2015 NACHA Rules, Same Day ACH and Regulation E Changes

2015 NACHA Rules, Same Day ACH and Regulation E Changes Recently Approved Amendments to Improve Quality and Reduce Risk in the ACH Network 2015 NYBA Technology, Compliance & Risk Management Forum

DISCLAIMER The information contained herein has been prepared for general informational purposes only and is not offered as and does not constitute legal advice or legal opinions. You should not act or rely on any information contained herein without first seeking the advice of your legal counsel. TCH PUBLIC 2

Background The New York Times published an article on February 23, 2013 that highlighted the plight of several consumers that had been negatively impacted by origination of debits related to payday loans. The article erroneously established the premise that RDFIs were working in coordination with payday lenders to facilitate debits to consumer accounts. The article also related how some consumers had received multiple reinitiation of debits which resulted in overdrafts and fees. Last fall, the New York Department of Financial Services (NYDFS) and the Department of Justice opened investigations into the pay day lending business and engaged financial institutions to answer questions related to the role the ACH Network and ODFIs and RDFIs play in these transactions. The CFPB has also begun looking into pay day lending as well. Shortly after the New York Times article broke, The Clearing House deployed its advocacy resources to educate, discuss and clarify the nature of the ACH Network with regulators and law enforcement. NACHA has also been engaged as well. In November of 2013, a series of proposals were issued by NACHA designed to shore up gaps in the rules and clarify existing ambiguities as a way to prevent abuse of the ACH Network by high risk originators. This proposals are categorized as both risk management and network quality in nature. On August 22 nd, the NACHA Voting Membership approved the addition of two amendments designed to codify the proposals issued late last year. 3

The Ultimate Goal of ACH Network Quality The objective of network quality is to maximize the operational efficiency of the ACH while mitigating the risk and reducing the costs of the network. The most common areas impacting overall network quality include: Returns Reinitiation Issues Unauthorized Entries Third Party Risk In the context of the payday lending controversy, all four of these areas have been negatively impacted by the activity of some high risk originators. The new NACHA amendments provide a number of solutions designed to shore up gaps in the rules related to network quality. New Return Limits Enhanced Enforcement Authority Quality Fees Clarified Reinitiation Rules Third Party Obligations Additionally seven additional amendments were approved that amend seven specific areas of the NACHA Operating Rules to address minor topics. 4

ACH Network Risk and Enforcement (Effective 9/18/15) This amendment is intended to improve the overall quality of the ACH Network by reducing the frequency of returned Entries and associated costs, both financial and reputational created by returns The approach taken by NACHA has two parts: 1. The first part of expands the requirements of both ODFIs and Originators as it relates to risk management and origination practices. 2. Expansion of NACHA s authority as it pertains to initiate enforcement proceedings for a potential violation of the rules related to unauthorized Entries An expected byproduct of this amendment is improved customer satisfaction as a result of decreased volume of disputed transactions During the Request for Comment period related to the proposal that became the approved amendment, a number of regulators encouraged the network to self-regulate as an alternative to having external mandates placed up on it. 5

Background and Justification The ACH Network has a diverse portfolio of users 1. Employers, Treasury, Insurance Companies, Consumers 2. Utilities, Corporates, Health Clubs, Third Parties The change in use cases for the network has resulted in fundamental changes related to risk Recurring credits vs. Spontaneous debits Established Relationship vs. Transactional Engagement Paper Based Enrollment vs. Virtual Authorizations Explicit Authorization vs. Implicit Authorization In some cases the use of the network is by some higher risk originators Payday Lenders, sweepstakes, credit repair, travel clubs, online and telemarketers The result is that at times there may be higher rates of consumer disputes, returned transactions, consumer and business harm as well as reputational damage for both the ACH Network and RDFIs. This has brought additional scrutiny by regulators, legislators and law enforcement. In addition to consumer groups and the news media. 6

Background and Justification In addition to the approved rule amendments, other actions have been implemented to enhance network risk management practices. Enhancing the Originator Watch List Encouraging use of the Terminated Originator Database Fully utilizing the rules enforcement process and RMAG guidance 7

Elements of the Rule The Rule expands existing rules regarding ODFIs and Third Party Senders requirements for risk management and origination practices, such as return rate levels. The Rule will first Reduce the existing return rate threshold for unauthorized debit Entries investigations down from 1% to.5% Establish new return rate levels 1. Administrative debit returns are now capped at 3% 2. Overall return rates are capped at 15%; either of which may trigger a review of an Originator s or Third Party Sender s origination activity 3. Define the standards for reinitiation of Return Entries and; 4. Explicitly apply certain risk management rules to Third Party Senders Secondly the Rule will expand NACHA s authority to initiate enforcement proceedings for a potential violation of the Rules related to Unauthorized Entries. 8

Reducing the Unauthorized Return Rate Threshold (Effective 9/18/15) Specifically the Rule would reduce the current return rate threshold for Unauthorized Entries (Return Reason Codes R05, R10, R29 and R51) from the current cap of 1.0% to.5% The revised rate is more than 16 times higher than the average Network return rate of 0.03% for unauthorized debit Entries for calendar year 2013. NACHA still believes that the revised rate will still highlight problematic origination practices and serve as a useful tool for identifying outliers. This Rule will not change any existing risk investigation or enforcement processes related to the unauthorized return rate threshold. An ODFI with an Originator or Third Party Sender that breaches the lower threshold is subject to the same obligations and enforcement that is currently outlined in the Rules for the existing return rate threshold for unauthorized debits. 9

Establishing Return Rates Threshold for Administrative and Overall Debit Returns This Rule would establish two new return rate levels in the Rules for other types of returns. First a return threshold rate of 3% would apply to all administrative debit returns (R02, R03 and R04) According to NACHA, debit returns for administrative reasons are more common than unauthorized entries. These type returns are often indicative of poor origination practices. Often a high rate of administrative returns is evidence of trolling for good account numbers in order to initiate unauthorized debits. The 3% cap is more than 9 times higher than the industry average ACH Network return rate of.33% for account data errors in 2013. Secondly a debit return threshold rate of 15% would apply to all returns regardless of the reason for the debit return. This rate is more than 10.5 times higher than the industry ACH Network overall debit return rate of 1.45% in 2013. 10

Enhanced Rules Enforcement Authority In the event that the aforementioned thresholds are exceeded, NACHA is now empowered to review the activity of the Originator or Third Party Sender to determine whether or not to initiate a enforcement proceeding. A number of factors will be taken into account when determining whether or not to initiate a enforcement proceeding. Length of time the Originator or Third Party Sender has been in business The total volume of forward entries Return rate for unauthorized debit entries Return rates for any affiliates Evidence of compliance or non-compliance with reinitiation rule Prior rule violations or RDFI complaints Investigations by law enforcement, regulatory or other governmental agency Number and materiality of consumer complaints Severity of return rate Completion of self-audit if a Third Party Sender ODFI may also provide any supplemental information relevant to NACHA s decision The Rules Enforcement Panel is the decision making authority 11

Reinitiation of Entries (Effective 9/18/15) Reinitiation is the method permitted in the Rules by which a Returned Entry can be resubmitted. In order to protect consumers, the Rules allow Entries to be reinitiated only under limited circumstances. Specifically the Rules currently permit reinitiation of a Return if: 1. An ACH debit was returned for reasons of insufficient or uncollected funds. 2. An ACH debit was returned because of a stop payment order and reinitiation has been separately authorized by the Receiver after the stop payment order was given; or 3. An ACH entry was returned for another reason, and the Originator or the ODFI has corrected or remedied the reason for the Return. In any event, reinitiation must take place within 180 days of the Settlement Date of the original Entry. 12

Reinitiation of Entries There are some Originators that have attempted to either evade the reinitiation requirements or ignore them. Subsection 2.12.4 of the Rules implicitly prohibits the reinitiation of Entries outside of the express limited circumstances under which they are permitted under the Rules. The Rule makes this prohibition explicit. For additional clarity, the Rule includes common examples that should be considered when reinitiating an Entry. The Rule also adds a specific prohibition against reinitiating a transaction that was returned as unauthorized. The Rule also includes an anti-evasive provision, specifying that any other Entry that NACHA reasonably believes represents an attempted evasion of the foregoing limitations would be treated as an improper reinitiation. 13

Reinitiation of Entries To avoid unintended consequences from these clarifications, the Rule includes two categories of Entries that would not be considered reinitiations. 1. The Rule clarifies that a debit Entry in a series of preauthorized recurring debit Entries will not be treated as a reinitiated Entry, even if the subsequent debit Entry follows a returned debit Entry, as long as the subsequent Entry is not contingent upon whether an earlier debit Entry in the series has been returned. 2. The Rule expressly states that a debit Entry will not be considered a reinitiation if the Originator obtains a new authorization for the debit Entry after the receipt of the Return. The existing Reinitiation Rule already makes a reference in this regard to Entries that are returned due to stop payments orders, but the Rule broadens the scope of the exception since a new authorization should always be considered to create a new Entry. The Rule requires a reinitiated Entry to contain identical content in the following fields: Company Name Company ID Amount Further, the Rule permits modification to other fields only to the extent necessary to correct administrative errors, but would prohibit reinitiation of entries that may be attempts to evade the limitation on the reinitiation of returned Entries by varying the content of the Entry 14

Reinitiation of Entries The Rule addresses two technical issues associated with the Reinitiation Rule. 1. The ODFI is required to include the description RETRY PYMT in the Company Entry Description field to identify Entries that are permissible resubmissions of Returned Entries under the Reinitiation Rule. 2. There is not currently a separate Return code for an RDFI to indicate when an Entry is being returned for a violation of the Reinitiation Rule. The Rule would allow such returns to use Return Code R10. In order to use R10 and the extended return timeframe, the RDFI would need to obtain a Written Statement of Unauthorized Debit. 15

Third Party Senders (Effective 01/01/15) Subsection 2.2.3 of the Rules currently requires ODFIs to establish, implement, periodically review and enforce exposure limits for its Originators and Third-Party Senders. In particular, the ODFI is required to monitor each Originator's and Third-Party Sender s origination and return activity across multiple Settlement Dates, enforce restrictions on the types of Entries that may be originated and enforce the exposure limit. If an ODFI enters into a relationship with a Third-Party Sender that processes Entries such that the ODFI itself cannot or does not perform these monitoring and enforcement tasks with respect to the Originators serviced by the Third-Party Sender, the Third-Party Sender must do so. Some Third-Party Senders may not be monitoring, assessing and enforcing limitations on their customer s origination and return activities in the manner intended by the Rules. To emphasize the importance of this function, without imposing any new duties, the Rule includes a direct obligation on Third-Party Senders to monitor, assess and enforce limitations on their customer s origination and return activities in the same manner the Rules require of ODFIs. In addition, the Rule updates certain reporting requirements in the Rules in order to streamline oversight of Third-Party Service Providers and Third Party Senders, when necessary. Third Party Senders and Third Party Service Providers are required to provide documentation supporting completion of the audit to NACHA upon request. 16

NACHA s Enforcement Authority (Effective 01/01/15) Under Subpart 10.2.2 of Appendix Ten, NACHA as the authority to initiate a Rules enforcement proceeding under the following three circumstances: 1. If an ODFI fails to timely provide upon NACHA s request complete and accurate information regarding return rate reporting; 2. The ODFI substantiates that an Originator or Third-Party Sender has exceeded that unauthorized return rate threshold and fails to reduce the unauthorized return rate under the threshold within 30 days; or 3. The ODFI substantiates that an Originator or Third-Party Sender has exceeded the unauthorized return rate threshold or reduces the return rate under the threshold within 30 days but fails to maintain the return rate under the threshold for 180 days. All other enforcement proceedings must be triggered by a specific request of a Participating DFI. It is increasingly important for NACHA to have the tools to act promptly for the protection of the integrity of the ACH Network and all its participants. As a result, this element of the Rule amends the Rules to include the express authority to bring an enforcement action based on the origination of unauthorized entries. 17

18 New

Improving ACH Network Quality (Effective 10/03/2016) This Rule is intended to improve ACH Network quality by reducing the incidence of ACH debits that are disputed as unauthorized. Under this Rule, an ODFI would pay a fee to the RDFI for each ACH debit that is returned as unauthorized (return reason codes R05, R07, R10, R29 and R51). Under the Rule, ODFIs would have an incentive to improve the quality of the ACH transactions originated by their Originators. RDFIs would be compensated for a portion of the costs related to the handling of unauthorized transactions. Over time this should result in fewer unauthorized transactions. 19

Background and Justification The prime objective of the Rule is to improve ACH Network quality by reducing the number of ACH debits returned as unauthorized. Establishing a fee for returned unauthorized debits not only provides an economic incentive for ODFIs to review the origination practices of their Originators, but also encourages them to implement processes or tools with their Originators to address those practices that result in returns. Unclear and deceptive authorizations Unclear or improper identification of transactions ODFIs with the highest return rates will have the greatest incentives to work with their Originators to reduce those rates. This Rule should be seen as a complete solution for ACH quality issues. It does not replace the NACHA System of Fines and enforcement actions in place to address Rules violations. 20

RDFIs Cost to Handle Unauthorized Transactions Unauthorized debits remain a significant pain point for RDFIs. Disputes Customer/Member contact Reg. E dispute resolution This results in costs to RDFIs with no opportunity to either offset or recoup the associated expense. An unauthorized return, however, always represents an underlying dispute between the Originator and its customer with which it chooses to do business. The RDFI is never a party to the dispute yet is responsible for playing a role in its resolution. 21

RDFIs Costs to Handle Unauthorized Transactions NACHA collected data from a variety of financial institutions of varying sizes and types. These institutions were queried on the costs related to a variety of factors including: Labor Systems Office space allocations Cost data was collected from 29 institutions that represent 82% of all ACH Network unauthorized returns annualized across a calendar year. These costs were then divided by the volume of unauthorized transactions to arrive at a unit cost per exception. The cost factor does not include : Costs related to customer contact via branch, phone or Internet Compliance related to Reg. E dispute resolution expense Costs associated with obtaining a Written Statement of Unauthorized Debit 22

RDFIs Costs to Handle Unauthorized Transactions Reported costs ranged from a low of $2.30 per unauthorized exception for a large RDFI, to a high of $1,800 for a small RDFI. The weighted average cost is $5.97 23

Improving ACH Network Quality Unauthorized Entry Fee The Rule requires an ODFI to pay a fee to an RDFI for any ACH debit returned due to a reason of unauthorized (R05, R07, R10, R29 and R51). IATs will not be covered by this fee, but could be included in the future. 24

Methodology for Setting Fees NACHA staff will set the fee and it will be reviewed every three years. The following principles will guide the process. NACHA will conduct a representative survey of RDFIs of various types and sizes to determine the expense incurred in handling and returning unauthorized entries. The amount of the Unauthorized Entry Fee will be set at a level that is less than the weighted average cost determined by such a survey. The Unauthorized Entry Fee would be set at a level that NACHA staff reasonably believes will provide an incentive for Participating DFIs to improve the quality of ACH processing without unduly discouraging participation in the ACH Network; and In re-evaluating the amount of the Unauthorized Entry Fee, NACHA staff will consider the extent to which the existing fee amount has had an effect on return rates. At the time of the amendment s approval, the best data available to NACHA would support an Unauthorized Entry Fee that would be less than the weighted average of $5.97 25

Collection and Disbursement of Fees This Rule provides that ODFIs that agree to pay the Unauthorized Entry Fee, and that ODFIs and RDFIs authorize debits and credits to their accounts for collection and distribution of the fees. NACHA and the two ACH Operators will arrange a system to collect and distribute the fees. The charges and credits for these fees will be reflected on the DFI s statement from its ACH Operator. 26

Effective Date This Rule will become effective beginning with applicable return entries that have a Settlement Date of October 3, 2016. This effective date provides the ACH Operators and financial institutions 25 months to prepare and implement this Rule. Prior to October 3, 2016, NACHA and the ACH Operators intend to provide a 1 or 2 month trial period, during which the Operators billing systems will show ODFIs and RDFIs the number of returns that would be subject to the fees. This trial period will give ODFIs and RDFIs an additional opportunity to understand the impact of the fees on their institutions, and for ODFIs, to work with their Originators and Third-Party Senders. 27

NACHA s Same Day ACH Initiative The industry has been interested in improving the way ACH processes and settles for a number of years. Batch Settlement Next Day Settlement Not on pace with other payment innovations/treasury practices NACHA proposed a model for speeding up ACH in 2012. Expedited Processing and Settlement (EPS) Did not guarantee funds expedited availability Was not supported by a sufficient business case NACHA engaged with the industry over the last 3 years and developed a revised proposal to the industry. Surveyed ODFIs and RDFIs to identify cost factors Interviewed stakeholders to better understand pain points Request for Comment published 12/14 The Clearing House Payments Company L.L.C. 28

NACHA s Same Day ACH Initiative NACHA released a ballot to the voting membership in April of 2015. Phased approach Incorporates multiple intra-day processing windows Facilitates credit s and debits Supported by a definitive business case Industry will complete the vote by May 18 th. Initial reaction to a proposal appears to be supportive. If approved, implementation would begin in in late 2016. The Clearing House Payments Company L.L.C. 29

Regulation E Subpart B: Disclosure and Information Requirements Reg E Remittance Transfer Rules Subpart B to Reg E Financial Institution requirements for consumer remittance transfers going to another country Two disclosure requirements Prepayment: provided when sender requests transfer Transfer amount Fees charged by U.S. Remittance Transfer Provider and associated domestic taxes Full FX Rate by which the payment will be converted All covered third party fees imposed in the payment chain Amount to be received by the beneficiary (in receipt currency) Receipt: provided when payment is made Restate the information stated in the Prepayment Disclosure Promised date of delivery to the recipient Phone number or address of the recipient Error of resolution rights Contact information for the remittance provider, the provider s state regulator and the CFPB s toll-free number for consumer complaints TCH PUBLIC 30

Reg E Remittance Transfer Rules Final Rule CFPB issued the final regulation and interpretation on Section 1073 of the Dodd-Frank Act The Final Rule: Modifies the 2012 Final Rule to make optional, in certain circumstances, the requirement to disclose fees imposed by a designated recipient's institution Make the requirement to disclose taxes collected by a person other than the remittance transfer provider optional Revises the error resolution provisions that apply when the sender provides incorrect information TCH PUBLIC 31

The Clearing House Payments Association, as a Direct Member of NACHA, is a specially recognized and licensed provider of ACH education, publications and support. Regional Payments Associations are directly engaged in the NACHA rulemaking process and the Accredited ACH Professional (AAP) program. The information provided in this webinar is for educational purposes only and is not legal advice. Thanks for your participation today! Jill Forrest, AAP, NCP The Clearing House jforrest@theclearinghouse.org W- 336.769.5363 C- 336.259.8461 32