Third-Party Sender Registration
Effective Date: September 29, 2017, Grace Period Through March 1, 2018
NACHA enters a new phase of risk management with the implementation of this rule and a new Risk Management Portal with several features including Third-Party Sender Registration, Direct Access Registration, access to the Emergency Contact Database and easier access to the Terminated Originator Database.
Third-Party Senders present unique risks in the ACH Network. This new registration process enables NACHA to better pinpoint risk issues in the Network. The registration process is simple. All ODFIs must register, whether they have Third-Party Senders or not. For those ODFIs with Third-Party Sender or nested Third-Party Sender relationships, a simple registration process must be completed by hand or via an upload of specific information. For most ODFIs that will be the end of the process except for maintaining the list as information changes, new Third-Party Senders are on-boarded or change banking relationships.
In the case of a "risk event", defined by NACHA as “cases in which it (NACHA) believes that a Third-Party Sender in the ACH Network poses an escalated risk of (i) financial loss to one or more Participating DFIs, Receivers or Originators, (ii) violation of the Rules or Applicable Law, or (iii) excessive Returns.”; NACHA may ask for supplemental information.
Excerpt from NACHA.org
For ODFIs with no Third-Party Sender customers, the Rule will require the ODFI to acknowledge this in a statement to NACHA. NACHA will provide a simple means through the registry to make such a statement.
For ODFIs with Third-Party Sender customers, the Rule will require the ODFI to provide a limited set of initial, basic registration information for each Third-Party Sender that the ODFI should already have in its records:
- the ODFI’s name and contact information;
- the name and principal business location of the Third-Party Sender;
- the routing number (Specifically, the ODFI’s routing number as included in the Originating DFI Identification field) used in ACH transactions originated for the Third-Party Sender; and
- the Company Identification(s) of the Third-Party Sender.
The registration requirement will apply to Third-Party Senders that are the ODFI’s direct customers, as well as those other Third-Party Senders that are direct customers of the first Third-Party Sender, otherwise known as “nested” Third-Party Senders. To aid ODFIs in collecting registration information, the Rule obligates Third-Party Senders to provide their ODFIs, upon request, with any registration information needed. Further, in order to aid ODFIs with due diligence regarding nested Third-Party Sender relationships, the Rule requires Third-Party Senders to disclose to their ODFIs any other Third-Party Senders for which they transmit ACH entries.
Beyond the initial basic registration information, it may become necessary for NACHA to receive additional information about a Third-Party Sender. The Rule provides that, upon receiving a written request from NACHA, an ODFI will be required to provide within 10 Banking Days any or all of the following information that is requested:
- any doing-business-as names, taxpayer identification number(s), and street and website address(es) of the Third-Party Sender;
- the name and contact information for the Third-Party Sender’s contact person;
- names and titles of the Third-Party Sender’s principals;
- the approximate number of Originators for which the Third-Party Sender transmits entries; and
- a statement as to whether the Third-Party Sender transmits debit entries, credit entries or both.
NACHA would be authorized to request this information regarding risk events, which the Rule defines as “cases in which it (NACHA) believes that a Third-Party Sender in the ACH Network poses an escalated risk of (i) financial loss to one or more Participating DFIs, Receivers or Originators, (ii) violation of the Rules or Applicable Law, or (iii) excessive Returns.”