Smackdown Series: Technical Foul Throwdown with Host Joe Casali

Wrestling Payments Podcast: Season 3 - Episode 12

In this third installment of the NACHA "Smackdown" Rules Violations in the Ring series, Wrestling Payments host Joseph Casali dives into NACHA's enforcement process, examining real rules violation cases and their consequences. The episode unpacks three enforcement cases involving micro-entries to invalid accounts, entries to invalid accounts, and failure to perform annual ACH compliance audits.

Joe walks listeners through each case, detailing how financial institutions responded to violations and the resulting penalties. The podcast highlights how even seemingly minor infractions can lead to significant fines. "These are the easy things," Joe explains when discussing a $5,000 fine for missing an annual audit requirement.

The episode serves as a practical guide to understanding NACHA's enforcement process, demonstrating how financial institutions can learn from others' mistakes to improve their own compliance practices and avoid costly penalties.

Guest Profile

💡 Name: Joseph Casali
💡 What they do: Executive Vice President of NEACH
💡 Company: NEACH & NEACH Payments Group (NPG)
💡 Where to find him: LinkedIn

Key Insights

Compliance Mistakes Cost More Than Just Money

NACHA enforcement isn't just about penalties—it reveals operational vulnerabilities that impact multiple stakeholders. When financial institutions fail to maintain proper controls, they face monetary fines, reputational damage, increased scrutiny, and potential customer impacts. The actual cost extends beyond the immediate financial penalty, including operational adjustments, staff time, and preventative system investments. Organizations should view compliance as a strategic business function rather than a checkbox exercise, especially when scaling operations.

Fraud Prevention Requires Evolution, Not Just Detection

Effective fraud management demands a dynamic approach that evolves alongside emerging threats. When patterns of suspicious activity emerge, institutions must rapidly implement countermeasures and be willing to adjust their business models when necessary. The most successful organizations build layered defense systems that can adapt to changing fraud tactics. This requires cross-departmental collaboration, regular testing, and the courage to disable vulnerable services when controls prove insufficient—even if it temporarily impacts revenue streams.

Regulatory Compliance Cannot Rely on Good Intentions

The financial services industry operates within a complex web of overlapping regulatory frameworks that require deliberate, proactive management. Intending to comply or being unaware of requirements does not protect from enforcement actions. Every organization must establish systematic approaches to tracking, implementing, and verifying compliance activities on an ongoing basis. Leadership must prioritize creating a culture where regulatory obligations receive continual attention rather than periodic focus during examinations or audits.

Siloed Compliance Creates Dangerous Blind Spots

Financial institutions face requirements from multiple regulatory bodies with overlapping but distinct compliance demands. Treating these requirements as separate, unrelated obligations creates dangerous gaps where violations can occur despite passing specific examinations. Effective compliance programs require an integrated view of all regulatory obligations to identify interconnections and prevent requirements from falling through organizational cracks. Organizations must comprehensively map regulatory responsibilities with clear ownership and accountability across all departments that touch payment operations.

Episode Highlights

The Micro-Entries Fraud Case [00:04:20]

A deep dive into BWGR Bank's excessive micro-entries to invalid accounts. Creed Savings and Loan received over 2,700 invalid transactions targeting just three accounts, each labeled "Account Verify." Despite trying to address the issue directly with the originator, the receiving institution filed a rules violation. There's a significant operational cost to processing and returning thousands of invalid entries, making this case particularly impactful for financial institutions handling similar situations.

"BWGR Bank acknowledged the violation and stated that several attempts had been made to resolve the underlying issue. They maintained a comprehensive set of risk controls, implemented limits, blocked fraudulent email domains, created monitoring systems for anomaly detection, and eventually disabled micro-entries completely."

Growth Brings Compliance Challenges [00:11:00]

An examination of how business growth created compliance issues for Able Payroll Processing. After acknowledging an initial violation for sending entries to invalid accounts, they continued to experience problems as their client base expanded. The root cause was a systemic issue: their database couldn't handle increased volume, causing routing and account information to become misaligned. This highlights the critical importance of scaling systems and controls in parallel with business growth.

"Regardless of the internal systems issues, the originator and its ODFI are still responsible for the accuracy of account information. As the violation had escalated to Class 2 status, the financial institution was subject to a fine between zero and one hundred thousand per month until the issue was resolved."

The Audit Dodge [00:14:00]

A breakdown of the serious consequences for skipping required ACH compliance audits. Thurmond Bank admitted to not performing required audits for two consecutive years when randomly selected during NACHA's quarterly audit outreach. Unlike other violations that start with warnings, audit failures immediately qualify as Class 2 violations with potential fines up to $100,000 monthly. This case demonstrates how even administrative requirements carry significant enforcement power.

"Thurmond Bank acknowledged the violation, stated it had lost sight of the audit requirement. The bank had been written up during its annual audit for the lack of ACH compliance audit. The bank had scheduled the ACH audit with its payment association and would maintain the required annual schedule."

Third-Party Sender Registration Misunderstandings [00:24:20]

An analysis of two banks that failed to register their third-party sender status by the March 2018 deadline. Both denied violations based on misunderstandings—one confused it with direct access registration from 2010, while another claimed unawareness despite receiving NACHA rules training. This segment demonstrates how regulatory compliance exists in silos: passing an FDIC examination doesn't excuse NACHA compliance failures.

"These fines were really a little more than a slap on the wrist, but not a full-fledged Class 2 fine. It was enough to say, 'Hey, get your registration done. Keep it up to date.' Sometimes you can learn better by applying the rules. Rather than someone saying 'you gotta do this,' saying 'what happened when that went wrong?' is sometimes a better trainer."