Understanding the ACH Basics to Conduct a Risk Assessment and Develop an Effective ACH Risk Management Program
Forward-thinking begins with an understanding of the basics. If you are a payment professional working in the ACH Network including operations, compliance, AR/AP, payroll, risk management, audit, legal counsel, management, risk offices, and AAPs, you must understand the basics of ACH to mitigate the risk of ACH fraud.
With the increase in checks being converted to electronic transactions, the Automated Clearing House transaction volume is also rapidly growing especially with the introduction of same-day processing. Also, many types of ACH products and services are introduced to consumers and businesses. As with all other payment systems, there is risk in ACH network.
In this article, you will learn what ACH is, What ACH transactions are, what it is not, and a brief overview of how to mitigate ACH Network Risks. Links to relevant training programs are also provided.
What is ACH?
ACH stands for Automated Clearing House. It is the Nationwide Financial Network among financial institutions that are used to distribute and settle electronic transactions whether on the same day or the next day. A set of rules and formats exist to allow the exchange of transactions.
The first ACH association began in 1972 and The National Automated Clearing House Association (NACHA) was formed in 1974. The monetary control act governing ACH transactions was established in 1980.
What is an ACH Transaction?
ACH is an electronic transaction that can be either a debit or credit with a large or small dollar value. It can also be posted to checking or savings, or directly to a loan, or to GL for corporate transactions.
Whether single or recurring, an ACH transaction can be initiated and/or directed to a Government, Corporate, or consumer. However, before entering the ACH Network, each transaction must be formatted as per the specific requirements based on the Standard entry class code of the transaction.
- Examples of credit to the consumer account include payroll, CD interest, dividends, pensions, SSA & SSI. Examples of debits include direct payment of insurance, mortgage, and loan. It can also be at the point of sale or internet payments.
- Examples of corporate transactions include state and federals taxes, intracompany transactions
What ACH Transactions Are Not
Wire transfers, Debit card transactions, Credit card transactions and ATM transactions are not ACH transactions.
Who Are the Participants?
- Originator - The party that initiates the transaction. The originator obtains authorization from the receiver.
- The Originating Depository Financial Institution (ODFI) - Upon receiving the payment instruction from the originator, the ODFI authorizes the ACH transaction. In the event of a return, the ODFI also acts as a Receiving Depository Financial Institution.
- The ACH Operators - The Federal Reserve Bank and the Electronic Network are the ACH operators or the clearing facilities for the financial institutions.
- Receiving Depository Financial Institution (RDFI) - This is an institution that receives an ACH transaction for posting to a receiver's account.
- Receiver - The receiver is the party that receives the ACH transaction.
How to Mitigate the ACH Risks
There is risk in every type of payment system and the ACH network is no exception. ODFI's and RDFI's are exposed to a variety of risks when originating, receiving, or processing ACH transactions, or outsourcing these activities to a third party.
The NACHA operating rules are the legal framework for ACH. They are published annually usually four times a year. The risk of fraud can be mitigated through proper due diligence for all originating customers and strict adherence to ACH and credit policies.
Besides, adhering to the financial institutions ACH Policies on Origination and Receipt of ACH Entries is a big part of managing ACH risk. Exposure limits should be appropriate based on the risks of each customer (Originator) and identifying potential companies that may require the use of pre-funding arrangements or reserves (which can both be effective in helping to control losses).
The guidances from FinCEN, the FFIEC, and the OCC also are a valuable tool in risk mitigation.
ACH Risk Management Training Programs
How to Conduct an ACH Risk Assessment and Develop an Effective ACH Risk Management Program - A hands-on activity program(using provided worksheets) where you can participate in "assessing the risk" of fictitious companies and third parties to help identify the importance of due diligence (KYC-Know Your Customer) and setting exposure limits.
ACH Fraud - Detection and Prevention
This program discusses common forms of ACH fraud, including social engineering, account takeover (consumer, corporate, and institution internal accounts), money mules and advance fee frauds, and embezzlement. Under each of these sections, you will learn ACH fraud detection, fraud mitigation, ACH Returns, sound business practices to thwart attempts, and education.
NEW NACHA Rule: Third-Party Sender Registration - Are you Prepared?
Understand how to determine if you have a Third-Party Sender relationship, the initial, basic registration information to submit to NACHA, and the additional registration requirements if requested.
Updates to the NACHA Operating Rule Changes 2020 and 2021
Provides all the details on the most recent and upcoming NACHA Operating Rules changes due to the current COVID-19 that affect you as a participant in the ACH network, whether you are an ODFI, an RDFI or a TPS (Third-Party Sender) or TPSP (Third Party Service Provider) to remain compliant with the amendments going into effect for 2020 and 2021.
Advanced ACH: DNEs and Reclamations
Discusses your responsibilities to federal govt if there is a deceased beneficiary still receiving benefits payments i.e. the requirements of the Green Book beyond the ACH Rules and how to Locate the appropriate Chapters of the Green Book for Reclamations and DNEs and how to Record imperative deadlines and obligations and appropriate actions.
Managing ACH Business to Business Payments
Learn how to isolate benefits and risks and discuss various options including Credit Push vs. Debit, and analyze critical authorization provisions. Explore sound business practices to successfully managing business to business ACH payments.
Learn the five basic participants in each electronic ACH transaction and the settlement process and the difference between a debit and a credit ACH transaction.
Conducting Your "NEW 2020" Annual ACH Rules Compliance Audit - a Step-by-Step Guide
This training program will outline the recent changes to the process of the annual ACH Rules Compliance Audit and the removal of Appendix 8 from the Rules Book. It will outline what this Rules change means to your process when conducting your ACH Audit and offer tips and guidance for creating your own personalized ACH Audit.