Www.midlandsb.com



THIRD-PARTY SENDER ACH COMPLIANCE TIPSGENERALThird-Party Senders should have a comprehensive ACH Management Policy as well as other Policies that support their business. These Policies should be reviewed and approved by management annually.Third-Party Senders must establish, implement, and update security policies, procedures, and systems related to the initiation, processing, storage and destruction of entries containing Protected Information. This is an ACH Rules requirement. Ensure audit documentation is maintained for a period of six years. Outstanding audit issues should be addressed in a timely manner. Audit findings and management responses should be documented and reviewed by management. Third-Party Senders should perform daily balancing of settlement totals, immediately resolving any rejects or other differences. Third-Party Senders should have internal procedures in place for monitoring exceptionally large-dollar settlement totals. Review of balancing should be performed by a secondary staff member not involved with daily processing functions.Third-Party Senders should have a contingency plan in the event of hardware or software failure, unreadable Files, duplications or Erroneous Entries being processed. Testing should be conducted at least annually.Access to ACH data and applications should be limited to select key employees.Third-Party Senders should have a comprehensive Vendor Management program and review its vendors at least annuallyThird-Party Senders should have detailed written procedures for receiving Files from Originators/Clients, delivery of ACH Files to the Financial Institution, receipt of Rejects, Returns and NOC functions. Procedures should be reviewed periodically to ensure they are accurate.Third-Party Senders should have Originator/Client Agreements reviewed by legal counsel.Third-Party Senders should provide reporting related to Originator activities to the Board of Directors, a designated committee or senior management periodically.Third-Party Senders should develop and implement a formal training program for new Originators/Clients and existing Originators/Clients to keep Originators/Clients informed on an on-going basis of amendments and revisions to the NACHA Operating Rules & Guidelines. This should also include a comprehensive review of Originator/Clients warranties and liabilities in regard to their participation in the ACH Network.Third-Party Senders should develop and implement a program to vigilantly and proactively protect against Account Takeovers. This should include implementing systems designed to prevent and detect attempts to access the business’ banking credentials, and keep their customers informed about the importance of implementing their own systems and sound business practices to protect themselves.AUTHORIZATION REQUIREMENTSThird-Party Senders should provide guidance on a start-up kit for Originators/Clients that includes sample authorizations and information that addresses authorization requirements, Record retention and revocation of authorization. The Third-Party Sender/Originator/Client Agreement should note which participant is responsible to obtain, retain and provide copies of consumer authorizations, as required under Regulation E and the NACHA Operating Rules & Guidelines. Authorizations and Third-Party Sender/Originator/Client Agreements must contain acknowledgment that all initiated ACH Entries comply with U.S. laws. EXPOSURE LIMITSThird-Party Senders must establish exposure/transaction limits for each Originator/Client.These limits should be monitored daily by Operations staff.Third-Party Senders must periodically review established limits and have procedures in place for monitoring origination and Return Entries over multiple Settlement Dates.ORIGINATION WARRANTIESThird-Party Senders must warrant to the ODFI that the Originator/Client has agreed to assume the responsibilities of an Originator under the Rules.Third-Party Sender must use a commercially reasonable method to establish the identity of each non-consumer Originator or Third-Party Sender with which the Third-Party Sender enters into an Origination Agreement. Third-Party Senders must agree that prior to permitting an Originator/Client to originate any Entry through the ODFI; it will enter into an agreement with the Originator/Client.Originators/Clients must agree to be bound by the Rules.Third-Party Senders should execute a written agreement/addendum with its Originators/Clients that is Standard Entry Class (SEC) code specific. For every additional SEC authorized, the agreement/addendum should be revised. Third-Party Senders should provide or make available to Originators/Clients the NACHA Operating Rules & Guidelines and written procedures and documentation on how the Originators/Clients interacts with the Third-Party Sender (i.e. cutoff hours, format specifications, security procedures and holiday calendar).PRENOTIFICATIONSUse of Prenotifications should be clearly addressed in the agreement between Third-Party Sender/Originator/Client. Additionally, Originators/Clients should indicate their intentions about the use of optional Prenotes.RETURNSThird-Party Senders must monitor all types of returned entries on a monthly basis, by Originator/Client, and maintain those records. Return levels above the accepted Nacha Rules standards should be addressed immediately.Third-Party Senders should work closely with Originators/Clients to establish procedures for handling Returned Entries.Third-Party Senders should establish a process to track the types and volume of incoming Return Entries for each Originator/Client.Third-Party Senders should determine with Originators/Clients under what conditions a Return Entry should be dishonored or re-initiated.NOTIFICATIONS OF CHANGE (NOC)Third-Party Senders should ensure that Notification of Changes (NOC) are recognized by their staff and/or receiving software.If the Third-Party Sender is not making the required changes themselves, they should have processes in place to forward the NOC information to the Originator/Client.Third-Party Senders should advise Originators/Clients of the deadlines for making changes as requested through the Notification of Change (NOC) process and monitor future Entries to ensure requested changes are being made by Originators/Clients.PROCESSING REQUIREMENTSThird-Party Senders that process complex payment applications should require a longer and more in-depth test period from Originators/Clients (i.e. EDI or multiple Addenda Record payment formats).Third-Party Senders should safeguard against test data inadvertently being entered into the live production system by establishing special codes for test Files or other appropriate measures.Third-Party Senders should inform the Originators/Clients whenever a weekend, holiday or other modification of the Third-Party Senders processing schedule will affect the Settlement Date of its Originator's/Client’s Files. Date of notification should be documented within Originator’s/Client’s Company Folder.Third-Party Senders should arrange to receive Files in sufficient time to meet the ODFI’s deadlines.SECURITY PROCEDURESThe Third-Party Sender and the Originator/Client should have procedures to secure File delivery and receipt.Third-Party Senders may wish to offer several choices in security procedures, which would be considered commercially reasonable for Entries subject to UCC Article 4A (i.e. direct line Transmission, data encryption for electronic File delivery, authorized transmittals or callback procedures for in person delivery).Third-Party Senders should require Originators/Clients to sign written security procedures and acknowledge any refusal by Originator/Client to implement security procedures being offered.Third-Party Senders should periodically review and audit all security procedures to ensure accuracy and compliance.Notes FORMTEXT ?????Notes FORMTEXT ????? ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download