIs that detect a pattern of unauthorized transactions from a single Originator, or that have customers that experience unauthorized debit activity, can contact the ODFI(s) for additional information and their Regional Payment Association for guidance, and also can use NACHA s National System of Fines to pursue an action against the ODFI(s). ODFI RESPONSIBILITIES AND PRACTICES ODFIs are the gatekeepers of the ACH Network. 3 As the party that enables an Originator to present debit Entries into the ACH Network, an ODFI must enter into an Origination Agreement with each Originator for which it processes ACH transactions, or have an arrangement with a Third Party Sender that has such an Origination Agreement. 4 In doing so, the ODFI undertakes critical responsibilities under the NACHA Rules that reflect the reliance of the ACH Network on appropriate underwriting and monitoring of Originators by ODFIs and the third parties with whom ODFIs have ACH origination arrangements. Most importantly, each ODFI is responsible for the valid authorization of every ACH debit processed in its name a core principal enshrined in the ODFI warranty that the Entry has been properly authorized by the Originator and the Receiver in accordance with these Rules. 5 In the case of authorizations from consumers, the NACHA Rules are explicit that, among other things, the authorization must be readily identifiable as an authorization and have clear and readily understandable terms. 6 If a purported authorization is invalid under applicable law, it does not meet this standard. 7 If an unauthorized debit Entry is processed in an ODFI s name, the ODFI incurs several obligations under the NACHA Rules. First, the debit will be returned to the ODFI when it is disputed by the consumer whose account is improperly debited. 8 Second, the ODFI incurs indemnity obligations for breach of its warranty of proper authorization. 9 Finally, the ODFI may be subject to sanctions under NACHA s National System of Fines for violation of the NACHA Rules. 10 Because of these obligations, as well as associated reputational and other risks, the Federal banking agencies advise that ODFIs, among other things, should (i) exercise appropriate riskbased diligence when bringing on new Originators and Third Party Senders and (ii) perform appropriate monitoring to determine whether excessive returns or other suspicious patterns of activity warrant further review or more aggressive action. For example, in 2006 the Office of the Comptroller of the Currency (OCC) released its risk management guidance for ACH activities by national banks, OCC Bulletin 2006-39, in which it cautioned national banks acting as ODFIs to perform a risk-based evaluation of new Originators, including their historic patterns of unauthorized returns and whether they are engaged in legitimate business activities. 3 2013 NACHA Operating Rules, Section 2.1 General Rule ODFI is Responsible for Entries and Rules Compliance (2013 NACHA Operating Rules & Guidelines, Page OR4). 4 Subsection 2.2.1 ODFI Agreement with Originator, Third Party Sender or Sending Point (Page OR4). 5 Subsection 2.4.1.1(a) The Entry is Authorized by the Originator and Receiver (Page OR7). 6 Subsection 2.3.2.3 Form of Authorization (Page OR6). 7 Subsection 2.3.2.3(b) Form of Authorization (Page OR6). 8 Subsection 2.12.1 ODFI Acceptance of Timely Return Entries and Extended Return Entries (Page OR27). 9 Subsection 2.4.4.1 Indemnity for Breach of Warranty (Page OR9). 10 Appendix Ten, Rules Enforcement (Page OR203).

March 14, 2013; Page 3 Furthermore, the OCC Bulletin includes explicit guidance regarding expectations for on-going monitoring of high risk originators, including the following: Banks that engage in ACH transactions with high-risk originators or that involve third-party senders face increased reputation, credit, transaction, and compliance risks. High-risk originators include companies engaged in potentially illegal activities or that have an unusually high volume of unauthorized returns. Highrisk originators often initiate transactions through third-party senders because they have difficulty establishing a relationship directly with a bank. * * * Before a bank engages in high-risk ACH activities, the board of directors should consider carefully the risks associated with these activities, particularly the increased reputation, compliance, transaction, and credit risks. The board should provide clear direction to management on whether, or to what extent, the bank may engage in such ACH activities. Some [originating] banks have established policies prohibiting transactions with certain high-risk originators and third-party senders. Banks that engage in high-risk ACH activities should have strong systems to monitor and control risk. These systems should monitor the level of unauthorized returns, identify variances from established parameters such as origination volume, and periodically verify the appropriate use of SEC codes, as transactions are sometimes coded incorrectly to mask fraud. * * * A high level of unauthorized returns is often indicative of fraudulent activity. This indication may prompt management to terminate the relationship with the originator or third-party sender, or signal that additional training is needed to ensure compliance with ACH rules. 11 Similarly, at the direction of its Board, NACHA has been pursuing a number of risk management initiatives over the past several years in order to ensure that the industry has the tools to appropriately manage risks arising out of poor origination practices. These include the institution of formal return rate monitoring procedures 12 and remediation for those ODFIs with unauthorized rates above 1 percent 13 ; the requirement for audit of risk management practices in Originator underwriting 14 ; and the introduction of services like the Originator Watch List and the Terminated Originator Database to help ODFIs identify Originators that may warrant further scrutiny through the underwriting process. 11 OCC Bulletin 2006-39 (Sept. 1, 2006), http://www.occ.gov/news-issuances/bulletins/2006/bulletin-2006-39.html 12 2013 NACHA Operating Rules, Subsection 2.2.2 ODFI Risk Management (2013 NACHA Operating Rules & Guidelines, Page OR5). 13 Subsection 2.17.2 ODFI Return Rate Reporting (Page OR31). 14 Subsection 2.2.2 ODFI Risk Management (Page OR5).

March 14, 2013; Page 4 While no underwriting or monitoring system is foolproof, a well-constructed risk management system can: 1) help ODFIs avoid financial and reputational harm associated with processing improper transactions; 2) improve the overall quality of ACH Network processing; 3) reduce the cost of exception processing; and 4) minimize the impact to consumers whose accounts may be improperly debited. In addition to all the above, ODFIs should consider: Return rate monitoring, not just for unauthorized transactions, but also for other reasons that may warrant further review, such as unusually high rates of return for insufficient funds or other administrative reasons. Risk-based review of Originator authorization forms and processes when other factors lead the ODFI to be concerned about those practices. Risk-based review of Originator revocation practices to determine whether consumers are given a reasonable opportunity to revoke consent to ACH debits. 15 Monitoring of transactions for patterns that may be indicative of attempts to evade the limitations on the reinitiation of returned Entries. 16 Modification of transactions in an attempt to escape these limits (e.g., resubmission under a different name or for slightly modified dollar amounts) will be treated as a violation of the NACHA Rules. Risk-based review of Third-Party Sender underwriting standards when Third-Party Senders demonstrate a pattern of doing business with questionable Originators. RDFI RESPONSIBILITIES AND PRACTICES Unlike ODFIs, RDFIs have no relationship with Originators and have no basis to know whether any specific transaction has been properly authorized and relates to a bona fide, legal transaction. RDFIs rely on the representations of ODFIs made under the NACHA Rules in this regard. Accordingly, RDFIs must accept all Entries that are transmitted through the ACH Network, subject to the RDFI s right of return. 17 That right cannot be exercised on the basis of the type of Entry the RDFI has received, and RDFIs must consider the risk of a wrongful dishonor claim in connection with any return of an Entry that is not based on a Receiver s dispute as to the validity of the transaction. 18 Indeed, in the absence of a customer complaint, the RDFI generally will have no basis on its own by which to dispute the validity of a transaction. The ACH message itself, like any check or other payment instrument, provides no information about the substance of the transaction to which the payment relates that would enable to RDFI to make such a judgment. By definition, any Entry the RDFI receives has been warranted by the ODFI as being properly authorized. Instead, the ACH Network is set up to empower consumers to dispute transactions that they believe were not validly authorized, and to give effect to consumer rights under Regulation E. RDFIs must accept Written Statements of Unauthorized Debit from their consumers, 19 must credit the consumer s account in the amount of the unauthorized debit, 20 and may return the debit 15 Subsection 2.3.2.3(c) Form of Authorization (Page OR6). 16 Subsection 2.12.4 Reinitiation of Returned Entries (Page OR28). 17 Subsection 3.1.1 RDFI Must Accept Entries (Page OR33). 18 Section 3.8 RDFI s Right to Transmit Return Entries (Page OR39). 19 Subsection 3.12.4 RDFI Must Accept Written Statement of Unauthorized Debit (Page OR44). 20 Section 3.11 RDFI Obligation to Recredit Receiver (Page OR42).

March 14, 2013; Page 5 to the ODFI that warranted the validity of the authorization in the first place. 21 As noted above, under the NACHA Rules the term unauthorized debit refers not only to circumstances in which the Originator completely failed to obtain the Receiver s authorization, but also to situations in which the consumer s authorization was otherwise invalid under applicable legal requirements. 22 In other words, an ACH authorization that was obtained through fraud, or in connection with other illegal activity that impairs the validity of that authorization, is not a valid authorization and may be returned through the ACH Network as an unauthorized debit. Furthermore, if the consumer s dispute relates to future debits from the same Originator, the consumer may place a stop payment order to prevent all future debits to his/her account. 23 While RDFIs should direct the consumer to contact the Originator to revoke the authorization directly with the Originator, implementation of the stop payment order at the RDFI level helps prevent continued impact to the consumer. Finally, RDFIs that detect a pattern of unauthorized transactions from a single Originator, or that have customers that experience unauthorized debit activity, can contact the ODFI(s) for additional information, their Regional Payments Association for guidance, and also can use NACHA s National System of Fines to pursue an action against the ODFI(s). The National System of Fines is designed to allow escalating levels of penalties against repetitive or egregious cases of violations of the NACHA Rules. Use of the National System of Fines can also provide NACHA with a view of the magnitude of questionable debit activity across multiple ODFIs and multiple RDFIs. ADDITIONAL RESOURCES Office of the Comptroller of the Currency Bulletin 2006-39, ACH Activities, September 1, 2006 http://www.occ.gov/news-issuances/bulletins/2006/bulletin-2006-39.html Office of the Comptroller of the Currency Bulletin 2008-12, Payment Processors, April 24, 2008 http://www.occ.gov/news-issuances/bulletins/2008/bulletin-2008-12.html Consumer Financial Protection Bureau - Regulation E http://www.ecfr.gov/cgi-bin/text-idx?c=ecfr&tpl=/ecfrbrowse/title12/12cfr1005_main_02.tpl NACHA Terminated Originator Database https://www.nacha.org/terminated_originator_database NACHA CONTACTS Questions about this ACH Operations Bulletin should be submitted via information@nacha.org. #### 21 Section 3.8 RDFI s Right to Transmit Return Entries (Page OR39); and Section 3.13 RDFI Right to Transmit Extended Return Entries (Page OR45). 22 Subsection 2.3.2.3(b) Form of Authorization (Page OR6). 23 Subsection 3.7.1.1 RDFI Obligation to Stop Payment of Recurring Entries (Page OR38); and Subsection 3.7.1.4 Effective Period of Stop Payment Orders (Page OR39).

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information