© 2011 nacha — the electronic payments association. all rights reserved. no part of this material...
Post on 16-Dec-2015
213 Views
Preview:
TRANSCRIPT
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
NACHA’s Risk Management
Strategy Update
NAFP Treasury Management ConferenceSeptember 15, 2011
Barry GideonVice President
Treasury Services
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
2
Agenda• The ACH Network• NACHA• Risk Management Strategy• Risk Management Rules & Initiatives
–Network Enforcement Rule–Direct Access Registration Rule–ACH Security Framework–Corporate Account Takeover–ACH Benchmarking–Third Party Senders–Terminated Originator Database
• How Banks Approach ACH Credit Risk Exposure
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
3
The ACH Network• The ACH Network is a batch processing, store-and-forward system,
governed by The NACHA Operating Rules
• ACH payments include:– Direct Deposit of payroll, Social Security and other government
benefits, and tax refunds – Direct Payment of such consumer bills as mortgages, loans,
utility bills, and insurance premiums– Business-to-Business payments– e-Checks– e-Commerce payments– Federal, state, and local payments
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
4
ACH Network Volume(billions)
0
2
4
6
8
10
12
14
16
2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
2010 Growth of Selected ACH Applications
ACH Application
Growth / Decline Description of Application
ARC -8.5% Conversion of Checks to ACH in a Lockbox Environment
BOC 12.9% Conversion of Checks to ACH in a Back Office Environment
CCD 3.4% Corporate Credit or Debit – Primarily B2B Transactions
CIE 15.6.% Customer Initiated Entries– ACH Credits initiated by Consumers for Bill Payments
CTX 11.1% Corporate Trade Exchange – Primarily B2B Transactions
POP 6.8% Point of Purchase – Conversion of Checks to ACH at the Point of Purchase
PPD 3.1% Pre-Authorized Consumer Payments such as Insurance & Health Club Dues
RCK -28.2% Conversion of Deposited Insufficient Funds Items from Check to ACH
TEL 3.1% ACH Transaction Initiated by Oral Authorization provided over the Telephone
WEB 7.4% ACH Transaction Initiated by an Authorization Provided via the Internet
Overall 3.4% Overall ACH Network Growth
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
ACH Volume and Value by SEC Code - 2010
ARC14%
PPD48%
TEL2%
Other4%
CCD13%
POP3%
WEB16%
CCD57%
CTX9%
PPD28%
Other1%
ARC2%
WEB3%
Volume
Value
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
7
NACHA• NACHA supports the growth of the ACH Network by managing
its development, administration, and governance
– NACHA represents nearly 11,000 financial institutions through 17 regional payments associations and direct membership
– Through its industry councils and forums, NACHA brings together payments system stakeholder organizations to encourage the efficient utilization of the ACH Network, and develop new ways to use the Network to benefit its diverse set of participants
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
8
NACHA• NACHA occupies a unique role in the association world, serving
as both an industry trade association and the administrator of the Automated Clearing House (ACH) Network
• In its role of ACH Network Administrator, NACHA is responsible for four key functional areas:
– NACHA Operating Rules– Network Enforcement & Risk Management– Network Strategy & Outreach– Advanced Payment Solutions
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
9
Dialogue
Education
Advocacy
Enforcement
Rules Creation
Risk Collaboration Innovation
Key NACHA Roles
Support for the industry, facilitating the balance of risk and innovation
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
10
NACHA – Enforcement & Risk Management
• Network Enforcement & Risk Management
– NACHA develops and implements a comprehensive, end-to-end risk management framework
– Collectively, the strategy addresses risk and quality in the ACH Network
– Areas of responsibility include: Arbitration Board National System of Fines Risk Investigations & Services Risk Management Advisory Group Risk Management Support & Communications
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
11
Risk Management as a Strategic Priority
• NACHA’s Risk Management Advisory Group • The RMAG currently consists of representation from:
• The 2 gateway operators (Federal Reserve and EPN)• 15 Financial institutions• 6 Regional Payment Associations
– Achievements include significant contributions to the NACHA rule making process and to Network education around the changing face of ACH payments risk
– Advises the NACHA Board and works with staff to guide and implement the risk management strategy
– Plays a vital role in developing and providing a comprehensive approach to Network risk management
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
Risk / Quality Continuum
ACH Security Framework• Data Security• Authentication • Data Breach Policy R
isk Stren
gth
Of In
itiative
Quality Strength of Initiative
Risk ManagementAssessment & Audit Compliance• Assessment Requirements • Regulatory Compliance• Enhanced ACH Audits
Operator/NACHA Tools• ODFI Understanding/ New ODFI Training• FI Contact & Communications• Data Review
Data Sharing• Originator Watch List• Terminated Originator Database• Direct Access Registration• Data Review
Targeted Enforcement• Unauthorized Trigger• Reporting• Fines• Possible Suspension
Sound Business Practices• Corporate Account Takeover• Third-Party Risk• Direct Access Credit
Quality Initiatives• Misuse of Codes• WSUD/Unauthorized• Adjustments
Low
High
High
ACH Benchmarking• FI to FI Peer Group• Industry Collaboration
with ABA
• Risk and quality improvements cannot be accomplished through a single effort or one all-encompassing rule change. Each initiative is a complementary piece of the entire strategy
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
ACH Return Rates
Industry Return Rates - 2010
13
Total NSF Invalid Un-authorized
ACH Network 1.00% 0.64% 0.18% 0.02%
Credits – All SEC’s 0.20% 0.00% 0.12% 0.00%
Debits – All SEC’s 1.56% 1.07% 0.23% 0.03%
PPD Credits 0.23% 0.00% 0.15% 0.00%
PPD Debits 2.26% 1.62% 0.23% 0.04%
ARC 0.31% 0.18% 0.10% 0.00%
BOC 1.45% 1.03% 0.21% 0.01%
POP 0.96% 0.75% 0.10% 0.02%
RCK 60.88% 49.81% 1.87% 0.07%
TEL 5.74% 3.93% 1.21% 0.11%
WEB 1.33% 0.87% 0.24% 0.03%
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
Risk Continues to be Well Managed – While New Threats Continue to Emerge
600,000
650,000
700,000
750,000
800,000
850,000
900,000
950,000
1,000,000
2Q06
3Q06
4Q06
1Q07
2Q07
3Q07
4Q07
1Q08
2Q08
3Q08
4Q08
1Q09
2Q09
3Q09
4Q09
1Q10
2Q10
3Q10
4Q10
1Q11
Nu
mb
er o
f U
nau
tho
rize
d D
ebit
s
Network Enforcement Rule
Company Name Rule
2010 Decline – 10.9%
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
15
Network Enforcement Rule
Network Enforcement Rule – March 2008– Enhanced National System of Fines
Sets higher fine levels Establishes the authority for the ACH Rules Enforcement Panel to
direct an ODFI to suspend an Originator/Third-Party Sender from originating
Effective December 21, 2007
– ODFI Reporting Requirements Ensures ODFI’s Originators or Third-Party Senders do not exceed
a return rate of 1% for unauthorized entries– Requires ODFIs to reduce unauthorized return rates below
threshold Defines circumstances under which NACHA may initiate a rules
enforcement proceeding related to unauthorized return rates above the threshold
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
16
Network Enforcement Rule Evaluation
• Currently Evaluating the effectiveness of the Network Enforcement Rule since implementation in 2008– Overall number of unauthorized returns are down
– Overall percentage of unauthorized returns are down
– Problematic rates are .50% - .99%
• Currently, the ODFI has 60 days after receipt of NACHA’s written request to reduce their Originator’s or Third-Party Sender’s return rate for unauthorized reasons to below 1% before being subject to the National System of Fines
– The current 1% threshold for debit entries returned as unauthorized is 33 times the 2010 unauthorized return rate for all ACH debits (0.03%)
– Experience has shown that the 60-day time period is ineffective for risk management purposes
• Some circumstances involve large volumes of unauthorized, which represents problematic transactions, but it does not exceed the current threshold due to high volume of transactions originated
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
Network Enforcement Rule Evaluation
• NACHA’s Rule Making Process recently issued a Request For Comment (RFC) which included a proposal to reduce the unauthorized return threshold from the existing rate of 1%, down to .75%, and then eventually to .50%
• The Request For Comment also included proposal to modify time period before fines are possible for the over-threshold activity by reducing the 60-day period
17
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
Network Enforcement Rule Evaluation
• There is also an opportunity to enhance the effectiveness of the Rule by spotlighting “Invalid returns.” Invalid returns include:
• R03 – No Account / Un-able to Locate Account• R04 – Invalid Account
– Often, there is a correlation between originators who have high return rates for “unauthorized” transactions and high return rates for “invalid”
– For instance, returns for invalid account information may occur due to phishing for valid account numbers
– The Request For Comment included a proposal for establishing a 1% threshold on returns for invalid returns.
– RMAG, through a white paper, is developing sound business practices surrounding the issue of returns for invalid account information and to educate on the potential correlation between “invalids” and “unauthorized” returns
18
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
19
Direct Access Registration Rule• The Direct Access Registration Rule requires all ODFIs to register their
Direct Access Debit Participant status with NACHA
• Direct Access is defined as a situation in which an Originator, Third-Party Sender, or a Third-Party Service Provider transmits credit or debit entries directly to an ACH Operator (Fed or EPN) using an ODFI’s routing number and settlement account
• A Direct Access Debit Participant is an Originator, Third-Party Sender, or a Third-Party Service Provider with Direct Access for the origination of debit entries except: (i) a Third-Party Service Provider that transmits ACH files solely on behalf of an ODFI where that Third-Party Service Provider does not have a direct agreement with an Originator (and is not itself an Originator), or (ii) an ODFI that transmits files using another Participating DFI’s routing number and settlement account
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind. 20
Direct Access Debit Participant Example
ACH OperatorThird-Party using
ODFI RTN
Originators
ODFI
• This is just one example of a Direct Access Debit Participant relationship
• It is incumbent on the ODFI to determine its Direct Access status and register accordingly
– The ODFI must define its specific relationship(s) with Third-Parties and Originators
• Direct Access can exist in many scenarios, but may not be required to be registered based on the exclusions to the definition
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
21
ACH Security Framework Initiative
• RMAG has teamed with NACHA’s Internet Council to develop a proposal for an ACH Security Framework
• Consideration of FFIEC Guidance on Authentication in an Internet Banking Environment (2005; and supplement issued June 28, 2011)
• Framework will ensure that the ACH Network remains high-quality• Framework will reflect the unique characteristics of the ACH Network
– The intent is to ensure basic data security obligations for Network participants to protect data in their purview
Many, if not most, financial institutions and other ACH participants are likely to already have these practices in place
Rules will codify these practices and ensure they exist Network-wide– NACHA’s Rule Making Process recently issued a Request For
Information (RFI) and is currently compiling industry responses
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
22
Corporate Account Takeover Initiative• Corporate Account Takeover is a type of business identity theft in which
a criminal entity steals a company’s valid on-line banking credentials
– Attacks are typically perpetrated quietly, by the introduction of malware through a simple email or infected website
– For businesses that have low resistance to such methods of attack, the malware introduced onto its system may remain undetected for weeks and even months
– By introducing layered security processes and procedures, technological and otherwise, and other tightened security efforts, financial institutions can help protect businesses from criminals seeking to drain accounts and steal confidential information
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
23
Corporate Account Takeover Initiative
• Have introduced a Board Policy on the Importance of Sound Business Practices to Mitigate Corporate Account Takeover:
– ODFIs should vigilantly and proactively protect against this type of fraud in various ways, including
Implementing systems designed to prevent and detect attempts to access a business’ banking credentials
Keeping their customers informed about the importance of implementing their own systems and sound business practices to protect themselves
Taking a risk-based approach tailored to their individual characteristics and their customers to avoid losses and liability for themselves and other ACH participants
Periodically reviewing and updating customer guidance in response to developments in the methods used by cyber thieves to perpetrate Corporate Account Takeover
The sound business practices mentioned in this presentation are not meant to be exclusive approaches nor are they meant to be mandatory requirements. No single security measure is likely to be effective in preventing or mitigating the risks associated with Corporate Account Takeover.
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
The Importance of Sound Business Practicesfor ODFIs
• ODFIs should evaluate their risk profiles and appropriately enhance security processes and procedures to prevent and mitigate the risk of corporate account takeover
• Sound Best Practices include:
– Minimum Security Procedures
– Dual Control for Payment File Initiation
– Out-of-Band Authentication and Alerts
– Enhancement of Account Security Offerings
– Exploration of Low-Tech Security Options
– Customer Education Businesses Third-Party Processors
The sound business practices mentioned in this presentation are not meant to be exclusive approaches nor are they meant to be mandatory requirements. No single security measure is likely to be effective in preventing or mitigating the risks associated with Corporate Account Takeover.
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
The Importance of Sound Business Practicesfor Businesses
• Businesses can help protect themselves with layered security processes and procedures and other tightened security efforts
• Sound Best Practices include:
– Computer Security
Staying Informed and aware
Using layered system security
Dedicated computer for online banking
– Account Security
Dual control
Account reconcilement
Report suspicious activityThe sound business practices mentioned in this presentation are not meant to be exclusive approaches nor are they meant to be mandatory requirements. No single security measure is likely to be effective in preventing or mitigating the risks associated with Corporate Account Takeover.
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
26
Rules Proposals to Address Corporate Account Takeover
• NACHA’s Rule Making Process recently issued a Request For Comment (RFC) and is currently compiling industry responses regarding the Availability Exception Rule
– Availability Exception Rule
Would provide an RDFI, which reasonably suspects that a credit entry is unauthorized, with an exception to the Rules provisions requiring the RDFI to make certain credit entries
RDFI would promptly notify the ODFI if using this Rule
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
27
ACH Benchmarking Initiative
• RMAG has been providing input on ACH-related considerations in the American Bankers Association’s (ABA’s) Deposit Account Fraud Survey
• Currently working with the ABA to develop benchmarks on ACH “loss” data:– Have developed and piloted a peer group Financial Institution
benchmarking study that addresses: Emerging trends Measure to detect, prevent and reduce risk Types of fraud Losses related to unauthorized returns and Corporate Account
Takeover– After the pilot, the ongoing Financial Institution peer group study will
be made available broadly for financial institution participation
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
TPSP / Third Party Sender Initiative
Third Party Service Provider Third Party Senders•Originates ACH Transactions on behalf of an ODFI’s customer (Originator)
•Originate ACH transactions on behalf of the Third-Party Sender’s own customers (Originators)
•ACH Origination agreement exists between the ODFI and its customer (the Originator)
•ACH Agreement exists between the ODFI & the Third-Party Sender, not the Third Party Sender’s customers (Originators)
•ACH Settlement / funding takes place in the ODFI’s customer’s account (Originator)
•ACH settlement / funding takes place in the Third Party Sender’s account at the ODFI
•Returned items are charged to the customer’s account (Originator)
•Returns are charged to the Third Party Sender’s account
•ACH Processing exposure = The dollars of ACH transactions that the ODFI’s customer is originating through the TPSP in a given period
•ACH Processing exposure = the aggregate dollars of the many, many originators whose funds are flowing into and out of the Third Party Sender’s account at the ODFI
What is a Third-Party Service Provider? Third-Party Sender?
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
TPSP / Third Party Sender Initiative
Examples:
Third Party Service Providers Third Party Senders
•CPA firm that processes payroll & Direct Deposit on the behalf of its clients •Property Management Companies
•ADP Payroll Solutions •Collection Agencies
•Billing Service Providers
•Payment engines for Internet Retailers
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
Watch Who You Ride With
• ODFIs can be accountable for Third-Party’s compliance with NACHA Operating Rules & regulatory requirements
• High-risk Originators – Typically use Third-Party Senders– Operate under multiple DBAs– Use various techniques to mask
return volume– Rely on multiple processors,
ODFIs, & payment types– Increase ODFI liability exponentially beyond the fee income
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
31
ODFIs: You Must Ask These Questions
• Are you providing holistic risk management and oversight over your Third-Party Senders?– Are you monitoring for transaction patterning?– Can you monitor all activity behind the Third-Party?– Does ODFI policy = Third-Party policy (e.g., any restrictions on
origination)– How interdependent are the Third-Party’s customers? – Are you being approached by Third-Parties out of your
geography?
• Can you answer these questions consistently across all lines of business or silos?
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
32
Effectively Managing Third-Party Risk
Rules and regulatory compliance and sound business practices are
paramount
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
33
Sound Business Practices
• Requirements of an ODFI (Not just sound business practices – but required in the Risk Management & Assessments Rule - June 2010)
– Conduct due diligence on the Third-Party Sender and Originators
– Assess the nature of the activity and the risk it presents
– Establish procedures to monitor the TPS
– ODFI required to address its internally-developed restrictions on origination in agreement
– The right to suspend or terminate any Originator processed by the TPS for breach of the NACHA Operating Rules
• Verify basic facts about the Third-Party Sender
• Ensure ODFI’s agreement with the Third-Party Sender includes all necessary provisions
The sound business practices mentioned in this presentation are not meant to be exclusive approaches nor are they meant to be mandatory requirements.
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
34
Sound Business Practices
• Perform these procedures on a regular basis
– Annual review of the TPS’ financial condition
– Take a risk-based monitoring approach
– Review the Originator list (their client list) provided by the TPS and properly evaluate it
Perform open source research on company names and verifying the types of businesses
Exercise the right to audit the TPS and its Originators’ compliance with the agreement and the NACHA Operating Rules
The sound business practices mentioned in this presentation are not meant to be exclusive approaches nor are they meant to be mandatory requirements.
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
35
Terminated Originator Database Initiative
-- The Terminated Originator Database (TOD) went live on March 1, 2011 and is available for ODFI’s to sign up, contribute and query
– The TOD is a risk management tool for ODFIs to share information with other ODFIs about Originators and/or Third-Party Senders that have been terminated for cause
– The TOD is not a list of originators prohibited or disapproved by NACHA
– ODFIs can utilize this tool as one component of their due diligence processes for underwriting and continued monitoring of Originators and Third-Party Senders
– The process of contributing and querying the Database is similar to processes used by other electronic payment networks that gain value from consolidated information
– The value of the Database is dependent on ODFIs of all sizes and types contributing data. The more ODFIs that contribute data, the more powerful this risk management took will be for all ODFIs
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
HOW BANKS APPROACH ACH CREDIT RISK EXPOSURE
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
A Bank’s Risk Exposure
Why does my bank ask me for my company’s financial statements to originate ACH transactions?
• The exposure associated with ACH Transactions is equivalent to granting an unsecured short-term loan for that period
• NACHA strongly encourages Bank’s to:– Establish credit exposure limits for both ACH Debits &
Credits for each customer– Underwrite the risks associated with the exposure limits
that have been established– Factor ACH Credit risk as part of the customer’s overall
credit exposure profile
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
A Bank’s Risk Exposure – ACH Credits
• The Bank incurs exposure to credit risk for the period of time between initiation of an ACH credit file from its customer, until the company funds the account
• ACH rules do not allow the bank to call back / reverse ACH credits for failure of the company to fund its account at the Bank
File Transmission Date Settlement Date
•ACH Credit file is transmitted from Company A to Bank A
•Bank A’s account is charged by the Federal Reserve
•Entries are effective on the next banking day
•Company A declares bankruptcy
•Bank A processes the file and delivers transactions to the ACH Operator
•Bank A has an unsecured claim against Company A for the entire amount of the ACH credit file
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
A Bank’s Risk Exposure – ACH Debits
File Transmission Date Settlement Date
•ACH Debit file is transmitted from Company A to Bank A
•Bank A’s account is credited by the Federal Reserve
•Entries are effective on the next banking day
•Company A declares bankruptcy
The Bank’s risk is on the small percentage of ACH Debit items that are returned after bankruptcy. The Receiving bank can return items back to the Originating bank within the following timeframes
Traditional Returns 2 Days from Effective Date
Unauthorized Returns 60 Days from Effective Date
© 2011 NACHA — The Electronic Payments Association. All rights reserved. No part of this material may be used without the prior written permission of NACHA. This material is not intended to provide any warranties, legal advice, or professional assistance of any kind.
top related