ACH and Third Party Payment Processors



Similar documents
ACH Operations Bulletin #1-2014

O OCC BULLETIN OCC Automated Clearing House Activities. Risk Management Guidance

ACH Operations Bulletin #2-2013

Third Party Payment Processors Job Aid

Third-Party Sender Case Studies: ODFI Best Practices to Close the Gap An ACH Risk Management White Paper

THIRD PARTY PAYMENT PROVIDERS

GUIDANCE ON PAYMENT PROCESSOR RELATIONSHIPS (Revised July 2014)

ACH Welcome Kit. Rev. 10/2014. Member FDIC Page 1 of 8

ACH Internal Control Questionnaire

Executive Fraud Forum October 30, 2013

Payment Processor Relationships Revised Guidance

5500 Brooktree Road, Suite 104 Wexford, PA AN OVERVIEW OF ACH COPYRIGHT 2013, PROFITUITY, LLC

Identifying Key Risk Indicator

This presentation was originally given by:

QUICK GUIDE Automated Clearing House (ACH) Rules for ACH Originators

echeck.net Developer Guide

Third-Party Senders Risks and Best Practices

Get In Tune With Third Parties: Finding the harmonies between Third Party Senders, Originators, and Customers.

Automated Clearing House

WEB ACH Primer. Receiver The person (for WEB transactions this must be a human being) who owns the bank account being debited.

Board Responsibility. A bank can outsource a task, but it cannot outsource the responsibility.

ACH Audit Guide Step-by-Step Guidance and Interactive Form For Internal ACH Audits Audit Year 2015

Unlawful Internet Gambling Enforcement Act of 2006 Overview

echeck.net Developer Guide

Know Your Customer & Know Your Customer s Customers (KYCC) BITS ACH Fraud Risk Subgroup Presented by George Thomas November 19, 2008

echeck.net Operating Procedures and User Guide

M&T ACH Services ACH RETURNS MANUAL

NACHA Return Codes. The available and/or cash reserve balance is not sufficient to cover the dollar value of the debit entry.

ACH GENERAL

Attachment E. BUSINESS DAY - A calendar day other than a Saturday, Sunday, or Federal holiday.

ACH Transactions

ACH Training. Automated Clearing House

Q2: What return codes are included in the Unauthorized Return Rate Threshold?

Same Day ACH Proposed Modifications to the Rules 1

FDIC Updates Guidance on Payment Processor Relationships

ACH Origination File System Changes

Federal Financial Institutions Examination Council FFIEC. Retail Payment Systems RPS. February 2010 IT EXAMINATION H ANDBOOK

Ease-E-Club Client Management Software by Computerease

The New NACHA Rules & Regulatory Compliance. Marsha Jones, TPPPA Bonnie Finley, EFT Network Kirk Chewning, Strategic Link Consul@ng

IAT Scenarios Simplified

Federal Financial Institutions Examination Council FFIEC. Retail Payment Systems RPS. February 2010 IT EXAMINATION HANDBOOK

Knowing your customers and their customers and their customers and so on and so on

ACH Network Risk and Enforcement Topics

Treasury Management Services Product Terms and Conditions

Payment Systems: Regulatory Interest in Payment Processors, Faster Payments, and Related Consumer Protections

Questions You Should be Asking NOW to Protect Your Business!

International ACH Transactions (IAT) Frequently Asked Questions Corporate Customers

Money One Federal Credit Union Pocket 2 Pocket Service E-SIGNATURE AND ELECTRONIC DISCLOSURES AGREEMENT

INFORMATION TECHNOLOGY OFFICER S QUESTIONNAIRE. Instructions for Completing the Information Technology Examination Officer s Questionnaire

Emerging ACH Issues. Florida Bankers Association 30 th Annual Consumer Compliance Seminar Orlando, Florida April 29- May 1, 2015

Payflow ACH Payment Service Guide

Section E Electronic Items

Account-to-Account Transfer Services Risk

Guide to Handling Direct Deposit

Going All In on Board Reporting

Instructions for Completing the Information Technology Officer s Questionnaire

Understanding & Managing Third Party Relationships in the ACH Network. PAYMENTS 2008 May 18, 2008 Las Vegas, NV

International ACH Transactions (IAT) Frequently Asked Questions Corporate Customers. Contents

ACH GUIDE ACH PARTICIPATION

Risk Management of Remote Deposit Capture

NACHA and the ACH Network: What You May Not Know

Federal Reserve Banks Operating Circular No. 4 AUTOMATED CLEARING HOUSE ITEMS

2015 NACHA Rules, Same Day ACH and Regulation E Changes

Treasury Management Guide to ACH Origination Processing and Customer Service March 2012

1476 South Major Street, SLC, Utah Office/ Fax

Demystifying ACH Payments to Canada

General Terms Applicable to Bill Payment and Transfer Services

NACHA Operating Rules & Guidelines

WEB CASH MANAGER ACH PAYMENTS REFERENCE GUIDE

Business Banking. Let Us Show You How Easy It Is To Switch Banks!

Service Agreement. UltraBranch Business Edition. alaskausa.org AKUSA R 05/15

Bank of North Dakota Automated Clearing House Overview

October 9, Re: Comments on Third-Party Sender Registration Proposal. Dear Ms. Bondoc,

Compliance and Operational Services for Online Lenders

BUSINESS INTERNET BANKING ENROLLMENT

Prairie State Bank & Trust ELECTRONIC FUND TRANSFERS YOUR RIGHTS AND RESPONSIBILITIES

Managing TPPPs and TPSs in the Current Regulatory Environment

Information Technology

"You" and "your" mean the account holder(s) and anyone else with authority to deposit, withdraw, or exercise control over the funds in the account.

Government Crime Prevention Regulations. Richard Fraher VP & Counsel to the Retail Payments Office Federal Reserve Bank of Atlanta

EFT Industry and BSA/AML Dan Altman

Transcription:

ACH and Third Party Payment Processors

Definition of Third-Party Relationship Entity with which financial institution has entered into a business relationship Facilitate customer access to bank services or products Perform functions on the bank s behalf Bank or non-bank, affiliated or nonaffiliated, regulated or non-regulated, domestic or foreign 2

Definition of Third-Party Payment Processor What is a Third-Party Payment Processor or Processor? Depositor that uses its banking relationship to process payments for its merchant clients Benefits: Fee income Large deposit balances Capital injections Concerns: Merchant clients several entities removed Nested or aggregator relationships Merchant client activities 3

Financial Institution Responsibility Board and management oversight tailored depending on the relationship The Board and management are responsible for managing activities conducted through third parties as if the activity were conducted directly by the institution Indemnity agreement not enough 4

Risk Management Framework Four Key Elements Risk Assessment Due Diligence Contract Structuring and Review Oversight 5

2012 FDIC Revised Guidance on Payment Processor Relationships 6

FDIC Financial Institution Letter FIL-3-2012 January 31, 2012 FDIC releases Revised Guidance on Payment Processor Relationships Replaces & updates 2008 Guidance on Payment Processor Relationships (FIL- 127-2008) 7

Specific Risks of Processors Credit Risks Charge-backs from unauthorized transactions Regulation CC warranty Operational Risk Compliance Risks Reputational Risks Financial institution tied to merchant clients Legal Risk Class action lawsuits 8

Processor Red Flags Targeting problem financial institutions in need of capital/earnings Smaller financial institutions with limited resources for proper monitoring Processors with relationships at multiple financial institutions at the same time Consumer complaints High Unauthorized Return Rates (URRs) or returns/charge-backs 9

Financial Institution Protections Due diligence (initially & ongoing) Know Your Customer( s Customer) Policies & procedures for monitoring (URRs/Returns, complaints, etc.) Be aware of potential Compliance Risks 10

Types of Payments Types of Payments Remotely Created Checks (RCCs) Automated Clearinghouse Items (ACHs) 11

Remotely Created Checks What are RCCs? Regular paper check that the Merchant creates No consumer signature Consumer provides account number & bank routing number, and merchant prints check Merchant submits for regular check processing 12

Remotely Created Check (example) 13

Risks of RCCs Consumer complaints regarding unauthorized withdrawals from account High volume difficult to monitor High URRs and returns/charge-backs Unregulated environment 14

Basic ACH Terms Parties Originator, ODFI, ACH Operator, RDFI, Receiver. SEC Type 23 Standard Entry Class Codes, such as WEB, TEL, IAT, POP, RCK. Return Codes R01-R83 Credit Risk 2 banking days from processing to settlement. Debit Risk 60 day returns from statement date. Direct Access third party uses the ODFI routing number. Terminated Originator Database kept by NACHA 15

ACH Origination Process TPPP Originator TPPP TPPP Nested 8 RDFI TPPPs Originator ODFI Operator (FRB/other) RDFI Direct Originator ODFI Originating Depository Institution RDFI Receiving Depository Institution Originator has a direct relationship with the Bank TPPP third party payment processor (third-party sender) who has the relationship with Originators (merchant clients) and nested TPPP. Nested TPPP a TPPP who processes for others and sends the files to the TPPP. RDFI

Audit NACHA Operating Rules and Guidelines published annually. Appendix Eight Audit required by December 31 each year. Note that this is an audit on following operating rules by NACHA. Focused on if the transactions are processed correctly. The audit needs to be independent by a qualified individual. 17

Risk Assessment NACHA s Risk Management and Assessment rule (effective 6/18/10) requires that all Participating DFIs conduct a risk assessment of their ACH activities and implement risk management programs based on the results of such assessments Requires overall review of the business of doing ACH Could include: Allowed and prohibited business lines Contracts Policies Third party payment processor arrangements Staffing Limits (underwriting like a loan) 18

Risk Assessment Risk Assessment Objectives: Determine risks/threats in ACH activities Determine overall inherent risk Review of the key control practices to limit those risks Evaluate residual risk (risks vs. controls in place) and determine if level is acceptable Test controls for effectiveness 19

What s Changed Fee Income revenue source as net interest margins shrink. Federal Reserve Statistics unauthorized returns (.03%), returns rates (1.01%), and % forwarded to assets (8%). Volume - ACH Volume Increases 2.4% in 3rd Quarter 2012 with 4.11 billion transactions moving approximately $9.1 trillion. Fraud PATCO ACH Fraud Ruling Reversed: Appeals Court calls Bank s Security Commercially Unreasonable only log-in and password credentials. $500,000 drained from deposit accounts. Risk - Third-Party Payment Providers (TPPP) in FIL-3-2012 and FIL-44-2008. Internet Banking Environment FIL 50-2011. 20

Themes and Trends No Board-approved policies/procedures Growth beyond financial institution s resources/abilities Increase in fee income short-lived due to charge-backs Underestimate potential reputation risks 21

Red Flags Transaction Volume Swings Originators whose business or occupation does not warrant the volume or nature of ACH activity Outbound (known) illegal Internet gambling debit(s) for commercial client(s); Originators whose origination activity suddenly exceeds projections/credit limits with no reasonable explanation for such. 22

Red Flags Originators (especially TPPPs) generating a high rate or high volume of invalid account returns, unauthorized returns, or other unauthorized transactions; R05 (Corp. Debit posted to consumer acct not authorized) / R07 (Authorization Revoked), R10 (Consumer advises not authorized), R29 (Corp advises not authorized) where return rate exceeds 1% (NACHA guideline). R03 (No Acct.) / R04 (Invalid Acct.) if volumes exceed normal 23

Yellow Flags R01 (NSF) / R09 (Uncollected funds) R02 (Acct. Closed) R08 & R52 (Payment stopped) 24

Questions? 25

Thanks! Pete Martino Field Supervisor FDIC pmartino@fdic.gov 26

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information